Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startsearch virus


  • This topic is locked This topic is locked
49 replies to this topic

#1 Muradilla

Muradilla

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 03 April 2012 - 11:08 PM

Dear Forum members!

I have looked through a few of the topics here, and most of them are already closed, and therefore decided to post a new topic here on the same topic that many members had already opened before, and presumably found some solution to their problem.

I have a problem with a startsearch.ch virus, which I apparently got from http://barcelonastream.com/fc-barcelona-vs-milan/channel-1
While watching the football stream, the ad near the stream player suggested me to download some sort of a plug-in which I did, and seemingly the stream got a little better at that time. But unfortunately after that the browser's homepage started being changed by some virus all the time. I use Mozilla Firefox 11.0, and I haven't opened Internet Explorer or Safari since then in fear of infecting them with the same virus (better be on the safe side).

I deleted the plug-in, but it didn't help. I did config:about and reset all the values that contained "startsearch" in them - the problem seemed to disappear for a little while, but then again as I closed the web-browser, a small notification in the right corner appeared saying that there was an attempt to change the homepage and that it was blocked. Although the notification says "attempt was blocked", still the homepage keeps being changed into startsearch.ch all the time.

Following the instructions in one of the forums on the same topic (but it was about IE), I did a few tests, namely:

1. virscan.org testing
2. OTL testing
3. jpshortstuff testing.

The logs of the last two I am attaching below. But Virscan testing results couldn't be downloaded into the buffer, since the website says that "it had been scanned before and the log will not be stored". Nevertheless, As I could see it on the screen, all of the antivirus programs produced positive logs (nothing was found in any of them).

Since the further actions would be based on the individual diagnosis and would entail individual solutions, I didn't do anything further.

So, I was wondering, could anyone help me out with that now? As I understand NOW, with this virus - nothing helps: neither re-installation of Firefox, nor registry editing. My bad, it is too late to realise that. But I would like to get rid of this virus as soon as I can, before it gets me with an annoyingly persistent changing of the homepage.

I would now be minimizing the use of internet to avoid any leakage of any information from my computer. However, I would be visiting this forum and would be searching for the solution until the virus is completely removed.

So, I do really hope that I would get some help from this forum. I was so surprised to see that this kind of professional help can be delivered online.

Thank you very much for your assistances in advance!
Best regards and waiting for your responses!
Muradilla

Attached Files



BC AdBot (Login to Remove)

 


#2 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 03 April 2012 - 11:12 PM

Yes, maybe minor point, or it may even be that I am wrong in my observations, but it still seems to me, that this change of the homepage into startsearch.ch occurs when I use MS Outlook... I don't know how can they be related.
However, I should admit that I use Outlook a lot (nearly as frequently as I use Firefox) and therefore it may have just been a coincidence. However, this is my humble observation, if it helps in clarifying anything.
Best regards!

#3 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 03 April 2012 - 11:24 PM

Guys, please do disregard my second post: the homepage changes even if I don't use MS Outlook. So, please only pay attention to the first post!

#4 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 04 April 2012 - 04:04 PM

Is there anyone out there who could help me, please?

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 09 April 2012 - 11:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448783 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 10 April 2012 - 03:07 AM

Hi dear,

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.

This is the problem that I am encountering:

as I said, I have a problem with a startsearch.ch virus, which I apparently got from http://barcelonastream.com/fc-barcelona-vs-milan/channel-1. While watching the football stream, the ad near the stream player suggested me to download some sort of a "plug-in" which I did (download), and seemingly the stream got a little better at that time. But unfortunately after that the browser's homepage started being changed by some virus all the time. I use Mozilla Firefox 11.0, and I haven't opened Internet Explorer or Safari since then in fear of infecting them with the same virus (better be on the safe side).

I deleted the plug-in, but it didn't help. I did config:about and reset all the values that contained "startsearch" in them - the problem seemed to disappear for a little while, but then again as I closed the web-browser, a small notification in the right corner appeared saying that there was an attempt to change the homepage and that it was blocked. Although the notification says "attempt was blocked", still the homepage keeps being changed into startsearch.ch all the time.

Following the instructions in one of the forums on the same topic (but it was about IE), I did a few tests, namely:

1. virscan.org testing
2. OTL testing
3. jpshortstuff testing.

The logs of the last two I am attaching below along with the "attachment.txt" which is one of the DDF logs.
But Virscan testing results couldn't be downloaded into the buffer, since the website says that "it had been scanned before and the log will not be stored". Nevertheless, As I could see it on the screen, all of the antivirus programs produced positive logs (nothing was found in any of them).

Since the further actions would be based on the individual diagnosis and would entail individual solutions, I didn't do anything further.

As I understand NOW, with this virus - nothing helps: neither re-installation of Firefox, nor registry editing, although it is a little bit too late to realise that. But I would like to get rid of this virus as soon as I can, before it gets me with an annoyingly persistent changing of the homepage.

I have now minimized the use of internet to avoid any leakage of any information from my computer.


A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.



Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Murodullo at 8:56:47 on 2012-04-10
Microsoft Windows 7 Максимальная 6.1.7601.1.1251.7.1049.18.4031.1422 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Murodullo\Downloads\uTorrent.exe
C:\Program Files (x86)\SkyMonk\SkyMonk.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Windows\System32\Eap3Host.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Browsers Protector\regmon32.exe
C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = www.bing.com
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=HP_ss&mntrId=b545c64a0000000000007ee40050f803
mStart Page = hxxp://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
mWinlogon: Userinit=userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Search Assistant BHO: {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Murodullo\AppData\Roaming\Complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Toolbar BHO: {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~2\UTILIT~2\bar\1.bin\49bar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: TheBflix Class: {7db7b4c7-bfb9-4169-9de9-8ceb8d3da8ce} - C:\ProgramData\TheBflix\bhoclass.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO: AlterGeoBHO Class: {9bfba68e-e21b-458e-ae12-fe85e903d2c0} - C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5loc.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe
uRun: [uTorrent] "C:\Users\Murodullo\Downloads\uTorrent.exe" /MINIMIZED
uRun: [SkyMonk] C:\Program Files (x86)\SkyMonk\SkyMonk.exe -tray
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [VoipCheapCom] "C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify] "C:\Users\Murodullo\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [MAgent] C:\Program Files (x86)\Mail.Ru\Agent\magent.exe -LM
mRun: [AlterGeoUpdater] C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Utility Chest Search Scope Monitor] "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h
mRun: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe
mRun: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe
dRun: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
IE: &Отправить в OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Скачать все ссылки с помощью IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Скачать с помощью IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{160D4064-18E4-4769-A2DA-E6E84A8130A3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{160D4064-18E4-4769-A2DA-E6E84A8130A3}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{160D4064-18E4-4769-A2DA-E6E84A8130A3}\77966696573736D2775626 : DhcpNameServer = 193.144.75.9 193.144.75.12
TCP: Interfaces\{65D74229-72F1-41F5-BA76-3EA3745BAA0B} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{0055C089-8582-441B-A0BF-17B458C2A3A8}
{0347C33E-8762-4905-BF09-768834316C61}
{06e05b40-77fa-40b6-9077-ed1a7577b1ef}
{0FB6A909-6086-458F-BD92-1F8EE10042A0}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{58f7b5ca-1162-42e8-8bbc-d543b4edd780}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{7DB7B4C7-BFB9-4169-9DE9-8CEB8D3DA8CE}
BHO-X64: {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
{9BFBA68E-E21B-458E-AE12-FE85E903D2C0}
{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{cf67755f-9265-449c-87cf-b945519e073b}
{98889811-442D-49dd-99D7-DC866BE87DBC}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [MAgent] C:\Program Files (x86)\Mail.Ru\Agent\magent.exe -LM
mRun-x64: [AlterGeoUpdater] C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Utility Chest Search Scope Monitor] "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h
mRun-x64: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe
mRun-x64: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe
IE-X64: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Murodullo\AppData\Roaming\Mozilla\Firefox\Profiles\b932oqp5.default\
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b545c64a0000000000007ee40050f803
FF - user.js: extensions.BabylonToolbar_i.hardId - b545c64a0000000000007ee40050f803
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15438
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:56:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Планировщик;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-18 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-18 110032]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-1-19 23592]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2012-2-25 1726552]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 UtilityChest_49Service;Utility ChestService;C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe [2012-2-23 42504]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-8-5 91984]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-8-5 111440]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-18 13336]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-10 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Служба технологий активации Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-09 14:15:49 -------- d-----w- C:\Users\Murodullo\.thumbnails
2012-04-09 14:14:06 -------- d-----w- C:\Users\Murodullo\.gimp-2.6
2012-04-09 14:13:28 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2012-04-08 00:56:19 -------- d-----w- C:\Program Files (x86)\FLVPlayer
2012-04-07 23:51:06 -------- d-----w- C:\Users\Murodullo\AppData\Local\Spotify
2012-04-07 23:50:32 -------- d-----w- C:\Users\Murodullo\AppData\Roaming\Spotify
2012-04-06 13:10:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{139C1852-3413-416B-B542-4F00A18AFA03}\offreg.dll
2012-04-06 09:35:03 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{139C1852-3413-416B-B542-4F00A18AFA03}\mpengine.dll
2012-04-03 20:13:36 -------- d-----w- C:\Program Files (x86)\Browsers Protector
2012-04-03 20:05:23 -------- d-----w- C:\Program Files\iPod
2012-04-03 20:05:22 -------- d-----w- C:\Program Files\iTunes
2012-04-03 20:05:22 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-03 00:33:22 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 00:32:14 -------- d-----w- C:\Users\Murodullo\AppData\Local\VMware
2012-04-03 00:31:35 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 00:27:29 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-04-03 00:27:03 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-04-03 00:26:59 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-04-03 00:26:59 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-04-03 00:26:55 942192 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-04-03 00:26:48 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2012-04-03 00:26:47 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2012-04-03 00:26:05 -------- d-----w- C:\Program Files (x86)\VMware
2012-04-03 00:26:05 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-04-03 00:25:43 -------- d-----w- C:\Program Files\Common Files\VMware
2012-03-29 09:44:54 -------- d-----w- C:\Users\Murodullo\AppData\Roaming\MP3SkypeRecorder
2012-03-29 09:44:54 -------- d-----w- C:\Users\Murodullo\AppData\Local\Alexander_Nikiforov
2012-03-29 09:44:43 -------- d-----w- C:\Program Files (x86)\MP3 Skype Recorder
2012-03-28 11:24:03 -------- d-----w- C:\Temp
2012-03-28 09:19:39 -------- d-----w- C:\Windows\SysWow64\spool
2012-03-28 09:18:45 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-03-28 09:18:35 -------- d-----w- C:\Windows\hpoj4500g510n-z
2012-03-25 15:02:58 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-25 15:02:58 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 20:07:46 -------- d-----w- C:\Windows\AutoKMS
2012-03-15 04:34:14 5561200 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 04:34:12 3971440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 04:34:12 3916656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 04:29:04 3148288 ----a-w- C:\Windows\System32\win32k.sys
2012-03-15 04:29:02 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-15 04:29:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-15 04:26:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-15 04:26:32 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-15 04:26:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-15 04:26:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-15 04:26:30 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-15 04:26:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-15 04:26:30 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-15 04:26:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-12 19:50:31 -------- d-----w- C:\Users\Murodullo\AppData\Roaming\VoipCheapCom
2012-03-12 19:50:07 -------- d-----w- C:\Program Files (x86)\VoipCheapCom.com
.
==================== Find3M ====================
.
2012-04-03 00:33:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-03 04:32:06 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-03-03 04:32:06 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-02-23 04:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-18 07:31:59 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-02-18 07:30:55 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-02-18 07:30:55 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-03 23:29:47 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-02-03 23:29:47 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-01-25 18:00:00 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-01-25 18:00:00 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-01-18 11:41:32 252016 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-01-18 11:06:00 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-01-18 11:06:00 48752 ----a-w- C:\Windows\System32\vnetinst.dll
2012-01-18 11:06:00 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-01-18 11:06:00 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-01-18 11:06:00 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
.
============= FINISH: 8:57:29,78 ===============

As for the GMER log: I have 64 Windows 7 Ultima, so as per the instructions, I didn't do any GMER test.


Please tell us if you have your original Windows CD/DVD available.

No, unfortunately I don't have the original Windows CD/DVD available, since I bought it second hand, didn't for some reason bother to ask for one.

Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

So, I do really hope that I would get some useful help from this forum. I was very surprised to see that this kind of professional and committed help can be delivered online and free of charge.

Thank you very much for your assistances in advance!
Best regards and waiting for your responses!
Muradilla

Attached Files



#7 eddie5659

eddie5659

  • Malware Response Team
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 10 April 2012 - 07:00 AM

Hiya and welcome to Bleeping Computer :)

Thank you for the detailed explanation of what is happening :)

Can you run the following for me:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.






Download and scan with SUPERAntiSpyware Free Edition for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click Scan your computer.
  • On the left, select all fixed drives.
  • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click View Scan Logs.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • [i][color=green]Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh OTL log (Extras log may not be produced ;) ) in your next reply

eddie

Edited by eddie5659, 10 April 2012 - 07:01 AM.


#8 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 10 April 2012 - 09:05 AM

Hi dear Eddie,

The computer is set to scanning now. So, I think it will take a little bit of a time for it to finish scanning. But I am here and I am with you. So, thank you so much for the guidances being provided!

#9 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 10 April 2012 - 11:51 AM

Hi Dear Eddie,

Please find the logs that you have requested below.

mbam-setup.exe log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Murodullo :: MURODULLO-PC [administrator]

Protection: Enabled

10.04.2012 15:43:56
mbam-log-2012-04-10 (15-43-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495514
Time elapsed: 1 hour(s), 18 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.MyWebSearch) -> 2984 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brstub.dll (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 77
HKLM\SYSTEM\CurrentControlSet\Services\UtilityChest_49Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{268ca04c-106c-4636-b707-95e8cd5859e0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ce1482c8-e8fd-4277-9a4f-094d712f6b60} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UtilityChest_49bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{58f7b5ca-1162-42e8-8bbc-d543b4edd780} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5bbf357e-ea8c-48bf-83ca-de279fb83bba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5cf866f0-10a3-4ed4-9be3-668f2f148e2f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{53EDA475-072E-4329-9E13-F9ABDA2E55E2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c86bfadb-406f-47c7-a8d8-faa37b39089f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8efee482-37bc-4f3d-83e6-cb5bbe077e43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{BD9509D4-C4C7-40F7-BD26-BA176E7D2627} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f8e1bdab-f48f-46f9-8693-4eecb83d1ad7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{929825df-a1b4-40c9-8f3c-6da06badc150} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{103e3c9a-e8ae-4b19-a339-01fe9439763e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{717062D8-45BC-429D-B219-E00F944BB754} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8c428c4b-c9e2-4b74-b791-88c3fee48f36} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{eefdbfa7-0f18-4216-8f90-6b6f71d6ab83} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0109FFCC-BC82-4195-9A95-20803EF7FB88} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25151605-D156-49DD-A659-20E69C1EE15F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23699b0b-c14d-4054-a545-fc0927bb0879} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{59e5bdb9-126f-4575-901e-d32132a19b94} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A9911991-D082-40A3-A109-B7FF86D5A03B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{6aafd84d-5f7f-42e5-9fb4-157925c3ed2f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{698e7aa1-a28e-4064-a9ab-822171af4ef4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{24486ce9-7bc2-4516-b743-39ffdd4f861b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{35274adf-b8de-4909-80d1-a26269216903} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39d884bb-2881-4f3a-b9b9-2d3af4c2c191} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{47777C44-BCBD-4DBD-B96E-55FB9A8D3B62} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3f2f1b3c-eda7-46ec-a1ca-12a67cd00a82} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{2bb3e614-f616-42dd-a99a-69c1fc268741} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{326c4f48-fe3b-4e54-9118-9b6c3b6c9b1e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1A5F7E46-438E-4899-8D53-A0FA1CE59EA6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9f19923d-2a4c-45ef-a026-ae7dee5d022c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{f66f6a81-e727-4774-b461-8a5cb7f7de07} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4D2FB757-EF95-4DC5-ADBF-DA75D6FDBBB9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{83ce5d73-e3de-4dc5-82c2-3b65dfd0a849} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\UtilityChest_49.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7DB7B4C7-BFB9-4169-9DE9-8CEB8D3DA8CE} (PUP.BFlix) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB7B4C7-BFB9-4169-9DE9-8CEB8D3DA8CE} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB7B4C7-BFB9-4169-9DE9-8CEB8D3DA8CE} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DB7B4C7-BFB9-4169-9DE9-8CEB8D3DA8CE} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB7B4C7-BFB9-4169-9DE9-8CEB8D3DA8CE} (PUP.BFlix) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UtilityChest_49 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Utility Chest Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 68
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4154458656-1255318171-458538179-1000\$RCMSCDD\Keygen\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4154458656-1255318171-458538179-1000\$RCMSCDD\SND\SnDk&p.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Total Commander\Wcmikons.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49html.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Murodullo\AppData\LocalLow\UtilityChest_49EI\Installr\Cache\01A1DA11.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Murodullo\Downloads\DownloadSetup(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Murodullo\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Murodullo\Downloads\UtilityChest.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\Aircrack-ng GUI.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\aircrack-ng.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airdecap-ng.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\aireplay-ng.exe (PUP.AirCrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airodump-ng-airpcap.exe (PUP.AirCrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airodump-ng.exe (PUP.AirCrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\ivstools.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\packetforge-ng.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\DOCUMENT\Разное\Гаджеты\CommView and Aircrack\wi-fi\Patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\INSTAL\WPI x64\Install\Programs\Firefox Setup 10.0.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\Aircrack-ng GUI.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\aircrack-ng.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airdecap-ng.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\aireplay-ng.exe (PUP.AirCrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airodump-ng-airpcap.exe (PUP.AirCrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airodump-ng.exe (PUP.AirCrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\ivstools.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\packetforge-ng.exe (PUP.Aircrack) -> Quarantined and deleted successfully.
D:\Разное\Гаджеты\CommView and Aircrack\wi-fi\Patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\okenbppimmmfmfigbkhajikdpiiofnaj.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\ppjemjejnnojomfekgbpbbnecicblllf.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.

