Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected searchnu.com/406 redirecting malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 Mortada

Mortada

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 08 April 2012 - 10:28 PM

EDIT: AII topichttp://www.bleepingcomputer.com/forums/topic449309.html/page__p__2657445#entry2657445



Here is my DDS log.

-------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Refka at 15:18:30 on 2012-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.4012.2648 [GMT 12:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\TrueSuite\TrueSuite.Service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/406
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Refka\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DDA2D6C1-6930-4753-B804-FF622908B587} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs:
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64:
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Refka\AppData\Roaming\Mozilla\Firefox\Profiles\i3c9v8vg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=358&systemid=406&sr=0&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-18 275912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2010-12-13 290632]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-19 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-8 652360]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-19 257936]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-11 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-13 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-11 67952]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-11-19 104960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-19 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-11-19 584080]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-28 864000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-11-19 923024]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\DRIVERS\ATSwpWDF.sys --> C:\Windows\system32\DRIVERS\ATSwpWDF.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-28 303872]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-11-19 1310096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-16 227232]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-3 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-08 02:32:28 -------- d-----w- C:\Users\Refka\AppData\Roaming\Malwarebytes
2012-04-08 02:32:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-08 02:32:10 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-08 02:32:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-08 02:09:07 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-08 02:04:53 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-04-08 02:04:49 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-04-06 07:18:45 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{8A8190EF-0EA5-4FA9-B559-13C4A0317C2E}
2012-04-06 07:17:58 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F060C251-9C23-458F-9AC4-C79ADD0B6D87}
2012-04-06 07:16:59 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{0CEDC1FF-F19C-4392-B0CA-5C767117BE38}
2012-04-06 07:16:48 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{FD31E254-D2B1-4390-A19D-56268011F240}
2012-04-06 07:16:48 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{95FDC87F-D321-400D-88BF-781C1D0FCBF1}
2012-04-06 07:16:20 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{094EC0C2-FBE5-4122-BA83-B1BDF01E4A36}
2012-04-06 07:16:19 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{A58BC5CA-8857-4CFE-A7FE-8AF0D22A75F8}
2012-04-06 07:16:18 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{63BB3EA9-64D9-4DDC-B3DA-4F9F476C6C13}
2012-04-06 07:16:10 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{FB7902C0-181B-4F31-940A-36A04CDDDDB9}
2012-04-06 07:15:52 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{A0FCA7C8-4B5C-435A-80EA-FB089D2F3D84}
2012-04-06 07:15:52 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{57945ADE-D4BA-48DA-8069-F2CDF9D7D6DD}
2012-04-06 07:15:48 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{53C8B6E7-2FBF-4D90-8A48-C6A2094BA401}
2012-04-06 07:15:48 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{03D5064A-16C7-49C0-88AC-F8BD673A15CF}
2012-04-06 07:15:31 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{37F20825-3B6B-417A-9936-0FC39F143176}
2012-04-06 07:15:30 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F3BC1E51-12E8-454D-B31B-A877EFC4B6E6}
2012-04-06 07:15:19 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{FB906312-36C4-4837-9BB5-C84AF75D886F}
2012-04-06 07:15:08 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{BBB13817-4183-41E5-B4F1-0EF45B6FBA4D}
2012-04-06 07:15:08 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{1C1E58C8-7311-4F20-961D-D510E5D08F62}
2012-04-06 07:13:44 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{1F9B2C30-C406-4BFB-B82A-58E4BB5700D8}
2012-04-06 07:13:44 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{0464BF14-65D8-4598-A446-79A7EA2143B3}
2012-04-06 07:13:42 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{842CF7D6-E4D7-438A-B01C-2CFB4E4D9F56}
2012-04-06 07:13:42 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{509CFAA5-4D94-4B5C-8932-73CACE598287}
2012-04-06 07:11:59 -------- d-----w- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{2D587D71-E0D6-4447-BE36-4D86481B4F18}
2012-04-06 07:10:48 -------- d-----w- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{7938F24B-874B-43A8-9C10-ACFC5619CEAF}
2012-04-06 07:09:59 -------- d-----w- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{6FC8233A-0EDC-4540-8661-655A000677A4}
2012-04-06 07:08:44 -------- d-----w- C:\Windows\SysWow64\{B3D952D2-09D6-4318-9451-E705C69B0C2F}{25958601-B2D2-4600-8368-6E464329C04E}
2012-04-06 07:07:59 -------- d-----w- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{92C29D93-3CBD-411A-9E0B-38C42FAAA90C}
2012-04-06 07:06:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{42C9E5A1-2435-4247-82EC-1BEA2724435D}
2012-04-06 07:05:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AEE39BA1-48E7-4A5D-9408-4008DCF9BD59}
2012-04-06 07:04:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DF7F9FA9-7430-4A7A-A25F-9DF4576D6388}
2012-04-06 07:03:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E9CEA6A0-4324-4FD0-96EA-8C68E0387F7B}
2012-04-06 07:02:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{60C643C9-961F-46D1-B42C-2BEC0F78A083}
2012-04-06 07:01:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{883CFFD1-DA89-49E0-96E1-809846AA3348}
2012-04-06 07:00:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F9859793-1982-4745-BAC5-62384F64C669}
2012-04-06 06:59:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A6C20F4F-43B9-48CA-95E2-A4FCDC4629E2}
2012-04-06 06:58:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{954D9F7F-815B-4A83-AC06-A0E86C95FC4A}
2012-04-04 11:43:13 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{0E76F1D1-41EF-4CAD-8EF5-40403DD9B1A6}
2012-04-04 11:43:10 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{162D41FC-4A33-40F3-803E-10128099F02A}
2012-04-04 11:43:10 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0A772B69-EC3F-4E70-BB4D-9914EBB9AFA4}
2012-04-04 11:41:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FCA2AA92-A86B-4B7B-88B0-217979B27B20}
2012-04-04 11:40:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{93DF3FC3-EEA8-46FF-8975-4A1B45107869}
2012-04-04 11:33:39 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D962867D-8260-45B6-B0BE-F04CC5115CB5}
2012-04-04 11:32:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9AAD5729-DC01-46C3-A09A-483930F16165}
2012-04-04 11:31:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E9024065-C742-4DF6-86B6-3999E88E3DE2}
2012-04-04 11:30:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{95CB0864-10B6-4D01-9AC8-25B72AE158AB}
2012-04-04 11:29:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{ED41ACCE-C2E3-4BA4-81C0-CE9B09F56CDA}
2012-04-04 11:28:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FAEA5F4A-DB57-4EE1-9DE0-9D78CF419B17}
2012-04-04 11:27:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{389B78AD-7C24-427E-8D1D-7652CE25D337}
2012-04-04 11:26:48 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{63612843-C04C-473E-9EC5-A5A542FCFAD9}
2012-04-04 11:25:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BC892751-BAD6-42C8-B0B2-0BBEBDC8F2C8}
2012-04-04 11:24:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CB80CD58-6E1B-499D-84B6-CF805071684F}
2012-04-04 11:23:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{8CDC733A-5F35-4D1A-A367-1EFE18755EEB}
2012-04-04 11:22:40 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{858C9037-C4A3-4DD1-B93A-37827402D055}
2012-04-04 11:21:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{370CCF2A-920D-4374-90AD-727957265768}
2012-03-30 10:02:47 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C4BDDD2B-0FC9-4FAF-A9A3-15E092AFFEF0}
2012-03-30 10:01:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B75CD55C-4305-4844-98FB-2764F019D138}
2012-03-30 10:00:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{35A5A638-E3C2-44D6-810E-6A5CE49F9473}
2012-03-30 09:59:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{D48EE342-C76E-4E76-9570-C97FD181921E}
2012-03-30 09:58:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D0DA92A9-B4CA-4968-A953-D758E41A415A}
2012-03-30 09:57:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F0F532F1-ADB0-45CD-A57B-B1F64176A560}
2012-03-30 09:56:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{22E2D1F0-98CE-4C92-A32C-BCDA12A38DCF}
2012-03-30 09:55:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{10FCD1EC-BBC9-4385-9B85-C22F9DBAFA94}
2012-03-30 09:54:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1CFA9892-F855-4A37-92AE-EC9B094A11F4}
2012-03-30 09:53:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{00219C00-E355-4545-85F4-30545EC4DF0E}
2012-03-30 09:52:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{8CFAFE43-C747-4DE4-BBA7-DAFCFA0ED1F3}
2012-03-30 09:51:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C4C27D7B-CF2A-4515-BE52-6BAAB8F344A3}
2012-03-30 09:50:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A3131512-B847-44B8-9653-6D7D4A5FE791}
2012-03-30 09:49:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BD63580B-697D-4A65-A0F8-F455BFB3E1E7}
2012-03-30 09:48:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{7FF1356E-2CD6-4BD8-9566-E4ACA49824C8}
2012-03-30 09:47:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D668F100-CA24-4492-94F4-9A84F27072DA}
2012-03-30 09:46:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E77DC231-A86F-4F70-9DFE-F5B7AC461BD7}
2012-03-30 09:45:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{17DCDE3B-8A50-46AD-A370-6543BFA1A948}
2012-03-30 09:44:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B5D1ECA4-87FC-4E6A-B09C-B5D703285A5A}
2012-03-30 09:43:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{75871E05-61BB-4A6A-99F2-8845ACEDE01F}
2012-03-30 09:42:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{EB520868-47B0-425E-85D0-9E0A9C44CD3A}
2012-03-30 09:41:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{53E30466-D147-4DC6-BB23-B18AC2E79293}
2012-03-30 09:40:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{048FB21A-2911-4DB6-ADFB-C1A5B99888EF}
2012-03-30 09:39:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{6B65EDC4-1FB0-4389-814C-1E2ADD5DD240}
2012-03-30 09:38:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F707F173-5B64-4E4D-8D5B-06589D8B8CD3}
2012-03-30 09:37:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{DA4FD658-2B7C-4139-895E-12B1195940EE}
2012-03-30 09:36:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{DF591797-630D-4068-919E-F4752DC02E00}
2012-03-30 09:35:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{76384C1C-E493-436C-B40A-A6FC911F244D}
2012-03-30 09:34:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{03E0DAD2-AB4A-40CE-9798-5B38DA85B05D}
2012-03-30 09:33:58 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{BAEB80EB-171E-4AEC-A64B-7FBB596E9B47}
2012-03-30 09:32:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{82D05EAE-8A9F-4738-AC12-5858597F3A72}
2012-03-30 09:31:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{307DA19F-EAC5-476C-BFDF-3CE73EB781EF}
2012-03-30 09:30:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4B171BA5-5435-470D-B3F3-9DEE76304F60}
2012-03-30 09:29:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{0DC1D4FB-582F-46DB-B091-0E540A335036}
2012-03-30 09:28:55 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F503D64F-ADA2-4B8E-B438-6C224FA0F50D}
2012-03-30 09:27:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{ACA6A5EC-214B-4732-B861-213391AED7DC}
2012-03-30 09:26:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{52A823DE-9567-427F-ABA9-FC4F2B2D3349}
2012-03-30 09:25:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{92CB7334-CA5C-440B-9CE6-296863600DF2}
2012-03-30 09:25:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{7710C260-0C19-4137-AC61-C0BB413A2282}
2012-03-30 09:25:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{2615B901-EF47-4272-99CB-28BCA7314DE0}
2012-03-30 09:25:53 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{24764694-44C4-4B9E-85D4-6E2863E09B58}
2012-03-30 09:25:53 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{766F8BF2-6D2B-4082-82DE-E038E58967ED}
2012-03-30 09:25:53 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{29E88339-62B5-45B0-B0F8-D65D43342C28}
2012-03-30 09:25:51 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3E162F38-5D33-4B73-96DB-8F3A565AC83A}
2012-03-30 09:25:50 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DAAFD8C5-8ECC-49F4-9874-04FD39FFB0F2}
2012-03-30 09:25:48 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F4E3FD57-49BF-4648-892F-2ADD961D6391}
2012-03-30 09:25:48 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1D5C5D14-DFF9-4FE5-9037-F6BAE55C2F5A}
2012-03-30 09:25:48 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{FEFE2202-3FBD-4EC7-A1A2-6211FF4439C2}
2012-03-30 08:40:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FF406F2D-F3D8-4C79-BA24-3350770244A4}
2012-03-30 08:39:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F8E67546-FED0-4D90-94CB-C1AFE737C6A2}
2012-03-30 08:39:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{23C6F36B-1C97-4FFE-940F-5B69FADD3F14}
2012-03-30 08:39:56 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{6BB7FACD-1326-4B82-9AFA-1C7B01D68C52}
2012-03-30 08:27:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3322B0CE-EE8A-4F4F-A461-C41B9405B6B6}
2012-03-30 08:26:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{363E09D4-537D-4272-8031-62BF5A67E879}
2012-03-30 08:25:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{102593EA-A68C-4545-A371-A1F9E07C95F8}
2012-03-30 08:24:55 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F9C7E094-712D-4E9A-A412-3E03ACA10DF9}
2012-03-30 08:23:56 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{15B405E6-95AF-458A-9073-F816D6C02579}
2012-03-30 08:22:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{8018BC4F-DB16-494C-95CD-FEA3E9206143}
2012-03-30 08:21:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BDBB5258-510D-4A73-9765-638BCF8ABD30}
2012-03-30 08:20:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8F6EF8E9-AE18-4371-80AB-3538099B7306}
2012-03-30 08:19:58 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{64B0C341-68B5-43DE-AE8A-243EBA7F99D1}
2012-03-30 08:18:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C9A2D605-56C1-4E5C-928E-D76B919A4D81}
2012-03-30 08:17:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B6223380-91C3-40E6-BC5A-A9F1F787CCD2}
2012-03-30 08:14:32 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AB6A4831-A55E-44B8-8C98-2FB3136E6423}
2012-03-30 08:13:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AFA4CF35-8FE7-4CF6-A77D-1A3CCD09A9B9}
2012-03-30 08:12:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E37F7BCD-EE2A-44BA-A3CA-A21FB6404D08}
2012-03-30 08:11:58 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9ACCA293-547E-4DA3-9515-52E1B1F61025}
2012-03-30 08:10:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CEAD9F90-CC98-40C8-9B23-D975E121BAF2}
2012-03-30 08:03:53 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{EE097358-AF53-4180-855E-4068A969CF83}
2012-03-30 08:03:53 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{283F56EF-6CA7-47D1-A264-3346C5CAADB7}
