Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected PING.EXE


  • This topic is locked This topic is locked
26 replies to this topic

#1 m0x

m0x

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 May 2012 - 03:20 AM

Hi all, new member here, first post, and already ask for help...

My computer infected with this virus yesterday, process go up to 100%, I check the process and found PING.EXE

Done END PROCESS but still appearing in few minutes, in the end I SUSPEND it...

Ran ComboFix, but the problem still there...

Here is the Combofix Log:

FIRST RUN :

ComboFix 12-05-14.03 - kyoshiro 05/15/2012 13:51:40.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6831 [GMT 7:00]
Running from: c:\users\kyoshiro\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\teknft.pif
c:\users\kyoshiro\AppData\Roaming\inst.exe
c:\users\kyoshiro\AppData\Roaming\vso_ts_preview.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWOW64\MSMAsk32.ocx
E:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 07:02 . 2012-05-15 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 22:39 . 2012-05-13 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 17:36 . 2012-05-13 17:36 -------- d-----w- c:\program files\Symantec
2012-05-13 17:19 . 2012-05-13 17:19 -------- d-----w- c:\windows\system32\drivers\SEP
2012-05-13 17:02 . 2012-05-13 17:02 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Malwarebytes
2012-05-13 17:02 . 2012-05-14 09:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-13 17:02 . 2012-04-04 08:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 14:52 . 2012-05-13 14:52 -------- d--h--w- c:\windows\PIF
2012-05-13 14:52 . 2012-05-13 14:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-13 14:50 . 2012-05-13 14:50 -------- d-----w- c:\users\kyoshiro\AppData\Local\Symantec
2012-05-13 14:48 . 2012-05-13 14:48 -------- d-----w- c:\program files (x86)\Symantec
2012-05-08 01:41 . 2012-05-08 01:41 -------- d-----w- c:\windows\en
2012-05-08 01:39 . 2012-03-08 11:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-08 01:36 . 2012-05-08 01:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62916a21cd2cbb02\MeshBetaRemover.exe
2012-05-08 01:36 . 2012-05-08 01:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DSETUP.dll
2012-05-08 01:36 . 2012-05-08 01:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DXSETUP.exe
2012-05-08 01:36 . 2012-05-08 01:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\dsetup32.dll
2012-05-02 22:07 . 2012-05-02 22:09 -------- d-----w- c:\users\kyoshiro\AppData\Local\Microsoft Games
2012-04-24 07:15 . 2012-04-24 07:15 -------- d-----w- c:\program files (x86)\SweetIM
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Local\Babylon
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Babylon
2012-04-22 21:58 . 2012-05-01 20:39 -------- d-----w- c:\program files (x86)\wxDownload Fast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 02:13 . 2012-04-02 14:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:13 . 2011-11-21 20:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:13 . 2012-04-02 14:23 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:08 . 2012-04-07 20:34 1818744 ----a-w- c:\windows\inf\Romeo Hot Dance.exe
2012-04-09 11:35 . 2012-04-09 11:35 369008 ----a-w- c:\docume~1\ALLUSE~1\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe ERROR(0x00000005)
2012-03-08 11:50 . 2012-03-08 11:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 11:37 . 2012-03-08 11:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 05:27 1330480 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\idman.exe" [2012-05-13 3462552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2012-05-13 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2012-05-13 1406248]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2012-05-13 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2012-05-13 50472]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-13 114992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-22 183296]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
setup.exe [2012-4-9 369008]
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-12-3 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 fdnqrsrq;Virtual WiFi Filter Controller;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/12/03 15:07];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-08-28 05:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-13 20512]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fdnqrsrq
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:13]
.
2012-05-12 c:\windows\Tasks\At1.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000Core.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000UA.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-08 19:54 167416 ----a-w- c:\users\kyoshiro\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"combofix"="c:\combofix\CF19636.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
earthlinksafeconnectagent
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112472&babsrc=HP_ss&mntrId=a669a153000000000000d85d4cf46189
mStart Page = hxxp://home.sweetim.com/?st=1&crg=4.0002002&barid={500A6904-8DDD-11E1-9226-00248CEAE62B}
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEGetAll.htm
IE: Download with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEExt.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 202.162.214.234 8.8.8.8
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Search Protection - c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe
Wow6432Node-HKCU-Run-Messenger (Yahoo!) - ~c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe
Wow6432Node-HKLM-Run-YSearchProtection - c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe
Wow6432Node-HKU-Default-Run-Google Update - c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\gupdate.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):67,44,fc,4b,63,f2,b2,c3,dc,bf,1f,22,6c,2e,c2,e7,19,1f,62,81,b6,
5f,af,eb,0b,d8,88,56,07,7d,50,ef,fa,57,94,3f,04,34,c8,7b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{afb4eac5-7efe-4b0a-85d6-be80ad9f499a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000057
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
c:\progra~2\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-05-15 14:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 07:21
.
Pre-Run: 21,100,859,392 bytes free
Post-Run: 24,609,517,568 bytes free
.
- - End Of File - - CFF41418607E623344801D953136649A


SECOND RUN :

ComboFix 12-05-15.01 - kyoshiro 05/15/2012 14:27:11.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6841 [GMT 7:00]
Running from: c:\users\kyoshiro\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\windows\assembly\temp\cfg.ini
C:\xjxx.exe
E:\autorun.inf
E:\qmhj.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 07:35 . 2012-05-15 07:35 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-13 22:39 . 2012-05-13 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 17:36 . 2012-05-13 17:36 -------- d-----w- c:\program files\Symantec
2012-05-13 17:19 . 2012-05-13 17:19 -------- d-----w- c:\windows\system32\drivers\SEP
2012-05-13 17:02 . 2012-05-13 17:02 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Malwarebytes
2012-05-13 17:02 . 2012-05-14 09:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-13 17:02 . 2012-04-04 08:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 14:52 . 2012-05-13 14:52 -------- d--h--w- c:\windows\PIF
2012-05-13 14:52 . 2012-05-13 14:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-13 14:50 . 2012-05-13 14:50 -------- d-----w- c:\users\kyoshiro\AppData\Local\Symantec
2012-05-13 14:48 . 2012-05-13 14:48 -------- d-----w- c:\program files (x86)\Symantec
2012-05-08 01:41 . 2012-05-08 01:41 -------- d-----w- c:\windows\en
2012-05-08 01:39 . 2012-03-08 11:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-08 01:36 . 2012-05-08 01:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62916a21cd2cbb02\MeshBetaRemover.exe
2012-05-08 01:36 . 2012-05-08 01:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DSETUP.dll
2012-05-08 01:36 . 2012-05-08 01:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DXSETUP.exe
2012-05-08 01:36 . 2012-05-08 01:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\dsetup32.dll
2012-05-02 22:07 . 2012-05-02 22:09 -------- d-----w- c:\users\kyoshiro\AppData\Local\Microsoft Games
2012-04-24 07:15 . 2012-04-24 07:15 -------- d-----w- c:\program files (x86)\SweetIM
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Local\Babylon
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Babylon
2012-04-22 21:58 . 2012-05-01 20:39 -------- d-----w- c:\program files (x86)\wxDownload Fast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 07:36 . 2012-05-15 07:36 103140 --sh--r- C:\dubx.exe
2012-05-05 02:13 . 2012-04-02 14:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:13 . 2011-11-21 20:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:13 . 2012-04-02 14:23 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:08 . 2012-04-07 20:34 1818744 ----a-w- c:\windows\inf\Romeo Hot Dance.exe
2012-04-09 11:35 . 2012-04-09 11:35 369008 ----a-w- c:\docume~1\ALLUSE~1\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe ERROR(0x00000005)
2012-03-08 11:50 . 2012-03-08 11:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 11:37 . 2012-03-08 11:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-15_07.05.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-22 10:25 . 2012-05-15 06:20 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-22 10:25 . 2012-05-15 07:04 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-22 10:25 . 2012-05-15 06:20 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-22 10:25 . 2012-05-15 07:04 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 06:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 07:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-15 07:35 . 2012-05-15 07:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-15 07:04 . 2012-05-15 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 07:35 . 2012-05-15 07:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-15 07:04 . 2012-05-15 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-15 07:03 346888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-15 07:33 346888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-08 08:27 . 2012-05-15 07:31 223744 c:\windows\assembly\temp\twl.dll
- 2012-04-08 08:27 . 2012-05-15 06:26 223744 c:\windows\assembly\temp\twl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 05:27 1330480 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\idman.exe" [2012-05-13 3462552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2012-05-13 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2012-05-13 1406248]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2012-05-13 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2012-05-13 50472]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-13 114992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-22 183296]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
setup.exe [2012-4-9 369008]
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-12-3 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 fdnqrsrq;Virtual WiFi Filter Controller;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/12/03 15:07];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-08-28 05:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-13 20512]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fdnqrsrq
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:13]
.
2012-05-15 c:\windows\Tasks\At1.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000Core.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000UA.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-08 19:54 167416 ----a-w- c:\users\kyoshiro\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"combofix"="c:\combofix\CF27000.3XE" [2010-11-21 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
earthlinksafeconnectagent
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112472&babsrc=HP_ss&mntrId=a669a153000000000000d85d4cf46189
mStart Page = hxxp://home.sweetim.com/?st=1&crg=4.0002002&barid={500A6904-8DDD-11E1-9226-00248CEAE62B}
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEGetAll.htm
IE: Download with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEExt.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 202.162.214.234 8.8.8.8
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):67,44,fc,4b,63,f2,b2,c3,dc,bf,1f,22,6c,2e,c2,e7,19,1f,62,81,b6,
5f,af,eb,0b,d8,88,56,07,7d,50,ef,fa,57,94,3f,04,34,c8,7b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{afb4eac5-7efe-4b0a-85d6-be80ad9f499a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000057
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
.
**************************************************************************
.
Completion time: 2012-05-15 14:41:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 07:41
ComboFix2.txt 2012-05-15 07:21
.
Pre-Run: 24,650,387,456 bytes free
Post-Run: 24,448,716,800 bytes free
.
- - End Of File - - C044107CF30AE180CF6E880176A9BD45

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 15 May 2012 - 05:13 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 m0x

m0x
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 May 2012 - 07:45 AM

Thanks for immediate reply.

My case is CPU process up to almost 100%.

Some of the high process : SSSchduler.exe, NBAgent.exe, PDVD9Serv.exe.

If I END PROCESS one of them, the other shows up, not only three mentioned before, many others include PING.EXE.

So now I do SUSPEND PROCESS.

Every time I move Flash Disk from infected computer, my other computer symantec atntivirus always detected : W32/Sality.AE

I ran Defogger and turned off anti-malware program like your instruction.

And here the log :




Checkup :

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Adobe After Effects CS3 Presets
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````



Attach :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2011 2:32:44 AM
System Uptime: 5/15/2012 2:34:57 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q SE2
Processor: Intel® Core™2 CPU 6700 @ 2.66GHz | LGA775 | 2670/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 22.477 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 668.784 GiB free.
F: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer:
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service:
.
==== System Restore Points ===================
.
RP59: 5/14/2012 12:32:40 AM - Installed Symantec Endpoint Protection.
RP60: 5/15/2012 1:48:45 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe After Effects CS5
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Babylon toolbar on IE
Bing Bar
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
ConvertXtoDVD 4.0.12.327
CyberLink PowerDVD 9
D3DX10
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.1.3.2 (31/10/2011) Qt
FileZilla Client 3.5.1
Google Chrome
High-Definition Video Playback
ImgBurn
Incredibar Toolbar on IE
Internet Download Manager
Junk Mail filter update
K-Lite Mega Codec Pack 7.9.0
LeechFTP
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 ClipartPack
Nero 10 Kwik Themes 1
Nero 10 Kwik Themes 2
Nero 10 Kwik Themes 3
Nero 10 Kwik Themes 4
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 10 PiP EffectPack 1
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Platinum HD
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroKwikMedia Help (CHM)
Origin
PDF Settings
PowerDVD
PunkBuster Services
Ravisent CineMaster™ 2000
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SUBmax
Substation Alpha 4.08
Subtitle Workshop 2.51
SweetIM for Messenger 3.6
SweetPacks Toolbar for Internet Explorer 4.4
TMPGEnc 4.0 XPress
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VisualSubSync (remove only)
vShare.tv plugin 1.3
VshareComplete
WinAVIVideoConverter
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
wxDownload Fast 0.6.0
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/15/2012 5:38:32 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/15/2012 2:36:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
5/15/2012 2:35:23 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/15/2012 2:35:20 PM, Error: Service Control Manager [7000] - The Virtual WiFi Filter Controller service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
5/15/2012 2:34:58 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
5/15/2012 2:33:18 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/15/2012 2:32:40 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/15/2012 1:20:49 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/15/2012 1:20:48 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/15/2012 1:20:47 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/14/2012 4:39:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8007c73040, 0xfffffa8007c73320, 0xfffff80002f9b8b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051412-20326-01.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/14/2012 2:02:27 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/14/2012 12:21:43 AM, Error: Service Control Manager [7000] - The IDSVia64 service failed to start due to the following error: The system cannot find the file specified.
5/13/2012 8:13:22 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5/13/2012 2:16:21 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/13/2012 10:39:24 PM, Error: Service Control Manager [7034] - The ServerNabs4 service terminated unexpectedly. It has done this 1 time(s).
5/13/2012 1:25:13 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================




DDS :

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by kyoshiro at 19:12:21 on 2012-05-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6777 [GMT 7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112472&babsrc=HP_ss&mntrId=a669a153000000000000d85d4cf46189
mStart Page = hxxp://home.sweetim.com/?st=1&crg=4.0002002&barid={500A6904-8DDD-11E1-9226-00248CEAE62B}
uInternet Settings,ProxyOverride = *.local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - E:\New Folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [IDMan] E:\New Folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\idman.exe /onboot
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all links with IDM - E:\New Folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEGetAll.htm
IE: Download with IDM - E:\New Folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEExt.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 202.162.214.234 8.8.8.8
TCP: Interfaces\{1F80B2CD-8371-4DC7-98A3-37D6CC5F9EE5} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8B7C4C6A-5CD5-4510-9F14-FAF6F4B58929} : DhcpNameServer = 202.162.214.234 8.8.8.8
TCP: Interfaces\{8B7C4C6A-5CD5-4510-9F14-FAF6F4B58929}\64143545E45445 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\New Folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kyoshiro\AppData\Roaming\Mozilla\Firefox\Profiles\8onl0qpn.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112472&babsrc=HP_ss&mntrId=a669a153000000000000d85d4cf46189
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112472&babsrc=KW_ss&mntrId=a669a153000000000000d85d4cf46189&q=
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\kyoshiro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\kyoshiro\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112472
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a669a153000000000000d85d4cf46189
FF - user.js: extensions.BabylonToolbar_i.hardId - a669a153000000000000d85d4cf46189
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15461
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:41:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/12/03 15:07:14];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-8-28 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-14 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 fdnqrsrq;Virtual WiFi Filter Controller;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-15 11:45:05 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-15 11:45:03 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-15 11:45:03 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-15 07:36:55 103140 --sh--r- C:\dubx.exe
2012-05-15 07:35:39 -------- d-----w- C:\$RECYCLE.BIN
2012-05-15 07:35:38 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-15 06:48:36 98816 ----a-w- C:\Windows\sed.exe
2012-05-15 06:48:36 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-15 06:48:36 256000 ----a-w- C:\Windows\PEV.exe
2012-05-15 06:48:36 208896 ----a-w- C:\Windows\MBR.exe
2012-05-14 23:49:08 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{988F7AE9-EB73-4061-B19E-12012DE677F2}
2012-05-14 11:48:41 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{6670FE2A-0316-4E97-AAFD-77128C28A5B1}
2012-05-14 11:48:29 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{22578676-F2F6-4527-8591-F9732ECA04BB}
2012-05-13 23:47:53 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{C4804B5A-2573-49A3-9BCA-69ACCBF9F5FA}
2012-05-13 23:47:27 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{B3B1BD9C-A908-4BC7-88C4-3BED5DE9968E}
2012-05-13 22:39:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 17:36:29 -------- d-----w- C:\Program Files\Symantec
2012-05-13 17:19:23 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010259\125B.105\x64
2012-05-13 17:19:23 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010259\125B.105
2012-05-13 17:19:23 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010259
2012-05-13 17:19:23 -------- d-----w- C:\Windows\System32\drivers\SEP
2012-05-13 17:02:53 -------- d-----w- C:\Users\kyoshiro\AppData\Roaming\Malwarebytes
2012-05-13 17:02:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-13 17:02:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-13 17:02:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-13 14:52:38 -------- d--h--w- C:\Windows\PIF
2012-05-13 14:52:13 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-13 14:50:30 -------- d-----w- C:\Users\kyoshiro\AppData\Local\Symantec
2012-05-13 14:48:48 -------- d-----w- C:\ProgramData\Symantec
2012-05-13 14:48:48 -------- d-----w- C:\Program Files (x86)\Symantec
2012-05-13 11:19:33 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{E2FE31DE-63F1-455E-9747-FF5DB1979E9C}
2012-05-13 11:19:17 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{4DBAAFE4-AD78-4C69-B2BD-BD3F4CC59E69}
2012-05-12 19:17:22 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{68FFB4D9-986A-4B87-BE7A-C4C036031A35}
2012-05-12 19:17:09 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{EF245806-F554-4B52-A5CA-D654C41670E8}
2012-05-12 05:13:26 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{7FF098DA-D9F2-4058-BDE1-0A65B1AE0313}
2012-05-12 05:13:13 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{965FEC84-F5F8-4911-8CD9-F21E04350809}
2012-05-10 05:57:23 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{6CC98E16-D653-426A-A44C-93EF17C2F508}
2012-05-10 05:57:09 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{0DAF6367-0165-4723-85A0-A14C79FCB1F9}
2012-05-09 03:51:53 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{39AF820B-9166-468D-A36F-8FEADBB3A6F6}
2012-05-09 03:51:41 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{0DD9D985-1B87-41BD-A7B6-AAECF26498BF}
2012-05-08 15:51:04 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{E1ADD5F3-131B-4FB3-A093-255AD60BD147}
2012-05-08 15:50:52 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{EA38257B-C917-4E71-B259-C978630E4A26}
2012-05-08 01:42:25 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{48CCCE68-A5EC-45A5-B2E5-6444C861FE22}
2012-05-08 01:42:12 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{C860C46C-9070-4F72-94E1-135B08397C0D}
2012-05-08 01:41:18 -------- d-----w- C:\Windows\en
2012-05-08 01:39:10 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-05-08 01:36:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\62916a21cd2cbb02\MeshBetaRemover.exe
2012-05-08 01:36:41 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DSETUP.dll
2012-05-08 01:36:41 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DXSETUP.exe
2012-05-08 01:36:41 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\dsetup32.dll
2012-05-08 01:35:25 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{B0D210FF-499D-4AE3-85CE-D73722942A34}
2012-05-08 01:35:09 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{6430BE2F-C1C6-4D51-B9D8-2E0EBB7642D1}
2012-05-06 10:31:31 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{A8F6E1B9-B10F-4D47-A291-9B563582EB3D}
2012-05-06 10:31:18 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{7847F70D-4E8C-48A8-9262-F196DCD2D077}
2012-05-05 23:59:43 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{F17F9E57-E061-4402-8ED6-1689FB783908}
2012-05-05 23:59:31 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{312062BF-6AC1-409E-84D5-452EEAC6BF93}
2012-05-05 08:10:06 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{CDBCDF90-2CD2-4966-B6D0-B99DB049417D}
2012-05-05 08:09:53 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{1882F343-9D6F-48E3-B643-792E5E8B11AE}
2012-05-04 05:19:23 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{7FBE7413-AC7C-4171-8B27-CC1868EE7424}
2012-05-04 05:19:04 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{D54B0E33-1B00-4523-815D-2119CCF2264E}
2012-05-03 13:48:35 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{16D50047-3141-4106-A978-A62C61A44242}
2012-05-03 13:48:23 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{1FD089AD-4E56-4A72-B8D0-A91B3502E90E}
2012-05-03 11:40:12 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{3E8A47CB-09F5-4F6B-BC40-D1DC092D4E8B}
2012-05-03 11:39:45 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{74E3AB3C-BE97-49A5-97E9-BD2A5B6A0D2F}
2012-05-02 22:07:53 -------- d-----w- C:\Users\kyoshiro\AppData\Local\Microsoft Games
2012-05-02 06:40:41 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{0B966ACD-93AE-4365-9ED1-15B808EB9F01}
2012-05-02 06:40:20 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{CEC6980A-E195-4C24-BD21-512D076A4056}
2012-05-01 21:37:16 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{32A970AF-0B3C-427E-B7CD-E7424E11BC56}
2012-05-01 21:36:55 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{0E183EFA-EDC8-4C5B-957A-E89E38886C04}
2012-05-01 09:25:12 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{DF3C47EE-9171-4615-A5B9-0B9FC1358186}
2012-05-01 09:24:55 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{85AFAA00-D92C-44CF-B4C1-BE2D28D819D5}
2012-04-30 08:26:48 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{C9C65F58-360F-4118-B117-B111F360CBEC}
2012-04-30 08:26:28 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{A6CE56E7-3466-4421-B898-FC1F17DF4692}
2012-04-29 23:18:20 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{E895904F-9D58-4D4C-83CA-5E3B6FA4BCF6}
2012-04-29 23:18:05 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{DFAF9600-A393-46F7-B28E-C0F30226460E}
2012-04-28 16:00:05 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{C6500654-9B92-440F-B36C-D10B4240DF89}
2012-04-28 14:45:30 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{F8629E66-EFD1-4022-8A3A-69FF8D5C6BEA}
2012-04-28 14:45:06 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{7B2F771F-40A1-4CA8-AB51-63D38D0C54C5}
2012-04-28 10:08:57 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{9ADE7808-38FB-4FF2-898E-D044D268E5AC}
2012-04-28 10:08:33 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{FD0DC472-F431-469C-85D4-1052471FF56A}
2012-04-28 06:06:11 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{77B36878-E007-4F19-84A4-5563357955AD}
2012-04-27 08:07:19 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{C5C3F7CA-1400-4D0C-9C80-88667DE29A48}
2012-04-27 08:06:58 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{4A04E9C6-AD37-4F40-A2D4-037347F915FE}
2012-04-26 08:00:22 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{2E71F76F-6949-4CC6-AE20-418D6373C0AB}
2012-04-26 07:59:53 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{E6FDD079-02D3-45BA-8A61-4858CE6882BA}
2012-04-25 12:04:50 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{6F983DD4-D003-46D1-B7F0-E533958C57C0}
2012-04-25 12:04:27 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{6F872431-78B7-4A8E-A845-8F690C364541}
2012-04-25 10:47:20 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{E2231C01-4D5C-4690-AE99-E054C02866C1}
2012-04-24 12:33:55 11824088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul - Copy.dll
2012-04-24 12:26:43 912344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox\firefox.exe
2012-04-24 07:16:58 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{E5CD4515-8FC5-4672-9FC0-DCDE231C3029}
2012-04-24 07:16:42 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{2380F5D8-4619-46D9-BCF0-96D576416C61}
2012-04-24 07:15:46 -------- d-----w- C:\ProgramData\SweetIM
2012-04-24 07:15:46 -------- d-----w- C:\Program Files (x86)\SweetIM
2012-04-23 10:29:01 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{44B5E985-F6A0-4897-892D-C211A73FB8D5}
2012-04-23 10:28:39 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{3379B638-C12C-46BA-91D6-FA895FD1D640}
2012-04-22 21:58:56 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-04-22 21:58:49 -------- d-----w- C:\Users\kyoshiro\AppData\Local\Babylon
2012-04-22 21:58:48 -------- d-----w- C:\Users\kyoshiro\AppData\Roaming\Babylon
2012-04-22 21:58:48 -------- d-----w- C:\ProgramData\Premium
2012-04-22 21:58:48 -------- d-----w- C:\ProgramData\Babylon
2012-04-22 21:58:38 -------- d-----w- C:\Program Files (x86)\wxDownload Fast
2012-04-22 21:58:14 -------- d-----w- C:\ProgramData\InstallMate
2012-04-22 06:26:44 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{02AECAD8-748F-441B-87D4-32FD9D2A5A20}
2012-04-22 06:26:14 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{A08A2C88-7266-4E76-9386-9E3836E70A41}
2012-04-21 06:05:53 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{EC6DA616-B10A-4C3F-889C-B0442EBD73B8}
2012-04-21 06:05:28 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{1B662746-969D-480F-ACA1-60D4DD4EC04F}
2012-04-20 09:45:49 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{BCCD6DF1-2934-4BD6-A263-04CD247B6BF8}
2012-04-20 09:45:30 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{05841FF8-4A6A-49E1-BFB8-A6881E355E88}
2012-04-19 05:50:34 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{CECD5200-C500-462F-A56A-2F1A3B2453E2}
2012-04-19 05:50:07 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{2D945569-CEE2-48C6-957E-A8A63DB8C727}
2012-04-19 05:47:19 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{DA15B781-7E56-4EB5-8676-67C55B5851B8}
2012-04-18 12:39:30 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{58E86136-B477-4D55-9ADA-71C44D77BC60}
2012-04-18 12:39:05 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{4629C8C9-40D3-4977-AF98-899AA07A6F7C}
2012-04-17 09:09:27 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{9546F637-DDCF-42F2-BC85-2B767BE2E42A}
2012-04-17 09:09:01 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{DB66670E-D6F7-493A-9CA2-41B25F055F21}
2012-04-16 05:02:49 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{94C19405-0EA0-4676-992E-442B4045F92F}
2012-04-16 05:02:21 -------- d-----w- C:\Users\kyoshiro\AppData\Local\{86059997-9379-4950-BB8B-4F23AFCBF50A}
.
==================== Find3M ====================
.
2012-05-05 02:13:44 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:13:44 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:13:35 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:08:33 1818744 ----a-w- C:\Windows\inf\Romeo Hot Dance.exe
2012-03-08 11:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 11:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 19:12:38.85 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 15 May 2012 - 08:58 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 m0x