(end)


SUPERAntiSpyware Free Edition for Home Users log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/10/2012 at 06:27 PM

Application Version : 5.0.1146

Core Rules Database Version : 8431
Trace Rules Database Version: 6243

Scan type : Complete Scan
Total Scan Time : 01:08:01

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 715
Memory threats detected : 0
Registry items scanned : 66853
Registry threats detected : 0
File items scanned : 82418
File threats detected : 24

Adware.Tracking Cookie
C:\Users\Murodullo\AppData\Roaming\Microsoft\Windows\Cookies\04RPPZ3P.txt [ /c.atdmt.com ]
C:\Users\Murodullo\AppData\Roaming\Microsoft\Windows\Cookies\0RG9S8NW.txt [ /atdmt.com ]
C:\Users\Murodullo\AppData\Roaming\Microsoft\Windows\Cookies\5MXX9EPE.txt [ /click.canadavisa.com ]
C:\Users\Murodullo\AppData\Roaming\Microsoft\Windows\Cookies\0V0E3F5C.txt [ /topmedia.com ]
C:\USERS\MURODULLO\Cookies\5MXX9EPE.txt [ Cookie:murodullo@click.canadavisa.com/ ]
C:\USERS\MURODULLO\Cookies\0V0E3F5C.txt [ Cookie:murodullo@topmedia.com/ ]
C:\USERS\Администратор\AppData\Roaming\Microsoft\Windows\Cookies\ODTO2RBS.txt [ Cookie:администратор@spylog.com/ ]
C:\USERS\Администратор\AppData\Roaming\Microsoft\Windows\Cookies\G2HSA83Z.txt [ Cookie:администратор@2o7.net/ ]
C:\USERS\Администратор\AppData\Roaming\Microsoft\Windows\Cookies\55PP7WNZ.txt [ Cookie:администратор@yadro.ru/ ]
C:\USERS\Администратор\AppData\Roaming\Microsoft\Windows\Cookies\A3M5PSG7.txt [ Cookie:администратор@hotlog.ru/ ]
C:\USERS\Администратор\AppData\Roaming\Microsoft\Windows\Cookies\UTL180RW.txt [ Cookie:администратор@c.atdmt.com/ ]
C:\USERS\Администратор\AppData\Roaming\Microsoft\Windows\Cookies\0S5HENY4.txt [ Cookie:администратор@smartadserver.com/ ]
C:\USERS\Администратор\Cookies\ODTO2RBS.txt [ Cookie:администратор@spylog.com/ ]
C:\USERS\Администратор\Cookies\G2HSA83Z.txt [ Cookie:администратор@2o7.net/ ]
C:\USERS\Администратор\Cookies\55PP7WNZ.txt [ Cookie:администратор@yadro.ru/ ]
C:\USERS\Администратор\Cookies\A3M5PSG7.txt [ Cookie:администратор@hotlog.ru/ ]
C:\USERS\Администратор\Cookies\UTL180RW.txt [ Cookie:администратор@c.atdmt.com/ ]
C:\USERS\Администратор\Cookies\0S5HENY4.txt [ Cookie:администратор@smartadserver.com/ ]
counter.rambler.ru [ C:\USERS\MURODULLO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LSUFHUBL ]
ia.media-imdb.com [ C:\USERS\MURODULLO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LSUFHUBL ]
secure-uk.imrworldwide.com [ C:\USERS\MURODULLO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LSUFHUBL ]

Trojan.Agent/Gen-Keygen
C:\$RECYCLE.BIN\S-1-5-21-4154458656-1255318171-458538179-1000\$RCMSCDD\KEYGEN\KEYGEN.EXE

Trojan.Agent/Gen-HackPatch
ZIP ARCHIVE( C:\USERS\MURODULLO\DOWNLOADS\EV7 CRACK BY MIDOU.ZIP )/EV7 CRACK.EXE
C:\USERS\MURODULLO\DOWNLOADS\EV7 CRACK BY MIDOU.ZIP


Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh OTL log (Extras log may not be produced ;) ) in your next reply


OTL logfile created on: 10.04.2012 18:45:00 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Murodullo\Desktop\StSrch
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

3,94 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 43,45% Memory free
7,87 Gb Paging File | 5,31 Gb Available in Paging File | 67,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,80 Gb Total Space | 25,37 Gb Free Space | 38,55% Space Free | Partition Type: NTFS
Drive D: | 399,96 Gb Total Space | 248,06 Gb Free Space | 62,02% Space Free | Partition Type: NTFS
Drive G: | 6,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MURODULLO-PC | User Name: Murodullo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 04:43:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Murodullo\Desktop\StSrch\OTL.exe
PRC - [2012.03.25 17:02:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.21 23:50:23 | 018,017,160 | ---- | M] (VoipCheapCom) -- C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe
PRC - [2012.02.27 06:03:10 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Murodullo\Downloads\uTorrent.exe
PRC - [2012.02.25 08:41:28 | 001,726,552 | ---- | M] () -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe
PRC - [2012.02.07 12:26:06 | 000,372,224 | ---- | M] () -- C:\Program Files (x86)\SkyMonk\SkyMonk.exe
PRC - [2012.02.04 01:29:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.04 01:29:22 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.02.04 01:29:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.01.18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.01.18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.15 16:33:42 | 003,425,688 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2010.05.25 16:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.24 03:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012.03.25 17:02:57 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.25 08:41:28 | 001,726,552 | ---- | M] () -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
MOD - [2012.02.18 10:40:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d3246e345e5f34f6ed3f83c7906687e8\System.Runtime.Remoting.ni.dll
MOD - [2012.02.18 10:39:55 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\752e0c20613535b7cd506483ca8a4ba9\System.Windows.Forms.ni.dll
MOD - [2012.02.18 10:39:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f362c8bc69fd8577645aa27be6c21b4\System.Drawing.ni.dll
MOD - [2012.02.18 10:39:38 | 003,349,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f6585b9cf442e79be35514005709fe76\WindowsBase.ni.dll
MOD - [2012.02.18 10:39:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b9ed9a285249c92dfaef9b8a132fbdb1\System.Xml.ni.dll
MOD - [2012.02.18 10:39:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\6339760b16528652216f6cd24c34e34c\System.Configuration.ni.dll
MOD - [2012.02.18 10:39:30 | 007,966,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a53f9cfb92874830afe4f33568dd9ae9\System.ni.dll
MOD - [2012.02.18 10:39:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012.02.15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe
MOD - [2012.02.07 12:26:06 | 000,372,224 | ---- | M] () -- C:\Program Files (x86)\SkyMonk\SkyMonk.exe
MOD - [2012.02.07 12:25:58 | 000,351,232 | ---- | M] () -- C:\Program Files (x86)\SkyMonk\russian.loc
MOD - [2012.02.07 12:25:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\SkyMonk\filter.dll
MOD - [2011.10.29 19:14:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ru_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.09.27 17:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 17:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 10:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.09.11 14:31:34 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009.09.22 02:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2009.09.22 02:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 02:33:29 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.25 08:41:28 | 001,726,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2012.02.04 01:29:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.04 01:29:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.31 10:14:28 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.01.18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.01.18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011.08.05 10:25:50 | 000,091,984 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 01:33:30 | 000,023,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009.09.08 11:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.07.14 03:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.18 09:31:59 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.02.04 01:29:47 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.02.04 01:29:47 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.04 01:29:47 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.01.18 16:11:56 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.01.18 16:11:08 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.01.18 16:10:38 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.01.18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.01.18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.09.11 14:05:16 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2011.09.11 13:00:27 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.11 13:00:27 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011.07.06 17:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.22 01:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.02.06 02:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.01.19 01:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.19 01:35:20 | 000,031,784 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.06 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.18 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 23:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010.01.29 21:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\URLSearchHook: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No CLSID value found
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://yandex.ru/yandsearch?clid=1848336&text={searchTerms}
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=050412_30b&babsrc=SP_ss&mntrId=b545c64a0000000000007ee40050f803
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\{43A3D088-2C7F-4A32-B780-D08600729759}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=b545c64a000000000000c80aa9830597
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=1848336&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\Yandex: "URL" =
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\49ffxtbr@UtilityChest_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin [2012.04.10 17:07:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.28 11:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.25 17:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.04 03:27:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Murodullo\AppData\Roaming\IDM\idmmzcc5 [2012.02.29 11:22:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.28 11:20:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Murodullo\AppData\Roaming\IDM\idmmzcc5 [2012.02.29 11:22:34 | 000,000,000 | ---D | M]

[2012.02.18 10:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Murodullo\AppData\Roaming\mozilla\Extensions
[2012.04.08 04:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Murodullo\AppData\Roaming\mozilla\Firefox\Profiles\b932oqp5.default\extensions
[2012.04.06 11:29:56 | 000,000,000 | ---D | M] (AlterGeo Addon) -- C:\Users\Murodullo\AppData\Roaming\mozilla\Firefox\Profiles\b932oqp5.default\extensions\{B100D0FF-0001-8CE4-2790-AACE49B8AE35}
[2012.02.21 20:52:09 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Murodullo\AppData\Roaming\mozilla\Firefox\Profiles\b932oqp5.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.02.25 08:44:53 | 000,001,533 | ---- | M] () -- C:\Users\Murodullo\AppData\Roaming\Mozilla\Firefox\Profiles\b932oqp5.default\searchplugins\mailru---.xml
[2012.02.18 09:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.25 17:02:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.08 02:56:26 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.20 15:39:23 | 000,002,549 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mailru.xml
[2012.02.20 15:39:23 | 000,005,568 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ozonru.xml
[2012.02.20 15:39:23 | 000,001,133 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priceru.xml
[2012.02.20 15:39:23 | 000,001,304 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ru.xml
[2012.02.20 15:39:23 | 000,001,548 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-slovari.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Murodullo\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Murodullo\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (AlterGeoBHO Class) - {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} - C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5loc.dll (Altergeo)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AlterGeoUpdater] C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe (AlterGeo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MAgent] C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\Run: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe (AlterGeo)
O4 - HKU\S-1-5-18..\Run: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe (AlterGeo)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe (AlterGeo)
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [SkyMonk] C:\Program Files (x86)\SkyMonk\SkyMonk.exe ()
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [Spotify] C:\Users\Murodullo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [uTorrent] C:\Users\Murodullo\Downloads\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000..\Run: [VoipCheapCom] C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe (VoipCheapCom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Скачать все ссылки с помощью IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Скачать с помощью IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Скачать все ссылки с помощью IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Скачать с помощью IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.144.75.9 193.144.75.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{160D4064-18E4-4769-A2DA-E6E84A8130A3}: DhcpNameServer = 193.144.75.9 193.144.75.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D74229-72F1-41F5-BA76-3EA3745BAA0B}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.11 09:08:38 | 000,000,058 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.10 17:15:21 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Roaming\SUPERAntiSpyware.com
[2012.04.10 17:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.04.10 17:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.04.10 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.04.10 15:41:49 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Roaming\Malwarebytes
[2012.04.10 15:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.10 15:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.10 15:41:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.10 15:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.10 09:20:45 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Desktop\F copy 10.04
[2012.04.10 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Desktop\Logs and diagnosis
[2012.04.09 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Roaming\gtk-2.0
[2012.04.09 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\.thumbnails
[2012.04.09 16:14:06 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\.gimp-2.6
[2012.04.09 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Documents\gegl-0.0
[2012.04.09 16:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.04.09 16:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2012.04.08 03:06:05 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Desktop\Kitaro
[2012.04.08 02:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2012.04.08 01:51:06 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Local\Spotify
[2012.04.08 01:50:32 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Roaming\Spotify
[2012.04.04 06:14:40 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Desktop\StSrch
[2012.04.03 22:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsers Protector
[2012.04.03 22:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.03 22:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.03 22:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.04.03 22:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.04.03 02:48:07 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Documents\Virtual Machines
[2012.04.03 02:33:22 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.03 02:32:14 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Local\VMware
[2012.04.03 02:32:09 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Roaming\VMware
[2012.04.03 02:31:35 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.03 02:27:29 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012.04.03 02:27:03 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012.04.03 02:26:59 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012.04.03 02:26:59 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012.04.03 02:26:55 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012.04.03 02:26:48 | 000,032,880 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2012.04.03 02:26:47 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012.04.03 02:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.04.03 02:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.04.03 02:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2012.04.03 02:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012.04.03 02:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.04.01 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Desktop\Парда Жураев
[2012.03.29 11:44:54 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Roaming\MP3SkypeRecorder
[2012.03.29 11:44:54 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Local\Alexander_Nikiforov
[2012.03.29 11:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Skype Recorder
[2012.03.28 13:24:03 | 000,000,000 | ---D | C] -- C:\Temp
[2012.03.28 11:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.03.28 11:19:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.03.28 11:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.03.28 11:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012.03.28 11:18:35 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2012.03.27 17:28:47 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Desktop\literature
[2012.03.25 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\Desktop\SENARIS
[2012.03.17 22:07:46 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012.03.15 06:34:14 | 005,561,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.15 06:34:12 | 003,971,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.15 06:34:12 | 003,916,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.15 06:29:02 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.15 06:26:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.15 06:26:32 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.15 06:26:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.15 06:26:30 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.03.15 06:26:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.15 06:26:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.12 21:50:31 | 000,000,000 | ---D | C] -- C:\Users\Murodullo\AppData\Roaming\VoipCheapCom
[2012.03.12 21:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipCheapCom
[2012.03.12 21:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VoipCheapCom.com

========== Files - Modified Within 30 Days ==========

[2012.04.10 18:47:01 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 18:47:01 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 18:42:29 | 001,655,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.10 18:42:29 | 000,727,224 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.04.10 18:42:29 | 000,657,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.10 18:42:29 | 000,150,204 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.04.10 18:42:29 | 000,122,634 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.10 18:38:06 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AlterGeoUpdaterS-1-5-18.job
[2012.04.10 18:37:58 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.04.10 18:37:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.10 18:37:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.10 17:15:02 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.10 15:41:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.09 16:15:49 | 000,000,885 | ---- | M] () -- C:\Users\Murodullo\.recently-used.xbel
[2012.04.08 17:46:34 | 000,322,788 | ---- | M] () -- C:\Users\Murodullo\Desktop\347.pdf
[2012.04.08 02:56:32 | 000,000,251 | ---- | M] () -- C:\user.js
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.03 02:33:29 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.03 02:33:29 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.03 02:33:22 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.03 02:27:32 | 000,001,015 | ---- | M] () -- C:\Users\Murodullo\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2012.04.03 02:26:24 | 001,673,212 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.02 10:52:25 | 000,418,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.28 13:22:22 | 000,224,538 | ---- | M] () -- C:\Windows\hpwins26.dat
[2012.03.28 11:58:58 | 000,226,685 | ---- | M] () -- C:\Windows\hpwins28.dat
[2012.03.28 11:19:20 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.28 10:03:03 | 000,002,515 | ---- | M] () -- C:\Users\Murodullo\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

========== Files Created - No Company Name ==========

[2012.04.10 17:15:02 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.10 15:41:40 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.09 16:15:49 | 000,000,885 | ---- | C] () -- C:\Users\Murodullo\.recently-used.xbel
[2012.04.08 15:33:57 | 000,322,788 | ---- | C] () -- C:\Users\Murodullo\Desktop\347.pdf
[2012.04.08 02:56:31 | 000,000,251 | ---- | C] () -- C:\user.js
[2012.04.08 01:51:05 | 000,001,815 | ---- | C] () -- C:\Users\Murodullo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.04.03 02:31:38 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 02:27:32 | 000,001,015 | ---- | C] () -- C:\Users\Murodullo\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2012.03.29 11:44:43 | 000,003,025 | ---- | C] () -- C:\Users\Murodullo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
[2012.03.28 13:03:14 | 000,224,538 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.03.28 13:03:14 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2012.03.28 11:20:04 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Регистрация I.R.I.S. OCR.lnk
[2012.03.28 11:19:20 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.03.28 11:16:59 | 000,226,685 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.03.28 11:16:58 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2012.03.17 22:07:47 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012.03.09 05:01:37 | 000,070,150 | ---- | C] () -- C:\Users\Murodullo\AppData\Roaming\HDU_temp.bmp
[2012.03.09 04:48:45 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.03.03 06:32:06 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.03.03 06:32:06 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.02.25 09:13:46 | 000,143,452 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.21 10:21:08 | 000,000,045 | RH-- | C] () -- C:\Windows\sgc_user.dat
[2012.02.18 09:34:55 | 001,673,212 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.18 09:28:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.18 09:28:21 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.02.18 09:28:20 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.18 09:28:19 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.09.11 14:45:42 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

Please find the logs requested by you above.
Thank you very much and I remain at your disposal!

#10 eddie5659

eddie5659

  • Malware Response Team
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 10 April 2012 - 01:13 PM

Looks like that removed quite a bit :)

Can you run the following tools, and copy/paste the logs that they produce here:


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

-------------------------

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie

#11 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 10 April 2012 - 02:28 PM

Guys, I am with you and I am here. But now I have to leave the forum for a few hours, and do please not leave alone!
I shall soon be back!
Thank you in advance to all of you!!!!