2012-03-30 08:03:49 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9FB790A4-6DD9-4F02-9264-CB18E9ECA4CC}
2012-03-30 07:29:53 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FA3CEF78-B6F7-4103-81D4-7155D6829099}
2012-03-30 07:29:53 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C05F457C-A3D8-4DE2-BDC7-8FE17A58169E}
2012-03-30 07:29:53 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{7AC367B6-8A63-4CA5-911C-82DA85A318FA}
2012-03-30 07:29:50 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AD5C40DE-4474-4811-9F7B-EF81FCDF9EAC}
2012-03-30 07:29:50 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{322C83D8-C6A6-4081-B978-ED9DBA439985}
2012-03-30 07:29:49 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{035F2336-9A68-48BF-91E6-F4190BDE70D8}
2012-03-30 07:06:02 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{41717E44-C624-481B-A483-781446292AC1}
2012-03-30 07:06:02 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{0097EAEB-65FC-4AFE-BCF6-F59AE995A810}
2012-03-30 07:06:02 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{52ECBFAA-C4AA-42F8-8E60-8A97B4FFDADA}
2012-03-30 07:06:01 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{EDFFC51A-4D51-479B-AB18-F734E63DBBF2}
2012-03-30 07:06:01 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{879F4AB0-6B93-46C6-ABD1-6989670CE119}
2012-03-30 07:06:01 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{316C0019-8501-4BA8-8E3C-172DA92F7FA9}
2012-03-30 07:05:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F588E396-10F0-4B54-955E-273B590E2E6A}
2012-03-30 07:05:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{79F2FD0F-6730-4997-9EAB-71DEF2AD6426}
2012-03-30 07:05:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{18204C2C-A3B0-4405-8AED-BA29C3B367AB}
2012-03-30 07:05:57 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{DE30B22A-EFBB-40F3-B712-41C62C142352}
2012-03-30 07:05:57 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{048EC277-7267-4E48-AE49-1460DD36D129}
2012-03-30 06:50:30 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{7D2B9D16-EEBB-4DDA-84C6-4366A59DEF7A}
2012-03-30 06:50:28 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F95D14E4-0AD2-4852-8961-D107309FFED4}
2012-03-30 06:50:28 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{8866515A-AA0D-4A08-BC93-971014E42A3F}
2012-03-30 06:50:28 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{64447D44-40B4-497A-89AC-38AECC728E60}
2012-03-30 06:34:52 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{06C7DA9D-3EFA-4FEA-98FF-02F2EF8195AE}
2012-03-30 06:33:52 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{4D153667-639D-42E4-BDDF-3737C1AB461F}
2012-03-30 06:32:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B39039FC-6714-4634-A47D-C75E0BFF946A}
2012-03-30 06:31:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B60B4820-1472-4E1B-BD4F-D884F7FF7B76}
2012-03-30 06:30:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4B2BF8E6-0233-489C-B5CE-BF90CF6474A0}
2012-03-30 06:29:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AE1C8A7A-BDCB-4241-9910-502591C96C39}
2012-03-30 06:28:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{35A91F48-3672-4F95-90D6-540C30FAAEFC}
2012-03-30 06:27:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{72D18214-737A-4A38-B88E-A49B9D1F85C1}
2012-03-30 06:26:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{23DF47FF-7FBA-4CA7-983F-3F64B39E116B}
2012-03-30 06:25:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B5171E60-4A57-47C8-83C6-77C77027C6D3}
2012-03-30 06:24:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B6B6DB47-7B20-4983-8E2E-5D09B4AACE40}
2012-03-30 06:23:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BA0150A6-92C0-4D15-A86D-6C157357B92F}
2012-03-30 06:22:52 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{503DD8A4-EF27-43D6-A4DE-339176D912EE}
2012-03-30 06:21:36 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BDCC7D1E-85BE-4C90-8779-B024DCD4719D}
2012-03-30 06:20:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{4F5856FC-DA2F-42A3-A7F3-07CBA401FC20}
2012-03-30 06:19:52 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AA6EB089-28E8-4C1A-88D4-B311092C4459}
2012-03-30 06:18:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{521DDCFB-A03C-4C15-87B8-8D51E786215C}
2012-03-30 06:17:56 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D08FE004-B761-4267-B53C-B3D0FB78B4CA}
2012-03-30 06:16:57 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1A58FABD-D83B-4017-8DAC-6D339919B39A}
2012-03-30 06:15:49 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{929AB04F-8A43-440B-894A-AA8B5C0EFC13}
2012-03-30 06:14:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C8870C0C-C5C9-4ECE-8E7C-EBA0AE54DC49}
2012-03-30 06:13:58 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{32450334-B6D1-42D6-B53C-4B2B20AD1AEB}
2012-03-30 06:12:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{548074E2-D5F5-4DED-9FE6-BC8CD2FD38DF}
2012-03-30 06:11:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{867E8A2B-0279-4DE2-B6EC-C28E8DCA0575}
2012-03-30 06:10:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CF70ABC0-C4F0-45F2-B95C-56522AED3902}
2012-03-30 06:09:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{80B2E76E-B539-4496-A7E4-EA273140D94B}
2012-03-30 06:08:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B541A0FE-FFD4-4B78-BA4B-50BA3166E27B}
2012-03-30 06:07:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FADD9B94-2C0E-408B-B13B-0250A1753453}
2012-03-30 06:06:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{99608771-110C-49F8-B722-10919DAE2FB8}
2012-03-30 06:05:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D72C048E-FE56-47B5-9855-29C92C9EABF1}
2012-03-30 06:04:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{6155A488-4985-43F0-9C29-B327B6B8CE0C}
2012-03-30 06:03:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B6437C3C-B90E-4334-8D05-DE5BDA9971AC}
2012-03-30 06:02:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{564CF0DD-B36D-4FA2-A61C-B13515ED0873}
2012-03-30 06:01:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{048FE707-7279-4CB6-9501-8FDAA8584AB8}
2012-03-30 06:00:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{72E485E4-C1A2-45F1-AEA5-DB63E699A4F4}
2012-03-30 05:59:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{08851D2C-F8AD-4DC3-9C4C-4685CA53B94C}
2012-03-30 05:58:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9372B77E-2270-47C4-8CB2-21719747E76E}
2012-03-30 05:57:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F7EBA08F-E783-4CC4-9C48-797C2A446AF0}
2012-03-30 05:56:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{93482570-53CB-4CEE-9ED5-1EB83BEDAD23}
2012-03-30 05:55:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{EC075008-CA2B-48A3-81A3-E0E0F81081F6}
2012-03-30 05:54:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{A9CD466E-19F2-48D8-88CB-0237E0449F3E}
2012-03-30 05:53:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B2D13E31-A00A-4384-BD20-61B8AF7AB76D}
2012-03-30 05:52:59 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{AE874C2D-42F6-40B0-B06A-D84C58E42BFB}
2012-03-30 05:51:59 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{369A9E6F-2DAC-48D7-8729-BFDAC09451F9}
2012-03-30 05:50:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{C4ED7FDC-0249-4F43-9F00-8608E76E3A95}
2012-03-30 05:49:45 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{AA01A05E-3A90-464B-8375-AC801E0EED84}
2012-03-30 05:48:59 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{42D77141-60AB-4B4F-A600-B500107D2E03}
2012-03-30 05:47:59 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{5D4828F4-997A-4FC6-930D-5AAC9BC4D833}
2012-03-30 05:46:57 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7D30050C-C7D0-4703-9463-E0BCF45698AB}
2012-03-30 05:46:56 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A44F4D52-1033-4FC4-843C-EEEEAF4E1CE0}
2012-03-30 05:46:44 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{04B7C7C5-C9C6-4F91-9278-B1338D5E2585}
2012-03-30 05:46:43 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{219B7994-2D55-4C37-9D73-608656DF8B2F}
2012-03-30 05:46:23 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{6922F4B9-9EB0-4682-9F70-266124DA156E}
2012-03-30 05:46:22 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{38E95535-E5E5-4030-B51D-F1D96BF468A1}
2012-03-30 05:46:09 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{BBCBE425-0170-4F72-96C3-742795F9AD78}
2012-03-30 05:46:06 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{411A1559-2E58-4133-A1BB-77C8561B5C9E}
2012-03-30 05:45:51 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{4FFAD8AB-0A0E-4BBA-A4F0-4B54DF484782}
2012-03-30 05:45:47 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{AE5187A5-92E1-4143-A611-591A521BD25B}
2012-03-30 05:45:34 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{E0A2F798-D09E-4A42-8DEC-93B71836606A}
2012-03-30 05:45:34 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7DA887B7-07BD-4CB5-A156-FFAA744B7FE7}
2012-03-30 05:45:24 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{25592D67-D320-4799-AAE2-7A9F60E409B8}
2012-03-30 05:45:18 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{4B59CF7C-3C9D-49E0-AA89-2BC85F4831FF}
2012-03-30 05:45:06 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{1DBE1005-8C6A-4BB1-8929-6020C6BF8242}
2012-03-30 05:45:00 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7B33A0C9-4CFE-42D6-BFB7-D91FA47DE6DB}
2012-03-30 05:44:52 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{0889E3EB-8345-41D8-A182-7C87658B3448}
2012-03-30 05:44:41 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{B5F248B7-1AF3-4C4B-898C-373448F209D7}
2012-03-30 05:44:33 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{68D3B86F-B37C-4669-8667-F15FB9C5F180}
2012-03-30 05:44:28 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{8EC72336-36E7-4E5D-8F45-AE93CD505724}
2012-03-30 05:44:26 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{E3B490D9-B090-441A-9DB1-A1FEB3999A52}
2012-03-30 05:44:19 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A6D59FEE-4D74-473C-8E6D-F19742836413}
2012-03-30 05:44:17 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{96B46000-1D95-4F84-8FAC-E563ADD15016}
2012-03-30 05:44:10 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{744EA1BE-3FCF-4348-8A94-CAE173C9C8F5}
2012-03-30 05:44:09 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{C022602B-2644-452F-9D4F-0E288201727E}
2012-03-30 05:44:03 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{8C3DE0F0-F6F4-4E98-AECE-EE1F46D1B525}
2012-03-30 05:43:59 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{72F6249A-527A-4377-A02F-E2548A4FB66D}
2012-03-30 05:43:54 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7ACC2DF0-DA4C-4683-83AE-CEA62F9F7798}
2012-03-30 05:43:46 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{54F259AC-DC9C-47BE-8722-48916DE7DDED}
2012-03-30 05:43:38 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7FC2985D-7F72-48F1-9702-E3B27CCC9D67}
2012-03-30 05:43:31 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{77AA26FB-A874-4A2B-A870-77A2AC81F1FE}
2012-03-30 05:43:23 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{8D1F9EE4-DAE9-4BBA-8F1F-5EB848ECC69C}
2012-03-30 05:43:20 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{276DB6AB-17E5-4252-A308-B22C51275F86}
2012-03-30 05:43:06 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A37EF018-0A18-4FCC-820B-998C8D01251D}
2012-03-30 05:43:06 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{5D0980FD-8BD9-43E7-B657-96B23B091299}
2012-03-30 05:43:00 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7907EF00-5441-42E3-85AA-32F91780C671}
2012-03-30 05:43:00 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{0E5AD35F-5B6C-4728-989C-64310064C80B}
2012-03-30 05:42:59 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{9C31921A-57AB-48C0-BE28-D7EFBABC38F9}
2012-03-30 05:42:53 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{E60EA753-C850-4DA9-87DC-EF3A8B2E72EC}
2012-03-30 05:42:50 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{232286A8-FED2-46F7-BE9B-3BFBC09AB13C}
2012-03-30 05:42:43 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{17475A52-65FB-4246-9EC6-A5F563FDA348}
2012-03-30 05:42:34 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{EA1B55C1-4CAA-4CDE-93B0-629BD192629C}
2012-03-30 05:42:26 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{F8377AEC-4416-4BF6-803E-5ACA3FF901FF}
2012-03-30 05:42:18 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{C5FBC325-00DB-44D1-9F43-CC4A41073235}
2012-03-30 05:42:17 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{AEB1E19A-685A-4E5C-9073-83AE544BD21B}
2012-03-30 05:42:09 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{50367E7E-C152-4B52-882A-F4CC4B249F28}
2012-03-30 05:42:07 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{39517E57-5359-4F7A-A3A8-AA19D5EC6762}
2012-03-30 05:42:06 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A99A445F-F2F9-4C59-AC64-780C51D0BF4C}
2012-03-30 05:42:00 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{8B417709-7CFE-488E-B033-866EB9516B7D}
2012-03-30 05:40:56 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{D51A807B-DCFE-456F-A544-6E9FCB114044}
2012-03-30 05:39:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{3C46ACA2-7B5F-46C3-BE3A-362D46DD5F61}
2012-03-30 05:38:30 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{935122DD-758A-4625-B264-0F98B25C409B}
2012-03-30 05:37:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FD798784-E041-4585-8918-48A9EDB59E50}
2012-03-30 05:36:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{7BAE77FB-7E51-4FA5-9136-AF7C3BCCFCE5}
2012-03-30 05:35:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{D00A2761-5B5B-4048-AC6B-DF00928BD1A2}
2012-03-30 05:34:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FBF89714-8F2A-4163-B133-9B025ED25D27}
2012-03-30 05:33:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{1C9E7823-5FED-4029-9E8C-13C460C1926B}
2012-03-30 05:32:51 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{56BE6EA2-D6AA-4529-B4BA-18BF06D6A794}
2012-03-30 05:31:52 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{135E4ACC-0D52-4325-B8BF-4E778672AC36}
2012-03-30 05:30:58 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{D34FF9F1-E0DE-4593-8FAB-9A2E80302AA5}
2012-03-30 05:29:50 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B2AC6256-9123-4034-80A3-11D9208B402E}
2012-03-30 05:28:58 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AC563680-E38A-4507-A089-D71DDB5BBE1F}
2012-03-30 05:27:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FC954B93-E6EF-4589-AC03-582BB0CD6C4E}
2012-03-30 05:26:56 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{8404A1B5-72F0-4AEA-A576-BBE10DB3722F}
2012-03-29 23:12:16 -------- d-----w- C:\VAIO Entertainment
2012-03-28 09:29:08 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-28 09:29:08 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-23 10:18:01 -------- d-----w- C:\Users\Refka\AppData\Local\Ilivid Player
2012-03-23 10:15:56 -------- d-----w- C:\ProgramData\boost_interprocess
2012-03-16 04:50:00 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-16 04:49:58 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-16 04:49:57 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 23:51:29 -------- d-----w- C:\Program Files\iPod
2012-03-15 23:51:28 -------- d-----w- C:\Program Files\iTunes
2012-03-15 23:51:28 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-15 23:46:20 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-15 23:46:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-15 23:46:18 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 09:28:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 09:28:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 09:28:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 09:28:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 09:28:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 09:28:43 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 09:28:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-10 05:28:36 -------- d-sh--w- C:\Windows\ftpcache
.
==================== Find3M ====================
.
2012-04-08 02:08:53 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-10 05:26:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 11:28:00 0 ----a-w- C:\Windows\SysWow64\sho3C0C.tmp
.
============= FINISH: 15:20:56.86 ===============