m0x
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 May 2012 - 11:47 AM

I've done ComboFix and I must say the problem still exist...


two error after restart :

1) c:\windows\system32\regsvr32.exe

illegal operation attempted on a registry key that has been marked for deletion.

2) NBAgent.exe - system error

the program can't start because neroapiengine.dll missing from your computer. Try reinstalling the program to fix this problem


as your instruction, restart if I receive that kind of error.

on restart, I cannot booting windows normally, then I use system restore point created from ComboFix.

after success booting, PING.EXE shows up in process.


here the log :

ComboFix 12-05-14.03 - kyoshiro 05/15/2012 22:57:18.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6929 [GMT 7:00]
Running from: c:\users\kyoshiro\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\dubx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
E:\autorun.inf
E:\xgrb.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 16:07 . 2012-05-15 16:07 103140 --sh--r- C:\ecaeg.exe
2012-05-13 22:39 . 2012-05-13 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 17:36 . 2012-05-13 17:36 -------- d-----w- c:\program files\Symantec
2012-05-13 17:19 . 2012-05-13 17:19 -------- d-----w- c:\windows\system32\drivers\SEP
2012-05-13 17:02 . 2012-05-13 17:02 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Malwarebytes
2012-05-13 14:52 . 2012-05-13 14:52 -------- d--h--w- c:\windows\PIF
2012-05-13 14:52 . 2012-05-13 14:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-13 14:50 . 2012-05-13 14:50 -------- d-----w- c:\users\kyoshiro\AppData\Local\Symantec
2012-05-13 14:48 . 2012-05-13 14:48 -------- d-----w- c:\program files (x86)\Symantec
2012-05-08 01:41 . 2012-05-08 01:41 -------- d-----w- c:\windows\en
2012-05-08 01:39 . 2012-03-08 11:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-08 01:36 . 2012-05-08 01:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62916a21cd2cbb02\MeshBetaRemover.exe
2012-05-08 01:36 . 2012-05-08 01:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DSETUP.dll
2012-05-08 01:36 . 2012-05-08 01:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DXSETUP.exe
2012-05-08 01:36 . 2012-05-08 01:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\dsetup32.dll
2012-05-02 22:07 . 2012-05-02 22:09 -------- d-----w- c:\users\kyoshiro\AppData\Local\Microsoft Games
2012-04-24 07:15 . 2012-04-24 07:15 -------- d-----w- c:\program files (x86)\SweetIM
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Local\Babylon
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Babylon
2012-04-22 21:58 . 2012-05-01 20:39 -------- d-----w- c:\program files (x86)\wxDownload Fast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 16:07 . 2012-05-15 16:07 103140 --sh--r- C:\xfuxwh.exe
2012-05-05 02:13 . 2012-04-02 14:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:13 . 2011-11-21 20:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:13 . 2012-04-02 14:23 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:08 . 2012-04-07 20:34 1818744 ----a-w- c:\windows\inf\Romeo Hot Dance.exe
2012-04-09 11:35 . 2012-04-09 11:35 369008 ----a-w- c:\docume~1\ALLUSE~1\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe ERROR(0x00000005)
2012-03-08 11:50 . 2012-03-08 11:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 11:37 . 2012-03-08 11:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-15_07.05.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-15 07:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-15 15:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-05-15 15:49 46436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-15 16:08 38664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-21 19:38 . 2012-05-15 16:08 10510 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2302931829-3210376335-2414099232-1000_UserData.bin
- 2011-11-22 10:25 . 2012-05-15 06:20 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-22 10:25 . 2012-05-15 14:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-22 10:25 . 2012-05-15 14:07 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-22 10:25 . 2012-05-15 06:20 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 06:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 14:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-21 22:10 . 2012-05-15 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-21 22:10 . 2012-05-15 07:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-21 22:10 . 2012-05-15 07:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-21 22:10 . 2012-05-15 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-22 06:21 . 2012-05-15 16:04 5886 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-05-15 07:04 . 2012-05-15 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 16:05 . 2012-05-15 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 16:05 . 2012-05-15 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-15 07:04 . 2012-05-15 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-05-15 15:52 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 07:01 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-23 22:23 . 2012-05-15 16:04 875728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-23 22:23 . 2012-05-15 07:03 875728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-05-15 16:04 346888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-15 07:03 346888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-08 08:27 . 2012-05-15 15:52 223744 c:\windows\assembly\temp\twl.dll
- 2012-04-08 08:27 . 2012-05-15 06:26 223744 c:\windows\assembly\temp\twl.dll
+ 2009-07-14 04:54 . 2012-05-15 15:52 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 07:01 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-21 19:53 . 2012-05-15 14:05 19303436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2302931829-3210376335-2414099232-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 05:27 1330480 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\idman.exe" [2012-05-13 3462552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2012-05-13 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2012-05-13 1406248]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2012-05-13 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2012-05-13 50472]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-13 114992]
.
c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-22 183296]
setup.exe [2012-4-9 369008]
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-12-3 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 fdnqrsrq;Virtual WiFi Filter Controller;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-15 129976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/12/03 15:07];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-08-28 05:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-13 20512]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fdnqrsrq
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:13]
.
2012-05-15 c:\windows\Tasks\At1.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000Core.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000UA.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-08 19:54 167416 ----a-w- c:\users\kyoshiro\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"combofix"="c:\combofix\CF28453.3XE" [2010-11-21 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
earthlinksafeconnectagent
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112472&babsrc=HP_ss&mntrId=a669a153000000000000d85d4cf46189
mStart Page = hxxp://home.sweetim.com/?st=1&crg=4.0002002&barid={500A6904-8DDD-11E1-9226-00248CEAE62B}
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEGetAll.htm
IE: Download with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEExt.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 202.162.214.234 8.8.8.8
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):67,44,fc,4b,63,f2,b2,c3,dc,bf,1f,22,6c,2e,c2,e7,19,1f,62,81,b6,
5f,af,eb,0b,d8,88,56,07,7d,50,ef,fa,57,94,3f,04,34,c8,7b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{afb4eac5-7efe-4b0a-85d6-be80ad9f499a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000057
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
.
**************************************************************************
.
Completion time: 2012-05-15 23:12:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 16:12
ComboFix2.txt 2012-05-15 07:21
.
Pre-Run: 19,293,769,728 bytes free
Post-Run: 19,261,284,352 bytes free
.
- - End Of File - - 85A3057F944DB8E95A6DA15FDE0ED024

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 15 May 2012 - 12:20 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 m0x

m0x
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 May 2012 - 12:43 PM

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 16-05-2012 00:36:20
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2012-05-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1406248 2012-05-13] (Nero AG)
HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2012-05-13] (Yahoo! Inc)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-09-01] (cyberlink)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2012-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2012-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-05-13] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\kyoshiro\...\Run: [Google Update] "C:\Users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-05-13] (Google Inc.)
HKU\kyoshiro\...\Run: [IDMan] E:\New Folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\idman.exe /onboot [x]
HKU\kyoshiro\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2012-05-13] (Yahoo! Inc)
HKU\kyoshiro\...\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\kyoshiro\...\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6276408 2011-08-21] (Yahoo! Inc.)
Tcpip\Parameters: [DhcpNameServer] 202.162.214.234 8.8.8.8
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 earthlinksafeconnectagent; C:\Windows\System32\ozoneinstallerservice.dll [6656 2009-07-13] (Oak Technology Inc.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2012-04-02] (Macrovision Europe Ltd.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-24] ()
2 WinVNC4; "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service [2360048 2011-08-08] (RealVNC Ltd)
2 fdnqrsrq; C:\Windows\system32\meqbcoke.dll [x]

========================== Drivers (Whitelisted) =============

2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [153248 2011-06-09] (Tonec Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2008-01-21] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [860656 2011-11-21] (Duplex Secure Ltd.)
3 vncmirror; C:\Windows\System32\Drivers\vncmirror.sys [4608 2011-08-08] (RealVNC Ltd.)
2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-08-27] (CyberLink Corp.)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: earthlinksafeconnectagent
NETSVCx32: fdnqrsrq