#12 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 10 April 2012 - 04:17 PM

Latest version of TDSSKiller
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


--------------------------
22:38:28.0299 6072 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:38:28.0564 6072 ============================================================
22:38:28.0564 6072 Current date / time: 2012/04/10 22:38:28.0564
22:38:28.0564 6072 SystemInfo:
22:38:28.0564 6072
22:38:28.0564 6072 OS Version: 6.1.7601 ServicePack: 1.0
22:38:28.0564 6072 Product type: Workstation
22:38:28.0565 6072 ComputerName: MURODULLO-PC
22:38:28.0565 6072 UserName: Murodullo
22:38:28.0565 6072 Windows directory: C:\Windows
22:38:28.0565 6072 System windows directory: C:\Windows
22:38:28.0565 6072 Running under WOW64
22:38:28.0565 6072 Processor architecture: Intel x64
22:38:28.0565 6072 Number of processors: 8
22:38:28.0565 6072 Page size: 0x1000
22:38:28.0565 6072 Boot type: Normal boot
22:38:28.0565 6072 ============================================================
22:38:29.0029 6072 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:29.0039 6072 \Device\Harddisk0\DR0:
22:38:29.0039 6072 MBR used
22:38:29.0039 6072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x839AFCF
22:38:29.0057 6072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x839B04D, BlocksNum 0x31FE9BF4
22:38:29.0068 6072 Initialize success
22:38:29.0068 6072 ============================================================
22:38:49.0517 3704 ============================================================
22:38:49.0517 3704 Scan started
22:38:49.0517 3704 Mode: Manual; SigCheck; TDLFS;
22:38:49.0517 3704 ============================================================
22:38:53.0993 3704 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:38:54.0113 3704 !SASCORE - ok
22:38:54.0333 3704 1394ohci (261d442542ee135c33d9362d4be2e588) C:\Windows\system32\drivers\1394ohci.sys
22:38:54.0409 3704 1394ohci - ok
22:38:54.0558 3704 ACPI (f84676c7d6684e86d3f05b2c5e9019b1) C:\Windows\system32\drivers\ACPI.sys
22:38:54.0591 3704 ACPI - ok
22:38:54.0658 3704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:38:54.0725 3704 AcpiPmi - ok
22:38:54.0813 3704 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:38:54.0831 3704 AdobeARMservice - ok
22:38:55.0027 3704 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:38:55.0051 3704 AdobeFlashPlayerUpdateSvc - ok
22:38:55.0187 3704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:38:55.0212 3704 adp94xx - ok
22:38:55.0341 3704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:38:55.0372 3704 adpahci - ok
22:38:55.0502 3704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:38:55.0528 3704 adpu320 - ok
22:38:55.0567 3704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:38:55.0692 3704 AeLookupSvc - ok
22:38:55.0808 3704 AFD (36a14fd1a23f57046361733b792ca8db) C:\Windows\system32\drivers\afd.sys
22:38:55.0847 3704 AFD - ok
22:38:55.0962 3704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:38:55.0982 3704 agp440 - ok
22:38:56.0027 3704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:38:56.0078 3704 ALG - ok
22:38:56.0188 3704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:38:56.0207 3704 aliide - ok
22:38:56.0226 3704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:38:56.0245 3704 amdide - ok
22:38:56.0348 3704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:38:56.0397 3704 AmdK8 - ok
22:38:56.0503 3704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:38:56.0549 3704 AmdPPM - ok
22:38:56.0662 3704 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:38:56.0684 3704 amdsata - ok
22:38:56.0708 3704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:38:56.0731 3704 amdsbs - ok
22:38:56.0850 3704 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:38:56.0871 3704 amdxata - ok
22:38:56.0961 3704 AntiVirSchedulerService (3e2d2aaa85ebebd884dba70edfefacaa) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:38:56.0990 3704 AntiVirSchedulerService - ok
22:38:57.0010 3704 AntiVirService (ea3487c45918ba450d200bb524db3cd1) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:38:57.0032 3704 AntiVirService - ok
22:38:57.0161 3704 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:38:57.0204 3704 AppID - ok
22:38:57.0306 3704 AppIDSvc (0af2f26858b19366f2eba4b112efde46) C:\Windows\System32\appidsvc.dll
22:38:57.0351 3704 AppIDSvc - ok
22:38:57.0449 3704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:38:57.0524 3704 Appinfo - ok
22:38:57.0652 3704 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:38:57.0670 3704 Apple Mobile Device - ok
22:38:57.0768 3704 AppMgmt (7a6a43efe857532b1b92f510179ae7bb) C:\Windows\System32\appmgmts.dll
22:38:57.0825 3704 AppMgmt - ok
22:38:57.0882 3704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:38:57.0906 3704 arc - ok
22:38:57.0991 3704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:38:58.0014 3704 arcsas - ok
22:38:58.0137 3704 aspnet_state (fdb98c34bb26c59d5e550a734168e4c5) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:38:58.0159 3704 aspnet_state - ok
22:38:58.0273 3704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:58.0341 3704 AsyncMac - ok
22:38:58.0451 3704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:38:58.0471 3704 atapi - ok
22:38:58.0566 3704 AtherosSvc (f2030c94dd3aa1e5ff416a3ae0fec88e) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:38:58.0649 3704 AtherosSvc - ok
22:38:58.0803 3704 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
22:38:58.0893 3704 athr - ok
22:38:58.0999 3704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:38:59.0084 3704 AudioEndpointBuilder - ok
22:38:59.0128 3704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:38:59.0162 3704 AudioSrv - ok
22:38:59.0259 3704 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:38:59.0271 3704 avgntflt - ok
22:38:59.0304 3704 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
22:38:59.0317 3704 avipbb - ok
22:38:59.0410 3704 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:38:59.0426 3704 avkmgr - ok
22:38:59.0535 3704 AxInstSV (3ef6de560cd2441fc0a149c83c5a5c65) C:\Windows\System32\AxInstSV.dll
22:38:59.0589 3704 AxInstSV - ok
22:38:59.0716 3704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:38:59.0754 3704 b06bdrv - ok
22:38:59.0859 3704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:38:59.0896 3704 b57nd60a - ok
22:39:00.0003 3704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:39:00.0042 3704 BDESVC - ok
22:39:00.0100 3704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:39:00.0157 3704 Beep - ok
22:39:00.0282 3704 BFE (cd5f2506d814f812bc4996d081d1bf03) C:\Windows\System32\bfe.dll
22:39:00.0320 3704 BFE - ok
22:39:00.0427 3704 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:39:00.0498 3704 BITS - ok
22:39:00.0618 3704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:39:00.0666 3704 blbdrive - ok
22:39:00.0758 3704 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:39:00.0774 3704 Bonjour Service - ok
22:39:00.0886 3704 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:39:00.0932 3704 bowser - ok
22:39:01.0034 3704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:39:01.0061 3704 BrFiltLo - ok
22:39:01.0075 3704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:39:01.0101 3704 BrFiltUp - ok
22:39:01.0214 3704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:39:01.0305 3704 Browser - ok
22:39:01.0421 3704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:39:01.0491 3704 Brserid - ok
22:39:01.0604 3704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:01.0650 3704 BrSerWdm - ok
22:39:01.0756 3704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:01.0801 3704 BrUsbMdm - ok
22:39:01.0945 3704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:01.0972 3704 BrUsbSer - ok
22:39:02.0084 3704 BTATH_BUS (67d81e7fa34b4197a2c309978889d25c) C:\Windows\system32\DRIVERS\btath_bus.sys
22:39:02.0091 3704 BTATH_BUS - ok
22:39:02.0138 3704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:39:02.0161 3704 BTHMODEM - ok
22:39:02.0253 3704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:39:02.0304 3704 bthserv - ok
22:39:02.0355 3704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:39:02.0398 3704 cdfs - ok
22:39:02.0503 3704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:39:02.0534 3704 cdrom - ok
22:39:02.0632 3704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:39:02.0679 3704 CertPropSvc - ok
22:39:02.0729 3704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:39:02.0766 3704 circlass - ok
22:39:02.0861 3704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:39:02.0876 3704 CLFS - ok
22:39:02.0944 3704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:02.0965 3704 clr_optimization_v2.0.50727_32 - ok
22:39:03.0065 3704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:03.0086 3704 clr_optimization_v2.0.50727_64 - ok
22:39:03.0166 3704 clr_optimization_v4.0.30319_32 (637245588a4bfde03aa621dcc5aefd4a) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:03.0216 3704 clr_optimization_v4.0.30319_32 - ok
22:39:03.0286 3704 clr_optimization_v4.0.30319_64 (6c85bd0f605014ca2277da5518f35dba) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:03.0305 3704 clr_optimization_v4.0.30319_64 - ok
22:39:03.0396 3704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:39:03.0416 3704 CmBatt - ok
22:39:03.0477 3704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:39:03.0486 3704 cmdide - ok
22:39:03.0564 3704 CNG (d584a6204d791c4475e4b397ef713c44) C:\Windows\system32\Drivers\cng.sys
22:39:03.0587 3704 CNG - ok
22:39:03.0699 3704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:39:03.0725 3704 Compbatt - ok
22:39:03.0754 3704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:39:03.0776 3704 CompositeBus - ok
22:39:03.0842 3704 COMSysApp - ok
22:39:03.0883 3704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:39:03.0904 3704 crcdisk - ok
22:39:03.0959 3704 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:39:04.0003 3704 CryptSvc - ok
22:39:04.0116 3704 CSC (8353725eee456a3c0efdeb3010976d95) C:\Windows\system32\drivers\csc.sys
22:39:04.0155 3704 CSC - ok
22:39:04.0257 3704 CscService (6accf84234ccbd1a38bb272ddfe0d376) C:\Windows\System32\cscsvc.dll
22:39:04.0340 3704 CscService - ok
22:39:04.0450 3704 DcomLaunch (225efee8960e554f3ab9a4a91790c039) C:\Windows\system32\rpcss.dll
22:39:04.0517 3704 DcomLaunch - ok
22:39:04.0604 3704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:39:04.0670 3704 defragsvc - ok
22:39:04.0726 3704 DfsC (1bfa143a375669b75d83bdf2054a893d) C:\Windows\system32\Drivers\dfsc.sys
22:39:04.0745 3704 DfsC - ok
22:39:04.0851 3704 Dhcp (e3fa0655a70064a9f712e32c8edc1261) C:\Windows\system32\dhcpcore.dll
22:39:04.0884 3704 Dhcp - ok
22:39:04.0990 3704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:39:05.0060 3704 discache - ok
22:39:05.0191 3704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:39:05.0214 3704 Disk - ok
22:39:05.0254 3704 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
22:39:05.0299 3704 dmvsc - ok
22:39:05.0403 3704 Dnscache (a06098e823ee2e63d42691c0d7bcde46) C:\Windows\System32\dnsrslvr.dll
22:39:05.0434 3704 Dnscache - ok
22:39:05.0457 3704 dot3svc (dd5038774edf647e0d9f4220b1ade6fc) C:\Windows\System32\dot3svc.dll
22:39:05.0499 3704 dot3svc - ok
22:39:05.0599 3704 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:39:05.0642 3704 Dot4 - ok
22:39:05.0750 3704 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:39:05.0798 3704 Dot4Print - ok
22:39:05.0813 3704 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:39:05.0844 3704 dot4usb - ok
22:39:05.0957 3704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:39:06.0016 3704 DPS - ok
22:39:06.0123 3704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:39:06.0168 3704 drmkaud - ok
22:39:06.0231 3704 DXGKrnl (ce7743807258a7d383c427e3c178a49e) C:\Windows\System32\drivers\dxgkrnl.sys
22:39:06.0267 3704 DXGKrnl - ok
22:39:06.0395 3704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:39:06.0459 3704 EapHost - ok
22:39:06.0599 3704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:39:06.0712 3704 ebdrv - ok
22:39:06.0800 3704 EFS (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\System32\lsass.exe
22:39:06.0850 3704 EFS - ok
22:39:06.0931 3704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:39:06.0993 3704 ehRecvr - ok
22:39:07.0087 3704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:39:07.0136 3704 ehSched - ok
22:39:07.0235 3704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:39:07.0268 3704 elxstor - ok
22:39:07.0369 3704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:39:07.0413 3704 ErrDev - ok
22:39:07.0522 3704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:39:07.0605 3704 EventSystem - ok
22:39:07.0730 3704 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:39:07.0760 3704 EvtEng - ok
22:39:07.0871 3704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:39:07.0916 3704 exfat - ok
22:39:08.0020 3704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:39:08.0084 3704 fastfat - ok
22:39:08.0203 3704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:39:08.0284 3704 Fax - ok
22:39:08.0395 3704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:39:08.0433 3704 fdc - ok
22:39:08.0544 3704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:39:08.0624 3704 fdPHost - ok
22:39:08.0714 3704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:39:08.0776 3704 FDResPub - ok
22:39:08.0853 3704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:39:08.0861 3704 FileInfo - ok
22:39:08.0916 3704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:39:08.0966 3704 Filetrace - ok
22:39:09.0085 3704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:39:09.0121 3704 flpydisk - ok
22:39:09.0239 3704 FltMgr (cf145a57aeba71b82b1c6f103461f6fa) C:\Windows\system32\drivers\fltmgr.sys
22:39:09.0270 3704 FltMgr - ok
22:39:09.0330 3704 FontCache (01b7ad61a48cd5a4563fda6ad4608e95) C:\Windows\system32\FntCache.dll
22:39:09.0380 3704 FontCache - ok
22:39:09.0504 3704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:09.0521 3704 FontCache3.0.0.0 - ok
22:39:09.0577 3704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:39:09.0593 3704 FsDepends - ok
22:39:09.0656 3704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:39:09.0671 3704 Fs_Rec - ok
22:39:09.0756 3704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:39:09.0785 3704 fvevol - ok
22:39:09.0895 3704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:39:09.0923 3704 gagp30kx - ok
22:39:10.0027 3704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:39:10.0041 3704 GEARAspiWDM - ok
22:39:10.0118 3704 gpsvc (c188969ac82aff6b2a6cd967046c81b7) C:\Windows\System32\gpsvc.dll
22:39:10.0172 3704 gpsvc - ok
22:39:10.0288 3704 Guard.Mail.ru (4e808bd83cc5ecf45163fc7942657a1a) C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
22:39:10.0318 3704 Guard.Mail.ru - ok
22:39:10.0427 3704 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
22:39:10.0444 3704 hcmon - ok
22:39:10.0484 3704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:39:10.0524 3704 hcw85cir - ok
22:39:10.0634 3704 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:39:10.0679 3704 HdAudAddService - ok
22:39:10.0797 3704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:10.0854 3704 HDAudBus - ok
22:39:10.0963 3704 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:39:10.0978 3704 HECIx64 - ok
22:39:11.0020 3704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:39:11.0053 3704 HidBatt - ok
22:39:11.0155 3704 HidBth (fdf5ead19fd8b2d0c50a9ccdd7836f9e) C:\Windows\system32\drivers\hidbth.sys
22:39:11.0203 3704 HidBth - ok
22:39:11.0292 3704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:39:11.0323 3704 HidIr - ok
22:39:11.0353 3704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:39:11.0411 3704 hidserv - ok
22:39:11.0517 3704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:39:11.0542 3704 HidUsb - ok
22:39:11.0639 3704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:39:11.0682 3704 hkmsvc - ok
22:39:11.0699 3704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:39:11.0748 3704 HomeGroupListener - ok
22:39:11.0851 3704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:39:11.0900 3704 HomeGroupProvider - ok
22:39:12.0032 3704 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:39:12.0059 3704 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:39:12.0059 3704 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:39:12.0183 3704 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:39:12.0209 3704 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:39:12.0209 3704 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:39:12.0329 3704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:39:12.0352 3704 HpSAMD - ok
22:39:12.0508 3704 HPSLPSVC (4f6c514b6149e380b8c1edeac3d7aec5) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:39:12.0546 3704 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:39:12.0546 3704 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:39:12.0669 3704 HTTP (9dac3d5d0fef086af576453ec4735128) C:\Windows\system32\drivers\HTTP.sys
22:39:12.0705 3704 HTTP - ok
22:39:12.0819 3704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:39:12.0834 3704 hwpolicy - ok
22:39:12.0976 3704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:13.0014 3704 i8042prt - ok
22:39:13.0123 3704 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
22:39:13.0149 3704 iaStor - ok
22:39:13.0267 3704 IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:39:13.0278 3704 IAStorDataMgrSvc - ok
22:39:13.0401 3704 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:39:13.0435 3704 iaStorV - ok
22:39:13.0577 3704 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
22:39:13.0596 3704 IDMWFP - ok
22:39:13.0712 3704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:13.0749 3704 idsvc - ok
22:39:13.0864 3704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:39:13.0879 3704 iirsp - ok
22:39:13.0936 3704 IKEEXT (c4fd43e3b0ee832cbe664652a95326b2) C:\Windows\System32\ikeext.dll
22:39:13.0976 3704 IKEEXT - ok
22:39:14.0143 3704 IntcAzAudAddService (697c927e0de2abaf1a5f455033f687cd) C:\Windows\system32\drivers\RTKVHD64.sys
22:39:14.0205 3704 IntcAzAudAddService - ok
22:39:14.0322 3704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:39:14.0338 3704 intelide - ok
22:39:14.0465 3704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:39:14.0502 3704 intelppm - ok
22:39:14.0611 3704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:39:14.0677 3704 IPBusEnum - ok
22:39:14.0736 3704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:14.0767 3704 IpFilterDriver - ok
22:39:14.0867 3704 iphlpsvc (a652300ee3d20aa9826b4a0661d914a8) C:\Windows\System32\iphlpsvc.dll
22:39:14.0921 3704 iphlpsvc - ok
22:39:15.0021 3704 IPMIDRV (e277572e61604d174cfbcfcceafa9591) C:\Windows\system32\drivers\IPMIDrv.sys
22:39:15.0055 3704 IPMIDRV - ok
22:39:15.0158 3704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:39:15.0249 3704 IPNAT - ok
22:39:15.0355 3704 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:39:15.0384 3704 iPod Service - ok
22:39:15.0493 3704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:39:15.0513 3704 IRENUM - ok
22:39:15.0632 3704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:39:15.0653 3704 isapnp - ok
22:39:15.0682 3704 iScsiPrt (73c4b7300b1d3c518bf3286d7102a3a5) C:\Windows\system32\drivers\msiscsi.sys
22:39:15.0695 3704 iScsiPrt - ok
22:39:15.0786 3704 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
22:39:15.0795 3704 ISODrive - ok
22:39:15.0909 3704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:15.0923 3704 kbdclass - ok
22:39:15.0968 3704 kbdhid (3985332405fa64d8e679a1db24901596) C:\Windows\system32\drivers\kbdhid.sys
22:39:16.0015 3704 kbdhid - ok
22:39:16.0090 3704 KeyIso (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:39:16.0112 3704 KeyIso - ok
22:39:16.0169 3704 KSecDD (44112506709c9ee7e8ac38e161706e34) C:\Windows\system32\Drivers\ksecdd.sys
22:39:16.0180 3704 KSecDD - ok
22:39:16.0200 3704 KSecPkg (b524a961476f54897e8b5cc0be037e3f) C:\Windows\system32\Drivers\ksecpkg.sys
22:39:16.0213 3704 KSecPkg - ok
22:39:16.0308 3704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:39:16.0350 3704 ksthunk - ok
22:39:16.0438 3704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:39:16.0504 3704 KtmRm - ok
22:39:16.0557 3704 L1C (6e0698cea0901fd1a2b9ce0859e2d8fe) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:39:16.0564 3704 L1C - ok
22:39:16.0658 3704 LanmanServer (bb1f14c43241f880d23b1a8bb0b76dd0) C:\Windows\system32\srvsvc.dll
22:39:16.0711 3704 LanmanServer - ok
22:39:16.0741 3704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:39:16.0801 3704 LanmanWorkstation - ok
22:39:16.0932 3704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:39:17.0000 3704 lltdio - ok
22:39:17.0093 3704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:39:17.0128 3704 lltdsvc - ok