Attached Files


Edited by boopme, 08 April 2012 - 10:37 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 09 April 2012 - 12:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mortada

Mortada
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 April 2012 - 12:53 AM

Hi,

Thank you for your effort and time in helping me resolve this issue.

After running combofix I proceeded in surfing the net.. I noticed that my problem persist. I knew most likely after just one combofix scan the problem would not have been fixed but i was hopeful :P. The computer still kinda sluggish after this process unfortunately. Just to fill you in, the computer is very sluggish in starting up takes a while to start up around 10minutes if not more. The computer is not that old at all maybe a year old if that.

Below is the combofix log that was produced. Thank you again for your time and effort with this burning issue.

-----------------------------------------------------------------------------

ComboFix 12-04-08.02 - Refka 09/04/2012 17:26:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.4012.2629 [GMT 12:00]
Running from: c:\users\Refka\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 02:08 . 2011-11-18 20:41 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-10 05:26 . 2011-11-18 05:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 11:28 . 2012-03-09 11:28 0 ----a-w- c:\windows\SysWow64\sho3C0C.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-22 59240]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-11-30 83344]
"VRLPHelper"="c:\program files (x86)\Sony\Media Gallery\VRLPHelper.exe" [2010-11-30 186768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-18 673168]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-02 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-09-10 99696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Refka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-16 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R3 81377605;81377605;c:\windows\system32\drivers\06517695.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2010-12-13 290632]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 257936]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-10 923024]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-11-18 1310096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 04:52]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 04:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 417304]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 421192]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 308040]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Refka\AppData\Roaming\Mozilla\Firefox\Profiles\i3c9v8vg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=358&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-81377605.sys
Toolbar-10 - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-iLivid - c:\program files (x86)\iLivid\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-09 17:42:46
ComboFix-quarantined-files.txt 2012-04-09 05:42
.
Pre-Run: 257,356,349,440 bytes free
Post-Run: 257,268,125,696 bytes free
.
- - End Of File - - 73645F34B8A8F8ED4F6CB235FFD4EF77

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 09 April 2012 - 01:27 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Mortada

Mortada
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 April 2012 - 02:35 AM

TDSSkiller report:

18:55:12.0771 5872 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:55:13.0941 5872 ============================================================
18:55:13.0941 5872 Current date / time: 2012/04/09 18:55:13.0941
18:55:13.0941 5872 SystemInfo:
18:55:13.0941 5872
18:55:13.0941 5872 OS Version: 6.1.7601 ServicePack: 1.0
18:55:13.0941 5872 Product type: Workstation
18:55:13.0941 5872 ComputerName: REFKA-VAIO
18:55:13.0941 5872 UserName: Refka
18:55:13.0941 5872 Windows directory: C:\Windows
18:55:13.0941 5872 System windows directory: C:\Windows
18:55:13.0941 5872 Running under WOW64
18:55:13.0941 5872 Processor architecture: Intel x64
18:55:13.0941 5872 Number of processors: 4
18:55:13.0941 5872 Page size: 0x1000
18:55:13.0941 5872 Boot type: Normal boot
18:55:13.0941 5872 ============================================================
18:55:23.0348 5872 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:55:23.0363 5872 \Device\Harddisk0\DR0:
18:55:23.0363 5872 MBR used
18:55:23.0363 5872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1743000, BlocksNum 0x32000
18:55:23.0363 5872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1775000, BlocksNum 0x23CB9000
18:55:23.0426 5872 Initialize success
18:55:23.0426 5872 ============================================================
18:55:45.0453 9168 ============================================================
18:55:45.0453 9168 Scan started
18:55:45.0453 9168 Mode: Manual; TDLFS;
18:55:45.0453 9168 ============================================================
18:55:46.0233 9168 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:55:46.0249 9168 1394ohci - ok
18:55:47.0497 9168 81377605 - ok
18:55:47.0637 9168 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:55:47.0653 9168 ACDaemon - ok
18:55:47.0731 9168 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:55:47.0746 9168 ACPI - ok
18:55:47.0809 9168 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:55:47.0824 9168 AcpiPmi - ok
18:55:47.0918 9168 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:55:47.0918 9168 AdobeARMservice - ok
18:55:47.0980 9168 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:55:47.0996 9168 adp94xx - ok
18:55:48.0027 9168 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:55:48.0027 9168 adpahci - ok
18:55:48.0074 9168 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:55:48.0074 9168 adpu320 - ok
18:55:48.0121 9168 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:55:48.0121 9168 AeLookupSvc - ok
18:55:48.0199 9168 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:55:48.0214 9168 AFD - ok
18:55:48.0261 9168 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:55:48.0261 9168 agp440 - ok
18:55:48.0292 9168 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:55:48.0292 9168 ALG - ok
18:55:48.0339 9168 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:55:48.0339 9168 aliide - ok
18:55:48.0401 9168 AMD External Events Utility (27886774ff03fca3a6c1a7e7e15e771b) C:\Windows\system32\atiesrxx.exe
18:55:48.0401 9168 AMD External Events Utility - ok
18:55:48.0448 9168 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:55:48.0448 9168 amdide - ok
18:55:48.0511 9168 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:55:48.0511 9168 AmdK8 - ok
18:55:48.0791 9168 amdkmdag (d39bb7315c0f5fdf8258bdbfc4268af0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:55:49.0025 9168 amdkmdag - ok
18:55:49.0088 9168 amdkmdap (4aedbedb288e6a32fd48f2768d59826d) C:\Windows\system32\DRIVERS\atikmpag.sys
18:55:49.0103 9168 amdkmdap - ok
18:55:49.0119 9168 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:55:49.0119 9168 AmdPPM - ok
18:55:49.0181 9168 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:55:49.0197 9168 amdsata - ok
18:55:49.0244 9168 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:55:49.0259 9168 amdsbs - ok
18:55:49.0291 9168 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:55:49.0291 9168 amdxata - ok
18:55:49.0462 9168 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:55:49.0462 9168 Amsp - ok
18:55:49.0540 9168 ApfiltrService (9dc1a45ba81c923db68a162b0f0d0149) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:55:49.0556 9168 ApfiltrService - ok
18:55:49.0665 9168 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:55:49.0665 9168 AppID - ok
18:55:49.0712 9168 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:55:49.0712 9168 AppIDSvc - ok
18:55:49.0774 9168 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:55:49.0774 9168 Appinfo - ok
18:55:50.0008 9168 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:55:50.0008 9168 Apple Mobile Device - ok
18:55:50.0242 9168 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:55:50.0258 9168 arc - ok
18:55:50.0289 9168 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:55:50.0289 9168 arcsas - ok
18:55:50.0351 9168 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:55:50.0351 9168 ArcSoftKsUFilter - ok
18:55:50.0398 9168 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:55:50.0398 9168 AsyncMac - ok
18:55:50.0461 9168 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:55:50.0461 9168 atapi - ok
18:55:50.0539 9168 ATSwpWDF (26970f26ebab7d5d1b795a3f9013cd80) C:\Windows\system32\DRIVERS\ATSwpWDF.sys
18:55:50.0585 9168 ATSwpWDF - ok
18:55:50.0663 9168 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:55:50.0663 9168 AudioEndpointBuilder - ok
18:55:50.0695 9168 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:55:50.0695 9168 AudioSrv - ok
18:55:50.0773 9168 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:55:50.0773 9168 AxInstSV - ok
18:55:51.0069 9168 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:55:51.0085 9168 b06bdrv - ok
18:55:51.0147 9168 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:55:51.0147 9168 b57nd60a - ok
18:55:51.0209 9168 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:55:51.0209 9168 BDESVC - ok
18:55:51.0225 9168 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:55:51.0225 9168 Beep - ok
18:55:51.0319 9168 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:55:51.0319 9168 BFE - ok
18:55:51.0459 9168 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:55:51.0475 9168 BITS - ok
18:55:51.0521 9168 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:55:51.0521 9168 blbdrive - ok
18:55:51.0662 9168 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:55:51.0677 9168 Bonjour Service - ok
18:55:51.0740 9168 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:55:51.0755 9168 bowser - ok
18:55:51.0802 9168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:55:51.0802 9168 BrFiltLo - ok
18:55:51.0818 9168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:55:51.0818 9168 BrFiltUp - ok
18:55:51.0911 9168 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:55:51.0911 9168 BridgeMP - ok
18:55:51.0989 9168 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:55:51.0989 9168 Browser - ok
18:55:52.0005 9168 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:55:52.0021 9168 Brserid - ok
18:55:52.0036 9168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:55:52.0036 9168 BrSerWdm - ok
18:55:52.0052 9168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:55:52.0052 9168 BrUsbMdm - ok
18:55:52.0083 9168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:55:52.0083 9168 BrUsbSer - ok
18:55:52.0145 9168 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:55:52.0145 9168 BthEnum - ok
18:55:52.0192 9168 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:55:52.0192 9168 BTHMODEM - ok
18:55:52.0239 9168 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:55:52.0239 9168 BthPan - ok
18:55:52.0317 9168 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:55:52.0333 9168 BTHPORT - ok
18:55:52.0395 9168 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:55:52.0395 9168 bthserv - ok
18:55:52.0426 9168 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:55:52.0426 9168 BTHUSB - ok
18:55:52.0489 9168 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
18:55:52.0489 9168 btwampfl - ok
18:55:52.0535 9168 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
18:55:52.0535 9168 btwaudio - ok
18:55:52.0582 9168 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\DRIVERS\btwavdt.sys
18:55:52.0582 9168 btwavdt - ok
18:55:52.0785 9168 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:55:52.0801 9168 btwdins - ok
18:55:52.0863 9168 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:55:52.0863 9168 btwl2cap - ok
18:55:52.0910 9168 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
18:55:52.0910 9168 btwrchid - ok
18:55:52.0957 9168 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:55:52.0957 9168 cdfs - ok
18:55:53.0019 9168 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:55:53.0019 9168 cdrom - ok
18:55:53.0081 9168 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:55:53.0081 9168 CertPropSvc - ok
18:55:53.0097 9168 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:55:53.0113 9168 circlass - ok
18:55:53.0159 9168 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:55:53.0159 9168 CLFS - ok
18:55:53.0300 9168 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:53.0300 9168 clr_optimization_v2.0.50727_32 - ok
18:55:53.0425 9168 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:55:53.0425 9168 clr_optimization_v2.0.50727_64 - ok
18:55:53.0659 9168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:55:53.0659 9168 clr_optimization_v4.0.30319_32 - ok
18:55:53.0846 9168 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:55:53.0861 9168 clr_optimization_v4.0.30319_64 - ok
18:55:54.0173 9168 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:55:54.0173 9168 CmBatt - ok
18:55:54.0220 9168 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:55:54.0220 9168 cmdide - ok
18:55:54.0283 9168 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:55:54.0298 9168 CNG - ok
18:55:54.0329 9168 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:55:54.0345 9168 Compbatt - ok
18:55:54.0407 9168 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:55:54.0407 9168 CompositeBus - ok
18:55:54.0439 9168 COMSysApp - ok
18:55:54.0501 9168 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:55:54.0501 9168 crcdisk - ok
18:55:54.0595 9168 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:55:54.0595 9168 CryptSvc - ok
18:55:54.0735 9168 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:55:54.0751 9168 cvhsvc - ok
18:55:54.0797 9168 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:55:54.0797 9168 DcomLaunch - ok
18:55:54.0860 9168 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:55:54.0860 9168 defragsvc - ok
18:55:54.0907 9168 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:55:54.0907 9168 DfsC - ok
18:55:54.0969 9168 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:55:54.0985 9168 Dhcp - ok
18:55:55.0031 9168 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:55:55.0031 9168 discache - ok
18:55:55.0063 9168 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:55:55.0063 9168 Disk - ok
18:55:55.0094 9168 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:55:55.0094 9168 Dnscache - ok
18:55:55.0156 9168 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:55:55.0156 9168 dot3svc - ok
18:55:55.0203 9168 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:55:55.0219 9168 DPS - ok
18:55:55.0250 9168 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:55:55.0250 9168 drmkaud - ok
18:55:55.0328 9168 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:55:55.0359 9168 DXGKrnl - ok
18:55:55.0406 9168 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
18:55:55.0421 9168 e1yexpress - ok
18:55:55.0453 9168 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:55:55.0468 9168 EapHost - ok
18:55:55.0593 9168 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:55:55.0749 9168 ebdrv - ok
18:55:55.0827 9168 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:55:55.0827 9168 EFS - ok
18:55:55.0936 9168 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:55:55.0967 9168 ehRecvr - ok
18:55:56.0045 9168 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:55:56.0045 9168 ehSched - ok
18:55:56.0233 9168 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:55:56.0248 9168 elxstor - ok
18:55:56.0326 9168 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:55:56.0326 9168 ErrDev - ok
18:55:56.0435 9168 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:55:56.0435 9168 EventSystem - ok
18:55:56.0623 9168 EvtEng (f8f610093e1d7fdfa477fc34d15d5c60) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:55:56.0638 9168 EvtEng - ok