============ One Month Created Files and Folders ==============

2012-05-16 00:35 - 2012-05-16 00:36 - 0000000 ____D C:\FRST
2012-05-15 08:42 - 2012-05-15 08:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7FD2DE18-DF1C-4E12-8DDC-90377FDED847}
2012-05-15 08:42 - 2012-05-15 08:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0F0A0076-8358-4C3E-BB1A-C4406A43E8AE}
2012-05-15 08:34 - 2012-05-15 08:34 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{5B3ED9E3-B265-49B3-818B-4B64E729A8A0}
2012-05-15 08:34 - 2012-05-15 08:34 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{5627003B-0EAF-41F5-8BB0-A700B5F4DC4A}
2012-05-15 08:32 - 2012-05-15 08:32 - 0000000 ____D C:\Windows\system64
2012-05-15 08:17 - 2012-05-15 08:17 - 0000276 ____A C:\Users\kyoshiro\Desktop\QWE.txt
2012-05-15 08:07 - 2012-05-12 11:28 - 0000305 _RASH C:\autorun.inf
2012-05-15 07:13 - 2012-05-15 07:21 - 0000000 ____D C:\Users\kyoshiro\Desktop\output first kiss
2012-05-15 06:09 - 2012-05-15 23:27 - 0000000 ____D C:\Users\kyoshiro\Desktop\first kiss outpit
2012-05-15 06:03 - 2012-05-15 06:03 - 0000000 ____D C:\Users\kyoshiro\Desktop\fi
2012-05-15 06:01 - 2012-05-15 06:01 - 1036856 ____A C:\Users\kyoshiro\Desktop\menu over f.BMP
2012-05-15 06:01 - 2012-05-15 06:01 - 1036856 ____A C:\Users\kyoshiro\Desktop\menu f.BMP
2012-05-15 05:24 - 2012-05-15 05:24 - 0069872 ____A C:\Users\kyoshiro\Desktop\36893d220b8c075a252d82aab9f690411327685609_full.jpg
2012-05-15 05:20 - 2012-05-15 05:20 - 0087785 ____A C:\Users\kyoshiro\Desktop\db17fe983f6d3ee1677df072ed8dc652.jpg
2012-05-15 05:19 - 2012-05-15 05:19 - 0022315 ____A C:\Users\kyoshiro\Desktop\thumb.jpg
2012-05-15 05:16 - 2012-05-15 05:16 - 0064653 ____A C:\Users\kyoshiro\Desktop\news_20120118204121_10.jpg
2012-05-15 04:13 - 2012-05-15 04:13 - 0028866 ____A C:\Users\kyoshiro\Desktop\DDS.txt
2012-05-15 04:13 - 2012-05-15 04:13 - 0012063 ____A C:\Users\kyoshiro\Desktop\Attach.txt
2012-05-15 04:10 - 2012-05-15 04:11 - 0000042 ____A C:\Users\kyoshiro\Desktop\AAA.txt
2012-05-15 04:07 - 2012-05-15 04:07 - 0000749 ____A C:\Users\kyoshiro\Desktop\checkup.txt
2012-05-15 04:04 - 2012-05-15 04:04 - 0000510 ____A C:\Users\kyoshiro\Desktop\defogger_disable.log
2012-05-15 04:04 - 2012-05-15 04:04 - 0000020 ____A C:\Users\kyoshiro\defogger_reenable
2012-05-15 04:02 - 2012-05-15 04:00 - 0001476 ____A C:\Users\kyoshiro\Desktop\test.txt
2012-05-15 03:45 - 2012-05-15 03:45 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-15 03:45 - 2012-05-15 03:45 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-14 23:23 - 2012-05-15 08:12 - 0023172 ____A C:\Users\kyoshiro\Desktop\ComboFix.txt
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-14 22:48 - 2012-05-15 23:27 - 0000000 ___SD C:\ComboFix
2012-05-14 22:48 - 2012-05-15 23:27 - 0000000 ____D C:\Windows\ERDNT
2012-05-14 22:48 - 2012-05-14 21:55 - 4563514 ___RA (Swearware) C:\Users\kyoshiro\Desktop\ComboFix.exe
2012-05-14 22:48 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-14 22:48 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-14 22:48 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-14 22:48 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-14 22:48 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-14 22:48 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-14 22:48 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-14 22:48 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-14 22:46 - 2012-05-15 08:12 - 0000000 ___AD C:\Qoobox
2012-05-14 15:49 - 2012-05-14 15:49 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{988F7AE9-EB73-4061-B19E-12012DE677F2}
2012-05-14 09:09 - 2012-05-14 09:09 - 0578616 ____A C:\Users\kyoshiro\Downloads\Auindo Hack V.6080 Emotion Skip.7z
2012-05-14 08:58 - 2012-05-14 08:58 - 0000000 ____D C:\Users\kyoshiro\Downloads\auto story free 6076
2012-05-14 08:58 - 2012-05-14 08:58 - 0000000 ____D C:\Users\kyoshiro\Desktop\auto story free 6076
2012-05-14 04:51 - 2012-05-14 04:51 - 0003072 ____A C:\Users\kyoshiro\Desktop\asdasd.srt
2012-05-14 04:43 - 2012-05-14 04:46 - 0000000 ____D C:\Users\kyoshiro\Desktop\el
2012-05-14 04:27 - 2012-05-14 06:45 - 0000000 ____D C:\Users\kyoshiro\Desktop\el gringo
2012-05-14 03:48 - 2012-05-14 15:49 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{22578676-F2F6-4527-8591-F9732ECA04BB}
2012-05-14 03:48 - 2012-05-14 03:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6670FE2A-0316-4E97-AAFD-77128C28A5B1}
2012-05-14 01:39 - 2012-05-14 01:39 - 0275512 ____A C:\Windows\Minidump\051412-20326-01.dmp
2012-05-13 15:47 - 2012-05-13 15:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C4804B5A-2573-49A3-9BCA-69ACCBF9F5FA}
2012-05-13 15:47 - 2012-05-13 15:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{B3B1BD9C-A908-4BC7-88C4-3BED5DE9968E}
2012-05-13 15:37 - 2012-05-13 15:37 - 0272239 ____A C:\Users\kyoshiro\Downloads\Autostoryv.6080.rar
2012-05-13 14:39 - 2012-05-13 14:39 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-13 14:37 - 2012-05-13 14:39 - 0128400 ____A C:\TDSSKiller.2.7.34.0_14.05.2012_05.37.59_log.txt
2012-05-13 14:37 - 2012-05-13 14:37 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\kyoshiro\Desktop\tdsskiller.exe
2012-05-13 13:47 - 2012-05-13 13:47 - 0164134 ____A C:\Users\kyoshiro\Desktop\salitykiller.zip
2012-05-13 13:47 - 2010-11-11 19:13 - 0171344 ____A (Kaspersky Lab ZAO) C:\Users\kyoshiro\Desktop\SalityKiller.exe
2012-05-13 13:47 - 2010-05-17 00:15 - 0002258 ____A C:\Users\kyoshiro\Desktop\eula.txt
2012-05-13 13:46 - 2009-02-09 03:41 - 0000000 ____D C:\Users\kyoshiro\Desktop\Win32SalityRemover
2012-05-13 13:45 - 2012-05-13 13:45 - 0460309 ____A C:\Users\kyoshiro\Desktop\Win32SalityRemover.rar
2012-05-13 12:29 - 2012-05-13 12:29 - 0053989 ____A C:\Users\kyoshiro\Desktop\uuuuuuuuuuuuuuuuuuu.srt
2012-05-13 11:00 - 2012-05-13 14:06 - 0029412 ____A C:\teknft.pif
2012-05-13 09:36 - 2012-05-13 09:36 - 0000000 ____D C:\Program Files\Symantec
2012-05-13 09:19 - 2012-05-13 09:19 - 0000000 ____D C:\Windows\System32\Drivers\SEP
2012-05-13 09:02 - 2012-05-15 23:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-13 09:02 - 2012-05-14 01:50 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-13 09:02 - 2012-05-14 01:50 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-13 09:02 - 2012-05-13 09:02 - 0044887 ____A C:\Users\kyoshiro\Desktop\22222.srt
2012-05-13 09:02 - 2012-05-13 09:02 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-13 09:02 - 2012-05-13 09:02 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\Malwarebytes
2012-05-13 09:02 - 2012-05-13 08:58 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\kyoshiro\Desktop\mbam-setup-1.61.0.1400.exe
2012-05-13 09:02 - 2012-05-13 08:57 - 0000644 ____A C:\Users\kyoshiro\Desktop\xxx.txt
2012-05-13 09:02 - 2012-04-04 00:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-13 08:18 - 2012-05-13 08:18 - 0033574 ____A C:\Users\kyoshiro\Desktop\Dark.Shadows.srt
2012-05-13 06:52 - 2012-05-13 06:52 - 0000000 ___HD C:\Windows\PIF
2012-05-13 06:50 - 2012-05-13 06:50 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Symantec
2012-05-13 06:48 - 2012-05-13 06:48 - 0000000 ____D C:\Users\All Users\Symantec
2012-05-13 06:48 - 2012-05-13 06:48 - 0000000 ____D C:\ProgramData\Symantec
2012-05-13 06:48 - 2012-05-13 06:48 - 0000000 ____D C:\Program Files (x86)\Symantec
2012-05-13 06:47 - 2012-05-13 06:47 - 0000000 ____D C:\Users\kyoshiro\Desktop\SEP 12.1.601.4699 x64
2012-05-13 06:46 - 2012-05-13 06:46 - 0023854 ____A C:\Users\kyoshiro\Desktop\timing2.srt
2012-05-13 05:57 - 2012-05-13 05:57 - 0010894 ____A C:\Users\kyoshiro\Desktop\TIMING.srt
2012-05-13 05:10 - 2012-05-15 09:25 - 0007601 ____A C:\Users\kyoshiro\AppData\Local\Resmon.ResmonCfg
2012-05-13 04:45 - 2012-05-13 05:13 - 0000000 ____D C:\Users\kyoshiro\Desktop\dark shadow
2012-05-13 03:19 - 2012-05-13 03:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E2FE31DE-63F1-455E-9747-FF5DB1979E9C}
2012-05-13 03:19 - 2012-05-13 03:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{4DBAAFE4-AD78-4C69-B2BD-BD3F4CC59E69}
2012-05-12 11:17 - 2012-05-12 11:17 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{EF245806-F554-4B52-A5CA-D654C41670E8}
2012-05-12 11:17 - 2012-05-12 11:17 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{68FFB4D9-986A-4B87-BE7A-C4C036031A35}
2012-05-11 21:13 - 2012-05-11 21:13 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{965FEC84-F5F8-4911-8CD9-F21E04350809}
2012-05-11 21:13 - 2012-05-11 21:13 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7FF098DA-D9F2-4058-BDE1-0A65B1AE0313}
2012-05-11 13:56 - 2012-05-11 13:56 - 1036856 ____A C:\Users\kyoshiro\Desktop\wwkwk.BMP
2012-05-11 09:42 - 2012-05-11 09:42 - 0021310 ____A C:\Users\kyoshiro\Desktop\aaaa.jpg
2012-05-09 21:57 - 2012-05-09 21:57 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6CC98E16-D653-426A-A44C-93EF17C2F508}
2012-05-09 21:57 - 2012-05-09 21:57 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0DAF6367-0165-4723-85A0-A14C79FCB1F9}
2012-05-09 13:54 - 2012-05-09 13:54 - 0000635 ____A C:\Users\kyoshiro\Desktop\AutoStory6S_2.rar - Shortcut.lnk
2012-05-09 11:02 - 2012-05-09 11:03 - 0000000 ____D C:\Users\kyoshiro\Desktop\cheat audi
2012-05-09 09:15 - 2012-05-09 09:15 - 1036856 ____A C:\Users\kyoshiro\Desktop\menu over.BMP
2012-05-09 08:24 - 2012-05-09 08:25 - 0000000 ____D C:\Users\kyoshiro\Desktop\aa
2012-05-09 08:14 - 2012-05-09 08:14 - 0992365 ____A C:\Users\kyoshiro\Desktop\fullsizephoto218031.jpg
2012-05-09 08:14 - 2012-05-09 08:14 - 0503384 ____A C:\Users\kyoshiro\Desktop\fullsizephoto218040.jpg
2012-05-09 08:12 - 2012-05-09 08:40 - 0000000 ____D C:\Users\kyoshiro\Desktop\introduc menu
2012-05-09 07:23 - 2012-05-09 07:22 - 2272240 ____A C:\Users\kyoshiro\Desktop\201222915434.jpg
2012-05-09 07:04 - 2012-05-09 07:04 - 0000000 ____D C:\Users\kyoshiro\Desktop\a
2012-05-09 04:49 - 2012-05-09 07:03 - 0000000 ____D C:\Users\kyoshiro\Desktop\introduction
2012-05-08 19:51 - 2012-05-08 19:52 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{39AF820B-9166-468D-A36F-8FEADBB3A6F6}
2012-05-08 19:51 - 2012-05-08 19:51 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0DD9D985-1B87-41BD-A7B6-AAECF26498BF}
2012-05-08 08:44 - 2012-05-08 08:44 - 0000000 ____D C:\Users\kyoshiro\Desktop\RIKO
2012-05-08 07:51 - 2012-05-08 07:51 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E1ADD5F3-131B-4FB3-A093-255AD60BD147}
2012-05-08 07:50 - 2012-05-08 07:51 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{EA38257B-C917-4E71-B259-C978630E4A26}
2012-05-07 17:42 - 2012-05-07 17:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C860C46C-9070-4F72-94E1-135B08397C0D}
2012-05-07 17:42 - 2012-05-07 17:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{48CCCE68-A5EC-45A5-B2E5-6444C861FE22}
2012-05-07 17:41 - 2012-05-07 17:41 - 0000000 ____D C:\Windows\en
2012-05-07 17:39 - 2012-03-08 03:40 - 0048488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-05-07 17:35 - 2012-05-07 17:35 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{B0D210FF-499D-4AE3-85CE-D73722942A34}
2012-05-07 17:35 - 2012-05-07 17:35 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6430BE2F-C1C6-4D51-B9D8-2E0EBB7642D1}
2012-05-07 08:25 - 2012-05-07 08:25 - 1876856 ____A C:\Users\kyoshiro\Desktop\pimi.BMP
2012-05-06 22:07 - 2012-05-06 22:06 - 0727856 ____A C:\Users\kyoshiro\Desktop\21-NOB~1.PNG
2012-05-06 02:31 - 2012-05-06 02:31 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{A8F6E1B9-B10F-4D47-A291-9B563582EB3D}
2012-05-06 02:31 - 2012-05-06 02:31 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7847F70D-4E8C-48A8-9262-F196DCD2D077}
2012-05-05 15:59 - 2012-05-05 15:59 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{F17F9E57-E061-4402-8ED6-1689FB783908}
2012-05-05 15:59 - 2012-05-05 15:59 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{312062BF-6AC1-409E-84D5-452EEAC6BF93}
2012-05-05 00:25 - 2012-05-05 00:39 - 0000000 ____D C:\Users\kyoshiro\Desktop\output
2012-05-05 00:10 - 2012-05-05 00:10 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{CDBCDF90-2CD2-4966-B6D0-B99DB049417D}
2012-05-05 00:09 - 2012-05-05 00:10 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{1882F343-9D6F-48E3-B643-792E5E8B11AE}
2012-05-04 07:05 - 2012-05-04 07:05 - 0000853 ____A C:\Users\kyoshiro\Desktop\patcher.exe - Shortcut.lnk
2012-05-04 05:29 - 2012-05-04 05:29 - 0391437 ____A C:\Users\kyoshiro\Desktop\fiuiit~.JPG
2012-05-04 00:14 - 2012-05-04 07:04 - 0000021 ____A C:\Users\kyoshiro\Desktop\Config.ini
2012-05-03 21:19 - 2012-05-03 21:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{D54B0E33-1B00-4523-815D-2119CCF2264E}
2012-05-03 21:19 - 2012-05-03 21:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7FBE7413-AC7C-4171-8B27-CC1868EE7424}
2012-05-03 05:51 - 2012-05-03 05:51 - 0002486 ____A C:\Users\kyoshiro\Desktop\Windows Live Messenger.lnk
2012-05-03 05:50 - 2012-05-03 05:50 - 0001997 ____A C:\Users\kyoshiro\Desktop\VisualSubSync.lnk
2012-05-03 05:48 - 2012-05-03 05:48 - 0001994 ____A C:\Users\kyoshiro\Desktop\DVD Decrypter.lnk
2012-05-03 05:48 - 2012-05-03 05:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{1FD089AD-4E56-4A72-B8D0-A91B3502E90E}
2012-05-03 05:48 - 2012-05-03 05:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{16D50047-3141-4106-A978-A62C61A44242}
2012-05-03 05:39 - 2012-05-07 18:40 - 0000000 ____D C:\Users\kyoshiro\Desktop\menu sering di pake
2012-05-03 03:40 - 2012-05-03 03:40 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{3E8A47CB-09F5-4F6B-BC40-D1DC092D4E8B}
2012-05-03 03:39 - 2012-05-03 03:40 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{74E3AB3C-BE97-49A5-97E9-BD2A5B6A0D2F}
2012-05-02 14:07 - 2012-05-02 14:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Microsoft Games
2012-05-01 22:40 - 2012-05-01 22:40 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{CEC6980A-E195-4C24-BD21-512D076A4056}
2012-05-01 22:40 - 2012-05-01 22:40 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0B966ACD-93AE-4365-9ED1-15B808EB9F01}
2012-05-01 13:37 - 2012-05-01 13:37 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{32A970AF-0B3C-427E-B7CD-E7424E11BC56}
2012-05-01 13:36 - 2012-05-01 13:37 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0E183EFA-EDC8-4C5B-957A-E89E38886C04}
2012-05-01 13:33 - 2012-05-01 13:33 - 0007673 ____A C:\Windows\uedit32.INI
2012-05-01 01:25 - 2012-05-01 01:25 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DF3C47EE-9171-4615-A5B9-0B9FC1358186}
2012-05-01 01:24 - 2012-05-01 01:25 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{85AFAA00-D92C-44CF-B4C1-BE2D28D819D5}
2012-04-30 12:19 - 2012-04-30 12:19 - 0060805 ____A C:\Users\kyoshiro\Desktop\jump ENG 1.srt
2012-04-30 06:48 - 2012-04-30 08:01 - 0000000 ____D C:\Users\kyoshiro\Desktop\21 jump street
2012-04-30 00:28 - 2012-05-07 00:10 - 0000000 ____D C:\Users\kyoshiro\Desktop\outpost
2012-04-30 00:26 - 2012-04-30 00:27 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C9C65F58-360F-4118-B117-B111F360CBEC}
2012-04-30 00:26 - 2012-04-30 00:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{A6CE56E7-3466-4421-B898-FC1F17DF4692}
2012-04-29 15:18 - 2012-04-29 15:18 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E895904F-9D58-4D4C-83CA-5E3B6FA4BCF6}
2012-04-29 15:18 - 2012-04-29 15:18 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DFAF9600-A393-46F7-B28E-C0F30226460E}
2012-04-28 18:29 - 2012-04-28 18:29 - 0000000 ____A C:\Windows\System32\lame_acm.xml
2012-04-28 08:00 - 2012-04-28 08:00 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C6500654-9B92-440F-B36C-D10B4240DF89}
2012-04-28 06:45 - 2012-04-28 06:45 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{F8629E66-EFD1-4022-8A3A-69FF8D5C6BEA}
2012-04-28 06:45 - 2012-04-28 06:45 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7B2F771F-40A1-4CA8-AB51-63D38D0C54C5}
2012-04-28 02:08 - 2012-04-28 02:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{9ADE7808-38FB-4FF2-898E-D044D268E5AC}
2012-04-28 02:08 - 2012-04-28 02:08 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{FD0DC472-F431-469C-85D4-1052471FF56A}
2012-04-27 22:06 - 2012-04-27 22:06 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{77B36878-E007-4F19-84A4-5563357955AD}
2012-04-27 12:33 - 2012-05-10 09:00 - 0000000 ____D C:\Users\kyoshiro\Desktop\ga penting
2012-04-27 00:07 - 2012-04-27 00:07 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C5C3F7CA-1400-4D0C-9C80-88667DE29A48}
2012-04-27 00:06 - 2012-04-27 00:07 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{4A04E9C6-AD37-4F40-A2D4-037347F915FE}
2012-04-26 06:19 - 2012-05-07 17:46 - 0000000 ____D C:\Users\kyoshiro\Desktop\menuu
2012-04-26 00:00 - 2012-04-26 00:00 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{2E71F76F-6949-4CC6-AE20-418D6373C0AB}
2012-04-25 23:59 - 2012-04-26 00:00 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E6FDD079-02D3-45BA-8A61-4858CE6882BA}
2012-04-25 04:04 - 2012-04-25 04:05 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6F983DD4-D003-46D1-B7F0-E533958C57C0}
2012-04-25 04:04 - 2012-04-25 04:04 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6F872431-78B7-4A8E-A845-8F690C364541}
2012-04-25 02:47 - 2012-04-25 02:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E2231C01-4D5C-4690-AE99-E054C02866C1}
2012-04-24 04:49 - 2012-04-24 04:49 - 0001053 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-24 04:23 - 2012-05-15 23:27 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-23 23:16 - 2012-04-23 23:17 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E5CD4515-8FC5-4672-9FC0-DCDE231C3029}
2012-04-23 23:16 - 2012-04-23 23:16 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{2380F5D8-4619-46D9-BCF0-96D576416C61}
2012-04-23 23:15 - 2012-04-23 23:15 - 0000000 ____D C:\Users\All Users\SweetIM
2012-04-23 23:15 - 2012-04-23 23:15 - 0000000 ____D C:\ProgramData\SweetIM
2012-04-23 23:15 - 2012-04-23 23:15 - 0000000 ____D C:\Program Files (x86)\SweetIM
2012-04-23 02:29 - 2012-04-23 02:29 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{44B5E985-F6A0-4897-892D-C211A73FB8D5}
2012-04-23 02:28 - 2012-04-23 02:28 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{3379B638-C12C-46BA-91D6-FA895FD1D640}
2012-04-22 13:58 - 2012-05-01 12:41 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-22 13:58 - 2012-05-01 12:41 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-22 13:58 - 2012-05-01 12:39 - 0000000 ____D C:\Program Files (x86)\wxDownload Fast
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\All Users\Premium
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\All Users\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\ProgramData\Premium
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\ProgramData\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-04-21 22:26 - 2012-04-21 22:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{A08A2C88-7266-4E76-9386-9E3836E70A41}
2012-04-21 22:26 - 2012-04-21 22:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{02AECAD8-748F-441B-87D4-32FD9D2A5A20}
2012-04-20 22:05 - 2012-04-20 22:06 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{EC6DA616-B10A-4C3F-889C-B0442EBD73B8}
2012-04-20 22:05 - 2012-04-20 22:05 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{1B662746-969D-480F-ACA1-60D4DD4EC04F}
2012-04-20 01:45 - 2012-04-20 01:46 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{BCCD6DF1-2934-4BD6-A263-04CD247B6BF8}
2012-04-20 01:45 - 2012-04-20 01:45 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{05841FF8-4A6A-49E1-BFB8-A6881E355E88}
2012-04-18 21:50 - 2012-04-18 21:50 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{CECD5200-C500-462F-A56A-2F1A3B2453E2}
2012-04-18 21:50 - 2012-04-18 21:50 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{2D945569-CEE2-48C6-957E-A8A63DB8C727}
2012-04-18 21:47 - 2012-04-18 21:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DA15B781-7E56-4EB5-8676-67C55B5851B8}
2012-04-18 04:39 - 2012-04-18 04:39 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{58E86136-B477-4D55-9ADA-71C44D77BC60}
2012-04-18 04:39 - 2012-04-18 04:39 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{4629C8C9-40D3-4977-AF98-899AA07A6F7C}
2012-04-17 01:09 - 2012-04-17 01:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DB66670E-D6F7-493A-9CA2-41B25F055F21}
2012-04-17 01:09 - 2012-04-17 01:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{9546F637-DDCF-42F2-BC85-2B767BE2E42A}