22:39:17.0147 3704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:39:17.0178 3704 lmhosts - ok
22:39:17.0300 3704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:39:17.0321 3704 LSI_FC - ok
22:39:17.0444 3704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:39:17.0468 3704 LSI_SAS - ok
22:39:17.0584 3704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:39:17.0606 3704 LSI_SAS2 - ok
22:39:17.0724 3704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:39:17.0756 3704 LSI_SCSI - ok
22:39:17.0800 3704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:39:17.0849 3704 luafv - ok
22:39:17.0933 3704 massfilter - ok
22:39:18.0088 3704 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:39:18.0102 3704 MBAMProtector - ok
22:39:18.0165 3704 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:39:18.0188 3704 MBAMService - ok
22:39:18.0269 3704 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:39:18.0285 3704 McComponentHostService - ok
22:39:18.0372 3704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:39:18.0400 3704 Mcx2Svc - ok
22:39:18.0456 3704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:39:18.0469 3704 megasas - ok
22:39:18.0598 3704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:39:18.0628 3704 MegaSR - ok
22:39:18.0726 3704 Microsoft SharePoint Workspace Audit Service - ok
22:39:18.0810 3704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:39:18.0883 3704 MMCSS - ok
22:39:18.0928 3704 Modem (bffb0c93d9fb43ca42ef11c9240bff7f) C:\Windows\system32\drivers\modem.sys
22:39:18.0963 3704 Modem - ok
22:39:19.0057 3704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:39:19.0071 3704 monitor - ok
22:39:19.0107 3704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:39:19.0116 3704 mouclass - ok
22:39:19.0227 3704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:39:19.0259 3704 mouhid - ok
22:39:19.0358 3704 mountmgr (b3f55c20008956239a2190dbd7cc4c31) C:\Windows\system32\drivers\mountmgr.sys
22:39:19.0381 3704 mountmgr - ok
22:39:19.0401 3704 mpio (0edf7f93213ca293d0c549f6905422c4) C:\Windows\system32\drivers\mpio.sys
22:39:19.0411 3704 mpio - ok
22:39:19.0425 3704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:39:19.0465 3704 mpsdrv - ok
22:39:19.0558 3704 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:39:19.0626 3704 MpsSvc - ok
22:39:19.0737 3704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:39:19.0793 3704 MRxDAV - ok
22:39:19.0898 3704 mrxsmb (73f488bc627cb0ac91840aa9fac30104) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:19.0934 3704 mrxsmb - ok
22:39:20.0048 3704 mrxsmb10 (311b774ec01b8be17c9508049ea77875) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:20.0088 3704 mrxsmb10 - ok
22:39:20.0203 3704 mrxsmb20 (953f769f8d2ab6f854bee5a5c7aaca6c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:20.0245 3704 mrxsmb20 - ok
22:39:20.0346 3704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:39:20.0368 3704 msahci - ok
22:39:20.0391 3704 msdsm (4f42c9ce2bd3444b1b98593a2dfbc547) C:\Windows\system32\drivers\msdsm.sys
22:39:20.0402 3704 msdsm - ok
22:39:20.0443 3704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:39:20.0468 3704 MSDTC - ok
22:39:20.0586 3704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:39:20.0633 3704 Msfs - ok
22:39:20.0746 3704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:39:20.0805 3704 mshidkmdf - ok
22:39:20.0822 3704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:39:20.0830 3704 msisadrv - ok
22:39:20.0935 3704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:39:21.0011 3704 MSiSCSI - ok
22:39:21.0027 3704 msiserver - ok
22:39:21.0129 3704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:39:21.0187 3704 MSKSSRV - ok
22:39:21.0271 3704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:21.0343 3704 MSPCLOCK - ok
22:39:21.0449 3704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:39:21.0520 3704 MSPQM - ok
22:39:21.0622 3704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:39:21.0653 3704 MsRPC - ok
22:39:21.0680 3704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:21.0688 3704 mssmbios - ok
22:39:21.0798 3704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:39:21.0860 3704 MSTEE - ok
22:39:21.0950 3704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:39:21.0995 3704 MTConfig - ok
22:39:22.0014 3704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:39:22.0028 3704 Mup - ok
22:39:22.0133 3704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:39:22.0193 3704 napagent - ok
22:39:22.0309 3704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:39:22.0350 3704 NativeWifiP - ok
22:39:22.0483 3704 NDIS (09ff60d17db52f8140324c86b01cc25b) C:\Windows\system32\drivers\ndis.sys
22:39:22.0517 3704 NDIS - ok
22:39:22.0632 3704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:22.0693 3704 NdisCap - ok
22:39:22.0812 3704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:22.0836 3704 NdisTapi - ok
22:39:22.0980 3704 Ndisuio (d12f6a808bc504875b9880e91bb1b4dd) C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:23.0022 3704 Ndisuio - ok
22:39:23.0130 3704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:23.0206 3704 NdisWan - ok
22:39:23.0303 3704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:39:23.0318 3704 NDProxy - ok
22:39:23.0356 3704 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
22:39:23.0361 3704 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:39:23.0361 3704 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:39:23.0482 3704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:39:23.0526 3704 NetBIOS - ok
22:39:23.0552 3704 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:39:23.0600 3704 NetBT - ok
22:39:23.0690 3704 Netlogon (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:39:23.0702 3704 Netlogon - ok
22:39:23.0740 3704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:39:23.0799 3704 Netman - ok
22:39:23.0941 3704 NetMsmqActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:23.0981 3704 NetMsmqActivator - ok
22:39:23.0997 3704 NetPipeActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:24.0005 3704 NetPipeActivator - ok
22:39:24.0102 3704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:39:24.0153 3704 netprofm - ok
22:39:24.0286 3704 NetTcpActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:24.0301 3704 NetTcpActivator - ok
22:39:24.0308 3704 NetTcpPortSharing (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:24.0323 3704 NetTcpPortSharing - ok
22:39:24.0421 3704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:39:24.0442 3704 nfrd960 - ok
22:39:24.0556 3704 NlaSvc (2efc47437a5605d49bb1658990f8ef68) C:\Windows\System32\nlasvc.dll
22:39:24.0611 3704 NlaSvc - ok
22:39:24.0724 3704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:39:24.0792 3704 Npfs - ok
22:39:24.0890 3704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:39:24.0935 3704 nsi - ok
22:39:25.0003 3704 nsiproxy (436ee51d8f206b79df7b9cbb057299c0) C:\Windows\system32\drivers\nsiproxy.sys
22:39:25.0033 3704 nsiproxy - ok
22:39:25.0143 3704 Ntfs (572fabed364ae40a330602da7e60bb63) C:\Windows\system32\drivers\Ntfs.sys
22:39:25.0185 3704 Ntfs - ok
22:39:25.0285 3704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:39:25.0361 3704 Null - ok
22:39:25.0477 3704 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
22:39:25.0485 3704 NVHDA - ok
22:39:25.0827 3704 nvlddmkm (6850d89c7abdd8b4fb0b3659da961379) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:39:26.0160 3704 nvlddmkm - ok
22:39:26.0274 3704 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:39:26.0295 3704 nvraid - ok
22:39:26.0318 3704 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:39:26.0329 3704 nvstor - ok
22:39:26.0425 3704 nvsvc (2cbaf74c49c472160ebd73adab8dab50) C:\Windows\system32\nvvsvc.exe
22:39:26.0446 3704 nvsvc - ok
22:39:26.0499 3704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:39:26.0522 3704 nv_agp - ok
22:39:26.0628 3704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:39:26.0721 3704 ohci1394 - ok
22:39:26.0807 3704 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:26.0827 3704 ose64 - ok
22:39:26.0983 3704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:39:27.0139 3704 osppsvc - ok
22:39:27.0241 3704 p2pimsvc (8830d42427d05b15b032108ebbdbd289) C:\Windows\system32\pnrpsvc.dll
22:39:27.0277 3704 p2pimsvc - ok
22:39:27.0328 3704 p2psvc (5b7baded6943aa6f4b6c1aba5fccb25f) C:\Windows\system32\p2psvc.dll
22:39:27.0382 3704 p2psvc - ok
22:39:27.0463 3704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:39:27.0496 3704 Parport - ok
22:39:27.0536 3704 partmgr (2c762e9debd9212ad2af68ff5c593a98) C:\Windows\system32\drivers\partmgr.sys
22:39:27.0554 3704 partmgr - ok
22:39:27.0639 3704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:39:27.0687 3704 PcaSvc - ok
22:39:27.0762 3704 pci (b9f2f6aace16dc38eaa7afd537854df4) C:\Windows\system32\drivers\pci.sys
22:39:27.0773 3704 pci - ok
22:39:27.0837 3704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:39:27.0845 3704 pciide - ok
22:39:27.0913 3704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:39:27.0923 3704 pcmcia - ok
22:39:27.0989 3704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:39:27.0997 3704 pcw - ok
22:39:28.0049 3704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:39:28.0104 3704 PEAUTH - ok
22:39:28.0221 3704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:39:28.0269 3704 PeerDistSvc - ok
22:39:28.0389 3704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:39:28.0427 3704 PerfHost - ok
22:39:28.0566 3704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:39:28.0646 3704 pla - ok
22:39:28.0763 3704 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:39:28.0811 3704 PlugPlay - ok
22:39:28.0940 3704 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
22:39:28.0957 3704 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:39:28.0957 3704 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:39:29.0004 3704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:39:29.0047 3704 PNRPAutoReg - ok
22:39:29.0152 3704 PNRPsvc (8830d42427d05b15b032108ebbdbd289) C:\Windows\system32\pnrpsvc.dll
22:39:29.0185 3704 PNRPsvc - ok
22:39:29.0240 3704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:39:29.0309 3704 PolicyAgent - ok
22:39:29.0405 3704 Power (12b96e339a35f56807d4d788439ff484) C:\Windows\system32\umpo.dll
22:39:29.0449 3704 Power - ok
22:39:29.0566 3704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:39:29.0635 3704 PptpMiniport - ok
22:39:29.0738 3704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:39:29.0786 3704 Processor - ok
22:39:29.0884 3704 ProfSvc (fa2dc7f63f5483fb5d1820a203709e12) C:\Windows\system32\profsvc.dll
22:39:29.0931 3704 ProfSvc - ok
22:39:29.0968 3704 ProtectedStorage (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:39:29.0991 3704 ProtectedStorage - ok
22:39:30.0093 3704 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:39:30.0166 3704 Psched - ok
22:39:30.0320 3704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:39:30.0366 3704 ql2300 - ok
22:39:30.0484 3704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:39:30.0509 3704 ql40xx - ok
22:39:30.0554 3704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:39:30.0585 3704 QWAVE - ok
22:39:30.0687 3704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:39:30.0727 3704 QWAVEdrv - ok
22:39:30.0820 3704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:39:30.0886 3704 RasAcd - ok
22:39:30.0991 3704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:39:31.0040 3704 RasAgileVpn - ok
22:39:31.0084 3704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:39:31.0132 3704 RasAuto - ok
22:39:31.0237 3704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:31.0307 3704 Rasl2tp - ok
22:39:31.0394 3704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:39:31.0443 3704 RasMan - ok
22:39:31.0492 3704 RasPppoe (77682de44b334e6aafcd0ed61fb7404f) C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:31.0514 3704 RasPppoe - ok
22:39:31.0638 3704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:39:31.0696 3704 RasSstp - ok
22:39:31.0806 3704 rdbss (f7331797f4644f04247eb6a74b9f56a0) C:\Windows\system32\DRIVERS\rdbss.sys
22:39:31.0850 3704 rdbss - ok
22:39:31.0951 3704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:39:31.0987 3704 rdpbus - ok
22:39:32.0111 3704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:32.0181 3704 RDPCDD - ok
22:39:32.0286 3704 RDPDR (9e53d41bd99beb981180978c4ae0bdeb) C:\Windows\system32\drivers\rdpdr.sys
22:39:32.0326 3704 RDPDR - ok
22:39:32.0445 3704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:39:32.0509 3704 RDPENCDD - ok
22:39:32.0605 3704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:39:32.0646 3704 RDPREFMP - ok
22:39:32.0663 3704 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:39:32.0696 3704 RdpVideoMiniport - ok
22:39:32.0797 3704 RDPWD (0b93aa14e7dcd85cc82bc7d7d1ca9b24) C:\Windows\system32\drivers\RDPWD.sys
22:39:32.0840 3704 RDPWD - ok
22:39:32.0961 3704 rdyboost (a115f49bea840a5f049bc6310f35f776) C:\Windows\system32\drivers\rdyboost.sys
22:39:32.0982 3704 rdyboost - ok
22:39:33.0097 3704 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:39:33.0129 3704 RegSrvc - ok
22:39:33.0236 3704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:39:33.0267 3704 RemoteAccess - ok
22:39:33.0306 3704 RemoteRegistry (e27f4d24d28e52f81a9223826939276b) C:\Windows\system32\regsvc.dll
22:39:33.0337 3704 RemoteRegistry - ok
22:39:33.0504 3704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:39:33.0572 3704 RpcEptMapper - ok
22:39:33.0738 3704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:39:33.0768 3704 RpcLocator - ok
22:39:33.0873 3704 RpcSs (225efee8960e554f3ab9a4a91790c039) C:\Windows\system32\rpcss.dll
22:39:33.0900 3704 RpcSs - ok
22:39:33.0999 3704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:39:34.0064 3704 rspndr - ok
22:39:34.0161 3704 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:39:34.0203 3704 s3cap - ok
22:39:34.0236 3704 SamSs (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:39:34.0255 3704 SamSs - ok
22:39:34.0361 3704 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:39:34.0379 3704 SASDIFSV - ok
22:39:34.0413 3704 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:39:34.0423 3704 SASKUTIL - ok
22:39:34.0532 3704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:39:34.0563 3704 sbp2port - ok
22:39:34.0608 3704 SCardSvr (38224ff66a734f973d10e1465ad4cb07) C:\Windows\System32\SCardSvr.dll
22:39:34.0633 3704 SCardSvr - ok
22:39:34.0731 3704 scfilter (cdf622efc748f82ea9571138406871ea) C:\Windows\system32\DRIVERS\scfilter.sys
22:39:34.0762 3704 scfilter - ok
22:39:34.0864 3704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:39:34.0919 3704 Schedule - ok
22:39:35.0003 3704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:39:35.0032 3704 SCPolicySvc - ok
22:39:35.0075 3704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:39:35.0110 3704 SDRSVC - ok
22:39:35.0220 3704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:39:35.0257 3704 secdrv - ok
22:39:35.0291 3704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:39:35.0323 3704 seclogon - ok
22:39:35.0406 3704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:39:35.0453 3704 SENS - ok
22:39:35.0474 3704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:39:35.0522 3704 SensrSvc - ok
22:39:35.0629 3704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:39:35.0662 3704 Serenum - ok
22:39:35.0776 3704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:39:35.0811 3704 Serial - ok
22:39:35.0934 3704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:39:35.0962 3704 sermouse - ok
22:39:36.0017 3704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:39:36.0079 3704 SessionEnv - ok
22:39:36.0181 3704 sffdisk (c3d57658c34c68db5d8970a1cf96284e) C:\Windows\system32\drivers\sffdisk.sys
22:39:36.0216 3704 sffdisk - ok
22:39:36.0320 3704 sffp_mmc (21eacbefffb0fb4999d3d10245cf10a5) C:\Windows\system32\drivers\sffp_mmc.sys
22:39:36.0357 3704 sffp_mmc - ok
22:39:36.0467 3704 sffp_sd (af660ea3039e8fe3c2051d7224c82f34) C:\Windows\system32\drivers\sffp_sd.sys
22:39:36.0512 3704 sffp_sd - ok
22:39:36.0619 3704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:39:36.0663 3704 sfloppy - ok
22:39:36.0770 3704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:39:36.0855 3704 SharedAccess - ok
22:39:36.0899 3704 ShellHWDetection (ea9092f3db26edc7199ab64c9ef0d2d7) C:\Windows\System32\shsvcs.dll
22:39:36.0934 3704 ShellHWDetection - ok
22:39:37.0022 3704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:39:37.0032 3704 SiSRaid2 - ok
22:39:37.0064 3704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:39:37.0076 3704 SiSRaid4 - ok
22:39:37.0133 3704 SkypeUpdate (bf4efbf20ee5ae81420fe9a1e5da86d0) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:39:37.0141 3704 SkypeUpdate - ok
22:39:37.0238 3704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:39:37.0283 3704 Smb - ok
22:39:37.0380 3704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:39:37.0411 3704 SNMPTRAP - ok
22:39:37.0458 3704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:39:37.0478 3704 spldr - ok
22:39:37.0523 3704 Spooler (471dbb170b3461fd1ebeb66e96e75f6a) C:\Windows\System32\spoolsv.exe
22:39:37.0580 3704 Spooler - ok
22:39:37.0718 3704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:39:37.0835 3704 sppsvc - ok
22:39:37.0936 3704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:39:37.0997 3704 sppuinotify - ok
22:39:38.0086 3704 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
22:39:38.0108 3704 sptd - ok
22:39:38.0234 3704 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:39:38.0279 3704 srv - ok
22:39:38.0395 3704 srv2 (9f50bf7e8ba1d13bb6bb51f932707a84) C:\Windows\system32\DRIVERS\srv2.sys
22:39:38.0443 3704 srv2 - ok
22:39:38.0569 3704 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:39:38.0598 3704 srvnet - ok
22:39:38.0661 3704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:39:38.0726 3704 SSDPSRV - ok
22:39:38.0758 3704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:39:38.0791 3704 SstpSvc - ok
22:39:38.0886 3704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:39:38.0906 3704 stexstor - ok
22:39:38.0977 3704 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:39:39.0018 3704 StillCam - ok
22:39:39.0103 3704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:39:39.0153 3704 stisvc - ok
22:39:39.0249 3704 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:39:39.0270 3704 storflt - ok
22:39:39.0400 3704 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:39:39.0421 3704 storvsc - ok
22:39:39.0449 3704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:39:39.0458 3704 swenum - ok
22:39:39.0563 3704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:39:39.0645 3704 swprv - ok
22:39:39.0740 3704 Synth3dVsc (96e6d1cda59fd9ff53c3c474cfff4a55) C:\Windows\system32\drivers\Synth3dVsc.sys
22:39:39.0759 3704 Synth3dVsc - ok
22:39:39.0896 3704 SynTP (91853f78b68f9f036670291f5edd4eae) C:\Windows\system32\DRIVERS\SynTP.sys
22:39:39.0911 3704 SynTP - ok
22:39:39.0980 3704 SysMain (7be4cdea6bc7832bfe3112a350d8b9ea) C:\Windows\system32\sysmain.dll
22:39:40.0018 3704 SysMain - ok
22:39:40.0103 3704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:39:40.0142 3704 TabletInputService - ok
22:39:40.0160 3704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:39:40.0202 3704 TapiSrv - ok
22:39:40.0283 3704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:39:40.0325 3704 TBS - ok
22:39:40.0422 3704 Tcpip (3810f06a4d74a7d62641ee73d6b3c660) C:\Windows\system32\drivers\tcpip.sys
22:39:40.0475 3704 Tcpip - ok
22:39:40.0648 3704 TCPIP6 (3810f06a4d74a7d62641ee73d6b3c660) C:\Windows\system32\DRIVERS\tcpip.sys
22:39:40.0681 3704 TCPIP6 - ok
22:39:40.0790 3704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:39:40.0848 3704 tcpipreg - ok
22:39:40.0952 3704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:39:40.0992 3704 TDPIPE - ok
22:39:41.0038 3704 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:39:41.0072 3704 TDTCP - ok
22:39:41.0179 3704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:39:41.0261 3704 tdx - ok
22:39:41.0366 3704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:39:41.0380 3704 TermDD - ok
22:39:41.0402 3704 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
22:39:41.0434 3704 terminpt - ok
22:39:41.0542 3704 TermService (5adfc101f47a366302018371de4353ea) C:\Windows\System32\termsrv.dll
22:39:41.0627 3704 TermService - ok
22:39:41.0722 3704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:39:41.0777 3704 Themes - ok
22:39:41.0803 3704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:39:41.0864 3704 THREADORDER - ok
22:39:41.0951 3704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:39:42.0022 3704 TrkWks - ok
22:39:42.0062 3704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:39:42.0141 3704 TrustedInstaller - ok
22:39:42.0249 3704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:42.0291 3704 tssecsrv - ok