18:55:56.0716 9168 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:55:56.0716 9168 exfat - ok
18:55:56.0747 9168 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:55:56.0747 9168 fastfat - ok
18:55:56.0825 9168 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:55:56.0857 9168 Fax - ok
18:55:56.0872 9168 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:55:56.0872 9168 fdc - ok
18:55:56.0935 9168 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:55:56.0935 9168 fdPHost - ok
18:55:56.0950 9168 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:55:56.0950 9168 FDResPub - ok
18:55:56.0981 9168 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:55:56.0981 9168 FileInfo - ok
18:55:57.0013 9168 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:55:57.0013 9168 Filetrace - ok
18:55:57.0028 9168 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:55:57.0028 9168 flpydisk - ok
18:55:57.0106 9168 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:55:57.0106 9168 FltMgr - ok
18:55:57.0184 9168 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
18:55:57.0200 9168 FontCache - ok
18:55:57.0309 9168 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:55:57.0309 9168 FontCache3.0.0.0 - ok
18:55:57.0465 9168 FPLService (d96ad29bf9c3a32fe116f6141e24fdd6) C:\Program Files\TrueSuite\TrueSuite.Service.exe
18:55:57.0465 9168 FPLService - ok
18:55:57.0496 9168 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:55:57.0496 9168 FsDepends - ok
18:55:57.0543 9168 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:55:57.0543 9168 Fs_Rec - ok
18:55:57.0605 9168 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:55:57.0605 9168 fvevol - ok
18:55:57.0668 9168 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:55:57.0668 9168 gagp30kx - ok
18:55:57.0761 9168 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:55:57.0761 9168 GEARAspiWDM - ok
18:55:57.0839 9168 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:55:57.0855 9168 gpsvc - ok
18:55:58.0027 9168 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:55:58.0027 9168 gupdate - ok
18:55:58.0058 9168 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:55:58.0058 9168 gupdatem - ok
18:55:58.0105 9168 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:55:58.0105 9168 gusvc - ok
18:55:58.0136 9168 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:55:58.0136 9168 hcw85cir - ok
18:55:58.0214 9168 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:55:58.0229 9168 HdAudAddService - ok
18:55:58.0307 9168 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:55:58.0323 9168 HDAudBus - ok
18:55:58.0354 9168 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:55:58.0354 9168 HidBatt - ok
18:55:58.0401 9168 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:55:58.0401 9168 HidBth - ok
18:55:58.0432 9168 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:55:58.0432 9168 HidIr - ok
18:55:58.0463 9168 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:55:58.0479 9168 hidserv - ok
18:55:58.0526 9168 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:55:58.0526 9168 HidUsb - ok
18:55:58.0604 9168 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:55:58.0619 9168 hkmsvc - ok
18:55:58.0651 9168 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:55:58.0651 9168 HomeGroupListener - ok
18:55:58.0713 9168 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:55:58.0713 9168 HomeGroupProvider - ok
18:55:58.0744 9168 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:55:58.0744 9168 HpSAMD - ok
18:55:58.0822 9168 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:55:58.0838 9168 HTTP - ok
18:55:58.0885 9168 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:55:58.0885 9168 hwpolicy - ok
18:55:58.0947 9168 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:55:58.0947 9168 i8042prt - ok
18:55:59.0025 9168 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
18:55:59.0025 9168 iaStor - ok
18:55:59.0181 9168 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:55:59.0181 9168 IAStorDataMgrSvc - ok
18:55:59.0243 9168 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:55:59.0243 9168 iaStorV - ok
18:55:59.0384 9168 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:55:59.0415 9168 idsvc - ok
18:55:59.0789 9168 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:56:00.0101 9168 igfx - ok
18:56:00.0148 9168 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:56:00.0148 9168 iirsp - ok
18:56:00.0211 9168 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:56:00.0226 9168 IKEEXT - ok
18:56:00.0382 9168 IntcAzAudAddService (cdb772f707ac24b43a20c821852ca61f) C:\Windows\system32\drivers\RTKVHD64.sys
18:56:00.0460 9168 IntcAzAudAddService - ok
18:56:00.0523 9168 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:56:00.0538 9168 IntcDAud - ok
18:56:00.0601 9168 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:56:00.0601 9168 intelide - ok
18:56:00.0975 9168 intelkmd (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdpmd64.sys
18:56:01.0349 9168 intelkmd - ok
18:56:01.0396 9168 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:01.0396 9168 intelppm - ok
18:56:01.0443 9168 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:56:01.0443 9168 IPBusEnum - ok
18:56:01.0505 9168 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:01.0505 9168 IpFilterDriver - ok
18:56:01.0552 9168 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:56:01.0568 9168 iphlpsvc - ok
18:56:01.0646 9168 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:56:01.0661 9168 IPMIDRV - ok
18:56:01.0677 9168 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:56:01.0693 9168 IPNAT - ok
18:56:01.0817 9168 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
18:56:01.0833 9168 iPod Service - ok
18:56:01.0880 9168 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:56:01.0895 9168 IRENUM - ok
18:56:01.0942 9168 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:56:01.0942 9168 isapnp - ok
18:56:02.0005 9168 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:56:02.0005 9168 iScsiPrt - ok
18:56:02.0051 9168 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:56:02.0051 9168 kbdclass - ok
18:56:02.0114 9168 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:56:02.0114 9168 kbdhid - ok
18:56:02.0176 9168 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:56:02.0176 9168 KeyIso - ok
18:56:02.0192 9168 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:56:02.0207 9168 KSecDD - ok
18:56:02.0239 9168 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:56:02.0239 9168 KSecPkg - ok
18:56:02.0285 9168 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:56:02.0285 9168 ksthunk - ok
18:56:02.0332 9168 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:56:02.0348 9168 KtmRm - ok
18:56:02.0410 9168 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:56:02.0410 9168 LanmanServer - ok
18:56:02.0457 9168 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:56:02.0473 9168 LanmanWorkstation - ok
18:56:02.0504 9168 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:56:02.0504 9168 lltdio - ok
18:56:02.0551 9168 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:56:02.0566 9168 lltdsvc - ok
18:56:02.0582 9168 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:56:02.0582 9168 lmhosts - ok
18:56:02.0738 9168 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:56:02.0738 9168 LMS - ok
18:56:02.0785 9168 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:56:02.0785 9168 LSI_FC - ok
18:56:02.0816 9168 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:56:02.0816 9168 LSI_SAS - ok
18:56:02.0847 9168 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:56:02.0847 9168 LSI_SAS2 - ok
18:56:02.0878 9168 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:56:02.0878 9168 LSI_SCSI - ok
18:56:02.0909 9168 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:56:02.0909 9168 luafv - ok
18:56:03.0003 9168 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:56:03.0003 9168 MBAMProtector - ok
18:56:03.0081 9168 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:56:03.0097 9168 MBAMService - ok
18:56:03.0237 9168 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
18:56:03.0253 9168 McComponentHostService - ok
18:56:03.0299 9168 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:56:03.0299 9168 Mcx2Svc - ok
18:56:03.0315 9168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:56:03.0331 9168 megasas - ok
18:56:03.0346 9168 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:56:03.0362 9168 MegaSR - ok
18:56:03.0409 9168 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:56:03.0409 9168 MEIx64 - ok
18:56:03.0455 9168 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:56:03.0471 9168 MMCSS - ok
18:56:03.0487 9168 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:56:03.0487 9168 Modem - ok
18:56:03.0518 9168 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:56:03.0533 9168 monitor - ok
18:56:03.0611 9168 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:56:03.0611 9168 mouclass - ok
18:56:03.0689 9168 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:56:03.0689 9168 mouhid - ok
18:56:03.0767 9168 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:56:03.0767 9168 mountmgr - ok
18:56:03.0814 9168 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:56:03.0830 9168 mpio - ok
18:56:03.0861 9168 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:56:03.0861 9168 mpsdrv - ok
18:56:03.0923 9168 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:56:03.0939 9168 MpsSvc - ok
18:56:03.0986 9168 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:56:03.0986 9168 MRxDAV - ok
18:56:04.0048 9168 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:04.0048 9168 mrxsmb - ok
18:56:04.0095 9168 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:04.0095 9168 mrxsmb10 - ok
18:56:04.0142 9168 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:04.0142 9168 mrxsmb20 - ok
18:56:04.0189 9168 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:56:04.0189 9168 msahci - ok
18:56:04.0235 9168 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:56:04.0251 9168 msdsm - ok
18:56:04.0298 9168 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:56:04.0298 9168 MSDTC - ok
18:56:04.0360 9168 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:56:04.0360 9168 Msfs - ok
18:56:04.0391 9168 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:56:04.0391 9168 mshidkmdf - ok
18:56:04.0438 9168 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:56:04.0438 9168 msisadrv - ok
18:56:04.0485 9168 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:56:04.0501 9168 MSiSCSI - ok
18:56:04.0516 9168 msiserver - ok
18:56:04.0547 9168 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:56:04.0547 9168 MSKSSRV - ok
18:56:04.0579 9168 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:04.0579 9168 MSPCLOCK - ok
18:56:04.0594 9168 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:56:04.0594 9168 MSPQM - ok
18:56:04.0657 9168 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:56:04.0672 9168 MsRPC - ok
18:56:04.0703 9168 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:56:04.0719 9168 mssmbios - ok
18:56:04.0750 9168 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:56:04.0750 9168 MSTEE - ok
18:56:04.0781 9168 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:56:04.0781 9168 MTConfig - ok
18:56:04.0797 9168 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:56:04.0813 9168 Mup - ok
18:56:04.0953 9168 MyWiFiDHCPDNS (f6ea50dbc391f04ca49427010657ccb3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:56:04.0969 9168 MyWiFiDHCPDNS - ok
18:56:05.0031 9168 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:56:05.0047 9168 napagent - ok
18:56:05.0093 9168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:56:05.0109 9168 NativeWifiP - ok
18:56:05.0171 9168 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:56:05.0187 9168 NDIS - ok
18:56:05.0234 9168 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:56:05.0249 9168 NdisCap - ok
18:56:05.0281 9168 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:05.0281 9168 NdisTapi - ok
18:56:05.0343 9168 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:05.0343 9168 Ndisuio - ok
18:56:05.0390 9168 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:05.0405 9168 NdisWan - ok
18:56:05.0468 9168 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:56:05.0468 9168 NDProxy - ok
18:56:05.0483 9168 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:56:05.0499 9168 NetBIOS - ok