============ 3 Months Modified Files and Folders =============

2012-05-16 00:36 - 2012-05-16 00:35 - 0000000 ____D C:\FRST
2012-05-15 23:27 - 2012-05-15 06:09 - 0000000 ____D C:\Users\kyoshiro\Desktop\first kiss outpit
2012-05-15 23:27 - 2012-05-14 22:48 - 0000000 ___SD C:\ComboFix
2012-05-15 23:27 - 2012-05-14 22:48 - 0000000 ____D C:\Windows\ERDNT
2012-05-15 23:27 - 2012-05-13 09:02 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-15 23:27 - 2012-04-24 04:23 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-15 23:27 - 2012-04-09 03:35 - 0000000 ____D C:\Users\All Users\windows-updater
2012-05-15 23:27 - 2012-04-09 03:35 - 0000000 ____D C:\ProgramData\windows-updater
2012-05-15 23:27 - 2012-04-02 05:26 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-05-15 23:27 - 2012-04-02 05:26 - 0000000 ____D C:\ProgramData\FLEXnet
2012-05-15 23:27 - 2012-03-29 10:19 - 0000000 ____D C:\Program Files (x86)\Incredibar.com
2012-05-15 23:27 - 2011-11-21 12:25 - 0000000 ____D C:\Program Files (x86)\VisualSubSync
2012-05-15 23:27 - 2011-11-21 12:08 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-05-15 23:27 - 2011-11-21 12:08 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-05-15 23:27 - 2011-11-21 12:08 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-05-15 23:27 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-05-15 23:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-15 23:26 - 2011-11-21 11:50 - 0000000 ____D C:\ATI
2012-05-15 23:26 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-15 09:25 - 2012-05-13 05:10 - 0007601 ____A C:\Users\kyoshiro\AppData\Local\Resmon.ResmonCfg
2012-05-15 09:25 - 2011-11-21 12:03 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\DMCache
2012-05-15 08:52 - 2011-11-21 11:51 - 0000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000UA.job
2012-05-15 08:43 - 2011-11-21 20:35 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Windows Live
2012-05-15 08:42 - 2012-05-15 08:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7FD2DE18-DF1C-4E12-8DDC-90377FDED847}
2012-05-15 08:42 - 2012-05-15 08:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0F0A0076-8358-4C3E-BB1A-C4406A43E8AE}
2012-05-15 08:41 - 2011-11-21 21:20 - 0000000 ____D C:\Users\kyoshiro\Tracing
2012-05-15 08:40 - 2012-04-07 11:52 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-15 08:39 - 2011-11-22 02:19 - 2146787328 __ASH C:\hiberfil.sys
2012-05-15 08:39 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-15 08:39 - 2009-07-13 20:51 - 0035294 ____A C:\Windows\setupact.log
2012-05-15 08:37 - 2011-11-22 02:22 - 2061314 ____A C:\Windows\WindowsUpdate.log
2012-05-15 08:37 - 2009-07-13 21:08 - 0028148 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-15 08:37 - 2009-07-13 20:45 - 0021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-15 08:37 - 2009-07-13 20:45 - 0021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-15 08:34 - 2012-05-15 08:34 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{5B3ED9E3-B265-49B3-818B-4B64E729A8A0}
2012-05-15 08:34 - 2012-05-15 08:34 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{5627003B-0EAF-41F5-8BB0-A700B5F4DC4A}
2012-05-15 08:32 - 2012-05-15 08:32 - 0000000 ____D C:\Windows\system64
2012-05-15 08:32 - 2011-11-21 11:32 - 0000000 ____D C:\users\kyoshiro
2012-05-15 08:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-15 08:17 - 2012-05-15 08:17 - 0000276 ____A C:\Users\kyoshiro\Desktop\QWE.txt
2012-05-15 08:12 - 2012-05-14 23:23 - 0023172 ____A C:\Users\kyoshiro\Desktop\ComboFix.txt
2012-05-15 08:12 - 2012-05-14 22:46 - 0000000 ___AD C:\Qoobox
2012-05-15 08:05 - 2009-07-13 18:34 - 53620736 ____A C:\Windows\System32\config\software.bak
2012-05-15 08:05 - 2009-07-13 18:34 - 15466496 ____A C:\Windows\System32\config\system.bak
2012-05-15 08:05 - 2009-07-13 18:34 - 0245760 ____A C:\Windows\System32\config\default.bak
2012-05-15 08:05 - 2009-07-13 18:34 - 0061440 ____A C:\Windows\System32\config\sam.bak
2012-05-15 08:05 - 2009-07-13 18:34 - 0024576 ____A C:\Windows\System32\config\security.bak
2012-05-15 07:21 - 2012-05-15 07:13 - 0000000 ____D C:\Users\kyoshiro\Desktop\output first kiss
2012-05-15 06:03 - 2012-05-15 06:03 - 0000000 ____D C:\Users\kyoshiro\Desktop\fi
2012-05-15 06:01 - 2012-05-15 06:01 - 1036856 ____A C:\Users\kyoshiro\Desktop\menu over f.BMP
2012-05-15 06:01 - 2012-05-15 06:01 - 1036856 ____A C:\Users\kyoshiro\Desktop\menu f.BMP
2012-05-15 05:24 - 2012-05-15 05:24 - 0069872 ____A C:\Users\kyoshiro\Desktop\36893d220b8c075a252d82aab9f690411327685609_full.jpg
2012-05-15 05:20 - 2012-05-15 05:20 - 0087785 ____A C:\Users\kyoshiro\Desktop\db17fe983f6d3ee1677df072ed8dc652.jpg
2012-05-15 05:19 - 2012-05-15 05:19 - 0022315 ____A C:\Users\kyoshiro\Desktop\thumb.jpg
2012-05-15 05:16 - 2012-05-15 05:16 - 0064653 ____A C:\Users\kyoshiro\Desktop\news_20120118204121_10.jpg
2012-05-15 04:13 - 2012-05-15 04:13 - 0028866 ____A C:\Users\kyoshiro\Desktop\DDS.txt
2012-05-15 04:13 - 2012-05-15 04:13 - 0012063 ____A C:\Users\kyoshiro\Desktop\Attach.txt
2012-05-15 04:11 - 2012-05-15 04:10 - 0000042 ____A C:\Users\kyoshiro\Desktop\AAA.txt
2012-05-15 04:07 - 2012-05-15 04:07 - 0000749 ____A C:\Users\kyoshiro\Desktop\checkup.txt
2012-05-15 04:04 - 2012-05-15 04:04 - 0000510 ____A C:\Users\kyoshiro\Desktop\defogger_disable.log
2012-05-15 04:04 - 2012-05-15 04:04 - 0000020 ____A C:\Users\kyoshiro\defogger_reenable
2012-05-15 04:00 - 2012-05-15 04:02 - 0001476 ____A C:\Users\kyoshiro\Desktop\test.txt
2012-05-15 03:45 - 2012-05-15 03:45 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-15 03:45 - 2012-05-15 03:45 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-14 23:03 - 2012-05-14 23:03 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-14 22:20 - 2010-11-20 19:47 - 0638594 ____A C:\Windows\PFRO.log
2012-05-14 21:55 - 2012-05-14 22:48 - 4563514 ___RA (Swearware) C:\Users\kyoshiro\Desktop\ComboFix.exe
2012-05-14 21:13 - 2012-04-02 06:10 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-14 15:49 - 2012-05-14 15:49 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{988F7AE9-EB73-4061-B19E-12012DE677F2}
2012-05-14 15:49 - 2012-05-14 03:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{22578676-F2F6-4527-8591-F9732ECA04BB}
2012-05-14 09:09 - 2012-05-14 09:09 - 0578616 ____A C:\Users\kyoshiro\Downloads\Auindo Hack V.6080 Emotion Skip.7z
2012-05-14 08:58 - 2012-05-14 08:58 - 0000000 ____D C:\Users\kyoshiro\Downloads\auto story free 6076
2012-05-14 08:58 - 2012-05-14 08:58 - 0000000 ____D C:\Users\kyoshiro\Desktop\auto story free 6076
2012-05-14 06:45 - 2012-05-14 04:27 - 0000000 ____D C:\Users\kyoshiro\Desktop\el gringo
2012-05-14 05:52 - 2011-11-21 11:51 - 0000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000Core.job
2012-05-14 04:51 - 2012-05-14 04:51 - 0003072 ____A C:\Users\kyoshiro\Desktop\asdasd.srt
2012-05-14 04:46 - 2012-05-14 04:43 - 0000000 ____D C:\Users\kyoshiro\Desktop\el
2012-05-14 03:48 - 2012-05-14 03:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6670FE2A-0316-4E97-AAFD-77128C28A5B1}
2012-05-14 01:51 - 2012-04-09 13:16 - 0000000 ____D C:\Users\All Users\IBUpdaterService
2012-05-14 01:51 - 2012-04-09 13:16 - 0000000 ____D C:\ProgramData\IBUpdaterService
2012-05-14 01:51 - 2012-04-09 04:51 - 0000000 ____D C:\Program Files\CCleaner
2012-05-14 01:51 - 2011-11-25 08:32 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-05-14 01:51 - 2011-11-22 01:46 - 0000000 ____D C:\Program Files\Shark007
2012-05-14 01:51 - 2011-11-21 22:04 - 0000000 ____D C:\Program Files\ffdshow
2012-05-14 01:51 - 2011-11-21 20:38 - 0000000 ____D C:\Program Files\Maestro2915a
2012-05-14 01:51 - 2011-11-21 12:02 - 0000000 ____D C:\Program Files\WinRAR
2012-05-14 01:51 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-14 01:50 - 2012-05-13 09:02 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-14 01:50 - 2012-05-13 09:02 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-14 01:39 - 2012-05-14 01:39 - 0275512 ____A C:\Windows\Minidump\051412-20326-01.dmp
2012-05-14 01:39 - 2011-11-22 00:54 - 0000000 ____D C:\Windows\Minidump
2012-05-13 22:37 - 2010-11-20 23:16 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-13 15:48 - 2012-05-13 15:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C4804B5A-2573-49A3-9BCA-69ACCBF9F5FA}
2012-05-13 15:47 - 2012-05-13 15:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{B3B1BD9C-A908-4BC7-88C4-3BED5DE9968E}
2012-05-13 15:46 - 2011-12-03 06:37 - 0002585 ____A C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
2012-05-13 15:46 - 2011-12-03 06:37 - 0000000 ____D C:\Program Files\UltraMon
2012-05-13 15:37 - 2012-05-13 15:37 - 0272239 ____A C:\Users\kyoshiro\Downloads\Autostoryv.6080.rar
2012-05-13 14:39 - 2012-05-13 14:39 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-13 14:39 - 2012-05-13 14:37 - 0128400 ____A C:\TDSSKiller.2.7.34.0_14.05.2012_05.37.59_log.txt
2012-05-13 14:37 - 2012-05-13 14:37 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\kyoshiro\Desktop\tdsskiller.exe
2012-05-13 14:06 - 2012-05-13 11:00 - 0029412 ____A C:\teknft.pif
2012-05-13 13:52 - 2009-07-13 18:34 - 0000256 ____A C:\Windows\system.ini
2012-05-13 13:47 - 2012-05-13 13:47 - 0164134 ____A C:\Users\kyoshiro\Desktop\salitykiller.zip
2012-05-13 13:45 - 2012-05-13 13:45 - 0460309 ____A C:\Users\kyoshiro\Desktop\Win32SalityRemover.rar
2012-05-13 12:29 - 2012-05-13 12:29 - 0053989 ____A C:\Users\kyoshiro\Desktop\uuuuuuuuuuuuuuuuuuu.srt
2012-05-13 11:31 - 2011-11-22 06:49 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\ElevatedDiagnostics
2012-05-13 09:36 - 2012-05-13 09:36 - 0000000 ____D C:\Program Files\Symantec
2012-05-13 09:19 - 2012-05-13 09:19 - 0000000 ____D C:\Windows\System32\Drivers\SEP
2012-05-13 09:10 - 2011-11-26 11:14 - 0000000 ____D C:\Program Files (x86)\vShare.tv plugin
2012-05-13 09:02 - 2012-05-13 09:02 - 0044887 ____A C:\Users\kyoshiro\Desktop\22222.srt
2012-05-13 09:02 - 2012-05-13 09:02 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-13 09:02 - 2012-05-13 09:02 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\Malwarebytes
2012-05-13 08:58 - 2012-05-13 09:02 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\kyoshiro\Desktop\mbam-setup-1.61.0.1400.exe
2012-05-13 08:57 - 2012-05-13 09:02 - 0000644 ____A C:\Users\kyoshiro\Desktop\xxx.txt
2012-05-13 08:18 - 2012-05-13 08:18 - 0033574 ____A C:\Users\kyoshiro\Desktop\Dark.Shadows.srt
2012-05-13 06:52 - 2012-05-13 06:52 - 0000000 ___HD C:\Windows\PIF
2012-05-13 06:50 - 2012-05-13 06:50 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Symantec
2012-05-13 06:48 - 2012-05-13 06:48 - 0000000 ____D C:\Users\All Users\Symantec
2012-05-13 06:48 - 2012-05-13 06:48 - 0000000 ____D C:\ProgramData\Symantec
2012-05-13 06:48 - 2012-05-13 06:48 - 0000000 ____D C:\Program Files (x86)\Symantec
2012-05-13 06:47 - 2012-05-13 06:47 - 0000000 ____D C:\Users\kyoshiro\Desktop\SEP 12.1.601.4699 x64
2012-05-13 06:46 - 2012-05-13 06:46 - 0023854 ____A C:\Users\kyoshiro\Desktop\timing2.srt
2012-05-13 05:57 - 2012-05-13 05:57 - 0010894 ____A C:\Users\kyoshiro\Desktop\TIMING.srt
2012-05-13 05:13 - 2012-05-13 04:45 - 0000000 ____D C:\Users\kyoshiro\Desktop\dark shadow
2012-05-13 04:47 - 2012-04-08 12:04 - 0003598 ____A C:\Users\kyoshiro\AppData\Local\00000000-0000-0000-0000-000000000000.txt
2012-05-13 03:19 - 2012-05-13 03:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E2FE31DE-63F1-455E-9747-FF5DB1979E9C}
2012-05-13 03:19 - 2012-05-13 03:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{4DBAAFE4-AD78-4C69-B2BD-BD3F4CC59E69}
2012-05-12 11:28 - 2012-05-15 08:07 - 0000305 _RASH C:\autorun.inf
2012-05-12 11:17 - 2012-05-12 11:17 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{EF245806-F554-4B52-A5CA-D654C41670E8}
2012-05-12 11:17 - 2012-05-12 11:17 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{68FFB4D9-986A-4B87-BE7A-C4C036031A35}
2012-05-12 10:24 - 2012-04-08 00:22 - 0000436 ____A C:\Windows\Tasks\At1.job
2012-05-11 21:13 - 2012-05-11 21:13 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{965FEC84-F5F8-4911-8CD9-F21E04350809}
2012-05-11 21:13 - 2012-05-11 21:13 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7FF098DA-D9F2-4058-BDE1-0A65B1AE0313}
2012-05-11 13:56 - 2012-05-11 13:56 - 1036856 ____A C:\Users\kyoshiro\Desktop\wwkwk.BMP
2012-05-11 09:42 - 2012-05-11 09:42 - 0021310 ____A C:\Users\kyoshiro\Desktop\aaaa.jpg
2012-05-10 09:00 - 2012-04-27 12:33 - 0000000 ____D C:\Users\kyoshiro\Desktop\ga penting
2012-05-09 21:57 - 2012-05-09 21:57 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6CC98E16-D653-426A-A44C-93EF17C2F508}
2012-05-09 21:57 - 2012-05-09 21:57 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0DAF6367-0165-4723-85A0-A14C79FCB1F9}
2012-05-09 13:54 - 2012-05-09 13:54 - 0000635 ____A C:\Users\kyoshiro\Desktop\AutoStory6S_2.rar - Shortcut.lnk
2012-05-09 13:45 - 2011-11-21 12:03 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\IDM
2012-05-09 11:03 - 2012-05-09 11:02 - 0000000 ____D C:\Users\kyoshiro\Desktop\cheat audi
2012-05-09 09:15 - 2012-05-09 09:15 - 1036856 ____A C:\Users\kyoshiro\Desktop\menu over.BMP
2012-05-09 08:40 - 2012-05-09 08:12 - 0000000 ____D C:\Users\kyoshiro\Desktop\introduc menu
2012-05-09 08:25 - 2012-05-09 08:24 - 0000000 ____D C:\Users\kyoshiro\Desktop\aa
2012-05-09 08:14 - 2012-05-09 08:14 - 0992365 ____A C:\Users\kyoshiro\Desktop\fullsizephoto218031.jpg
2012-05-09 08:14 - 2012-05-09 08:14 - 0503384 ____A C:\Users\kyoshiro\Desktop\fullsizephoto218040.jpg
2012-05-09 07:22 - 2012-05-09 07:23 - 2272240 ____A C:\Users\kyoshiro\Desktop\201222915434.jpg
2012-05-09 07:04 - 2012-05-09 07:04 - 0000000 ____D C:\Users\kyoshiro\Desktop\a
2012-05-09 07:03 - 2012-05-09 04:49 - 0000000 ____D C:\Users\kyoshiro\Desktop\introduction
2012-05-08 19:52 - 2012-05-08 19:51 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{39AF820B-9166-468D-A36F-8FEADBB3A6F6}
2012-05-08 19:51 - 2012-05-08 19:51 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0DD9D985-1B87-41BD-A7B6-AAECF26498BF}
2012-05-08 08:44 - 2012-05-08 08:44 - 0000000 ____D C:\Users\kyoshiro\Desktop\RIKO
2012-05-08 07:51 - 2012-05-08 07:51 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E1ADD5F3-131B-4FB3-A093-255AD60BD147}
2012-05-08 07:51 - 2012-05-08 07:50 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{EA38257B-C917-4E71-B259-C978630E4A26}
2012-05-07 18:40 - 2012-05-03 05:39 - 0000000 ____D C:\Users\kyoshiro\Desktop\menu sering di pake
2012-05-07 17:46 - 2012-04-26 06:19 - 0000000 ____D C:\Users\kyoshiro\Desktop\menuu
2012-05-07 17:42 - 2012-05-07 17:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C860C46C-9070-4F72-94E1-135B08397C0D}
2012-05-07 17:42 - 2012-05-07 17:42 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{48CCCE68-A5EC-45A5-B2E5-6444C861FE22}
2012-05-07 17:41 - 2012-05-07 17:41 - 0000000 ____D C:\Windows\en
2012-05-07 17:39 - 2011-11-21 20:43 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-05-07 17:39 - 2011-11-21 20:41 - 0000000 ____D C:\Program Files\Windows Live
2012-05-07 17:38 - 2011-11-21 20:37 - 0028500 ____A C:\Windows\DirectX.log
2012-05-07 17:35 - 2012-05-07 17:35 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{B0D210FF-499D-4AE3-85CE-D73722942A34}
2012-05-07 17:35 - 2012-05-07 17:35 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6430BE2F-C1C6-4D51-B9D8-2E0EBB7642D1}
2012-05-07 08:25 - 2012-05-07 08:25 - 1876856 ____A C:\Users\kyoshiro\Desktop\pimi.BMP
2012-05-07 00:10 - 2012-04-30 00:28 - 0000000 ____D C:\Users\kyoshiro\Desktop\outpost
2012-05-06 23:30 - 2012-04-09 04:51 - 0000866 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-06 23:30 - 2011-11-21 12:02 - 0000979 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-05-06 22:06 - 2012-05-06 22:07 - 0727856 ____A C:\Users\kyoshiro\Desktop\21-NOB~1.PNG
2012-05-06 02:31 - 2012-05-06 02:31 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{A8F6E1B9-B10F-4D47-A291-9B563582EB3D}
2012-05-06 02:31 - 2012-05-06 02:31 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7847F70D-4E8C-48A8-9262-F196DCD2D077}
2012-05-05 15:59 - 2012-05-05 15:59 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{F17F9E57-E061-4402-8ED6-1689FB783908}
2012-05-05 15:59 - 2012-05-05 15:59 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{312062BF-6AC1-409E-84D5-452EEAC6BF93}
2012-05-05 00:39 - 2012-05-05 00:25 - 0000000 ____D C:\Users\kyoshiro\Desktop\output
2012-05-05 00:28 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-05 00:10 - 2012-05-05 00:10 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{CDBCDF90-2CD2-4966-B6D0-B99DB049417D}
2012-05-05 00:10 - 2012-05-05 00:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{1882F343-9D6F-48E3-B643-792E5E8B11AE}
2012-05-04 18:13 - 2012-04-02 06:23 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 18:13 - 2012-04-02 06:10 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 18:13 - 2011-11-21 12:09 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 07:05 - 2012-05-04 07:05 - 0000853 ____A C:\Users\kyoshiro\Desktop\patcher.exe - Shortcut.lnk