22:39:42.0328 3704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:39:42.0345 3704 TsUsbFlt - ok
22:39:42.0434 3704 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:39:42.0458 3704 TsUsbGD - ok
22:39:42.0498 3704 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
22:39:42.0517 3704 tsusbhub - ok
22:39:42.0611 3704 tunnel (5af0e7d020f6ca55ac57cd89ae089673) C:\Windows\system32\DRIVERS\tunnel.sys
22:39:42.0645 3704 tunnel - ok
22:39:42.0749 3704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:39:42.0770 3704 uagp35 - ok
22:39:42.0794 3704 udfs (194bb13d4ae26be3431e50d19f4245ad) C:\Windows\system32\DRIVERS\udfs.sys
22:39:42.0827 3704 udfs - ok
22:39:42.0925 3704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:39:42.0955 3704 UI0Detect - ok
22:39:43.0010 3704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:39:43.0034 3704 uliagpkx - ok
22:39:43.0141 3704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:39:43.0195 3704 umbus - ok
22:39:43.0227 3704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:39:43.0269 3704 UmPass - ok
22:39:43.0365 3704 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:39:43.0423 3704 UmRdpService - ok
22:39:43.0448 3704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:39:43.0512 3704 upnphost - ok
22:39:43.0609 3704 usbccgp (6cc0985c3bb5931f73ff0846e06a9483) C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:43.0646 3704 usbccgp - ok
22:39:43.0759 3704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:39:43.0801 3704 usbcir - ok
22:39:43.0908 3704 usbehci (6b3d5e6a9da786ec755b00bc180c700b) C:\Windows\system32\DRIVERS\usbehci.sys
22:39:43.0948 3704 usbehci - ok
22:39:43.0993 3704 usbhub (94abe9da48e466bbe84c73e0c6652ed1) C:\Windows\system32\DRIVERS\usbhub.sys
22:39:44.0029 3704 usbhub - ok
22:39:44.0133 3704 usbohci (660b2c08ce7103e71eaa26f85b0b0a56) C:\Windows\system32\drivers\usbohci.sys
22:39:44.0160 3704 usbohci - ok
22:39:44.0271 3704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:39:44.0316 3704 usbprint - ok
22:39:44.0413 3704 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:39:44.0455 3704 usbscan - ok
22:39:44.0493 3704 USBSTOR (5235931851fac3534d520e682ef07a72) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:44.0530 3704 USBSTOR - ok
22:39:44.0640 3704 usbuhci (1529632fc96032d337b298f8a285d640) C:\Windows\system32\drivers\usbuhci.sys
22:39:44.0667 3704 usbuhci - ok
22:39:44.0784 3704 usbvideo (ab1d839bbb0560ebd981854b7b6769e4) C:\Windows\system32\Drivers\usbvideo.sys
22:39:44.0829 3704 usbvideo - ok
22:39:44.0951 3704 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
22:39:45.0001 3704 usb_rndisx - ok
22:39:45.0091 3704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:39:45.0138 3704 UxSms - ok
22:39:45.0169 3704 VaultSvc (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:39:45.0181 3704 VaultSvc - ok
22:39:45.0286 3704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:39:45.0307 3704 vdrvroot - ok
22:39:45.0345 3704 vds (44082c4a89abdac0c4b08aa8834270b4) C:\Windows\System32\vds.exe
22:39:45.0395 3704 vds - ok
22:39:45.0512 3704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:45.0541 3704 vga - ok
22:39:45.0561 3704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:39:45.0602 3704 VgaSave - ok
22:39:45.0668 3704 VGPU - ok
22:39:45.0720 3704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:39:45.0745 3704 vhdmp - ok
22:39:45.0762 3704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:39:45.0771 3704 viaide - ok
22:39:45.0864 3704 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
22:39:45.0880 3704 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
22:39:45.0880 3704 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
22:39:45.0993 3704 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:39:46.0005 3704 vmbus - ok
22:39:46.0045 3704 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:39:46.0083 3704 VMBusHID - ok
22:39:46.0199 3704 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
22:39:46.0214 3704 vmci - ok
22:39:46.0243 3704 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\Windows\system32\drivers\VMkbd.sys
22:39:46.0255 3704 vmkbd - ok
22:39:46.0369 3704 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:39:46.0383 3704 VMnetAdapter - ok
22:39:46.0407 3704 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:39:46.0420 3704 VMnetBridge - ok
22:39:46.0431 3704 VMnetDHCP - ok
22:39:46.0449 3704 VMnetuserif (94dd802da1a3bbf7402246cb48cfea83) C:\Windows\system32\drivers\vmnetuserif.sys
22:39:46.0456 3704 VMnetuserif - ok
22:39:46.0563 3704 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:39:46.0594 3704 VMUSBArbService - ok
22:39:46.0657 3704 VMware NAT Service - ok
22:39:46.0699 3704 vmx86 (06eb22ea8e451654346ea0f9c56dd795) C:\Windows\system32\drivers\vmx86.sys
22:39:46.0715 3704 vmx86 - ok
22:39:46.0830 3704 volmgr (f6151f63a8e9c92a9ae8181dddff3a9a) C:\Windows\system32\drivers\volmgr.sys
22:39:46.0853 3704 volmgr - ok
22:39:46.0883 3704 volmgrx (0904ef550b3d3feb326638a4bad9937e) C:\Windows\system32\drivers\volmgrx.sys
22:39:46.0902 3704 volmgrx - ok
22:39:46.0929 3704 volsnap (33a1623ee5977f09f5ddf6df288cd6af) C:\Windows\system32\drivers\volsnap.sys
22:39:46.0941 3704 volsnap - ok
22:39:47.0048 3704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:39:47.0075 3704 vsmraid - ok
22:39:47.0138 3704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:39:47.0192 3704 VSS - ok
22:39:47.0298 3704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:39:47.0330 3704 vwifibus - ok
22:39:47.0356 3704 vwififlt (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
22:39:47.0376 3704 vwififlt - ok
22:39:47.0482 3704 vwifimp (49003b357d101cdc474937437ecf5abc) C:\Windows\system32\DRIVERS\vwifimp.sys
22:39:47.0521 3704 vwifimp - ok
22:39:47.0561 3704 W32Time (c7b83bd98ba3560374569c0c13ea3685) C:\Windows\system32\w32time.dll
22:39:47.0600 3704 W32Time - ok
22:39:47.0688 3704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:39:47.0734 3704 WacomPen - ok
22:39:47.0776 3704 WANARP (226028d956c43ce4d8ddffa89873e890) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:47.0809 3704 WANARP - ok
22:39:47.0813 3704 Wanarpv6 (226028d956c43ce4d8ddffa89873e890) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:47.0830 3704 Wanarpv6 - ok
22:39:47.0929 3704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:39:47.0966 3704 WatAdminSvc - ok
22:39:48.0100 3704 wbengine (e3aed78575601b7106b87a0a1bf93017) C:\Windows\system32\wbengine.exe
22:39:48.0170 3704 wbengine - ok
22:39:48.0267 3704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:39:48.0295 3704 WbioSrvc - ok
22:39:48.0322 3704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:39:48.0351 3704 wcncsvc - ok
22:39:48.0374 3704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:39:48.0409 3704 WcsPlugInService - ok
22:39:48.0481 3704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:39:48.0502 3704 Wd - ok
22:39:48.0552 3704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:39:48.0577 3704 Wdf01000 - ok
22:39:48.0654 3704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:39:48.0761 3704 WdiServiceHost - ok
22:39:48.0788 3704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:39:48.0820 3704 WdiSystemHost - ok
22:39:48.0919 3704 WebClient (904e6b97ee970a7eb45bde63ef07e685) C:\Windows\System32\webclnt.dll
22:39:48.0961 3704 WebClient - ok
22:39:49.0061 3704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:39:49.0127 3704 Wecsvc - ok
22:39:49.0163 3704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:39:49.0193 3704 wercplsupport - ok
22:39:49.0277 3704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:39:49.0345 3704 WerSvc - ok
22:39:49.0398 3704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:39:49.0440 3704 WfpLwf - ok
22:39:49.0524 3704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:39:49.0539 3704 WIMMount - ok
22:39:49.0564 3704 WinDefend - ok
22:39:49.0574 3704 WinHttpAutoProxySvc - ok
22:39:49.0700 3704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:39:49.0769 3704 Winmgmt - ok
22:39:49.0902 3704 WinRM (1d8576dcc0e32bfef95b69e0ddf399da) C:\Windows\system32\WsmSvc.dll
22:39:49.0958 3704 WinRM - ok
22:39:50.0087 3704 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:39:50.0131 3704 WinUsb - ok
22:39:50.0256 3704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:39:50.0304 3704 Wlansvc - ok
22:39:50.0415 3704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:39:50.0442 3704 WmiAcpi - ok
22:39:50.0516 3704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:39:50.0555 3704 wmiApSrv - ok
22:39:50.0612 3704 WMPNetworkSvc - ok
22:39:50.0702 3704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:39:50.0741 3704 WPCSvc - ok
22:39:50.0778 3704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:39:50.0814 3704 WPDBusEnum - ok
22:39:50.0894 3704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:39:50.0949 3704 ws2ifsl - ok
22:39:51.0137 3704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:39:51.0185 3704 wscsvc - ok
22:39:51.0247 3704 WSearch - ok
22:39:51.0339 3704 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:39:51.0405 3704 wuauserv - ok
22:39:51.0510 3704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:39:51.0582 3704 WudfPf - ok
22:39:51.0681 3704 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:51.0756 3704 WUDFRd - ok
22:39:51.0799 3704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:39:51.0852 3704 wudfsvc - ok
22:39:51.0936 3704 WwanSvc (f0b1d8725fab9f4a559ccc91a960fce0) C:\Windows\System32\wwansvc.dll
22:39:51.0969 3704 WwanSvc - ok
22:39:52.0002 3704 ZTEusbmdm6k - ok
22:39:52.0059 3704 ZTEusbnmea - ok
22:39:52.0089 3704 ZTEusbser6k - ok
22:39:52.0126 3704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:39:52.0268 3704 \Device\Harddisk0\DR0 - ok
22:39:52.0273 3704 Boot (0x1200) (8e2e946a594a880563b04af4e58e0ea9) \Device\Harddisk0\DR0\Partition0
22:39:52.0275 3704 \Device\Harddisk0\DR0\Partition0 - ok
22:39:52.0281 3704 Boot (0x1200) (87aede9c21a3a843cdd735cc23aea581) \Device\Harddisk0\DR0\Partition1
22:39:52.0283 3704 \Device\Harddisk0\DR0\Partition1 - ok
22:39:52.0284 3704 ============================================================
22:39:52.0284 3704 Scan finished
22:39:52.0284 3704 ============================================================
22:39:52.0299 3104 Detected object count: 6
22:39:52.0299 3104 Actual detected object count: 6
22:39:59.0198 3104 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:59.0198 3104 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:39:59.0201 3104 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:59.0201 3104 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:39:59.0202 3104 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:59.0202 3104 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:39:59.0207 3104 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:59.0207 3104 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:39:59.0210 3104 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:59.0210 3104 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:39:59.0212 3104 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:59.0212 3104 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:15.0858 3876 ============================================================
22:40:15.0858 3876 Scan started
22:40:15.0858 3876 Mode: Manual; SigCheck; TDLFS;
22:40:15.0858 3876 ============================================================
22:40:16.0145 3876 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:40:16.0175 3876 !SASCORE - ok
22:40:16.0308 3876 1394ohci (261d442542ee135c33d9362d4be2e588) C:\Windows\system32\drivers\1394ohci.sys
22:40:16.0345 3876 1394ohci - ok
22:40:16.0386 3876 ACPI (f84676c7d6684e86d3f05b2c5e9019b1) C:\Windows\system32\drivers\ACPI.sys
22:40:16.0399 3876 ACPI - ok
22:40:16.0498 3876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:40:16.0532 3876 AcpiPmi - ok
22:40:16.0632 3876 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:40:16.0646 3876 AdobeARMservice - ok
22:40:16.0779 3876 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:16.0801 3876 AdobeFlashPlayerUpdateSvc - ok
22:40:16.0903 3876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:40:16.0917 3876 adp94xx - ok
22:40:17.0026 3876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:40:17.0053 3876 adpahci - ok
22:40:17.0076 3876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:40:17.0089 3876 adpu320 - ok
22:40:17.0188 3876 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:40:17.0240 3876 AeLookupSvc - ok
22:40:17.0314 3876 AFD (36a14fd1a23f57046361733b792ca8db) C:\Windows\system32\drivers\afd.sys
22:40:17.0343 3876 AFD - ok
22:40:17.0425 3876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:40:17.0446 3876 agp440 - ok
22:40:17.0501 3876 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:40:17.0525 3876 ALG - ok
22:40:17.0606 3876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:40:17.0627 3876 aliide - ok
22:40:17.0656 3876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:40:17.0676 3876 amdide - ok
22:40:17.0698 3876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:40:17.0719 3876 AmdK8 - ok
22:40:17.0731 3876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:40:17.0750 3876 AmdPPM - ok
22:40:17.0835 3876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:40:17.0850 3876 amdsata - ok
22:40:17.0892 3876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:40:17.0908 3876 amdsbs - ok
22:40:17.0990 3876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:40:18.0009 3876 amdxata - ok
22:40:18.0078 3876 AntiVirSchedulerService (3e2d2aaa85ebebd884dba70edfefacaa) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:40:18.0095 3876 AntiVirSchedulerService - ok
22:40:18.0105 3876 AntiVirService (ea3487c45918ba450d200bb524db3cd1) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:40:18.0113 3876 AntiVirService - ok
22:40:18.0212 3876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:40:18.0237 3876 AppID - ok
22:40:18.0268 3876 AppIDSvc (0af2f26858b19366f2eba4b112efde46) C:\Windows\System32\appidsvc.dll
22:40:18.0279 3876 AppIDSvc - ok
22:40:18.0355 3876 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:40:18.0408 3876 Appinfo - ok
22:40:18.0514 3876 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:40:18.0530 3876 Apple Mobile Device - ok
22:40:18.0619 3876 AppMgmt (7a6a43efe857532b1b92f510179ae7bb) C:\Windows\System32\appmgmts.dll
22:40:18.0647 3876 AppMgmt - ok
22:40:18.0688 3876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:40:18.0711 3876 arc - ok
22:40:18.0723 3876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:40:18.0739 3876 arcsas - ok
22:40:18.0854 3876 aspnet_state (fdb98c34bb26c59d5e550a734168e4c5) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:40:18.0869 3876 aspnet_state - ok
22:40:18.0968 3876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:19.0012 3876 AsyncMac - ok
22:40:19.0024 3876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:40:19.0032 3876 atapi - ok
22:40:19.0128 3876 AtherosSvc (f2030c94dd3aa1e5ff416a3ae0fec88e) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:40:19.0142 3876 AtherosSvc - ok
22:40:19.0278 3876 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
22:40:19.0311 3876 athr - ok
22:40:19.0417 3876 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:40:19.0464 3876 AudioEndpointBuilder - ok
22:40:19.0473 3876 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:40:19.0509 3876 AudioSrv - ok
22:40:19.0611 3876 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:40:19.0628 3876 avgntflt - ok
22:40:19.0643 3876 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
22:40:19.0651 3876 avipbb - ok
22:40:19.0672 3876 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:40:19.0679 3876 avkmgr - ok
22:40:19.0763 3876 AxInstSV (3ef6de560cd2441fc0a149c83c5a5c65) C:\Windows\System32\AxInstSV.dll
22:40:19.0789 3876 AxInstSV - ok
22:40:19.0834 3876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:40:19.0859 3876 b06bdrv - ok
22:40:19.0957 3876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:40:19.0986 3876 b57nd60a - ok
22:40:20.0020 3876 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:40:20.0031 3876 BDESVC - ok
22:40:20.0140 3876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:40:20.0184 3876 Beep - ok
22:40:20.0232 3876 BFE (cd5f2506d814f812bc4996d081d1bf03) C:\Windows\System32\bfe.dll
22:40:20.0248 3876 BFE - ok
22:40:20.0358 3876 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:40:20.0403 3876 BITS - ok
22:40:20.0502 3876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:20.0528 3876 blbdrive - ok
22:40:20.0599 3876 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:40:20.0620 3876 Bonjour Service - ok
22:40:20.0726 3876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:40:20.0751 3876 bowser - ok
22:40:20.0774 3876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:40:20.0804 3876 BrFiltLo - ok
22:40:20.0837 3876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:40:20.0867 3876 BrFiltUp - ok
22:40:20.0931 3876 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:40:20.0978 3876 Browser - ok
22:40:21.0039 3876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:40:21.0067 3876 Brserid - ok
22:40:21.0088 3876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:21.0101 3876 BrSerWdm - ok
22:40:21.0174 3876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:21.0188 3876 BrUsbMdm - ok
22:40:21.0218 3876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:21.0229 3876 BrUsbSer - ok
22:40:21.0257 3876 BTATH_BUS (67d81e7fa34b4197a2c309978889d25c) C:\Windows\system32\DRIVERS\btath_bus.sys
22:40:21.0263 3876 BTATH_BUS - ok
22:40:21.0356 3876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:40:21.0379 3876 BTHMODEM - ok
22:40:21.0426 3876 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:40:21.0455 3876 bthserv - ok
22:40:21.0528 3876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:40:21.0593 3876 cdfs - ok
22:40:21.0612 3876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:40:21.0628 3876 cdrom - ok
22:40:21.0660 3876 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:40:21.0672 3876 CertPropSvc - ok
22:40:21.0758 3876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:40:21.0788 3876 circlass - ok
22:40:21.0835 3876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:40:21.0855 3876 CLFS - ok
22:40:21.0928 3876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:21.0944 3876 clr_optimization_v2.0.50727_32 - ok
22:40:22.0003 3876 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:40:22.0017 3876 clr_optimization_v2.0.50727_64 - ok
22:40:22.0117 3876 clr_optimization_v4.0.30319_32 (637245588a4bfde03aa621dcc5aefd4a) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:22.0132 3876 clr_optimization_v4.0.30319_32 - ok
22:40:22.0181 3876 clr_optimization_v4.0.30319_64 (6c85bd0f605014ca2277da5518f35dba) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:40:22.0199 3876 clr_optimization_v4.0.30319_64 - ok
22:40:22.0336 3876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:22.0361 3876 CmBatt - ok
22:40:22.0406 3876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:40:22.0424 3876 cmdide - ok
22:40:22.0473 3876 CNG (d584a6204d791c4475e4b397ef713c44) C:\Windows\system32\Drivers\cng.sys
22:40:22.0508 3876 CNG - ok
22:40:22.0605 3876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:40:22.0630 3876 Compbatt - ok
22:40:22.0649 3876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:40:22.0669 3876 CompositeBus - ok
22:40:22.0676 3876 COMSysApp - ok
22:40:22.0701 3876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:40:22.0709 3876 crcdisk - ok
22:40:22.0799 3876 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:40:22.0842 3876 CryptSvc - ok
22:40:22.0900 3876 CSC (8353725eee456a3c0efdeb3010976d95) C:\Windows\system32\drivers\csc.sys
22:40:22.0914 3876 CSC - ok
22:40:23.0020 3876 CscService (6accf84234ccbd1a38bb272ddfe0d376) C:\Windows\System32\cscsvc.dll
22:40:23.0059 3876 CscService - ok
22:40:23.0168 3876 DcomLaunch (225efee8960e554f3ab9a4a91790c039) C:\Windows\system32\rpcss.dll
22:40:23.0197 3876 DcomLaunch - ok
22:40:23.0289 3876 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:40:23.0375 3876 defragsvc - ok
22:40:23.0433 3876 DfsC (1bfa143a375669b75d83bdf2054a893d) C:\Windows\system32\Drivers\dfsc.sys
22:40:23.0458 3876 DfsC - ok
22:40:23.0557 3876 Dhcp (e3fa0655a70064a9f712e32c8edc1261) C:\Windows\system32\dhcpcore.dll
22:40:23.0581 3876 Dhcp - ok
22:40:23.0630 3876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:40:23.0687 3876 discache - ok
22:40:23.0788 3876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:40:23.0810 3876 Disk - ok
22:40:23.0828 3876 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
22:40:23.0841 3876 dmvsc - ok
22:40:23.0877 3876 Dnscache (a06098e823ee2e63d42691c0d7bcde46) C:\Windows\System32\dnsrslvr.dll
22:40:23.0890 3876 Dnscache - ok
22:40:23.0988 3876 dot3svc (dd5038774edf647e0d9f4220b1ade6fc) C:\Windows\System32\dot3svc.dll