18:56:05.0546 9168 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:56:05.0561 9168 NetBT - ok
18:56:05.0608 9168 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:56:05.0608 9168 Netlogon - ok
18:56:05.0686 9168 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:56:05.0686 9168 Netman - ok
18:56:05.0717 9168 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:56:05.0717 9168 netprofm - ok
18:56:05.0842 9168 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:56:05.0842 9168 NetTcpPortSharing - ok
18:56:06.0029 9168 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:56:06.0185 9168 netw5v64 - ok
18:56:06.0482 9168 NETwNs64 (30933bb56fb611d0252bad488adfb533) C:\Windows\system32\DRIVERS\NETwNs64.sys
18:56:06.0716 9168 NETwNs64 - ok
18:56:06.0747 9168 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:56:06.0747 9168 nfrd960 - ok
18:56:06.0809 9168 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:56:06.0809 9168 NlaSvc - ok
18:56:06.0997 9168 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:56:07.0028 9168 NOBU - ok
18:56:07.0059 9168 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:56:07.0059 9168 Npfs - ok
18:56:07.0106 9168 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:56:07.0106 9168 nsi - ok
18:56:07.0137 9168 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:56:07.0137 9168 nsiproxy - ok
18:56:07.0246 9168 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:56:07.0309 9168 Ntfs - ok
18:56:07.0340 9168 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:56:07.0340 9168 Null - ok
18:56:07.0402 9168 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:56:07.0402 9168 nusb3hub - ok
18:56:07.0449 9168 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:56:07.0449 9168 nusb3xhc - ok
18:56:07.0527 9168 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:56:07.0527 9168 nvraid - ok
18:56:07.0558 9168 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:56:07.0574 9168 nvstor - ok
18:56:07.0652 9168 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:56:07.0652 9168 nv_agp - ok
18:56:07.0699 9168 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:56:07.0714 9168 ohci1394 - ok
18:56:07.0823 9168 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:56:07.0823 9168 ose - ok
18:56:08.0026 9168 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:56:08.0167 9168 osppsvc - ok
18:56:08.0229 9168 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:56:08.0245 9168 p2pimsvc - ok
18:56:08.0276 9168 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:56:08.0291 9168 p2psvc - ok
18:56:08.0338 9168 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:56:08.0338 9168 Parport - ok
18:56:08.0385 9168 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:56:08.0385 9168 partmgr - ok
18:56:08.0416 9168 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:56:08.0416 9168 PcaSvc - ok
18:56:08.0479 9168 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:56:08.0479 9168 pci - ok
18:56:08.0525 9168 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:56:08.0525 9168 pciide - ok
18:56:08.0557 9168 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:56:08.0557 9168 pcmcia - ok
18:56:08.0588 9168 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:56:08.0588 9168 pcw - ok
18:56:08.0635 9168 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:56:08.0650 9168 PEAUTH - ok
18:56:09.0477 9168 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:56:09.0477 9168 PerfHost - ok
18:56:09.0820 9168 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:56:09.0898 9168 pla - ok
18:56:09.0992 9168 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:56:10.0007 9168 PlugPlay - ok
18:56:10.0226 9168 PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
18:56:10.0226 9168 PMBDeviceInfoProvider - ok
18:56:10.0273 9168 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:56:10.0288 9168 PNRPAutoReg - ok
18:56:10.0304 9168 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:56:10.0319 9168 PNRPsvc - ok
18:56:10.0366 9168 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:56:10.0366 9168 PolicyAgent - ok
18:56:10.0413 9168 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:56:10.0413 9168 Power - ok
18:56:10.0569 9168 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:56:10.0585 9168 PptpMiniport - ok
18:56:10.0616 9168 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:56:10.0616 9168 Processor - ok
18:56:10.0663 9168 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:56:10.0663 9168 ProfSvc - ok
18:56:10.0709 9168 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:56:10.0725 9168 ProtectedStorage - ok
18:56:10.0772 9168 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:56:10.0772 9168 Psched - ok
18:56:10.0850 9168 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:56:10.0897 9168 ql2300 - ok
18:56:10.0928 9168 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:56:10.0943 9168 ql40xx - ok
18:56:10.0975 9168 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:56:10.0990 9168 QWAVE - ok
18:56:11.0006 9168 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:56:11.0006 9168 QWAVEdrv - ok
18:56:11.0037 9168 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:56:11.0037 9168 RasAcd - ok
18:56:11.0084 9168 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:56:11.0099 9168 RasAgileVpn - ok
18:56:11.0131 9168 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:56:11.0131 9168 RasAuto - ok
18:56:11.0177 9168 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:11.0177 9168 Rasl2tp - ok
18:56:11.0255 9168 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:56:11.0255 9168 RasMan - ok
18:56:11.0287 9168 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:11.0287 9168 RasPppoe - ok
18:56:11.0318 9168 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:56:11.0318 9168 RasSstp - ok
18:56:11.0365 9168 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:56:11.0365 9168 rdbss - ok
18:56:11.0427 9168 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:56:11.0427 9168 rdpbus - ok
18:56:11.0443 9168 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:11.0443 9168 RDPCDD - ok
18:56:11.0474 9168 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:56:11.0474 9168 RDPENCDD - ok
18:56:11.0505 9168 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:56:11.0505 9168 RDPREFMP - ok
18:56:11.0583 9168 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:56:11.0599 9168 RDPWD - ok
18:56:11.0677 9168 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:56:11.0677 9168 rdyboost - ok
18:56:11.0801 9168 RegSrvc (9276f4d4109fc349925d28e00e533146) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:56:11.0817 9168 RegSrvc - ok
18:56:11.0864 9168 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:56:11.0864 9168 RemoteAccess - ok
18:56:11.0911 9168 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:56:11.0926 9168 RemoteRegistry - ok
18:56:12.0004 9168 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:56:12.0004 9168 RFCOMM - ok
18:56:12.0035 9168 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:56:12.0051 9168 RpcEptMapper - ok
18:56:12.0082 9168 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:56:12.0082 9168 RpcLocator - ok
18:56:12.0145 9168 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:56:12.0160 9168 RpcSs - ok
18:56:12.0254 9168 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
18:56:12.0269 9168 RSPCIESTOR - ok
18:56:12.0332 9168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:56:12.0332 9168 rspndr - ok
18:56:12.0394 9168 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:56:12.0394 9168 RTL8167 - ok
18:56:12.0472 9168 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:56:12.0472 9168 SamSs - ok
18:56:12.0519 9168 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:56:12.0519 9168 sbp2port - ok
18:56:12.0566 9168 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:56:12.0581 9168 SCardSvr - ok
18:56:12.0644 9168 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:56:12.0644 9168 scfilter - ok
18:56:12.0706 9168 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:56:12.0722 9168 Schedule - ok
18:56:12.0769 9168 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:56:12.0769 9168 SCPolicySvc - ok
18:56:12.0847 9168 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:56:12.0847 9168 sdbus - ok
18:56:12.0893 9168 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:56:12.0909 9168 SDRSVC - ok
18:56:12.0971 9168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:56:12.0971 9168 secdrv - ok
18:56:13.0003 9168 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:56:13.0018 9168 seclogon - ok
18:56:13.0081 9168 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:56:13.0081 9168 SENS - ok
18:56:13.0127 9168 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:56:13.0127 9168 SensrSvc - ok
18:56:13.0143 9168 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:56:13.0143 9168 Serenum - ok
18:56:13.0174 9168 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:56:13.0174 9168 Serial - ok
18:56:13.0252 9168 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:56:13.0252 9168 sermouse - ok
18:56:13.0315 9168 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:56:13.0315 9168 SessionEnv - ok
18:56:13.0361 9168 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
18:56:13.0361 9168 SFEP - ok
18:56:13.0424 9168 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:56:13.0439 9168 sffdisk - ok
18:56:13.0486 9168 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:13.0502 9168 sffp_mmc - ok
18:56:13.0549 9168 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:56:13.0549 9168 sffp_sd - ok
18:56:13.0564 9168 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:56:13.0564 9168 sfloppy - ok
18:56:13.0673 9168 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:56:13.0705 9168 Sftfs - ok
18:56:13.0861 9168 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:56:13.0876 9168 sftlist - ok
18:56:13.0939 9168 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:56:13.0954 9168 Sftplay - ok
18:56:14.0001 9168 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:56:14.0017 9168 Sftredir - ok
18:56:14.0032 9168 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:56:14.0048 9168 Sftvol - ok
18:56:14.0079 9168 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:56:14.0079 9168 sftvsa - ok
18:56:14.0157 9168 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:56:14.0173 9168 SharedAccess - ok
18:56:14.0219 9168 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:56:14.0235 9168 ShellHWDetection - ok
18:56:14.0282 9168 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:56:14.0282 9168 SiSRaid2 - ok
18:56:14.0313 9168 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:56:14.0313 9168 SiSRaid4 - ok
18:56:14.0344 9168 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:56:14.0360 9168 Smb - ok
18:56:14.0422 9168 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:56:14.0422 9168 SNMPTRAP - ok
18:56:14.0578 9168 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
18:56:14.0578 9168 SOHCImp - ok
18:56:14.0609 9168 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
18:56:14.0609 9168 SOHDms - ok
18:56:14.0641 9168 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
18:56:14.0641 9168 SOHDs - ok
18:56:14.0719 9168 SpfService (b8047e776e50fc2384801083a77900e0) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
18:56:14.0719 9168 SpfService - ok
18:56:14.0734 9168 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:56:14.0734 9168 spldr - ok
18:56:14.0812 9168 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:56:14.0828 9168 Spooler - ok
18:56:14.0953 9168 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:56:15.0015 9168 sppsvc - ok
18:56:15.0046 9168 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:56:15.0062 9168 sppuinotify - ok
18:56:15.0124 9168 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:56:15.0124 9168 srv - ok
18:56:15.0171 9168 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:56:15.0171 9168 srv2 - ok
18:56:15.0233 9168 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:56:15.0233 9168 SrvHsfHDA - ok
18:56:15.0311 9168 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:56:15.0358 9168 SrvHsfV92 - ok
18:56:15.0405 9168 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:56:15.0436 9168 SrvHsfWinac - ok
18:56:15.0483 9168 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:15.0499 9168 srvnet - ok