2012-05-04 07:04 - 2012-05-04 00:14 - 0000021 ____A C:\Users\kyoshiro\Desktop\Config.ini
2012-05-04 05:29 - 2012-05-04 05:29 - 0391437 ____A C:\Users\kyoshiro\Desktop\fiuiit~.JPG
2012-05-03 21:19 - 2012-05-03 21:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{D54B0E33-1B00-4523-815D-2119CCF2264E}
2012-05-03 21:19 - 2012-05-03 21:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7FBE7413-AC7C-4171-8B27-CC1868EE7424}
2012-05-03 08:33 - 2012-04-07 11:01 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Facebook
2012-05-03 05:52 - 2011-11-21 11:37 - 0001447 ____A C:\Users\kyoshiro\Desktop\Internet Explorer.lnk
2012-05-03 05:51 - 2012-05-03 05:51 - 0002486 ____A C:\Users\kyoshiro\Desktop\Windows Live Messenger.lnk
2012-05-03 05:50 - 2012-05-03 05:50 - 0001997 ____A C:\Users\kyoshiro\Desktop\VisualSubSync.lnk
2012-05-03 05:48 - 2012-05-03 05:48 - 0001994 ____A C:\Users\kyoshiro\Desktop\DVD Decrypter.lnk
2012-05-03 05:48 - 2012-05-03 05:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{1FD089AD-4E56-4A72-B8D0-A91B3502E90E}
2012-05-03 05:48 - 2012-05-03 05:48 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{16D50047-3141-4106-A978-A62C61A44242}
2012-05-03 03:40 - 2012-05-03 03:40 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{3E8A47CB-09F5-4F6B-BC40-D1DC092D4E8B}
2012-05-03 03:40 - 2012-05-03 03:39 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{74E3AB3C-BE97-49A5-97E9-BD2A5B6A0D2F}
2012-05-02 14:09 - 2012-05-02 14:07 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Microsoft Games
2012-05-01 22:40 - 2012-05-01 22:40 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{CEC6980A-E195-4C24-BD21-512D076A4056}
2012-05-01 22:40 - 2012-05-01 22:40 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0B966ACD-93AE-4365-9ED1-15B808EB9F01}
2012-05-01 13:37 - 2012-05-01 13:37 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{32A970AF-0B3C-427E-B7CD-E7424E11BC56}
2012-05-01 13:37 - 2012-05-01 13:36 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0E183EFA-EDC8-4C5B-957A-E89E38886C04}
2012-05-01 13:33 - 2012-05-01 13:33 - 0007673 ____A C:\Windows\uedit32.INI
2012-05-01 12:41 - 2012-04-22 13:58 - 0000000 ____D C:\Users\All Users\InstallMate
2012-05-01 12:41 - 2012-04-22 13:58 - 0000000 ____D C:\ProgramData\InstallMate
2012-05-01 12:41 - 2012-03-29 10:19 - 0001580 ____A C:\user.js
2012-05-01 12:39 - 2012-04-22 13:58 - 0000000 ____D C:\Program Files (x86)\wxDownload Fast
2012-05-01 01:25 - 2012-05-01 01:25 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DF3C47EE-9171-4615-A5B9-0B9FC1358186}
2012-05-01 01:25 - 2012-05-01 01:24 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{85AFAA00-D92C-44CF-B4C1-BE2D28D819D5}
2012-04-30 12:19 - 2012-04-30 12:19 - 0060805 ____A C:\Users\kyoshiro\Desktop\jump ENG 1.srt
2012-04-30 08:01 - 2012-04-30 06:48 - 0000000 ____D C:\Users\kyoshiro\Desktop\21 jump street
2012-04-30 00:27 - 2012-04-30 00:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C9C65F58-360F-4118-B117-B111F360CBEC}
2012-04-30 00:26 - 2012-04-30 00:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{A6CE56E7-3466-4421-B898-FC1F17DF4692}
2012-04-29 15:18 - 2012-04-29 15:18 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E895904F-9D58-4D4C-83CA-5E3B6FA4BCF6}
2012-04-29 15:18 - 2012-04-29 15:18 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DFAF9600-A393-46F7-B28E-C0F30226460E}
2012-04-28 18:29 - 2012-04-28 18:29 - 0000000 ____A C:\Windows\System32\lame_acm.xml
2012-04-28 08:00 - 2012-04-28 08:00 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C6500654-9B92-440F-B36C-D10B4240DF89}
2012-04-28 06:45 - 2012-04-28 06:45 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{F8629E66-EFD1-4022-8A3A-69FF8D5C6BEA}
2012-04-28 06:45 - 2012-04-28 06:45 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7B2F771F-40A1-4CA8-AB51-63D38D0C54C5}
2012-04-28 02:09 - 2012-04-28 02:08 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{9ADE7808-38FB-4FF2-898E-D044D268E5AC}
2012-04-28 02:08 - 2012-04-28 02:08 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{FD0DC472-F431-469C-85D4-1052471FF56A}
2012-04-27 22:06 - 2012-04-27 22:06 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{77B36878-E007-4F19-84A4-5563357955AD}
2012-04-27 00:12 - 2012-03-29 10:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\eType
2012-04-27 00:07 - 2012-04-27 00:07 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C5C3F7CA-1400-4D0C-9C80-88667DE29A48}
2012-04-27 00:07 - 2012-04-27 00:06 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{4A04E9C6-AD37-4F40-A2D4-037347F915FE}
2012-04-26 00:00 - 2012-04-26 00:00 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{2E71F76F-6949-4CC6-AE20-418D6373C0AB}
2012-04-26 00:00 - 2012-04-25 23:59 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E6FDD079-02D3-45BA-8A61-4858CE6882BA}
2012-04-25 04:05 - 2012-04-25 04:04 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6F983DD4-D003-46D1-B7F0-E533958C57C0}
2012-04-25 04:04 - 2012-04-25 04:04 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6F872431-78B7-4A8E-A845-8F690C364541}
2012-04-25 02:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-25 02:47 - 2012-04-25 02:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E2231C01-4D5C-4690-AE99-E054C02866C1}
2012-04-24 04:49 - 2012-04-24 04:49 - 0001053 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-24 04:22 - 2012-04-09 05:09 - 0000000 ____D C:\Program Files (x86)\firefox
2012-04-24 00:32 - 2011-11-21 11:32 - 0000000 ____D C:\Users\kyoshiro\AppData\LocalLow
2012-04-23 23:17 - 2012-04-23 23:16 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E5CD4515-8FC5-4672-9FC0-DCDE231C3029}
2012-04-23 23:16 - 2012-04-23 23:16 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{2380F5D8-4619-46D9-BCF0-96D576416C61}
2012-04-23 23:15 - 2012-04-23 23:15 - 0000000 ____D C:\Users\All Users\SweetIM
2012-04-23 23:15 - 2012-04-23 23:15 - 0000000 ____D C:\ProgramData\SweetIM
2012-04-23 23:15 - 2012-04-23 23:15 - 0000000 ____D C:\Program Files (x86)\SweetIM
2012-04-23 02:29 - 2012-04-23 02:29 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{44B5E985-F6A0-4897-892D-C211A73FB8D5}
2012-04-23 02:28 - 2012-04-23 02:28 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{3379B638-C12C-46BA-91D6-FA895FD1D640}
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\All Users\Premium
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Users\All Users\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\ProgramData\Premium
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\ProgramData\Babylon
2012-04-22 13:58 - 2012-04-22 13:58 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-04-21 22:26 - 2012-04-21 22:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{A08A2C88-7266-4E76-9386-9E3836E70A41}
2012-04-21 22:26 - 2012-04-21 22:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{02AECAD8-748F-441B-87D4-32FD9D2A5A20}
2012-04-20 22:06 - 2012-04-20 22:05 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{EC6DA616-B10A-4C3F-889C-B0442EBD73B8}
2012-04-20 22:05 - 2012-04-20 22:05 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{1B662746-969D-480F-ACA1-60D4DD4EC04F}
2012-04-20 01:46 - 2012-04-20 01:45 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{BCCD6DF1-2934-4BD6-A263-04CD247B6BF8}
2012-04-20 01:45 - 2012-04-20 01:45 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{05841FF8-4A6A-49E1-BFB8-A6881E355E88}
2012-04-18 21:50 - 2012-04-18 21:50 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{CECD5200-C500-462F-A56A-2F1A3B2453E2}
2012-04-18 21:50 - 2012-04-18 21:50 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{2D945569-CEE2-48C6-957E-A8A63DB8C727}
2012-04-18 21:47 - 2012-04-18 21:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DA15B781-7E56-4EB5-8676-67C55B5851B8}
2012-04-18 04:39 - 2012-04-18 04:39 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{58E86136-B477-4D55-9ADA-71C44D77BC60}
2012-04-18 04:39 - 2012-04-18 04:39 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{4629C8C9-40D3-4977-AF98-899AA07A6F7C}
2012-04-17 01:09 - 2012-04-17 01:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{DB66670E-D6F7-493A-9CA2-41B25F055F21}
2012-04-17 01:09 - 2012-04-17 01:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{9546F637-DDCF-42F2-BC85-2B767BE2E42A}
2012-04-15 21:03 - 2012-04-15 21:02 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{94C19405-0EA0-4676-992E-442B4045F92F}
2012-04-15 21:02 - 2012-04-15 21:02 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{86059997-9379-4950-BB8B-4F23AFCBF50A}
2012-04-15 00:28 - 2012-04-15 00:28 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E75DE2CF-8139-44C7-BFF8-2EF63B5D2C08}
2012-04-15 00:28 - 2012-04-15 00:27 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{475F5D04-B651-4422-9F90-746D599EF20B}
2012-04-14 03:27 - 2012-04-14 03:27 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7C394DD8-0A47-439F-9570-9112BC471E1E}
2012-04-14 03:27 - 2012-04-14 03:26 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{30B60955-7749-4989-BD0C-16187FC19EA5}
2012-04-14 01:05 - 2012-04-14 01:05 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{58B8B659-9EDC-4390-8AC8-23119A21409A}
2012-04-14 01:04 - 2012-04-14 01:04 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{8BE9FD6C-2F37-4632-A542-009D3E4FC842}
2012-04-13 05:19 - 2012-04-13 05:19 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{4172CFFA-5361-48FF-B380-EB8EAD14BD69}
2012-04-13 05:19 - 2012-04-13 05:18 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{7BE13C2B-A8B5-4B1F-A4C3-AC5CFDF03870}
2012-04-12 21:12 - 2012-04-12 21:11 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{BEFCC63F-E3CB-42EE-9742-119E027804D2}
2012-04-12 02:13 - 2012-04-12 02:13 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{13FB483A-B7AD-486A-B077-1C8186C1CDA9}
2012-04-11 04:10 - 2012-04-11 04:10 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{379C723D-F4BA-4B27-9B83-8B9CB5E298B1}
2012-04-10 14:20 - 2012-04-10 14:20 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{63661F31-A6D0-41CD-A5EC-FDDE7AF953C4}
2012-04-10 00:00 - 2012-04-10 00:00 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\Windows Live Writer
2012-04-10 00:00 - 2012-04-10 00:00 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Windows Live Writer
2012-04-09 23:56 - 2012-04-09 23:56 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{FD5B8402-B1F5-4E90-A60C-AFF4098699F4}
2012-04-09 05:09 - 2012-04-09 05:04 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\Mozilla
2012-04-09 03:35 - 2012-04-09 03:35 - 0369008 ____A (Microsoft) C:\Users\All Users\Start Menu\Programs\Startup\setup.exe
2012-04-09 02:55 - 2012-04-09 02:55 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{53007D2C-479A-4100-87EC-BD867648904B}
2012-04-08 13:44 - 2012-04-08 01:44 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{3DC52837-A1B8-4ECB-B4A3-7D592D49DC35}
2012-04-08 11:43 - 2012-04-08 11:43 - 0000047 ____A C:\Windows\NeroDigital.ini
2012-04-08 00:55 - 2012-04-08 00:55 - 0365824 ____A C:\Windows\SysWOW64\desfaukv.dat
2012-04-08 00:55 - 2012-04-08 00:55 - 0154368 ____A C:\Windows\SysWOW64\qkueokuc.dat
2012-04-08 00:55 - 2012-04-08 00:55 - 0136960 ____A C:\Windows\SysWOW64\bpzjzgxa.dat
2012-04-08 00:55 - 2012-04-08 00:55 - 0058112 ____A C:\Windows\SysWOW64\xlwdmdpn.dat
2012-04-08 00:55 - 2012-04-08 00:55 - 0055040 ____A C:\Windows\SysWOW64\plmiycny.dat
2012-04-08 00:55 - 2012-04-08 00:55 - 0041216 ____A C:\Windows\SysWOW64\obtxoftt.dat
2012-04-08 00:55 - 2012-04-08 00:55 - 0036608 ____A C:\Windows\SysWOW64\jaxfjvia.dat
2012-04-08 00:55 - 2012-04-08 00:55 - 0034048 ____A C:\Windows\SysWOW64\yfqckibk.dat
2012-04-07 13:44 - 2012-04-07 13:43 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{F2659795-27C2-4AE1-A351-1EBE43663114}
2012-04-07 12:37 - 2011-11-22 07:13 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Nero
2012-04-07 01:43 - 2012-04-07 01:43 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{A83EF7F4-7ADF-46B0-BE2C-800E3C15E9A7}
2012-04-06 00:57 - 2012-04-06 00:56 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{EAA2FA9C-EDB8-4C77-BE1C-4E0A9246E5F0}
2012-04-05 11:33 - 2012-04-04 23:32 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{436C029B-49C3-459A-AC01-744530871CD1}
2012-04-05 05:49 - 2011-11-21 12:09 - 0000000 ____D C:\Users\kyoshiro\AppData\Roaming\Adobe
2012-04-04 08:45 - 2011-11-21 12:28 - 0000000 ____D C:\Program Files (x86)\LeechFTP
2012-04-04 00:56 - 2012-05-13 09:02 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 22:48 - 2012-04-03 22:47 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{0EEC9F18-3E22-4FA5-B99A-FA4ED1AD8D7A}
2012-04-03 09:38 - 2012-04-03 09:38 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{C84FC61F-02CA-4789-867F-CE5B1C4029F0}
2012-04-03 02:03 - 2011-11-22 06:30 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\Adobe
2012-04-02 21:37 - 2012-04-02 21:37 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{96AF5B3E-B5F0-441E-BCA8-846E9B6F370F}
2012-04-02 21:36 - 2011-11-21 22:31 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-04-02 21:36 - 2011-11-21 22:31 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2012-04-02 21:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-04-02 09:04 - 2011-11-22 06:30 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-02 09:04 - 2011-11-22 06:30 - 0000000 ____D C:\ProgramData\Adobe
2012-04-02 09:01 - 2012-04-02 09:01 - 0000000 ____D C:\Users\kyoshiro\Documents\Version Cue
2012-04-02 09:01 - 2012-04-02 09:01 - 0000000 ____D C:\Users\kyoshiro\Documents\AdobeStockPhotos
2012-04-02 05:25 - 2012-04-02 05:25 - 0001143 ____A C:\Users\kyoshiro\Desktop\Adobe Photoshop CS3.lnk
2012-04-02 05:24 - 2011-11-21 22:43 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-02 05:08 - 2011-11-21 11:43 - 0069688 ____A C:\Users\kyoshiro\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-02 05:07 - 2009-07-13 20:45 - 5117344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-02 05:01 - 2012-04-02 05:01 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-04-02 05:00 - 2012-04-02 05:00 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-02 04:44 - 2012-04-02 04:44 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{E00C74AE-76CE-4C46-B749-8DD94DF3AD9D}
2012-04-01 12:53 - 2012-04-01 00:53 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{8A3867BB-093B-4BE3-8F71-549EF45E82F7}
2012-03-30 22:47 - 2011-11-21 12:20 - 0000996 ____A C:\Users\kyoshiro\AppData\Roaming\DVDSubEdit.ini
2012-03-30 22:40 - 2011-11-21 21:07 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-03-30 22:40 - 2011-11-21 21:07 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-03-30 22:39 - 2012-03-30 22:39 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{F0A4FA2B-F3A8-4EAD-87E9-B62D92CC803A}
2012-03-30 22:37 - 2012-03-30 22:37 - 0275512 ____A C:\Windows\Minidump\033112-21964-01.dmp
2012-03-29 05:31 - 2012-03-29 05:31 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{6E02ED9B-13C2-47E1-9ADF-6EE61D8910A5}
2012-03-27 22:58 - 2012-03-27 22:55 - 0000000 ____D C:\Users\kyoshiro\Downloads\download
2012-03-27 22:36 - 2012-03-27 22:36 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{3E1BB2A6-C6CD-48C1-983B-EE0F84035F42}
2012-03-27 22:36 - 2012-03-27 22:33 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{61DFC98D-CDC6-43E2-98ED-ADAB4F20828B}
2012-03-26 19:31 - 2012-03-26 19:31 - 0000000 ____D C:\Users\kyoshiro\AppData\Local\{5C19A994-7776-4D44-8B47-52A0630C377E}
2012-03-15 07:12 - 2012-03-15 07:12 - 0000510 ____A C:\settings.ini
2012-03-08 03:50 - 2012-03-08 03:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 03:40 - 2012-05-07 17:39 - 0048488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-03-08 03:37 - 2012-03-08 03:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 8191.12 MB
Available physical RAM: 7458.59 MB
Total Pagefile: 8189.32 MB
Available Pagefile: 7454.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:74.53 GB) (Free:17.72 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive e: () (Removable) (Total:1.86 GB) (Free:0.43 GB) FAT
5 Drive f: (KYO) (Fixed) (Total:1863.01 GB) (Free:668.78 GB) NTFS
6 Drive g: (FLASH DRIVE) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 0 B
Disk 1 Online 1910 MB 0 B
Disk 2 Online 1863 GB 1024 KB
Disk 3 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 74 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 64 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 1909 MB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KYO NTFS Partition 1863 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FLASH DRIVE FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-09 00:56