22:40:24.0016 3876 dot3svc - ok
22:40:24.0073 3876 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:40:24.0098 3876 Dot4 - ok
22:40:24.0147 3876 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:40:24.0160 3876 Dot4Print - ok
22:40:24.0187 3876 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:40:24.0203 3876 dot4usb - ok
22:40:24.0241 3876 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:40:24.0270 3876 DPS - ok
22:40:24.0342 3876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:40:24.0372 3876 drmkaud - ok
22:40:24.0436 3876 DXGKrnl (ce7743807258a7d383c427e3c178a49e) C:\Windows\System32\drivers\dxgkrnl.sys
22:40:24.0465 3876 DXGKrnl - ok
22:40:24.0537 3876 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:40:24.0588 3876 EapHost - ok
22:40:24.0725 3876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:40:24.0760 3876 ebdrv - ok
22:40:24.0840 3876 EFS (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\System32\lsass.exe
22:40:24.0852 3876 EFS - ok
22:40:24.0926 3876 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:40:24.0944 3876 ehRecvr - ok
22:40:25.0039 3876 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:40:25.0068 3876 ehSched - ok
22:40:25.0161 3876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:40:25.0175 3876 elxstor - ok
22:40:25.0277 3876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:40:25.0305 3876 ErrDev - ok
22:40:25.0350 3876 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:40:25.0382 3876 EventSystem - ok
22:40:25.0503 3876 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:40:25.0542 3876 EvtEng - ok
22:40:25.0646 3876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:40:25.0696 3876 exfat - ok
22:40:25.0716 3876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:40:25.0750 3876 fastfat - ok
22:40:25.0855 3876 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:40:25.0886 3876 Fax - ok
22:40:25.0991 3876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:40:26.0016 3876 fdc - ok
22:40:26.0052 3876 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:40:26.0081 3876 fdPHost - ok
22:40:26.0166 3876 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:40:26.0213 3876 FDResPub - ok
22:40:26.0282 3876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:40:26.0291 3876 FileInfo - ok
22:40:26.0345 3876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:40:26.0392 3876 Filetrace - ok
22:40:26.0425 3876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:40:26.0437 3876 flpydisk - ok
22:40:26.0467 3876 FltMgr (cf145a57aeba71b82b1c6f103461f6fa) C:\Windows\system32\drivers\fltmgr.sys
22:40:26.0478 3876 FltMgr - ok
22:40:26.0577 3876 FontCache (01b7ad61a48cd5a4563fda6ad4608e95) C:\Windows\system32\FntCache.dll
22:40:26.0620 3876 FontCache - ok
22:40:26.0745 3876 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:40:26.0762 3876 FontCache3.0.0.0 - ok
22:40:26.0829 3876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:40:26.0851 3876 FsDepends - ok
22:40:26.0908 3876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:40:26.0918 3876 Fs_Rec - ok
22:40:26.0984 3876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:40:26.0997 3876 fvevol - ok
22:40:27.0057 3876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:40:27.0066 3876 gagp30kx - ok
22:40:27.0123 3876 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:40:27.0129 3876 GEARAspiWDM - ok
22:40:27.0215 3876 gpsvc (c188969ac82aff6b2a6cd967046c81b7) C:\Windows\System32\gpsvc.dll
22:40:27.0233 3876 gpsvc - ok
22:40:27.0319 3876 Guard.Mail.ru (4e808bd83cc5ecf45163fc7942657a1a) C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
22:40:27.0344 3876 Guard.Mail.ru - ok
22:40:27.0445 3876 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
22:40:27.0458 3876 hcmon - ok
22:40:27.0492 3876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:40:27.0507 3876 hcw85cir - ok
22:40:27.0620 3876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:40:27.0651 3876 HdAudAddService - ok
22:40:27.0693 3876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:27.0716 3876 HDAudBus - ok
22:40:27.0826 3876 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:40:27.0842 3876 HECIx64 - ok
22:40:27.0883 3876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:40:27.0905 3876 HidBatt - ok
22:40:28.0007 3876 HidBth (fdf5ead19fd8b2d0c50a9ccdd7836f9e) C:\Windows\system32\drivers\hidbth.sys
22:40:28.0030 3876 HidBth - ok
22:40:28.0043 3876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:40:28.0066 3876 HidIr - ok
22:40:28.0105 3876 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:40:28.0139 3876 hidserv - ok
22:40:28.0235 3876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:40:28.0253 3876 HidUsb - ok
22:40:28.0290 3876 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:40:28.0332 3876 hkmsvc - ok
22:40:28.0419 3876 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:40:28.0449 3876 HomeGroupListener - ok
22:40:28.0491 3876 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:40:28.0512 3876 HomeGroupProvider - ok
22:40:28.0628 3876 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:40:28.0640 3876 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:40:28.0641 3876 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:40:28.0669 3876 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:40:28.0676 3876 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:40:28.0676 3876 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:40:28.0784 3876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:40:28.0807 3876 HpSAMD - ok
22:40:28.0928 3876 HPSLPSVC (4f6c514b6149e380b8c1edeac3d7aec5) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:40:28.0955 3876 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:40:28.0955 3876 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:40:29.0077 3876 HTTP (9dac3d5d0fef086af576453ec4735128) C:\Windows\system32\drivers\HTTP.sys
22:40:29.0111 3876 HTTP - ok
22:40:29.0215 3876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:40:29.0236 3876 hwpolicy - ok
22:40:29.0261 3876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:29.0280 3876 i8042prt - ok
22:40:29.0385 3876 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
22:40:29.0413 3876 iaStor - ok
22:40:29.0517 3876 IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:40:29.0531 3876 IAStorDataMgrSvc - ok
22:40:29.0640 3876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:40:29.0659 3876 iaStorV - ok
22:40:29.0693 3876 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
22:40:29.0703 3876 IDMWFP - ok
22:40:29.0841 3876 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:40:29.0865 3876 idsvc - ok
22:40:29.0970 3876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:40:29.0985 3876 iirsp - ok
22:40:30.0046 3876 IKEEXT (c4fd43e3b0ee832cbe664652a95326b2) C:\Windows\System32\ikeext.dll
22:40:30.0075 3876 IKEEXT - ok
22:40:30.0233 3876 IntcAzAudAddService (697c927e0de2abaf1a5f455033f687cd) C:\Windows\system32\drivers\RTKVHD64.sys
22:40:30.0286 3876 IntcAzAudAddService - ok
22:40:30.0406 3876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:40:30.0426 3876 intelide - ok
22:40:30.0448 3876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:40:30.0467 3876 intelppm - ok
22:40:30.0562 3876 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:40:30.0618 3876 IPBusEnum - ok
22:40:30.0698 3876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:30.0740 3876 IpFilterDriver - ok
22:40:30.0828 3876 iphlpsvc (a652300ee3d20aa9826b4a0661d914a8) C:\Windows\System32\iphlpsvc.dll
22:40:30.0860 3876 iphlpsvc - ok
22:40:30.0971 3876 IPMIDRV (e277572e61604d174cfbcfcceafa9591) C:\Windows\system32\drivers\IPMIDrv.sys
22:40:30.0997 3876 IPMIDRV - ok
22:40:31.0020 3876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:40:31.0070 3876 IPNAT - ok
22:40:31.0151 3876 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:40:31.0180 3876 iPod Service - ok
22:40:31.0277 3876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:40:31.0311 3876 IRENUM - ok
22:40:31.0327 3876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:40:31.0335 3876 isapnp - ok
22:40:31.0355 3876 iScsiPrt (73c4b7300b1d3c518bf3286d7102a3a5) C:\Windows\system32\drivers\msiscsi.sys
22:40:31.0368 3876 iScsiPrt - ok
22:40:31.0459 3876 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
22:40:31.0480 3876 ISODrive - ok
22:40:31.0582 3876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:31.0603 3876 kbdclass - ok
22:40:31.0619 3876 kbdhid (3985332405fa64d8e679a1db24901596) C:\Windows\system32\drivers\kbdhid.sys
22:40:31.0643 3876 kbdhid - ok
22:40:31.0730 3876 KeyIso (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:40:31.0754 3876 KeyIso - ok
22:40:31.0787 3876 KSecDD (44112506709c9ee7e8ac38e161706e34) C:\Windows\system32\Drivers\ksecdd.sys
22:40:31.0807 3876 KSecDD - ok
22:40:31.0830 3876 KSecPkg (b524a961476f54897e8b5cc0be037e3f) C:\Windows\system32\Drivers\ksecpkg.sys
22:40:31.0852 3876 KSecPkg - ok
22:40:31.0959 3876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:40:32.0004 3876 ksthunk - ok
22:40:32.0042 3876 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:40:32.0075 3876 KtmRm - ok
22:40:32.0175 3876 L1C (6e0698cea0901fd1a2b9ce0859e2d8fe) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:40:32.0190 3876 L1C - ok
22:40:32.0230 3876 LanmanServer (bb1f14c43241f880d23b1a8bb0b76dd0) C:\Windows\system32\srvsvc.dll
22:40:32.0258 3876 LanmanServer - ok
22:40:32.0348 3876 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:40:32.0393 3876 LanmanWorkstation - ok
22:40:32.0461 3876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:40:32.0504 3876 lltdio - ok
22:40:32.0568 3876 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:40:32.0628 3876 lltdsvc - ok
22:40:32.0654 3876 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:40:32.0687 3876 lmhosts - ok
22:40:32.0739 3876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:40:32.0763 3876 LSI_FC - ok
22:40:32.0839 3876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:40:32.0858 3876 LSI_SAS - ok
22:40:32.0901 3876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:40:32.0909 3876 LSI_SAS2 - ok
22:40:32.0974 3876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:40:32.0999 3876 LSI_SCSI - ok
22:40:33.0051 3876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:40:33.0081 3876 luafv - ok
22:40:33.0140 3876 massfilter - ok
22:40:33.0195 3876 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:40:33.0214 3876 MBAMProtector - ok
22:40:33.0273 3876 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:33.0307 3876 MBAMService - ok
22:40:33.0353 3876 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:40:33.0370 3876 McComponentHostService - ok
22:40:33.0456 3876 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:40:33.0485 3876 Mcx2Svc - ok
22:40:33.0540 3876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:40:33.0557 3876 megasas - ok
22:40:33.0660 3876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:40:33.0690 3876 MegaSR - ok
22:40:33.0788 3876 Microsoft SharePoint Workspace Audit Service - ok
22:40:33.0883 3876 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:40:33.0918 3876 MMCSS - ok
22:40:33.0956 3876 Modem (bffb0c93d9fb43ca42ef11c9240bff7f) C:\Windows\system32\drivers\modem.sys
22:40:33.0969 3876 Modem - ok
22:40:34.0063 3876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:40:34.0088 3876 monitor - ok
22:40:34.0102 3876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:40:34.0111 3876 mouclass - ok
22:40:34.0133 3876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:40:34.0145 3876 mouhid - ok
22:40:34.0242 3876 mountmgr (b3f55c20008956239a2190dbd7cc4c31) C:\Windows\system32\drivers\mountmgr.sys
22:40:34.0265 3876 mountmgr - ok
22:40:34.0285 3876 mpio (0edf7f93213ca293d0c549f6905422c4) C:\Windows\system32\drivers\mpio.sys
22:40:34.0301 3876 mpio - ok
22:40:34.0320 3876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:40:34.0362 3876 mpsdrv - ok
22:40:34.0464 3876 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:40:34.0518 3876 MpsSvc - ok
22:40:34.0632 3876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:40:34.0657 3876 MRxDAV - ok
22:40:34.0681 3876 mrxsmb (73f488bc627cb0ac91840aa9fac30104) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:34.0694 3876 mrxsmb - ok
22:40:34.0810 3876 mrxsmb10 (311b774ec01b8be17c9508049ea77875) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:34.0833 3876 mrxsmb10 - ok
22:40:34.0864 3876 mrxsmb20 (953f769f8d2ab6f854bee5a5c7aaca6c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:34.0878 3876 mrxsmb20 - ok
22:40:34.0986 3876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:40:35.0008 3876 msahci - ok
22:40:35.0031 3876 msdsm (4f42c9ce2bd3444b1b98593a2dfbc547) C:\Windows\system32\drivers\msdsm.sys
22:40:35.0040 3876 msdsm - ok
22:40:35.0082 3876 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:40:35.0096 3876 MSDTC - ok
22:40:35.0204 3876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:40:35.0265 3876 Msfs - ok
22:40:35.0286 3876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:40:35.0318 3876 mshidkmdf - ok
22:40:35.0417 3876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:40:35.0431 3876 msisadrv - ok
22:40:35.0463 3876 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:40:35.0504 3876 MSiSCSI - ok
22:40:35.0562 3876 msiserver - ok
22:40:35.0613 3876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:40:35.0654 3876 MSKSSRV - ok
22:40:35.0744 3876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:35.0777 3876 MSPCLOCK - ok
22:40:35.0800 3876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:40:35.0830 3876 MSPQM - ok
22:40:35.0848 3876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:40:35.0861 3876 MsRPC - ok
22:40:35.0975 3876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:40:35.0997 3876 mssmbios - ok
22:40:36.0015 3876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:40:36.0046 3876 MSTEE - ok
22:40:36.0134 3876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:40:36.0158 3876 MTConfig - ok
22:40:36.0187 3876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:40:36.0202 3876 Mup - ok
22:40:36.0249 3876 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:40:36.0303 3876 napagent - ok
22:40:36.0405 3876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:40:36.0447 3876 NativeWifiP - ok
22:40:36.0488 3876 NDIS (09ff60d17db52f8140324c86b01cc25b) C:\Windows\system32\drivers\ndis.sys
22:40:36.0523 3876 NDIS - ok
22:40:36.0628 3876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:36.0678 3876 NdisCap - ok
22:40:36.0696 3876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:36.0705 3876 NdisTapi - ok
22:40:36.0809 3876 Ndisuio (d12f6a808bc504875b9880e91bb1b4dd) C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:36.0835 3876 Ndisuio - ok
22:40:36.0858 3876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:36.0916 3876 NdisWan - ok
22:40:37.0010 3876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:40:37.0035 3876 NDProxy - ok
22:40:37.0074 3876 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
22:40:37.0083 3876 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:40:37.0083 3876 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:40:37.0177 3876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:40:37.0221 3876 NetBIOS - ok
22:40:37.0248 3876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:40:37.0279 3876 NetBT - ok
22:40:37.0307 3876 Netlogon (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:40:37.0319 3876 Netlogon - ok
22:40:37.0425 3876 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:40:37.0465 3876 Netman - ok
22:40:37.0581 3876 NetMsmqActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:37.0601 3876 NetMsmqActivator - ok
22:40:37.0608 3876 NetPipeActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:37.0625 3876 NetPipeActivator - ok
22:40:37.0712 3876 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:40:37.0764 3876 netprofm - ok
22:40:37.0903 3876 NetTcpActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:37.0920 3876 NetTcpActivator - ok
22:40:37.0926 3876 NetTcpPortSharing (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:37.0945 3876 NetTcpPortSharing - ok
22:40:38.0027 3876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:40:38.0048 3876 nfrd960 - ok
22:40:38.0129 3876 NlaSvc (2efc47437a5605d49bb1658990f8ef68) C:\Windows\System32\nlasvc.dll
22:40:38.0152 3876 NlaSvc - ok
22:40:38.0219 3876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:40:38.0270 3876 Npfs - ok
22:40:38.0341 3876 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:40:38.0352 3876 nsi - ok
22:40:38.0454 3876 nsiproxy (436ee51d8f206b79df7b9cbb057299c0) C:\Windows\system32\drivers\nsiproxy.sys
22:40:38.0465 3876 nsiproxy - ok
22:40:38.0541 3876 Ntfs (572fabed364ae40a330602da7e60bb63) C:\Windows\system32\drivers\Ntfs.sys
22:40:38.0574 3876 Ntfs - ok
22:40:38.0681 3876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:40:38.0724 3876 Null - ok
22:40:38.0761 3876 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
22:40:38.0769 3876 NVHDA - ok
22:40:39.0106 3876 nvlddmkm (6850d89c7abdd8b4fb0b3659da961379) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:40:39.0297 3876 nvlddmkm - ok
22:40:39.0422 3876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:40:39.0435 3876 nvraid - ok
22:40:39.0457 3876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:40:39.0469 3876 nvstor - ok
22:40:39.0553 3876 nvsvc (2cbaf74c49c472160ebd73adab8dab50) C:\Windows\system32\nvvsvc.exe
22:40:39.0573 3876 nvsvc - ok
22:40:39.0627 3876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:40:39.0638 3876 nv_agp - ok
22:40:39.0744 3876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:40:39.0757 3876 ohci1394 - ok
22:40:39.0834 3876 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:40:39.0844 3876 ose64 - ok
22:40:40.0002 3876 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:40:40.0073 3876 osppsvc - ok
22:40:40.0180 3876 p2pimsvc (8830d42427d05b15b032108ebbdbd289) C:\Windows\system32\pnrpsvc.dll
22:40:40.0209 3876 p2pimsvc - ok
22:40:40.0254 3876 p2psvc (5b7baded6943aa6f4b6c1aba5fccb25f) C:\Windows\system32\p2psvc.dll
22:40:40.0269 3876 p2psvc - ok
22:40:40.0347 3876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:40:40.0367 3876 Parport - ok
22:40:40.0398 3876 partmgr (2c762e9debd9212ad2af68ff5c593a98) C:\Windows\system32\drivers\partmgr.sys
22:40:40.0411 3876 partmgr - ok
22:40:40.0491 3876 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:40:40.0524 3876 PcaSvc - ok
22:40:40.0602 3876 pci (b9f2f6aace16dc38eaa7afd537854df4) C:\Windows\system32\drivers\pci.sys
22:40:40.0613 3876 pci - ok
22:40:40.0666 3876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:40:40.0675 3876 pciide - ok
22:40:40.0720 3876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:40:40.0734 3876 pcmcia - ok
22:40:40.0774 3876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:40:40.0786 3876 pcw - ok
22:40:40.0861 3876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:40:40.0931 3876 PEAUTH - ok
22:40:41.0052 3876 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:40:41.0087 3876 PeerDistSvc - ok
22:40:41.0185 3876 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:40:41.0202 3876 PerfHost - ok
22:40:41.0340 3876 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:40:41.0381 3876 pla - ok
22:40:41.0479 3876 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:40:41.0495 3876 PlugPlay - ok
22:40:41.0536 3876 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
22:40:41.0540 3876 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:40:41.0540 3876 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:40:41.0631 3876 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:40:41.0651 3876 PNRPAutoReg - ok
22:40:41.0713 3876 PNRPsvc (8830d42427d05b15b032108ebbdbd289) C:\Windows\system32\pnrpsvc.dll
22:40:41.0726 3876 PNRPsvc - ok
22:40:41.0805 3876 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:40:41.0848 3876 PolicyAgent - ok
22:40:41.0936 3876 Power (12b96e339a35f56807d4d788439ff484) C:\Windows\system32\umpo.dll
22:40:41.0969 3876 Power - ok
22:40:42.0029 3876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:40:42.0057 3876 PptpMiniport - ok
22:40:42.0167 3876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:40:42.0184 3876 Processor - ok
22:40:42.0223 3876 ProfSvc (fa2dc7f63f5483fb5d1820a203709e12) C:\Windows\system32\profsvc.dll
22:40:42.0244 3876 ProfSvc - ok
22:40:42.0331 3876 ProtectedStorage (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:40:42.0356 3876 ProtectedStorage - ok
22:40:42.0411 3876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:40:42.0440 3876 Psched - ok
22:40:42.0566 3876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:40:42.0596 3876 ql2300 - ok
22:40:42.0691 3876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:40:42.0711 3876 ql40xx - ok
22:40:42.0758 3876 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:40:42.0787 3876 QWAVE - ok