18:56:15.0545 9168 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:56:15.0545 9168 SSDPSRV - ok
18:56:15.0577 9168 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:56:15.0577 9168 SstpSvc - ok
18:56:15.0608 9168 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:56:15.0608 9168 stexstor - ok
18:56:15.0670 9168 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:56:15.0686 9168 stisvc - ok
18:56:15.0733 9168 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:56:15.0748 9168 swenum - ok
18:56:15.0795 9168 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:56:15.0795 9168 swprv - ok
18:56:15.0889 9168 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:56:15.0920 9168 SysMain - ok
18:56:15.0967 9168 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:56:15.0982 9168 TabletInputService - ok
18:56:16.0029 9168 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:56:16.0029 9168 TapiSrv - ok
18:56:16.0076 9168 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:56:16.0076 9168 TBS - ok
18:56:16.0169 9168 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:56:16.0232 9168 Tcpip - ok
18:56:16.0310 9168 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:16.0325 9168 TCPIP6 - ok
18:56:16.0388 9168 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:56:16.0388 9168 tcpipreg - ok
18:56:16.0435 9168 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:56:16.0435 9168 TDPIPE - ok
18:56:16.0481 9168 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:56:16.0481 9168 TDTCP - ok
18:56:16.0528 9168 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:56:16.0544 9168 tdx - ok
18:56:16.0591 9168 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:56:16.0606 9168 TermDD - ok
18:56:16.0653 9168 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:56:16.0684 9168 TermService - ok
18:56:16.0715 9168 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:56:16.0731 9168 Themes - ok
18:56:16.0778 9168 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:56:16.0778 9168 THREADORDER - ok
18:56:16.0840 9168 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
18:56:16.0840 9168 tmactmon - ok
18:56:16.0934 9168 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
18:56:16.0934 9168 tmcomm - ok
18:56:16.0965 9168 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
18:56:16.0965 9168 tmeevw - ok
18:56:16.0996 9168 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:56:16.0996 9168 tmevtmgr - ok
18:56:17.0043 9168 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
18:56:17.0043 9168 tmnciesc - ok
18:56:17.0105 9168 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
18:56:17.0105 9168 tmtdi - ok
18:56:17.0152 9168 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
18:56:17.0152 9168 TPM - ok
18:56:17.0183 9168 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:56:17.0199 9168 TrkWks - ok
18:56:17.0246 9168 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:56:17.0261 9168 TrustedInstaller - ok
18:56:17.0308 9168 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:17.0308 9168 tssecsrv - ok
18:56:17.0386 9168 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:56:17.0386 9168 TsUsbFlt - ok
18:56:17.0464 9168 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:17.0464 9168 tunnel - ok
18:56:17.0495 9168 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:56:17.0495 9168 uagp35 - ok
18:56:17.0636 9168 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
18:56:17.0636 9168 uCamMonitor - ok
18:56:17.0745 9168 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:56:17.0761 9168 udfs - ok
18:56:17.0807 9168 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:56:17.0807 9168 UI0Detect - ok
18:56:17.0885 9168 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:56:17.0885 9168 uliagpkx - ok
18:56:17.0948 9168 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:56:17.0948 9168 umbus - ok
18:56:17.0995 9168 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:56:17.0995 9168 UmPass - ok
18:56:18.0166 9168 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:56:18.0213 9168 UNS - ok
18:56:18.0244 9168 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:56:18.0260 9168 upnphost - ok
18:56:18.0322 9168 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:56:18.0322 9168 USBAAPL64 - ok
18:56:18.0353 9168 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:18.0353 9168 usbccgp - ok
18:56:18.0416 9168 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:56:18.0416 9168 usbcir - ok
18:56:18.0463 9168 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:56:18.0463 9168 usbehci - ok
18:56:18.0509 9168 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:18.0525 9168 usbhub - ok
18:56:18.0556 9168 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:56:18.0556 9168 usbohci - ok
18:56:18.0587 9168 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:18.0587 9168 usbprint - ok
18:56:18.0619 9168 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:18.0619 9168 USBSTOR - ok
18:56:18.0665 9168 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:56:18.0665 9168 usbuhci - ok
18:56:18.0759 9168 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:56:18.0759 9168 usbvideo - ok
18:56:18.0821 9168 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:56:18.0821 9168 UxSms - ok
18:56:19.0009 9168 VAIO Event Service (2c9732b39f81395cc9fe40f181cd3433) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
18:56:19.0009 9168 VAIO Event Service - ok
18:56:19.0118 9168 VAIO Power Management (c994f2b3b45c9987049ca511ee1f2768) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:56:19.0133 9168 VAIO Power Management - ok
18:56:19.0180 9168 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:56:19.0180 9168 VaultSvc - ok
18:56:19.0336 9168 VCFw (6888526aeb8ddabde6f778fd40fc0693) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
18:56:19.0352 9168 VCFw - ok
18:56:19.0430 9168 VcmIAlzMgr (f0672b2368e859284a4c44ae2cca4c72) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:56:19.0430 9168 VcmIAlzMgr - ok
18:56:19.0508 9168 VcmINSMgr (cbb9f0d1017e0bed4cb5bbc0ebf26dc1) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
18:56:19.0523 9168 VcmINSMgr - ok
18:56:19.0586 9168 VcmXmlIfHelper (c8e3ba694cc5eacec4c01660ace40d56) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
18:56:19.0586 9168 VcmXmlIfHelper - ok
18:56:19.0711 9168 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:56:19.0711 9168 vdrvroot - ok
18:56:19.0804 9168 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:56:19.0820 9168 vds - ok
18:56:19.0898 9168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:19.0898 9168 vga - ok
18:56:19.0929 9168 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:56:19.0929 9168 VgaSave - ok
18:56:19.0976 9168 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:56:19.0976 9168 vhdmp - ok
18:56:20.0023 9168 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:56:20.0023 9168 viaide - ok
18:56:20.0069 9168 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:56:20.0069 9168 volmgr - ok
18:56:20.0132 9168 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:56:20.0147 9168 volmgrx - ok
18:56:20.0194 9168 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:56:20.0194 9168 volsnap - ok
18:56:20.0241 9168 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:56:20.0257 9168 vsmraid - ok
18:56:20.0366 9168 VSNService (028e420b12654492d25625688055108c) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
18:56:20.0381 9168 VSNService - ok
18:56:20.0459 9168 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:56:20.0491 9168 VSS - ok
18:56:20.0553 9168 VUAgent (e29c6166f7f24efb1fd3f534a6016e63) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
18:56:20.0584 9168 VUAgent - ok
18:56:20.0615 9168 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:56:20.0615 9168 vwifibus - ok
18:56:20.0631 9168 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:56:20.0647 9168 vwififlt - ok
18:56:20.0662 9168 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:56:20.0662 9168 vwifimp - ok
18:56:20.0740 9168 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:56:20.0740 9168 W32Time - ok
18:56:20.0771 9168 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:56:20.0771 9168 WacomPen - ok
18:56:20.0834 9168 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:20.0834 9168 WANARP - ok
18:56:20.0865 9168 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:20.0865 9168 Wanarpv6 - ok
18:56:20.0959 9168 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:56:21.0005 9168 WatAdminSvc - ok
18:56:21.0083 9168 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:56:21.0115 9168 wbengine - ok
18:56:21.0146 9168 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:56:21.0146 9168 WbioSrvc - ok
18:56:21.0208 9168 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:56:21.0224 9168 wcncsvc - ok
18:56:21.0255 9168 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:56:21.0271 9168 WcsPlugInService - ok
18:56:21.0317 9168 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:56:21.0317 9168 Wd - ok
18:56:21.0349 9168 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:56:21.0364 9168 Wdf01000 - ok
18:56:21.0395 9168 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:56:21.0411 9168 WdiServiceHost - ok
18:56:21.0411 9168 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:56:21.0411 9168 WdiSystemHost - ok
18:56:21.0473 9168 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:56:21.0489 9168 WebClient - ok
18:56:21.0520 9168 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:56:21.0520 9168 Wecsvc - ok
18:56:21.0551 9168 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:56:21.0551 9168 wercplsupport - ok
18:56:21.0598 9168 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:56:21.0598 9168 WerSvc - ok
18:56:21.0645 9168 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:21.0645 9168 WfpLwf - ok
18:56:21.0676 9168 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:56:21.0676 9168 WIMMount - ok
18:56:21.0739 9168 WinDefend - ok
18:56:21.0754 9168 WinHttpAutoProxySvc - ok
18:56:21.0895 9168 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:56:21.0910 9168 Winmgmt - ok
18:56:21.0988 9168 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:56:22.0066 9168 WinRM - ok
18:56:22.0222 9168 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:56:22.0222 9168 WinUsb - ok
18:56:22.0300 9168 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:56:22.0316 9168 Wlansvc - ok
18:56:22.0394 9168 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:56:22.0394 9168 wlcrasvc - ok
18:56:22.0503 9168 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:56:22.0550 9168 wlidsvc - ok
18:56:22.0597 9168 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:56:22.0597 9168 WmiAcpi - ok
18:56:22.0753 9168 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:56:22.0753 9168 wmiApSrv - ok
18:56:22.0815 9168 WMPNetworkSvc - ok
18:56:22.0862 9168 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:56:22.0862 9168 WPCSvc - ok
18:56:22.0909 9168 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:56:22.0924 9168 WPDBusEnum - ok
18:56:22.0971 9168 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:22.0971 9168 ws2ifsl - ok
18:56:23.0002 9168 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:56:23.0002 9168 wscsvc - ok
18:56:23.0018 9168 WSearch - ok
18:56:23.0143 9168 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:56:23.0174 9168 wuauserv - ok
18:56:23.0236 9168 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:56:23.0236 9168 WudfPf - ok
18:56:23.0283 9168 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:23.0283 9168 WUDFRd - ok
18:56:23.0330 9168 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:56:23.0345 9168 wudfsvc - ok
18:56:23.0377 9168 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:56:23.0392 9168 WwanSvc - ok
18:56:23.0470 9168 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:56:23.0704 9168 \Device\Harddisk0\DR0 - ok
18:56:23.0720 9168 Boot (0x1200) (85a2924a9ea4780026c2531cba0fa6b2) \Device\Harddisk0\DR0\Partition0
18:56:23.0720 9168 \Device\Harddisk0\DR0\Partition0 - ok
18:56:23.0751 9168 Boot (0x1200) (549405a3d648cd3e6eb1c55651ecc544) \Device\Harddisk0\DR0\Partition1
18:56:23.0751 9168 \Device\Harddisk0\DR0\Partition1 - ok
18:56:23.0751 9168 ============================================================
18:56:23.0751 9168 Scan finished
18:56:23.0751 9168 ============================================================
18:56:23.0782 5372 Detected object count: 0
18:56:23.0782 5372 Actual detected object count: 0