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 15 May 2012 - 01:03 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 earthlinksafeconnectagent; C:\Windows\System32\ozoneinstallerservice.dll [6656 2009-07-13] (Oak Technology Inc.)
2 fdnqrsrq; C:\Windows\system32\meqbcoke.dll [x]
C:\Windows\system32\meqbcoke.dll
C:\Windows\System32\ozoneinstallerservice.dll
NETSVC: earthlinksafeconnectagent
NETSVCx32: fdnqrsrq
CMD: Del /q C:\Windows\Tasks\At*.job

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 m0x

m0x
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 May 2012 - 01:13 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 13-05-2012
Ran by SYSTEM at 2012-05-16 01:12:12 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
earthlinksafeconnectagent service deleted successfully.
fdnqrsrq service deleted successfully.
C:\Windows\system32\meqbcoke.dll not found.
C:\Windows\System32\ozoneinstallerservice.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs earthlinksafeconnectagent Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs fdnqrsrq Deleted successfully.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 15 May 2012 - 06:50 PM

please rerun combofix for me now and let me know if you had to do a restore after to boot up


gribngo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 m0x

m0x
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 16 May 2012 - 06:44 AM

No need system restore, I can booting normally.

Log :

ComboFix 12-05-16.01 - kyoshiro 05/16/2012 18:08:31.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6567 [GMT 7:00]
Running from: c:\users\kyoshiro\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\teknft.pif
c:\users\kyoshiro\AppData\Roaming\inst.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWOW64\MSMAsk32.ocx
E:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 11:14 . 2012-05-16 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 08:35 . 2012-05-16 08:37 -------- d-----w- C:\FRST
2012-05-15 16:32 . 2012-05-15 16:32 -------- d-----we c:\windows\system64
2012-05-13 22:39 . 2012-05-13 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 17:36 . 2012-05-13 17:36 -------- d-----w- c:\program files\Symantec
2012-05-13 17:19 . 2012-05-13 17:19 -------- d-----w- c:\windows\system32\drivers\SEP
2012-05-13 17:02 . 2012-05-13 17:02 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Malwarebytes
2012-05-13 17:02 . 2012-05-16 07:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-13 17:02 . 2012-04-04 08:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 14:52 . 2012-05-13 14:52 -------- d--h--w- c:\windows\PIF
2012-05-13 14:52 . 2012-05-13 14:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-13 14:50 . 2012-05-13 14:50 -------- d-----w- c:\users\kyoshiro\AppData\Local\Symantec
2012-05-13 14:48 . 2012-05-13 14:48 -------- d-----w- c:\program files (x86)\Symantec
2012-05-08 01:41 . 2012-05-08 01:41 -------- d-----w- c:\windows\en
2012-05-08 01:39 . 2012-03-08 11:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-08 01:36 . 2012-05-08 01:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62916a21cd2cbb02\MeshBetaRemover.exe
2012-05-08 01:36 . 2012-05-08 01:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DSETUP.dll
2012-05-08 01:36 . 2012-05-08 01:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\DXSETUP.exe
2012-05-08 01:36 . 2012-05-08 01:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4de375c1cd2cbb01\dsetup32.dll
2012-05-02 22:07 . 2012-05-02 22:09 -------- d-----w- c:\users\kyoshiro\AppData\Local\Microsoft Games
2012-04-24 07:15 . 2012-04-24 07:15 -------- d-----w- c:\program files (x86)\SweetIM
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Local\Babylon
2012-04-22 21:58 . 2012-04-22 21:58 -------- d-----w- c:\users\kyoshiro\AppData\Roaming\Babylon
2012-04-22 21:58 . 2012-05-01 20:39 -------- d-----w- c:\program files (x86)\wxDownload Fast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 11:18 . 2012-05-16 11:18 103140 --sh--r- C:\tcwm.exe
2012-05-05 02:13 . 2012-04-02 14:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:13 . 2011-11-21 20:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:13 . 2012-04-02 14:23 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:08 . 2012-04-07 20:34 1818744 ----a-w- c:\windows\inf\Romeo Hot Dance.exe
2012-04-09 11:35 . 2012-04-09 11:35 369008 ----a-w- c:\docume~1\ALLUSE~1\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe ERROR(0x00000005)
2012-03-08 11:50 . 2012-03-08 11:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 11:37 . 2012-03-08 11:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 05:27 1330480 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\idman.exe" [2012-05-13 3462552]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [BU]
"Messenger (Yahoo!)"="~c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2012-05-13 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2012-05-13 1406248]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [BU]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2012-05-13 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2012-05-13 50472]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-13 114992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\gupdate.exe" [BU]
.
c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-22 183296]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
setup.exe [2012-4-9 369008]
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-12-3 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/12/03 15:07];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-08-28 05:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-13 20512]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:13]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000Core.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302931829-3210376335-2414099232-1000UA.job
- c:\users\kyoshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 22:07]
.
2012-05-16 c:\windows\Tasks\User_Feed_Synchronization-{5F505AA2-9908-4770-B013-1B3D560D5A8B}.job
- c:\windows\system32\msfeedssync.exe [2010-11-21 03:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-08 19:54 167416 ----a-w- c:\users\kyoshiro\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112472&babsrc=HP_ss&mntrId=a669a153000000000000d85d4cf46189
mStart Page = hxxp://home.sweetim.com/?st=1&crg=4.0002002&barid={500A6904-8DDD-11E1-9226-00248CEAE62B}
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEGetAll.htm
IE: Download with IDM - e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEExt.htm
TCP: DhcpNameServer = 202.162.214.234 8.8.8.8
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,b8,80,8e,17,ac,a5,49,85,88,f5,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):67,44,fc,4b,63,f2,b2,c3,dc,bf,1f,22,6c,2e,c2,e7,19,1f,62,81,b6,
5f,af,eb,0b,d8,88,56,07,7d,50,ef,fa,57,94,3f,04,34,c8,7b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2302931829-3210376335-2414099232-1000_Classes\Wow6432Node\CLSID\{afb4eac5-7efe-4b0a-85d6-be80ad9f499a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000057
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
e:\new folder\IDM.v6.05.8.by.tano1221\Phenom_IDM. v6.06.8\Internet Download Manager v6.06.8\CRACK\IEMonitor.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
c:\progra~2\Yahoo!\Messenger\ymsgr_tray.exe
c:\users\kyoshiro\AppData\Local\Temp\windncxx.exe
.
**************************************************************************
.
Completion time: 2012-05-16 18:25:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 11:25
ComboFix2.txt 2012-05-15 07:21
.
Pre-Run: 18,801,287,168 bytes free
Post-Run: 18,933,325,824 bytes free
.
- - End Of File - - 86D47E26380A5726DB0BF4BFA9D04339

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 16 May 2012 - 02:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 m0x

m0x
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 May 2012 - 04:03 PM

sorry for the late reply.

First I ran tdsskiller, then found no threats, then I change parameter and check 2 additional option,
threats found but all the default option is skip.

I ran awsMBR, you did not instruct me to "fix" after scanning, is that right?

TDSSKILLER :