22:40:42.0893 3876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:40:42.0931 3876 QWAVEdrv - ok
22:40:42.0943 3876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:42.0974 3876 RasAcd - ok
22:40:43.0008 3876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:43.0038 3876 RasAgileVpn - ok
22:40:43.0135 3876 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:40:43.0185 3876 RasAuto - ok
22:40:43.0254 3876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:43.0283 3876 Rasl2tp - ok
22:40:43.0356 3876 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:40:43.0391 3876 RasMan - ok
22:40:43.0464 3876 RasPppoe (77682de44b334e6aafcd0ed61fb7404f) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:43.0477 3876 RasPppoe - ok
22:40:43.0544 3876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:43.0577 3876 RasSstp - ok
22:40:43.0634 3876 rdbss (f7331797f4644f04247eb6a74b9f56a0) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:43.0650 3876 rdbss - ok
22:40:43.0713 3876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:43.0743 3876 rdpbus - ok
22:40:43.0796 3876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:43.0824 3876 RDPCDD - ok
22:40:43.0847 3876 RDPDR (9e53d41bd99beb981180978c4ae0bdeb) C:\Windows\system32\drivers\rdpdr.sys
22:40:43.0860 3876 RDPDR - ok
22:40:43.0951 3876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:40:43.0998 3876 RDPENCDD - ok
22:40:44.0056 3876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:40:44.0087 3876 RDPREFMP - ok
22:40:44.0169 3876 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:40:44.0180 3876 RdpVideoMiniport - ok
22:40:44.0224 3876 RDPWD (0b93aa14e7dcd85cc82bc7d7d1ca9b24) C:\Windows\system32\drivers\RDPWD.sys
22:40:44.0237 3876 RDPWD - ok
22:40:44.0345 3876 rdyboost (a115f49bea840a5f049bc6310f35f776) C:\Windows\system32\drivers\rdyboost.sys
22:40:44.0373 3876 rdyboost - ok
22:40:44.0481 3876 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:40:44.0504 3876 RegSrvc - ok
22:40:44.0597 3876 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:40:44.0626 3876 RemoteAccess - ok
22:40:44.0646 3876 RemoteRegistry (e27f4d24d28e52f81a9223826939276b) C:\Windows\system32\regsvc.dll
22:40:44.0670 3876 RemoteRegistry - ok
22:40:44.0699 3876 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:40:44.0732 3876 RpcEptMapper - ok
22:40:44.0799 3876 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:40:44.0811 3876 RpcLocator - ok
22:40:44.0856 3876 RpcSs (225efee8960e554f3ab9a4a91790c039) C:\Windows\system32\rpcss.dll
22:40:44.0872 3876 RpcSs - ok
22:40:44.0961 3876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:44.0993 3876 rspndr - ok
22:40:45.0012 3876 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:40:45.0023 3876 s3cap - ok
22:40:45.0053 3876 SamSs (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:40:45.0067 3876 SamSs - ok
22:40:45.0156 3876 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:40:45.0168 3876 SASDIFSV - ok
22:40:45.0186 3876 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:40:45.0197 3876 SASKUTIL - ok
22:40:45.0283 3876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:40:45.0308 3876 sbp2port - ok
22:40:45.0358 3876 SCardSvr (38224ff66a734f973d10e1465ad4cb07) C:\Windows\System32\SCardSvr.dll
22:40:45.0372 3876 SCardSvr - ok
22:40:45.0460 3876 scfilter (cdf622efc748f82ea9571138406871ea) C:\Windows\system32\DRIVERS\scfilter.sys
22:40:45.0484 3876 scfilter - ok
22:40:45.0537 3876 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:40:45.0576 3876 Schedule - ok
22:40:45.0641 3876 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:40:45.0652 3876 SCPolicySvc - ok
22:40:45.0692 3876 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:40:45.0705 3876 SDRSVC - ok
22:40:45.0782 3876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:40:45.0811 3876 secdrv - ok
22:40:45.0853 3876 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:40:45.0889 3876 seclogon - ok
22:40:45.0945 3876 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:40:45.0976 3876 SENS - ok
22:40:45.0991 3876 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:40:46.0003 3876 SensrSvc - ok
22:40:46.0047 3876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:40:46.0058 3876 Serenum - ok
22:40:46.0103 3876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:40:46.0116 3876 Serial - ok
22:40:46.0185 3876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:40:46.0196 3876 sermouse - ok
22:40:46.0256 3876 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:40:46.0286 3876 SessionEnv - ok
22:40:46.0387 3876 sffdisk (c3d57658c34c68db5d8970a1cf96284e) C:\Windows\system32\drivers\sffdisk.sys
22:40:46.0412 3876 sffdisk - ok
22:40:46.0504 3876 sffp_mmc (21eacbefffb0fb4999d3d10245cf10a5) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:46.0534 3876 sffp_mmc - ok
22:40:46.0573 3876 sffp_sd (af660ea3039e8fe3c2051d7224c82f34) C:\Windows\system32\drivers\sffp_sd.sys
22:40:46.0583 3876 sffp_sd - ok
22:40:46.0602 3876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:40:46.0614 3876 sfloppy - ok
22:40:46.0663 3876 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:40:46.0696 3876 SharedAccess - ok
22:40:46.0761 3876 ShellHWDetection (ea9092f3db26edc7199ab64c9ef0d2d7) C:\Windows\System32\shsvcs.dll
22:40:46.0775 3876 ShellHWDetection - ok
22:40:46.0839 3876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:40:46.0848 3876 SiSRaid2 - ok
22:40:46.0904 3876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:40:46.0915 3876 SiSRaid4 - ok
22:40:46.0972 3876 SkypeUpdate (bf4efbf20ee5ae81420fe9a1e5da86d0) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:40:46.0981 3876 SkypeUpdate - ok
22:40:47.0066 3876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:40:47.0113 3876 Smb - ok
22:40:47.0186 3876 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:40:47.0201 3876 SNMPTRAP - ok
22:40:47.0275 3876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:40:47.0297 3876 spldr - ok
22:40:47.0384 3876 Spooler (471dbb170b3461fd1ebeb66e96e75f6a) C:\Windows\System32\spoolsv.exe
22:40:47.0407 3876 Spooler - ok
22:40:47.0573 3876 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:40:47.0635 3876 sppsvc - ok
22:40:47.0720 3876 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:40:47.0778 3876 sppuinotify - ok
22:40:47.0835 3876 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
22:40:47.0851 3876 sptd - ok
22:40:47.0960 3876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:40:47.0974 3876 srv - ok
22:40:48.0079 3876 srv2 (9f50bf7e8ba1d13bb6bb51f932707a84) C:\Windows\system32\DRIVERS\srv2.sys
22:40:48.0109 3876 srv2 - ok
22:40:48.0129 3876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:48.0141 3876 srvnet - ok
22:40:48.0234 3876 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:40:48.0283 3876 SSDPSRV - ok
22:40:48.0297 3876 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:40:48.0332 3876 SstpSvc - ok
22:40:48.0381 3876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:40:48.0389 3876 stexstor - ok
22:40:48.0483 3876 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:40:48.0500 3876 StillCam - ok
22:40:48.0552 3876 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:40:48.0573 3876 stisvc - ok
22:40:48.0677 3876 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:40:48.0693 3876 storflt - ok
22:40:48.0717 3876 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:40:48.0732 3876 storvsc - ok
22:40:48.0744 3876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:40:48.0758 3876 swenum - ok
22:40:48.0849 3876 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:40:48.0897 3876 swprv - ok
22:40:49.0012 3876 Synth3dVsc (96e6d1cda59fd9ff53c3c474cfff4a55) C:\Windows\system32\drivers\Synth3dVsc.sys
22:40:49.0036 3876 Synth3dVsc - ok
22:40:49.0091 3876 SynTP (91853f78b68f9f036670291f5edd4eae) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:49.0115 3876 SynTP - ok
22:40:49.0243 3876 SysMain (7be4cdea6bc7832bfe3112a350d8b9ea) C:\Windows\system32\sysmain.dll
22:40:49.0280 3876 SysMain - ok
22:40:49.0366 3876 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:40:49.0397 3876 TabletInputService - ok
22:40:49.0433 3876 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:40:49.0482 3876 TapiSrv - ok
22:40:49.0500 3876 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:40:49.0530 3876 TBS - ok
22:40:49.0598 3876 Tcpip (3810f06a4d74a7d62641ee73d6b3c660) C:\Windows\system32\drivers\tcpip.sys
22:40:49.0628 3876 Tcpip - ok
22:40:49.0771 3876 TCPIP6 (3810f06a4d74a7d62641ee73d6b3c660) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:49.0815 3876 TCPIP6 - ok
22:40:49.0918 3876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:40:49.0952 3876 tcpipreg - ok
22:40:49.0969 3876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:40:49.0982 3876 TDPIPE - ok
22:40:50.0078 3876 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:40:50.0102 3876 TDTCP - ok
22:40:50.0140 3876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:40:50.0181 3876 tdx - ok
22:40:50.0283 3876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:40:50.0305 3876 TermDD - ok
22:40:50.0320 3876 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
22:40:50.0333 3876 terminpt - ok
22:40:50.0436 3876 TermService (5adfc101f47a366302018371de4353ea) C:\Windows\System32\termsrv.dll
22:40:50.0465 3876 TermService - ok
22:40:50.0561 3876 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:40:50.0591 3876 Themes - ok
22:40:50.0607 3876 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:40:50.0639 3876 THREADORDER - ok
22:40:50.0724 3876 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:40:50.0763 3876 TrkWks - ok
22:40:50.0801 3876 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:40:50.0833 3876 TrustedInstaller - ok
22:40:50.0944 3876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:50.0990 3876 tssecsrv - ok
22:40:51.0001 3876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:40:51.0012 3876 TsUsbFlt - ok
22:40:51.0118 3876 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:40:51.0145 3876 TsUsbGD - ok
22:40:51.0170 3876 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
22:40:51.0183 3876 tsusbhub - ok
22:40:51.0284 3876 tunnel (5af0e7d020f6ca55ac57cd89ae089673) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:51.0313 3876 tunnel - ok
22:40:51.0344 3876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:40:51.0358 3876 uagp35 - ok
22:40:51.0469 3876 udfs (194bb13d4ae26be3431e50d19f4245ad) C:\Windows\system32\DRIVERS\udfs.sys
22:40:51.0498 3876 udfs - ok
22:40:51.0542 3876 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:40:51.0560 3876 UI0Detect - ok
22:40:51.0661 3876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:40:51.0684 3876 uliagpkx - ok
22:40:51.0702 3876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:40:51.0714 3876 umbus - ok
22:40:51.0822 3876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:40:51.0847 3876 UmPass - ok
22:40:51.0881 3876 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:40:51.0895 3876 UmRdpService - ok
22:40:51.0988 3876 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:40:52.0037 3876 upnphost - ok
22:40:52.0081 3876 usbccgp (6cc0985c3bb5931f73ff0846e06a9483) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:52.0091 3876 usbccgp - ok
22:40:52.0198 3876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:40:52.0212 3876 usbcir - ok
22:40:52.0225 3876 usbehci (6b3d5e6a9da786ec755b00bc180c700b) C:\Windows\system32\DRIVERS\usbehci.sys
22:40:52.0236 3876 usbehci - ok
22:40:52.0345 3876 usbhub (94abe9da48e466bbe84c73e0c6652ed1) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:52.0372 3876 usbhub - ok
22:40:52.0406 3876 usbohci (660b2c08ce7103e71eaa26f85b0b0a56) C:\Windows\system32\drivers\usbohci.sys
22:40:52.0417 3876 usbohci - ok
22:40:52.0521 3876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:40:52.0553 3876 usbprint - ok
22:40:52.0585 3876 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:40:52.0599 3876 usbscan - ok
22:40:52.0710 3876 USBSTOR (5235931851fac3534d520e682ef07a72) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:52.0736 3876 USBSTOR - ok
22:40:52.0757 3876 usbuhci (1529632fc96032d337b298f8a285d640) C:\Windows\system32\drivers\usbuhci.sys
22:40:52.0774 3876 usbuhci - ok
22:40:52.0890 3876 usbvideo (ab1d839bbb0560ebd981854b7b6769e4) C:\Windows\system32\Drivers\usbvideo.sys
22:40:52.0911 3876 usbvideo - ok
22:40:52.0946 3876 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
22:40:52.0964 3876 usb_rndisx - ok
22:40:53.0052 3876 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:40:53.0106 3876 UxSms - ok
22:40:53.0142 3876 VaultSvc (0a10b74fbb437ff9a23f1d5de4446a83) C:\Windows\system32\lsass.exe
22:40:53.0156 3876 VaultSvc - ok
22:40:53.0226 3876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:40:53.0234 3876 vdrvroot - ok
22:40:53.0320 3876 vds (44082c4a89abdac0c4b08aa8834270b4) C:\Windows\System32\vds.exe
22:40:53.0350 3876 vds - ok
22:40:53.0442 3876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:53.0474 3876 vga - ok
22:40:53.0490 3876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:40:53.0555 3876 VgaSave - ok
22:40:53.0563 3876 VGPU - ok
22:40:53.0580 3876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:40:53.0592 3876 vhdmp - ok
22:40:53.0680 3876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:40:53.0700 3876 viaide - ok
22:40:53.0782 3876 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
22:40:53.0794 3876 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
22:40:53.0794 3876 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
22:40:53.0900 3876 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:40:53.0923 3876 vmbus - ok
22:40:53.0940 3876 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:40:53.0952 3876 VMBusHID - ok
22:40:54.0061 3876 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
22:40:54.0074 3876 vmci - ok
22:40:54.0105 3876 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\Windows\system32\drivers\VMkbd.sys
22:40:54.0117 3876 vmkbd - ok
22:40:54.0209 3876 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:40:54.0223 3876 VMnetAdapter - ok
22:40:54.0246 3876 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:40:54.0262 3876 VMnetBridge - ok
22:40:54.0272 3876 VMnetDHCP - ok
22:40:54.0300 3876 VMnetuserif (94dd802da1a3bbf7402246cb48cfea83) C:\Windows\system32\drivers\vmnetuserif.sys
22:40:54.0309 3876 VMnetuserif - ok
22:40:54.0414 3876 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:40:54.0436 3876 VMUSBArbService - ok
22:40:54.0518 3876 VMware NAT Service - ok
22:40:54.0572 3876 vmx86 (06eb22ea8e451654346ea0f9c56dd795) C:\Windows\system32\drivers\vmx86.sys
22:40:54.0578 3876 vmx86 - ok
22:40:54.0669 3876 volmgr (f6151f63a8e9c92a9ae8181dddff3a9a) C:\Windows\system32\drivers\volmgr.sys
22:40:54.0679 3876 volmgr - ok
22:40:54.0700 3876 volmgrx (0904ef550b3d3feb326638a4bad9937e) C:\Windows\system32\drivers\volmgrx.sys
22:40:54.0712 3876 volmgrx - ok
22:40:54.0735 3876 volsnap (33a1623ee5977f09f5ddf6df288cd6af) C:\Windows\system32\drivers\volsnap.sys
22:40:54.0747 3876 volsnap - ok
22:40:54.0840 3876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:40:54.0859 3876 vsmraid - ok
22:40:54.0923 3876 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:40:54.0971 3876 VSS - ok
22:40:55.0059 3876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:40:55.0071 3876 vwifibus - ok
22:40:55.0083 3876 vwififlt (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
22:40:55.0095 3876 vwififlt - ok
22:40:55.0110 3876 vwifimp (49003b357d101cdc474937437ecf5abc) C:\Windows\system32\DRIVERS\vwifimp.sys
22:40:55.0121 3876 vwifimp - ok
22:40:55.0226 3876 W32Time (c7b83bd98ba3560374569c0c13ea3685) C:\Windows\system32\w32time.dll
22:40:55.0260 3876 W32Time - ok
22:40:55.0328 3876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:40:55.0346 3876 WacomPen - ok
22:40:55.0394 3876 WANARP (226028d956c43ce4d8ddffa89873e890) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:55.0418 3876 WANARP - ok
22:40:55.0422 3876 Wanarpv6 (226028d956c43ce4d8ddffa89873e890) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:55.0437 3876 Wanarpv6 - ok
22:40:55.0506 3876 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:40:55.0546 3876 WatAdminSvc - ok
22:40:55.0672 3876 wbengine (e3aed78575601b7106b87a0a1bf93017) C:\Windows\system32\wbengine.exe
22:40:55.0704 3876 wbengine - ok
22:40:55.0795 3876 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:40:55.0829 3876 WbioSrvc - ok
22:40:55.0860 3876 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:40:55.0883 3876 wcncsvc - ok
22:40:55.0902 3876 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:40:55.0913 3876 WcsPlugInService - ok
22:40:55.0953 3876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:40:55.0965 3876 Wd - ok
22:40:56.0057 3876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:40:56.0081 3876 Wdf01000 - ok
22:40:56.0182 3876 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:56.0225 3876 WdiServiceHost - ok
22:40:56.0228 3876 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:56.0245 3876 WdiSystemHost - ok
22:40:56.0289 3876 WebClient (904e6b97ee970a7eb45bde63ef07e685) C:\Windows\System32\webclnt.dll
22:40:56.0303 3876 WebClient - ok
22:40:56.0332 3876 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:40:56.0364 3876 Wecsvc - ok
22:40:56.0446 3876 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:40:56.0479 3876 wercplsupport - ok
22:40:56.0504 3876 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:40:56.0536 3876 WerSvc - ok
22:40:56.0570 3876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:56.0602 3876 WfpLwf - ok
22:40:56.0651 3876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:40:56.0660 3876 WIMMount - ok
22:40:56.0692 3876 WinDefend - ok
22:40:56.0697 3876 WinHttpAutoProxySvc - ok
22:40:56.0783 3876 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:40:56.0837 3876 Winmgmt - ok
22:40:56.0963 3876 WinRM (1d8576dcc0e32bfef95b69e0ddf399da) C:\Windows\system32\WsmSvc.dll
22:40:57.0008 3876 WinRM - ok
22:40:57.0114 3876 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:57.0138 3876 WinUsb - ok
22:40:57.0195 3876 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:40:57.0244 3876 Wlansvc - ok
22:40:57.0343 3876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:40:57.0367 3876 WmiAcpi - ok
22:40:57.0432 3876 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:57.0458 3876 wmiApSrv - ok
22:40:57.0495 3876 WMPNetworkSvc - ok
22:40:57.0585 3876 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:40:57.0613 3876 WPCSvc - ok
22:40:57.0650 3876 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:40:57.0684 3876 WPDBusEnum - ok
22:40:57.0732 3876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:57.0793 3876 ws2ifsl - ok
22:40:57.0864 3876 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:40:57.0897 3876 wscsvc - ok
22:40:57.0923 3876 WSearch - ok
22:40:57.0995 3876 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:40:58.0055 3876 wuauserv - ok
22:40:58.0161 3876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:40:58.0214 3876 WudfPf - ok
22:40:58.0231 3876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:58.0260 3876 WUDFRd - ok
22:40:58.0350 3876 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:40:58.0400 3876 wudfsvc - ok
22:40:58.0441 3876 WwanSvc (f0b1d8725fab9f4a559ccc91a960fce0) C:\Windows\System32\wwansvc.dll
22:40:58.0454 3876 WwanSvc - ok
22:40:58.0475 3876 ZTEusbmdm6k - ok
22:40:58.0520 3876 ZTEusbnmea - ok
22:40:58.0548 3876 ZTEusbser6k - ok
22:40:58.0576 3876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:40:58.0707 3876 \Device\Harddisk0\DR0 - ok
22:40:58.0712 3876 Boot (0x1200) (8e2e946a594a880563b04af4e58e0ea9) \Device\Harddisk0\DR0\Partition0
22:40:58.0715 3876 \Device\Harddisk0\DR0\Partition0 - ok
22:40:58.0720 3876 Boot (0x1200) (87aede9c21a3a843cdd735cc23aea581) \Device\Harddisk0\DR0\Partition1
22:40:58.0722 3876 \Device\Harddisk0\DR0\Partition1 - ok
22:40:58.0723 3876 ============================================================
22:40:58.0724 3876 Scan finished
22:40:58.0724 3876 ============================================================
22:40:58.0740 3696 Detected object count: 6
22:40:58.0740 3696 Actual detected object count: 6
22:42:15.0360 3696 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:15.0360 3696 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:15.0362 3696 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:15.0362 3696 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:15.0366 3696 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:15.0366 3696 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:15.0367 3696 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:15.0367 3696 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:15.0368 3696 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:15.0369 3696 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:15.0372 3696 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:15.0372 3696 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