------------------------------------------------------------------------------------------------------------

aswMBR report


As i was trying to run this software the computer crashed blue screened. I don't know was this because of the software or was it just the blue screen from doom syndrome :D. If you want me to try this again please let me know. Thanks. It feel on Page_Not_fall_in page something along those lines was the error message i received.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 09 April 2012 - 02:39 AM

try it once more and let me know if you had the same thing happen


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Mortada

Mortada
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 April 2012 - 03:00 AM

Yes it happened again. This time "A problem has been detected and windows has been shut down to prevent damage to your computer: DRIVER_IRQL_NOT_LESS_OR_EQUAL..

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 09 April 2012 - 03:08 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Mortada

Mortada
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 April 2012 - 03:51 AM

I'm having no luck with OTL either. At the moment replying to this forum post from my other computer I'm starring at 30minutes of no responsive piece of software.
It's stuck on "Manual file scan - Looking at folder: C:\Program Files\Windows sidebar...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 09 April 2012 - 05:02 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mortada

Mortada
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 April 2012 - 05:39 AM

I will do this tomorrow morning. Just a side note however.. The laptop came with preinstalled windows with no installation CD/ DVD.. will the above step be valid in this case?

Step 2: "To enter System Recovery Options by using Windows installation disc:"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 09 April 2012 - 07:50 AM

Hello


If you read close it is giving you TWO ways to get into the recovery environment - that is one way



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Mortada

Mortada
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 April 2012 - 08:36 PM

Thanks for the clarification. It was late last night when i had a look at your reply.

I completed the steps you've mentioned and it all went well.. Till the Farbar Recovery scan tool started Scanning Extras. It's been nearly 2 hours stuck on "Scanning Extras. Please wait..". I'll give it some more time. Fingers crossed it gets there today rather than tomorrow. On the positive side the scanner is still responsive mouse cursor still operational.. It's just taking an awful long time scanning for extras. Is that normal?

Unfortunately I'm starting to get really frustrated with this process. Not because of your end.. rather because of this damn laptop. I can't even produce logs for you to inspect.. I think I should just bite the bullet and proceed with a factory rest. The person who owns this computer will just have to suffer I guess. It turned out that this occurred a few weeks back (approximately 2 weeks), I wasn't available for assistance with the issue. I just hope that when the factory reset is completed the computer returns back operational in a manner which isn't frustrating for the user. I will keep the scanner running in the mean time and post a log if i CAN.

Thanks for your input, I'm sorry I couldn't supply you with the logs for interpreting.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 09 April 2012 - 08:42 PM

stop it and try it once more

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Mortada

Mortada
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 April 2012 - 10:07 PM

I restarted the scanner again.. It again is taking awhile on "Scanning Extras. Please wait..". It's been 1hour or so ..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users