03:36:08.0382 4716 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
03:36:09.0022 4716 ============================================================
03:36:09.0022 4716 Current date / time: 2012/05/18 03:36:09.0022
03:36:09.0022 4716 SystemInfo:
03:36:09.0022 4716
03:36:09.0022 4716 OS Version: 6.1.7601 ServicePack: 1.0
03:36:09.0022 4716 Product type: Workstation
03:36:09.0022 4716 ComputerName: KYOSHIRO-PC
03:36:09.0022 4716 UserName: kyoshiro
03:36:09.0022 4716 Windows directory: C:\Windows
03:36:09.0022 4716 System windows directory: C:\Windows
03:36:09.0022 4716 Running under WOW64
03:36:09.0022 4716 Processor architecture: Intel x64
03:36:09.0022 4716 Number of processors: 2
03:36:09.0022 4716 Page size: 0x1000
03:36:09.0022 4716 Boot type: Normal boot
03:36:09.0022 4716 ============================================================
03:36:10.0129 4716 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:36:10.0129 4716 Drive \Device\Harddisk1\DR1 - Size: 0x77600000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:36:10.0145 4716 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:36:19.0879 4716 Drive \Device\Harddisk3\DR3 - Size: 0x3BA000000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x799, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:36:19.0895 4716 ============================================================
03:36:19.0895 4716 \Device\Harddisk0\DR0:
03:36:19.0911 4716 MBR partitions:
03:36:19.0911 4716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950F000
03:36:19.0911 4716 \Device\Harddisk1\DR1:
03:36:19.0911 4716 MBR partitions:
03:36:19.0911 4716 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3BAF7F
03:36:19.0911 4716 \Device\Harddisk2\DR2:
03:36:19.0911 4716 MBR partitions:
03:36:19.0911 4716 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
03:36:19.0911 4716 \Device\Harddisk3\DR3:
03:36:19.0911 4716 MBR partitions:
03:36:19.0911 4716 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DCE080
03:36:19.0911 4716 ============================================================
03:36:19.0942 4716 C: <-> \Device\Harddisk0\DR0\Partition0
03:36:19.0957 4716 E: <-> \Device\Harddisk2\DR2\Partition0
03:36:19.0957 4716 ============================================================
03:36:19.0957 4716 Initialize success
03:36:19.0957 4716 ============================================================
03:36:22.0469 4752 ============================================================
03:36:22.0469 4752 Scan started
03:36:22.0469 4752 Mode: Manual;
03:36:22.0469 4752 ============================================================
03:36:23.0312 4752 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
03:36:23.0327 4752 1394ohci - ok
03:36:23.0358 4752 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
03:36:23.0374 4752 ACPI - ok
03:36:23.0421 4752 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
03:36:23.0421 4752 AcpiPmi - ok
03:36:23.0561 4752 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:36:23.0561 4752 AdobeFlashPlayerUpdateSvc - ok
03:36:23.0624 4752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
03:36:23.0639 4752 adp94xx - ok
03:36:23.0717 4752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
03:36:23.0733 4752 adpahci - ok
03:36:23.0764 4752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
03:36:23.0780 4752 adpu320 - ok
03:36:23.0811 4752 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:36:23.0811 4752 AeLookupSvc - ok
03:36:23.0889 4752 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
03:36:23.0904 4752 AFD - ok
03:36:23.0951 4752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
03:36:23.0951 4752 agp440 - ok
03:36:23.0998 4752 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:36:23.0998 4752 ALG - ok
03:36:24.0014 4752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
03:36:24.0014 4752 aliide - ok
03:36:24.0092 4752 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
03:36:24.0092 4752 AMD External Events Utility - ok
03:36:24.0123 4752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
03:36:24.0123 4752 amdide - ok
03:36:24.0154 4752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
03:36:24.0154 4752 AmdK8 - ok
03:36:24.0575 4752 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:36:24.0809 4752 amdkmdag - ok
03:36:24.0965 4752 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
03:36:24.0965 4752 amdkmdap - ok
03:36:24.0996 4752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
03:36:24.0996 4752 AmdPPM - ok
03:36:25.0043 4752 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
03:36:25.0059 4752 amdsata - ok
03:36:25.0090 4752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
03:36:25.0106 4752 amdsbs - ok
03:36:25.0168 4752 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
03:36:25.0168 4752 amdxata - ok
03:36:25.0215 4752 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
03:36:25.0215 4752 AppID - ok
03:36:25.0230 4752 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:36:25.0230 4752 AppIDSvc - ok
03:36:25.0262 4752 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
03:36:25.0262 4752 Appinfo - ok
03:36:25.0308 4752 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
03:36:25.0324 4752 AppMgmt - ok
03:36:25.0355 4752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
03:36:25.0371 4752 arc - ok
03:36:25.0402 4752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
03:36:25.0418 4752 arcsas - ok
03:36:25.0433 4752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:36:25.0449 4752 AsyncMac - ok
03:36:25.0511 4752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
03:36:25.0511 4752 atapi - ok
03:36:25.0808 4752 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
03:36:25.0854 4752 athr - ok
03:36:26.0026 4752 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
03:36:26.0026 4752 AtiHDAudioService - ok
03:36:26.0088 4752 AtiHdmiService (71a05d829483380de8d00f73e440d18a) C:\Windows\system32\drivers\AtiHdmi.sys
03:36:26.0104 4752 AtiHdmiService - ok
03:36:26.0510 4752 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:36:26.0556 4752 atikmdag - ok
03:36:26.0744 4752 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:36:26.0759 4752 AudioEndpointBuilder - ok
03:36:26.0775 4752 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:36:26.0775 4752 AudioSrv - ok
03:36:26.0806 4752 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
03:36:26.0822 4752 AxInstSV - ok
03:36:26.0900 4752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
03:36:26.0915 4752 b06bdrv - ok
03:36:26.0962 4752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:36:26.0978 4752 b57nd60a - ok
03:36:27.0056 4752 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
03:36:27.0071 4752 BBSvc - ok
03:36:27.0102 4752 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:36:27.0118 4752 BDESVC - ok
03:36:27.0149 4752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:36:27.0149 4752 Beep - ok
03:36:27.0227 4752 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
03:36:27.0243 4752 BFE - ok
03:36:27.0290 4752 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
03:36:27.0321 4752 BITS - ok
03:36:27.0383 4752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:36:27.0383 4752 blbdrive - ok
03:36:27.0461 4752 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
03:36:27.0461 4752 Bonjour Service - ok
03:36:27.0539 4752 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
03:36:27.0539 4752 bowser - ok
03:36:27.0570 4752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
03:36:27.0570 4752 BrFiltLo - ok
03:36:27.0617 4752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
03:36:27.0617 4752 BrFiltUp - ok
03:36:27.0664 4752 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:36:27.0680 4752 BridgeMP - ok
03:36:27.0711 4752 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
03:36:27.0726 4752 Browser - ok
03:36:27.0742 4752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:36:27.0758 4752 Brserid - ok
03:36:27.0773 4752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:36:27.0789 4752 BrSerWdm - ok
03:36:27.0789 4752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:36:27.0789 4752 BrUsbMdm - ok
03:36:27.0789 4752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:36:27.0804 4752 BrUsbSer - ok
03:36:27.0820 4752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
03:36:27.0820 4752 BTHMODEM - ok
03:36:27.0851 4752 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:36:27.0867 4752 bthserv - ok
03:36:27.0882 4752 catchme - ok
03:36:27.0929 4752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:36:27.0929 4752 cdfs - ok
03:36:27.0976 4752 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
03:36:27.0992 4752 cdrom - ok
03:36:28.0023 4752 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:36:28.0038 4752 CertPropSvc - ok
03:36:28.0054 4752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
03:36:28.0054 4752 circlass - ok
03:36:28.0101 4752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:36:28.0116 4752 CLFS - ok
03:36:28.0179 4752 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:36:28.0179 4752 clr_optimization_v2.0.50727_32 - ok
03:36:28.0241 4752 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:36:28.0257 4752 clr_optimization_v2.0.50727_64 - ok
03:36:28.0366 4752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:36:28.0366 4752 clr_optimization_v4.0.30319_32 - ok
03:36:28.0444 4752 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:36:28.0444 4752 clr_optimization_v4.0.30319_64 - ok
03:36:28.0491 4752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
03:36:28.0491 4752 CmBatt - ok
03:36:28.0491 4752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
03:36:28.0506 4752 cmdide - ok
03:36:28.0522 4752 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
03:36:28.0538 4752 CNG - ok
03:36:28.0553 4752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
03:36:28.0553 4752 Compbatt - ok
03:36:28.0584 4752 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:36:28.0584 4752 CompositeBus - ok
03:36:28.0600 4752 COMSysApp - ok
03:36:28.0631 4752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
03:36:28.0631 4752 crcdisk - ok
03:36:28.0678 4752 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
03:36:28.0678 4752 CryptSvc - ok
03:36:28.0725 4752 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
03:36:28.0740 4752 CSC - ok
03:36:28.0818 4752 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
03:36:28.0834 4752 CscService - ok
03:36:28.0881 4752 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:36:28.0912 4752 DcomLaunch - ok
03:36:28.0959 4752 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:36:28.0974 4752 defragsvc - ok
03:36:29.0052 4752 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
03:36:29.0052 4752 DfsC - ok
03:36:29.0115 4752 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
03:36:29.0130 4752 Dhcp - ok
03:36:29.0162 4752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:36:29.0162 4752 discache - ok
03:36:29.0177 4752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
03:36:29.0193 4752 Disk - ok
03:36:29.0224 4752 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
03:36:29.0224 4752 dmvsc - ok
03:36:29.0286 4752 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
03:36:29.0302 4752 Dnscache - ok
03:36:29.0349 4752 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
03:36:29.0364 4752 dot3svc - ok
03:36:29.0396 4752 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
03:36:29.0411 4752 DPS - ok
03:36:29.0442 4752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:36:29.0442 4752 drmkaud - ok
03:36:29.0520 4752 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
03:36:29.0520 4752 DXGKrnl - ok
03:36:29.0583 4752 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:36:29.0598 4752 EapHost - ok
03:36:29.0739 4752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
03:36:29.0817 4752 ebdrv - ok
03:36:29.0926 4752 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
03:36:29.0926 4752 EFS - ok
03:36:30.0004 4752 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
03:36:30.0020 4752 ehRecvr - ok
03:36:30.0051 4752 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:36:30.0066 4752 ehSched - ok
03:36:30.0144 4752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
03:36:30.0176 4752 elxstor - ok
03:36:30.0191 4752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
03:36:30.0207 4752 ErrDev - ok
03:36:30.0238 4752 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:36:30.0254 4752 EventSystem - ok
03:36:30.0269 4752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:36:30.0269 4752 exfat - ok
03:36:30.0300 4752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:36:30.0316 4752 fastfat - ok
03:36:30.0363 4752 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
03:36:30.0394 4752 Fax - ok
03:36:30.0410 4752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:36:30.0410 4752 fdc - ok
03:36:30.0425 4752 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:36:30.0425 4752 fdPHost - ok
03:36:30.0456 4752 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:36:30.0456 4752 FDResPub - ok
03:36:30.0488 4752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:36:30.0488 4752 FileInfo - ok
03:36:30.0488 4752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:36:30.0488 4752 Filetrace - ok
03:36:30.0597 4752 FLEXnet Licensing Service (5d607317935132ef6d0d604cfa57be9f) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:36:30.0612 4752 FLEXnet Licensing Service - ok
03:36:30.0628 4752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:36:30.0644 4752 flpydisk - ok
03:36:30.0659 4752 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
03:36:30.0675 4752 FltMgr - ok
03:36:30.0784 4752 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
03:36:30.0846 4752 FontCache - ok
03:36:30.0971 4752 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:36:30.0971 4752 FontCache3.0.0.0 - ok
03:36:31.0034 4752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:36:31.0049 4752 FsDepends - ok
03:36:31.0112 4752 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
03:36:31.0112 4752 fssfltr - ok
03:36:31.0314 4752 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:36:31.0314 4752 fsssvc - ok
03:36:31.0439 4752 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:36:31.0455 4752 Fs_Rec - ok
03:36:31.0470 4752 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:36:31.0486 4752 fvevol - ok
03:36:31.0533 4752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
03:36:31.0533 4752 gagp30kx - ok
03:36:31.0595 4752 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
03:36:31.0611 4752 gpsvc - ok
03:36:31.0626 4752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:36:31.0642 4752 hcw85cir - ok
03:36:31.0689 4752 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
03:36:31.0704 4752 HdAudAddService - ok
03:36:31.0751 4752 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:36:31.0751 4752 HDAudBus - ok
03:36:31.0782 4752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
03:36:31.0798 4752 HidBatt - ok
03:36:31.0798 4752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
03:36:31.0814 4752 HidBth - ok
03:36:31.0845 4752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
03:36:31.0845 4752 HidIr - ok
03:36:31.0860 4752 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:36:31.0876 4752 hidserv - ok
03:36:31.0938 4752 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
03:36:31.0938 4752 HidUsb - ok
03:36:31.0970 4752 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
03:36:31.0985 4752 hkmsvc - ok
03:36:32.0016 4752 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
03:36:32.0048 4752 HomeGroupListener - ok
03:36:32.0079 4752 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
03:36:32.0094 4752 HomeGroupProvider - ok
03:36:32.0141 4752 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
03:36:32.0141 4752 HpSAMD - ok
03:36:32.0188 4752 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
03:36:32.0204 4752 HTTP - ok
03:36:32.0235 4752 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
03:36:32.0235 4752 hwpolicy - ok
03:36:32.0250 4752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
03:36:32.0266 4752 i8042prt - ok
03:36:32.0328 4752 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
03:36:32.0344 4752 iaStorV - ok
03:36:32.0391 4752 IDMWFP (a9414fc657023cfb4c37e2d8938125d9) C:\Windows\system32\DRIVERS\idmwfp.sys
03:36:32.0391 4752 IDMWFP - ok
03:36:32.0516 4752 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:36:32.0531 4752 idsvc - ok
03:36:32.0578 4752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
03:36:32.0578 4752 iirsp - ok
03:36:32.0640 4752 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
03:36:32.0672 4752 IKEEXT - ok
03:36:32.0703 4752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
03:36:32.0703 4752 intelide - ok
03:36:32.0734 4752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:36:32.0734 4752 intelppm - ok
03:36:32.0765 4752 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:36:32.0765 4752 IPBusEnum - ok
03:36:32.0781 4752 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:36:32.0796 4752 IpFilterDriver - ok
03:36:32.0859 4752 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
03:36:32.0874 4752 iphlpsvc - ok
03:36:32.0890 4752 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
03:36:32.0890 4752 IPMIDRV - ok
03:36:32.0921 4752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:36:32.0921 4752 IPNAT - ok
03:36:32.0952 4752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:36:32.0952 4752 IRENUM - ok
03:36:32.0968 4752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
03:36:32.0968 4752 isapnp - ok
03:36:32.0999 4752 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
03:36:33.0015 4752 iScsiPrt - ok
03:36:33.0046 4752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:36:33.0046 4752 kbdclass - ok
03:36:33.0062 4752 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
03:36:33.0062 4752 kbdhid - ok
03:36:33.0093 4752 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:36:33.0093 4752 KeyIso - ok
03:36:33.0124 4752 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
03:36:33.0140 4752 KSecDD - ok
03:36:33.0155 4752 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
03:36:33.0171 4752 KSecPkg - ok
03:36:33.0186 4752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:36:33.0186 4752 ksthunk - ok
03:36:33.0249 4752 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:36:33.0264 4752 KtmRm - ok
03:36:33.0327 4752 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
03:36:33.0342 4752 LanmanServer - ok
03:36:33.0389 4752 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
03:36:33.0420 4752 LanmanWorkstation - ok
03:36:33.0483 4752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:36:33.0483 4752 lltdio - ok
03:36:33.0530 4752 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:36:33.0545 4752 lltdsvc - ok
03:36:33.0561 4752 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:36:33.0561 4752 lmhosts - ok
03:36:33.0592 4752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
03:36:33.0608 4752 LSI_FC - ok
03:36:33.0623 4752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
03:36:33.0639 4752 LSI_SAS - ok
03:36:33.0670 4752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
03:36:33.0670 4752 LSI_SAS2 - ok
03:36:33.0701 4752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
03:36:33.0717 4752 LSI_SCSI - ok
03:36:33.0748 4752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:36:33.0764 4752 luafv - ok
03:36:33.0842 4752 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
03:36:33.0842 4752 MBAMProtector - ok
03:36:33.0966 4752 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:36:33.0982 4752 MBAMService - ok
03:36:34.0060 4752 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
03:36:34.0060 4752 McComponentHostService - ok
03:36:34.0107 4752 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
03:36:34.0122 4752 Mcx2Svc - ok
03:36:34.0138 4752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
03:36:34.0138 4752 megasas - ok
03:36:34.0169 4752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
03:36:34.0185 4752 MegaSR - ok
03:36:34.0200 4752 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:36:34.0200 4752 MMCSS - ok
03:36:34.0232 4752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:36:34.0232 4752 Modem - ok
03:36:34.0263 4752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:36:34.0263 4752 monitor - ok
03:36:34.0294 4752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:36:34.0294 4752 mouclass - ok
03:36:34.0341 4752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:36:34.0341 4752 mouhid - ok
03:36:34.0356 4752 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
03:36:34.0372 4752 mountmgr - ok
03:36:34.0388 4752 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
03:36:34.0388 4752 mpio - ok
03:36:34.0434 4752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:36:34.0434 4752 mpsdrv - ok
03:36:34.0497 4752 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
03:36:34.0528 4752 MpsSvc - ok
03:36:34.0544 4752 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
03:36:34.0559 4752 MRxDAV - ok
03:36:34.0606 4752 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:36:34.0606 4752 mrxsmb - ok
03:36:34.0668 4752 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:36:34.0684 4752 mrxsmb10 - ok
03:36:34.0700 4752 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:36:34.0715 4752 mrxsmb20 - ok
03:36:34.0746 4752 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
03:36:34.0746 4752 msahci - ok
03:36:34.0762 4752 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
03:36:34.0778 4752 msdsm - ok
03:36:34.0809 4752 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:36:34.0809 4752 MSDTC - ok
03:36:34.0824 4752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:36:34.0824 4752 Msfs - ok
03:36:34.0856 4752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:36:34.0856 4752 mshidkmdf - ok
03:36:34.0856 4752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
03:36:34.0856 4752 msisadrv - ok
03:36:34.0902 4752 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:36:34.0918 4752 MSiSCSI - ok
03:36:34.0918 4752 msiserver - ok
03:36:34.0949 4752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:36:34.0965 4752 MSKSSRV - ok
03:36:34.0996 4752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:36:34.0996 4752 MSPCLOCK - ok
03:36:35.0012 4752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:36:35.0012 4752 MSPQM - ok
03:36:35.0058 4752 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
03:36:35.0074 4752 MsRPC - ok
03:36:35.0074 4752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
03:36:35.0074 4752 mssmbios - ok
03:36:35.0121 4752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:36:35.0121 4752 MSTEE - ok
03:36:35.0121 4752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
03:36:35.0121 4752 MTConfig - ok
03:36:35.0152 4752 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\Windows\system32\DRIVERS\ASACPI.sys
03:36:35.0152 4752 MTsensor - ok
03:36:35.0168 4752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:36:35.0168 4752 Mup - ok
03:36:35.0214 4752 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
03:36:35.0230 4752 napagent - ok
03:36:35.0292 4752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:36:35.0308 4752 NativeWifiP - ok
03:36:35.0448 4752 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
03:36:35.0448 4752 NAUpdate - ok
03:36:35.0558 4752 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
03:36:35.0589 4752 NDIS - ok
03:36:35.0620 4752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:36:35.0636 4752 NdisCap - ok
03:36:35.0651 4752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:36:35.0651 4752 NdisTapi - ok
03:36:35.0682 4752 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
03:36:35.0682 4752 Ndisuio - ok
03:36:35.0714 4752 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
03:36:35.0729 4752 NdisWan - ok
03:36:35.0745 4752 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
03:36:35.0745 4752 NDProxy - ok
03:36:35.0792 4752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:36:35.0792 4752 NetBIOS - ok
03:36:35.0807 4752 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
03:36:35.0823 4752 NetBT - ok
03:36:35.0854 4752 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:36:35.0854 4752 Netlogon - ok
03:36:35.0901 4752 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:36:35.0916 4752 Netman - ok
03:36:35.0948 4752 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:36:35.0979 4752 netprofm - ok
03:36:36.0088 4752 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:36:36.0104 4752 NetTcpPortSharing - ok
03:36:36.0150 4752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
03:36:36.0150 4752 nfrd960 - ok
03:36:36.0197 4752 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
03:36:36.0228 4752 NlaSvc - ok
03:36:36.0260 4752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:36:36.0260 4752 Npfs - ok
03:36:36.0275 4752 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:36:36.0291 4752 nsi - ok
03:36:36.0291 4752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:36:36.0291 4752 nsiproxy - ok
03:36:36.0400 4752 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
03:36:36.0447 4752 Ntfs - ok
03:36:36.0556 4752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:36:36.0556 4752 Null - ok
03:36:36.0618 4752 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
03:36:36.0618 4752 nvraid - ok
03:36:36.0634 4752 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
03:36:36.0634 4752 nvstor - ok
03:36:36.0665 4752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
03:36:36.0665 4752 nv_agp - ok
03:36:36.0696 4752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
03:36:36.0696 4752 ohci1394 - ok
03:36:36.0728 4752 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:36:36.0743 4752 p2pimsvc - ok
03:36:36.0790 4752 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:36:36.0821 4752 p2psvc - ok
03:36:36.0852 4752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
03:36:36.0868 4752 Parport - ok
03:36:36.0884 4752 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
03:36:36.0884 4752 partmgr - ok
03:36:36.0915 4752 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:36:36.0930 4752 PcaSvc - ok
03:36:36.0946 4752 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
03:36:36.0962 4752 pci - ok
03:36:36.0962 4752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
03:36:36.0962 4752 pciide - ok
03:36:36.0993 4752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
03:36:37.0008 4752 pcmcia - ok
03:36:37.0040 4752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:36:37.0040 4752 pcw - ok
03:36:37.0071 4752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:36:37.0102 4752 PEAUTH - ok
03:36:37.0164 4752 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
03:36:37.0196 4752 PeerDistSvc - ok
03:36:37.0274 4752 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:36:37.0274 4752 PerfHost - ok
03:36:37.0445 4752 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
03:36:37.0508 4752 pla - ok
03:36:37.0586 4752 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
03:36:37.0632 4752 PlugPlay - ok
03:36:37.0679 4752 PnkBstrA - ok
03:36:37.0726 4752 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:36:37.0726 4752 PNRPAutoReg - ok
03:36:37.0773 4752 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:36:37.0773 4752 PNRPsvc - ok
03:36:37.0835 4752 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
03:36:37.0866 4752 PolicyAgent - ok
03:36:37.0929 4752 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:36:37.0976 4752 Power - ok
03:36:38.0022 4752 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
03:36:38.0038 4752 PptpMiniport - ok
03:36:38.0069 4752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
03:36:38.0069 4752 Processor - ok
03:36:38.0100 4752 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
03:36:38.0116 4752 ProfSvc - ok
03:36:38.0147 4752 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:36:38.0147 4752 ProtectedStorage - ok
03:36:38.0194 4752 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
03:36:38.0210 4752 Psched - ok
03:36:38.0272 4752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
03:36:38.0319 4752 ql2300 - ok
03:36:38.0428 4752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
03:36:38.0444 4752 ql40xx - ok
03:36:38.0490 4752 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:36:38.0506 4752 QWAVE - ok
03:36:38.0537 4752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:36:38.0537 4752 QWAVEdrv - ok
03:36:38.0537 4752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:36:38.0537 4752 RasAcd - ok
03:36:38.0600 4752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:36:38.0600 4752 RasAgileVpn - ok
03:36:38.0615 4752 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:36:38.0631 4752 RasAuto - ok
03:36:38.0678 4752 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:36:38.0678 4752 Rasl2tp - ok
03:36:38.0709 4752 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
03:36:38.0724 4752 RasMan - ok
03:36:38.0740 4752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:36:38.0740 4752 RasPppoe - ok
03:36:38.0771 4752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:36:38.0771 4752 RasSstp - ok
03:36:38.0802 4752 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
03:36:38.0818 4752 rdbss - ok
03:36:38.0849 4752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:36:38.0849 4752 rdpbus - ok
03:36:38.0865 4752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:36:38.0865 4752 RDPCDD - ok
03:36:38.0880 4752 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
03:36:38.0896 4752 RDPDR - ok
03:36:38.0927 4752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:36:38.0927 4752 RDPENCDD - ok
03:36:38.0958 4752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:36:38.0958 4752 RDPREFMP - ok
03:36:38.0990 4752 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
03:36:38.0990 4752 RdpVideoMiniport - ok
03:36:39.0005 4752 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
03:36:39.0021 4752 RDPWD - ok
03:36:39.0052 4752 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
03:36:39.0068 4752 rdyboost - ok
03:36:39.0099 4752 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:36:39.0114 4752 RemoteAccess - ok
03:36:39.0146 4752 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:36:39.0161 4752 RemoteRegistry - ok
03:36:39.0192 4752 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:36:39.0192 4752 RpcEptMapper - ok
03:36:39.0208 4752 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:36:39.0224 4752 RpcLocator - ok
03:36:39.0255 4752 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:36:39.0255 4752 RpcSs - ok
03:36:39.0302 4752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:36:39.0302 4752 rspndr - ok
03:36:39.0348 4752 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
03:36:39.0364 4752 RTL8167 - ok
03:36:39.0426 4752 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
03:36:39.0426 4752 s3cap - ok
03:36:39.0458 4752 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:36:39.0458 4752 SamSs - ok
03:36:39.0504 4752 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
03:36:39.0504 4752 sbp2port - ok
03:36:39.0567 4752 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:36:39.0614 4752 SCardSvr - ok
03:36:39.0645 4752 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
03:36:39.0645 4752 scfilter - ok
03:36:39.0723 4752 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
03:36:39.0738 4752 Schedule - ok
03:36:39.0770 4752 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:36:39.0770 4752 SCPolicySvc - ok
03:36:39.0801 4752 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
03:36:39.0816 4752 SDRSVC - ok
03:36:39.0894 4752 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
03:36:39.0894 4752 SeaPort - ok
03:36:39.0972 4752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:36:39.0972 4752 secdrv - ok
03:36:39.0988 4752 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
03:36:40.0004 4752 seclogon - ok
03:36:40.0019 4752 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:36:40.0019 4752 SENS - ok
03:36:40.0050 4752 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:36:40.0050 4752 SensrSvc - ok
03:36:40.0066 4752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:36:40.0066 4752 Serenum - ok
03:36:40.0097 4752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:36:40.0113 4752 Serial - ok
03:36:40.0113 4752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