________________________________________________________________________________________

Download aswMBR.exe ( 511KB ) to your desktop.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 22:44:20
-----------------------------
22:44:20.806 OS Version: Windows x64 6.1.7601 Service Pack 1
22:44:20.806 Number of processors: 8 586 0x1E05
22:44:20.807 ComputerName: MURODULLO-PC UserName: Murodullo
22:44:21.537 Initialize success
22:44:56.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:44:56.382 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
22:44:56.408 Disk 0 MBR read successfully
22:44:56.414 Disk 0 MBR scan
22:44:56.419 Disk 0 Windows 7 default MBR code
22:44:56.426 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 67381 MB offset 63
22:44:56.432 Disk 0 Partition - 00 05 Extended 409555 MB offset 137998350
22:44:56.458 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 409555 MB offset 137998413
22:44:56.465 Disk 0 scanning C:\Windows\system32\drivers
22:45:02.074 Service scanning
22:45:28.268 Modules scanning
22:45:28.286 Disk 0 trace - called modules:
22:45:28.321 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
22:45:28.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d96790]
22:45:28.337 3 CLASSPNP.SYS[fffff88001d2443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b26050]
22:45:28.344 Scan finished successfully
22:45:36.064 Disk 0 MBR has been saved successfully to "C:\Users\Murodullo\Desktop\MBR.dat"
22:45:36.071 The log file has been saved successfully to "C:\Users\Murodullo\Desktop\aswMBR.txt"

-------------------------

Download ComboFix from one of these locations:



[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.[/list]

ComboFix didn't download the Microsoft Windows Recovery Console (as was provisioned below)

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Please find attached the ComboFix Log file.
Thank you and I am waiting for the further steps.

Attached Files



#13 eddie5659

eddie5659

  • Malware Response Team
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 11 April 2012 - 03:12 PM

Hi

At the very beginning you said this:

I have a problem with a startsearch.ch virus, which I apparently got from h**p://barcelonastream.com/fc-barcelona-vs-milan/channel-1
While watching the football stream, the ad near the stream player suggested me to download some sort of a plug-in which I did, and seemingly the stream got a little better at that time. But unfortunately after that the browser's homepage started being changed by some virus all the time. I use Mozilla Firefox 11.0, and I haven't opened Internet Explorer or Safari since then in fear of infecting them with the same virus (better be on the safe side).


I'm having a look at that site, but the ads seem to be on a rotation. Can you describe what the ad looked like, and possibly what it said? Don't go back in there just for the ad, just if you can remember anything :wink:

---------
Now, lets clear the malware :)

Firstly, can you uninstall the following either using AddRemove Programs via the Control Panel or Start | Programs. If any are not there, let me know, but carry on with the rest of the fix:

MyWebSearch
TheBflix
UtilityChest_49
Complitly
Babylon Toolbar
Dealply



Then, do the following:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac&q={searchTerms}
    IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac
    IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\URLSearchHook: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No CLSID value found
    IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=050412_30b&babsrc=SP_ss&mntrId=b545c64a0000000000007ee40050f803
    IE - HKU\S-1-5-21-4154458656-1255318171-458538179-1000\..\SearchScopes\{43A3D088-2C7F-4A32-B780-D08600729759}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=b545c64a000000000000c80aa9830597
    FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac"
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\49ffxtbr@UtilityChest_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin [2012.04.10 17:07:40 | 000,000,000 | ---D | M]
    [2012.04.08 02:56:26 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Murodullo\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Murodullo\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
    O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:1CE11B51
    :Files
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.



-------------

Do you use these sites/programs? If not, we can remove them. Most are Russian, so I'm not too sure on some. If you do, that's fine, I'll leave them be :)

http://yandex.ru
http://moikrug.ru
mailru
ozonru
yandex-slovari

C:\Program Files (x86)\Mail.Ru
C:\Program Files (x86)\SkyMonk
C:\Program Files (x86)\AlterGeo
C:\Program Files (x86)\Browsers Protector


Thanks :)

eddie

Edited by eddie5659, 11 April 2012 - 03:14 PM.


#14 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 11 April 2012 - 04:08 PM

Hi dear Eddie,

before proceeding with treatments, the problem was the following:

I don't remember all of the details, but I think this "ad" posed to be one of legitimate add-ins. I think it said I would need to download silverlight. I was surprised to see that, since I already had silverlight installed by default. Then I thought, this would probably be suggested by the player which was playing the stream just to improve the quality, and thus I clicked. I know now that I shouldn't click on anything. So, it downloaded a few things, which I don't know, and I unfortunately kept saying "yes" in all of the dialogue boxes.

One more thing that I remember happening is the "Speed Dial" of add-on of Firefox being somehow re-installed after this: when I opened the firefox I saw that all of the bookmarks in my previous speed dial had disappeared and there was a new speed-dial waiting for me (blank tabs, new formats - my old links were all gone). Later, when the current problem started, I uninstalled the Speed-Dial itself as well.

As for the Russian and other resources indicated.

Of the following Russian resources:

yandex.ru
moikrug.ru
mailru
ozonru
yandex-slovari


I use mailru only. But I don't know if this component that says that it is mailru whether it is really related to http://mail.ru (kind of Russian Yahoo) or elsewhere. So, if anything we can deleted everything here.

Of the following programs:

C:\Program Files (x86)\Mail.Ru
C:\Program Files (x86)\SkyMonk
C:\Program Files (x86)\AlterGeo
C:\Program Files (x86)\Browsers Protector

I again use:
C:\Program Files (x86)\Mail.Ru

But with the rest:
Skymonk was being suggested throughout most of the file-storage resource (at least in most of the Russian file storage sites), so I started using it after I saw the special download links for the files which would only be used by SkyMonk. It seems to be similar to Internet Download manager in some ways, but cannot download all the files once encountered: it has its own type of link which sends a signal to SkyMonk and SkyMonk download window comes up and takes it further.

AlterGeo - truly, to be perfectly honest - I don't know what it is. My previous computer had it, this one has it (and this one is second hand as well), so I always thought, it is something that belongs to the system or just something very necessary.


Browsers Protector - I don't know what it is. I didn't even know that I had that program. Can we delete it?

Thank you dear Eddie, I will post immediately, once I complete all that you just suggested!

#15 Muradilla

Muradilla
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 11 April 2012 - 04:44 PM

MyWebSearch couldn’t find.
TheBflix deleted.
UtilityChest_49 couldn’t find.
Complitly deleted.
Babylon Toolbar deleted
Dealply deleted.

Mywebsearch is not there. So was the utility chest. But I can see utility chest 1.2 in the extensions page of Firefox. But Firefox doesn’t offer an opportunity to delete utility chest, but I can only switch it on or off from Firefox and for Firefox.
The rest of the files were deleted.

OTL Fun Fix Report:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKU\S-1-5-21-4154458656-1255318171-458538179-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4154458656-1255318171-458538179-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\ not found.
HKEY_USERS\S-1-5-21-4154458656-1255318171-458538179-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4154458656-1255318171-458538179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4154458656-1255318171-458538179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{43A3D088-2C7F-4A32-B780-D08600729759}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43A3D088-2C7F-4A32-B780-D08600729759}\ not found.
Prefs.js: "http://startsear.ch/?aff=1&cf=71bb2bb9-7dc9-11e1-b0bd-ff3758bdb1ac" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@UtilityChest_49.com/Plugin\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\49ffxtbr@UtilityChest_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
File C:\Users\Murodullo\AppData\Roaming\Complitly\64\Complitly64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
File C:\Users\Murodullo\AppData\Roaming\Complitly\Complitly.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.
File C:\Program Files (x86)\DealPly\DealPlyIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cf67755f-9265-449c-87cf-b945519e073b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf67755f-9265-449c-87cf-b945519e073b}\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
File Protocol\Handler\skype4com - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:1CE11B51 .
========== FILES ==========
< ipconfig /flushdns /c >
Ќ бва®©Є  Їа®в®Є®«  IP ¤«п Windows
Љни б®Ї®бв ўЁвҐ«п DNS гбЇҐи­® ®зЁйҐ­.
C:\Users\Murodullo\Desktop\Virus issue\StSrch\cmd.bat deleted successfully.
C:\Users\Murodullo\Desktop\Virus issue\StSrch\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Murodullo
->Temp folder emptied: 5428981 bytes
->Temporary Internet Files folder emptied: 10421234 bytes
->FireFox cache emptied: 54352939 bytes
->Apple Safari cache emptied: 13958144 bytes
->Flash cache emptied: 37668 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Администратор
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 334501 bytes
->FireFox cache emptied: 110014151 bytes
->Flash cache emptied: 1055 bytes

User: Все пользователи

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 763345 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51099 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 186,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Murodullo

User: Public

User: Администратор

User: Все пользователи

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Murodullo
->Flash cache emptied: 0 bytes

User: Public

User: Администратор
->Flash cache emptied: 0 bytes

User: Все пользователи

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04112012_233413

Files\Folders moved on Reboot...
C:\Users\Murodullo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Murodullo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3C67CFD8-EA8A-4D45-94A7-CDA229FCF65C}.tmp not found!
File\Folder C:\Users\Murodullo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B2C2D278-9C7E-4029-B6AB-CDA7A76755C5}.tmp not found!
File\Folder C:\Users\Murodullo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C095F021-A423-4BF5-8ADC-1B1484C59A2A}.tmp not found!
File\Folder C:\Users\Murodullo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FCA899B8-12B3-4903-935A-B785E6C03B7D}.tmp not found!
C:\Windows\temp\vmware-система-2891685741\vmauthd.log moved successfully.
C:\Windows\temp\vmware-система-2891685741\vmware-usbarb-система-2140.log moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users