03:36:40.0128 4752 sermouse - ok
03:36:40.0175 4752 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
03:36:40.0175 4752 SessionEnv - ok
03:36:40.0206 4752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
03:36:40.0206 4752 sffdisk - ok
03:36:40.0206 4752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
03:36:40.0206 4752 sffp_mmc - ok
03:36:40.0238 4752 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
03:36:40.0238 4752 sffp_sd - ok
03:36:40.0238 4752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
03:36:40.0238 4752 sfloppy - ok
03:36:40.0269 4752 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:36:40.0284 4752 SharedAccess - ok
03:36:40.0331 4752 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
03:36:40.0347 4752 ShellHWDetection - ok
03:36:40.0378 4752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
03:36:40.0378 4752 SiSRaid2 - ok
03:36:40.0394 4752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
03:36:40.0394 4752 SiSRaid4 - ok
03:36:40.0440 4752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:36:40.0456 4752 Smb - ok
03:36:40.0487 4752 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:36:40.0503 4752 SNMPTRAP - ok
03:36:40.0518 4752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:36:40.0518 4752 spldr - ok
03:36:40.0550 4752 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
03:36:40.0565 4752 Spooler - ok
03:36:40.0721 4752 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
03:36:40.0799 4752 sppsvc - ok
03:36:41.0111 4752 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:36:41.0127 4752 sppuinotify - ok
03:36:41.0220 4752 sptd (ee037bd2e873d209dd4d49467ed965a3) C:\Windows\system32\Drivers\sptd.sys
03:36:41.0236 4752 sptd - ok
03:36:41.0298 4752 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
03:36:41.0314 4752 srv - ok
03:36:41.0345 4752 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
03:36:41.0345 4752 srv2 - ok
03:36:41.0408 4752 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
03:36:41.0408 4752 srvnet - ok
03:36:41.0439 4752 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:36:41.0454 4752 SSDPSRV - ok
03:36:41.0486 4752 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:36:41.0486 4752 SstpSvc - ok
03:36:41.0517 4752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
03:36:41.0517 4752 stexstor - ok
03:36:41.0579 4752 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
03:36:41.0626 4752 stisvc - ok
03:36:41.0657 4752 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
03:36:41.0657 4752 storflt - ok
03:36:41.0688 4752 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
03:36:41.0688 4752 storvsc - ok
03:36:41.0720 4752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
03:36:41.0720 4752 swenum - ok
03:36:41.0891 4752 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:36:41.0891 4752 SwitchBoard - ok
03:36:41.0938 4752 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:36:41.0954 4752 swprv - ok
03:36:42.0000 4752 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
03:36:42.0016 4752 Synth3dVsc - ok
03:36:42.0125 4752 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
03:36:42.0203 4752 SysMain - ok
03:36:42.0344 4752 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
03:36:42.0344 4752 TabletInputService - ok
03:36:42.0390 4752 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
03:36:42.0406 4752 TapiSrv - ok
03:36:42.0437 4752 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:36:42.0437 4752 TBS - ok
03:36:42.0578 4752 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
03:36:42.0640 4752 Tcpip - ok
03:36:42.0874 4752 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
03:36:42.0890 4752 TCPIP6 - ok
03:36:42.0999 4752 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
03:36:42.0999 4752 tcpipreg - ok
03:36:43.0014 4752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:36:43.0014 4752 TDPIPE - ok
03:36:43.0030 4752 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:36:43.0030 4752 TDTCP - ok
03:36:43.0061 4752 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
03:36:43.0061 4752 tdx - ok
03:36:43.0077 4752 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
03:36:43.0092 4752 TermDD - ok
03:36:43.0108 4752 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
03:36:43.0108 4752 terminpt - ok
03:36:43.0155 4752 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
03:36:43.0186 4752 TermService - ok
03:36:43.0202 4752 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:36:43.0217 4752 Themes - ok
03:36:43.0233 4752 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:36:43.0233 4752 THREADORDER - ok
03:36:43.0280 4752 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:36:43.0280 4752 TrkWks - ok
03:36:43.0342 4752 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
03:36:43.0342 4752 TrustedInstaller - ok
03:36:43.0404 4752 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:36:43.0404 4752 tssecsrv - ok
03:36:43.0436 4752 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
03:36:43.0451 4752 TsUsbFlt - ok
03:36:43.0451 4752 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
03:36:43.0451 4752 TsUsbGD - ok
03:36:43.0498 4752 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
03:36:43.0498 4752 tsusbhub - ok
03:36:43.0545 4752 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
03:36:43.0545 4752 tunnel - ok
03:36:43.0592 4752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
03:36:43.0592 4752 uagp35 - ok
03:36:43.0623 4752 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
03:36:43.0638 4752 udfs - ok
03:36:43.0701 4752 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:36:43.0701 4752 UI0Detect - ok
03:36:43.0716 4752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
03:36:43.0716 4752 uliagpkx - ok
03:36:43.0826 4752 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
03:36:43.0826 4752 UltraMonUtility - ok
03:36:43.0872 4752 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
03:36:43.0872 4752 umbus - ok
03:36:43.0935 4752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
03:36:43.0935 4752 UmPass - ok
03:36:43.0966 4752 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
03:36:43.0982 4752 UmRdpService - ok
03:36:44.0028 4752 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:36:44.0044 4752 upnphost - ok
03:36:44.0106 4752 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
03:36:44.0106 4752 usbccgp - ok
03:36:44.0153 4752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
03:36:44.0169 4752 usbcir - ok
03:36:44.0216 4752 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
03:36:44.0231 4752 usbehci - ok
03:36:44.0294 4752 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
03:36:44.0294 4752 usbhub - ok
03:36:44.0309 4752 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
03:36:44.0309 4752 usbohci - ok
03:36:44.0340 4752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
03:36:44.0340 4752 usbprint - ok
03:36:44.0403 4752 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:36:44.0403 4752 USBSTOR - ok
03:36:44.0418 4752 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
03:36:44.0418 4752 usbuhci - ok
03:36:44.0450 4752 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:36:44.0450 4752 UxSms - ok
03:36:44.0481 4752 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:36:44.0481 4752 VaultSvc - ok
03:36:44.0512 4752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
03:36:44.0512 4752 vdrvroot - ok
03:36:44.0574 4752 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
03:36:44.0590 4752 vds - ok
03:36:44.0637 4752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:36:44.0637 4752 vga - ok
03:36:44.0652 4752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:36:44.0652 4752 VgaSave - ok
03:36:44.0652 4752 VGPU - ok
03:36:44.0668 4752 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
03:36:44.0684 4752 vhdmp - ok
03:36:44.0699 4752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
03:36:44.0699 4752 viaide - ok
03:36:44.0730 4752 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
03:36:44.0746 4752 vmbus - ok
03:36:44.0777 4752 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
03:36:44.0777 4752 VMBusHID - ok
03:36:44.0808 4752 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
03:36:44.0808 4752 vncmirror - ok
03:36:44.0840 4752 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
03:36:44.0840 4752 volmgr - ok
03:36:44.0871 4752 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
03:36:44.0871 4752 volmgrx - ok
03:36:44.0918 4752 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
03:36:44.0933 4752 volsnap - ok
03:36:44.0964 4752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
03:36:44.0964 4752 vsmraid - ok
03:36:45.0058 4752 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
03:36:45.0105 4752 VSS - ok
03:36:45.0214 4752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:36:45.0214 4752 vwifibus - ok
03:36:45.0245 4752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:36:45.0245 4752 vwififlt - ok
03:36:45.0292 4752 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:36:45.0308 4752 W32Time - ok
03:36:45.0339 4752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
03:36:45.0354 4752 WacomPen - ok
03:36:45.0386 4752 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:36:45.0386 4752 WANARP - ok
03:36:45.0401 4752 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:36:45.0401 4752 Wanarpv6 - ok
03:36:45.0526 4752 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
03:36:45.0557 4752 WatAdminSvc - ok
03:36:45.0651 4752 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
03:36:45.0698 4752 wbengine - ok
03:36:45.0791 4752 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:36:45.0807 4752 WbioSrvc - ok
03:36:45.0854 4752 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
03:36:45.0869 4752 wcncsvc - ok
03:36:45.0900 4752 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:36:45.0900 4752 WcsPlugInService - ok
03:36:45.0963 4752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
03:36:45.0963 4752 Wd - ok
03:36:45.0994 4752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:36:46.0010 4752 Wdf01000 - ok
03:36:46.0041 4752 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:36:46.0056 4752 WdiServiceHost - ok
03:36:46.0056 4752 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:36:46.0056 4752 WdiSystemHost - ok
03:36:46.0103 4752 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
03:36:46.0134 4752 WebClient - ok
03:36:46.0212 4752 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:36:46.0244 4752 Wecsvc - ok
03:36:46.0275 4752 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:36:46.0275 4752 wercplsupport - ok
03:36:46.0306 4752 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:36:46.0306 4752 WerSvc - ok
03:36:46.0368 4752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:36:46.0368 4752 WfpLwf - ok
03:36:46.0384 4752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:36:46.0384 4752 WIMMount - ok
03:36:46.0415 4752 WinDefend - ok
03:36:46.0431 4752 WinHttpAutoProxySvc - ok
03:36:46.0478 4752 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:36:46.0478 4752 Winmgmt - ok
03:36:46.0571 4752 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
03:36:46.0634 4752 WinRM - ok
03:36:46.0774 4752 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
03:36:46.0790 4752 WinUsb - ok
03:36:46.0930 4752 WinVNC4 (127bec0b5d33e228f1121ca4dad550b1) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
03:36:46.0946 4752 WinVNC4 - ok
03:36:47.0086 4752 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:36:47.0117 4752 Wlansvc - ok
03:36:47.0211 4752 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:36:47.0211 4752 wlcrasvc - ok
03:36:47.0367 4752 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:36:47.0382 4752 wlidsvc - ok
03:36:47.0507 4752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
03:36:47.0507 4752 WmiAcpi - ok
03:36:47.0601 4752 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:36:47.0601 4752 wmiApSrv - ok
03:36:47.0648 4752 WMPNetworkSvc - ok
03:36:47.0679 4752 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:36:47.0679 4752 WPCSvc - ok
03:36:47.0710 4752 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
03:36:47.0710 4752 WPDBusEnum - ok
03:36:47.0741 4752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:36:47.0741 4752 ws2ifsl - ok
03:36:47.0788 4752 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:36:47.0788 4752 wscsvc - ok
03:36:47.0788 4752 WSearch - ok
03:36:47.0897 4752 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
03:36:47.0975 4752 wuauserv - ok
03:36:48.0116 4752 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
03:36:48.0116 4752 WudfPf - ok
03:36:48.0147 4752 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:36:48.0162 4752 WUDFRd - ok
03:36:48.0194 4752 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
03:36:48.0194 4752 wudfsvc - ok
03:36:48.0225 4752 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:36:48.0240 4752 WwanSvc - ok
03:36:48.0365 4752 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:36:48.0381 4752 YahooAUService - ok
03:36:48.0537 4752 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
03:36:48.0537 4752 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
03:36:48.0552 4752 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:36:48.0927 4752 \Device\Harddisk0\DR0 - ok
03:36:48.0927 4752 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
03:36:48.0942 4752 \Device\Harddisk1\DR1 - ok
03:36:48.0942 4752 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
03:36:48.0942 4752 \Device\Harddisk2\DR2 - ok
03:36:48.0942 4752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
03:36:48.0942 4752 \Device\Harddisk3\DR3 - ok
03:36:48.0974 4752 Boot (0x1200) (3f64442ed679ae216470325c9e1221da) \Device\Harddisk0\DR0\Partition0
03:36:48.0974 4752 \Device\Harddisk0\DR0\Partition0 - ok
03:36:48.0974 4752 Boot (0x1200) (806018dfd65998abc58183d0ae72ef45) \Device\Harddisk1\DR1\Partition0
03:36:48.0974 4752 \Device\Harddisk1\DR1\Partition0 - ok
03:36:48.0974 4752 Boot (0x1200) (6f343131971e69df7da089614ceca7a1) \Device\Harddisk2\DR2\Partition0
03:36:48.0974 4752 \Device\Harddisk2\DR2\Partition0 - ok
03:36:48.0974 4752 Boot (0x1200) (abb79791b5cf23ad4ce311362cccc64d) \Device\Harddisk3\DR3\Partition0
03:36:48.0974 4752 \Device\Harddisk3\DR3\Partition0 - ok
03:36:48.0989 4752 ============================================================
03:36:48.0989 4752 Scan finished
03:36:48.0989 4752 ============================================================
03:36:48.0989 0552 Detected object count: 0
03:36:48.0989 0552 Actual detected object count: 0
03:37:30.0610 3568 ============================================================
03:37:30.0610 3568 Scan started
03:37:30.0610 3568 Mode: Manual;
03:37:30.0610 3568 ============================================================
03:37:31.0312 3568 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
03:37:31.0312 3568 1394ohci - ok
03:37:31.0359 3568 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
03:37:31.0359 3568 ACPI - ok
03:37:31.0390 3568 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
03:37:31.0390 3568 AcpiPmi - ok
03:37:31.0515 3568 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:37:31.0515 3568 AdobeFlashPlayerUpdateSvc - ok
03:37:31.0562 3568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
03:37:31.0562 3568 adp94xx - ok
03:37:31.0593 3568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
03:37:31.0593 3568 adpahci - ok
03:37:31.0624 3568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
03:37:31.0624 3568 adpu320 - ok
03:37:31.0671 3568 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:37:31.0671 3568 AeLookupSvc - ok
03:37:31.0749 3568 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
03:37:31.0764 3568 AFD - ok
03:37:31.0796 3568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
03:37:31.0796 3568 agp440 - ok
03:37:31.0827 3568 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:37:31.0827 3568 ALG - ok
03:37:31.0827 3568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
03:37:31.0827 3568 aliide - ok
03:37:31.0936 3568 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
03:37:31.0936 3568 AMD External Events Utility - ok
03:37:31.0967 3568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
03:37:31.0967 3568 amdide - ok
03:37:31.0983 3568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
03:37:31.0983 3568 AmdK8 - ok
03:37:32.0342 3568 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:37:32.0420 3568 amdkmdag - ok
03:37:32.0560 3568 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
03:37:32.0560 3568 amdkmdap - ok
03:37:32.0607 3568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
03:37:32.0607 3568 AmdPPM - ok
03:37:32.0669 3568 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
03:37:32.0669 3568 amdsata - ok
03:37:32.0716 3568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
03:37:32.0716 3568 amdsbs - ok
03:37:32.0747 3568 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
03:37:32.0747 3568 amdxata - ok
03:37:32.0778 3568 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
03:37:32.0778 3568 AppID - ok
03:37:32.0794 3568 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:37:32.0794 3568 AppIDSvc - ok
03:37:32.0810 3568 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
03:37:32.0810 3568 Appinfo - ok
03:37:32.0841 3568 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
03:37:32.0841 3568 AppMgmt - ok
03:37:32.0856 3568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
03:37:32.0856 3568 arc - ok
03:37:32.0888 3568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
03:37:32.0888 3568 arcsas - ok
03:37:32.0903 3568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:37:32.0903 3568 AsyncMac - ok
03:37:32.0919 3568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
03:37:32.0919 3568 atapi - ok
03:37:32.0997 3568 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
03:37:32.0997 3568 athr - ok
03:37:33.0137 3568 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
03:37:33.0137 3568 AtiHDAudioService - ok
03:37:33.0168 3568 AtiHdmiService (71a05d829483380de8d00f73e440d18a) C:\Windows\system32\drivers\AtiHdmi.sys
03:37:33.0168 3568 AtiHdmiService - ok
03:37:33.0496 3568 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:37:33.0558 3568 atikmdag - ok
03:37:33.0683 3568 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:37:33.0683 3568 AudioEndpointBuilder - ok
03:37:33.0699 3568 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:37:33.0699 3568 AudioSrv - ok
03:37:33.0730 3568 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
03:37:33.0730 3568 AxInstSV - ok
03:37:33.0824 3568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
03:37:33.0839 3568 b06bdrv - ok
03:37:33.0839 3568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:37:33.0855 3568 b57nd60a - ok
03:37:33.0917 3568 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
03:37:33.0933 3568 BBSvc - ok
03:37:33.0964 3568 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:37:33.0964 3568 BDESVC - ok
03:37:33.0964 3568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:37:33.0964 3568 Beep - ok
03:37:34.0011 3568 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
03:37:34.0011 3568 BFE - ok
03:37:34.0058 3568 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
03:37:34.0073 3568 BITS - ok
03:37:34.0136 3568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:37:34.0136 3568 blbdrive - ok
03:37:34.0214 3568 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
03:37:34.0214 3568 Bonjour Service - ok
03:37:34.0260 3568 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
03:37:34.0260 3568 bowser - ok
03:37:34.0292 3568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
03:37:34.0292 3568 BrFiltLo - ok
03:37:34.0323 3568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
03:37:34.0323 3568 BrFiltUp - ok
03:37:34.0370 3568 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:37:34.0370 3568 BridgeMP - ok
03:37:34.0401 3568 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
03:37:34.0401 3568 Browser - ok
03:37:34.0416 3568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:37:34.0416 3568 Brserid - ok
03:37:34.0448 3568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:37:34.0448 3568 BrSerWdm - ok
03:37:34.0448 3568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:37:34.0448 3568 BrUsbMdm - ok
03:37:34.0463 3568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:37:34.0463 3568 BrUsbSer - ok
03:37:34.0479 3568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
03:37:34.0479 3568 BTHMODEM - ok
03:37:34.0541 3568 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:37:34.0541 3568 bthserv - ok
03:37:34.0541 3568 catchme - ok
03:37:34.0572 3568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:37:34.0572 3568 cdfs - ok
03:37:34.0604 3568 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
03:37:34.0619 3568 cdrom - ok
03:37:34.0635 3568 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:37:34.0635 3568 CertPropSvc - ok
03:37:34.0650 3568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
03:37:34.0650 3568 circlass - ok
03:37:34.0682 3568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:37:34.0682 3568 CLFS - ok
03:37:34.0760 3568 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:37:34.0760 3568 clr_optimization_v2.0.50727_32 - ok
03:37:34.0822 3568 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:37:34.0822 3568 clr_optimization_v2.0.50727_64 - ok
03:37:34.0916 3568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:37:34.0916 3568 clr_optimization_v4.0.30319_32 - ok
03:37:34.0994 3568 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:37:34.0994 3568 clr_optimization_v4.0.30319_64 - ok
03:37:35.0025 3568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
03:37:35.0025 3568 CmBatt - ok
03:37:35.0056 3568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
03:37:35.0056 3568 cmdide - ok
03:37:35.0087 3568 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
03:37:35.0103 3568 CNG - ok
03:37:35.0103 3568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
03:37:35.0103 3568 Compbatt - ok
03:37:35.0134 3568 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:37:35.0134 3568 CompositeBus - ok
03:37:35.0134 3568 COMSysApp - ok
03:37:35.0165 3568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
03:37:35.0165 3568 crcdisk - ok
03:37:35.0212 3568 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
03:37:35.0212 3568 CryptSvc - ok
03:37:35.0243 3568 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
03:37:35.0259 3568 CSC - ok
03:37:35.0290 3568 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
03:37:35.0290 3568 CscService - ok
03:37:35.0337 3568 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:37:35.0352 3568 DcomLaunch - ok
03:37:35.0384 3568 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:37:35.0384 3568 defragsvc - ok
03:37:35.0446 3568 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
03:37:35.0446 3568 DfsC - ok
03:37:35.0477 3568 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
03:37:35.0477 3568 Dhcp - ok
03:37:35.0508 3568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:37:35.0508 3568 discache - ok
03:37:35.0524 3568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
03:37:35.0524 3568 Disk - ok
03:37:35.0555 3568 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
03:37:35.0555 3568 dmvsc - ok
03:37:35.0602 3568 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
03:37:35.0602 3568 Dnscache - ok
03:37:35.0649 3568 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
03:37:35.0649 3568 dot3svc - ok
03:37:35.0664 3568 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
03:37:35.0664 3568 DPS - ok
03:37:35.0696 3568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:37:35.0696 3568 drmkaud - ok
03:37:35.0758 3568 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
03:37:35.0758 3568 DXGKrnl - ok
03:37:35.0789 3568 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:37:35.0789 3568 EapHost - ok
03:37:35.0914 3568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
03:37:35.0945 3568 ebdrv - ok
03:37:36.0054 3568 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
03:37:36.0054 3568 EFS - ok
03:37:36.0117 3568 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
03:37:36.0117 3568 ehRecvr - ok
03:37:36.0148 3568 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:37:36.0148 3568 ehSched - ok
03:37:36.0242 3568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
03:37:36.0242 3568 elxstor - ok
03:37:36.0257 3568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
03:37:36.0257 3568 ErrDev - ok
03:37:36.0304 3568 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:37:36.0304 3568 EventSystem - ok
03:37:36.0320 3568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:37:36.0320 3568 exfat - ok
03:37:36.0366 3568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:37:36.0366 3568 fastfat - ok
03:37:36.0429 3568 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
03:37:36.0444 3568 Fax - ok
03:37:36.0444 3568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:37:36.0444 3568 fdc - ok
03:37:36.0476 3568 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:37:36.0476 3568 fdPHost - ok
03:37:36.0507 3568 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:37:36.0507 3568 FDResPub - ok
03:37:36.0522 3568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:37:36.0538 3568 FileInfo - ok
03:37:36.0538 3568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:37:36.0538 3568 Filetrace - ok
03:37:36.0632 3568 FLEXnet Licensing Service (5d607317935132ef6d0d604cfa57be9f) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:37:36.0647 3568 FLEXnet Licensing Service - ok
03:37:36.0663 3568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:37:36.0663 3568 flpydisk - ok
03:37:36.0694 3568 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
03:37:36.0694 3568 FltMgr - ok
03:37:36.0741 3568 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
03:37:36.0756 3568 FontCache - ok
03:37:36.0866 3568 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:37:36.0866 3568 FontCache3.0.0.0 - ok
03:37:36.0959 3568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:37:36.0959 3568 FsDepends - ok
03:37:37.0006 3568 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
03:37:37.0006 3568 fssfltr - ok
03:37:37.0162 3568 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:37:37.0178 3568 fsssvc - ok
03:37:37.0287 3568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:37:37.0287 3568 Fs_Rec - ok
03:37:37.0334 3568 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:37:37.0334 3568 fvevol - ok
03:37:37.0334 3568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
03:37:37.0334 3568 gagp30kx - ok
03:37:37.0396 3568 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
03:37:37.0396 3568 gpsvc - ok
03:37:37.0412 3568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:37:37.0412 3568 hcw85cir - ok
03:37:37.0458 3568 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
03:37:37.0458 3568 HdAudAddService - ok
03:37:37.0474 3568 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:37:37.0474 3568 HDAudBus - ok
03:37:37.0505 3568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
03:37:37.0505 3568 HidBatt - ok
03:37:37.0521 3568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
03:37:37.0521 3568 HidBth - ok
03:37:37.0536 3568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
03:37:37.0536 3568 HidIr - ok
03:37:37.0568 3568 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:37:37.0568 3568 hidserv - ok
03:37:37.0599 3568 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
03:37:37.0599 3568 HidUsb - ok
03:37:37.0646 3568 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
03:37:37.0646 3568 hkmsvc - ok
03:37:37.0677 3568 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
03:37:37.0677 3568 HomeGroupListener - ok
03:37:37.0708 3568 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
03:37:37.0724 3568 HomeGroupProvider - ok
03:37:37.0755 3568 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
03:37:37.0755 3568 HpSAMD - ok
03:37:37.0802 3568 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
03:37:37.0817 3568 HTTP - ok
03:37:37.0833 3568 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
03:37:37.0833 3568 hwpolicy - ok
03:37:37.0848 3568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
03:37:37.0848 3568 i8042prt - ok
03:37:37.0895 3568 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
03:37:37.0895 3568 iaStorV - ok
03:37:37.0942 3568 IDMWFP (a9414fc657023cfb4c37e2d8938125d9) C:\Windows\system32\DRIVERS\idmwfp.sys
03:37:37.0942 3568 IDMWFP - ok
03:37:38.0067 3568 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:37:38.0067 3568 idsvc - ok
03:37:38.0098 3568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
03:37:38.0098 3568 iirsp - ok
03:37:38.0145 3568 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
03:37:38.0160 3568 IKEEXT - ok
03:37:38.0192 3568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
03:37:38.0192 3568 intelide - ok
03:37:38.0207 3568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:37:38.0207 3568 intelppm - ok
03:37:38.0254 3568 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:37:38.0254 3568 IPBusEnum - ok
03:37:38.0270 3568 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:37:38.0270 3568 IpFilterDriver - ok
03:37:38.0301 3568 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
03:37:38.0301 3568 iphlpsvc - ok
03:37:38.0332 3568 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
03:37:38.0332 3568 IPMIDRV - ok
03:37:38.0348 3568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:37:38.0348 3568 IPNAT - ok
03:37:38.0363 3568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:37:38.0363 3568 IRENUM - ok
03:37:38.0363 3568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
03:37:38.0363 3568 isapnp - ok
03:37:38.0410 3568 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
03:37:38.0410 3568 iScsiPrt - ok
03:37:38.0472 3568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:37:38.0472 3568 kbdclass - ok
03:37:38.0488 3568 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
03:37:38.0488 3568 kbdhid - ok
03:37:38.0504 3568 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:38.0504 3568 KeyIso - ok
03:37:38.0535 3568 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
03:37:38.0550 3568 KSecDD - ok
03:37:38.0550 3568 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
03:37:38.0550 3568 KSecPkg - ok
03:37:38.0566 3568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:37:38.0566 3568 ksthunk - ok
03:37:38.0597 3568 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:37:38.0613 3568 KtmRm - ok
03:37:38.0644 3568 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
03:37:38.0660 3568 LanmanServer - ok
03:37:38.0691 3568 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
03:37:38.0691 3568 LanmanWorkstation - ok
03:37:38.0706 3568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:37:38.0706 3568 lltdio - ok
03:37:38.0753 3568 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:37:38.0753 3568 lltdsvc - ok
03:37:38.0769 3568 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:37:38.0769 3568 lmhosts - ok
03:37:38.0800 3568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
03:37:38.0800 3568 LSI_FC - ok
03:37:39.0034 3568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
03:37:39.0034 3568 LSI_SAS - ok
03:37:39.0065 3568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
03:37:39.0065 3568 LSI_SAS2 - ok
03:37:39.0081 3568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
03:37:39.0096 3568 LSI_SCSI - ok
03:37:39.0128 3568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:37:39.0128 3568 luafv - ok
03:37:39.0174 3568 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
03:37:39.0174 3568 MBAMProtector - ok
03:37:39.0315 3568 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:37:39.0315 3568 MBAMService - ok
03:37:39.0393 3568 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
03:37:39.0393 3568 McComponentHostService - ok
03:37:39.0440 3568 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
03:37:39.0440 3568 Mcx2Svc - ok
03:37:39.0455 3568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
03:37:39.0455 3568 megasas - ok
03:37:39.0486 3568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
03:37:39.0502 3568 MegaSR - ok
03:37:39.0533 3568 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:37:39.0533 3568 MMCSS - ok
03:37:39.0564 3568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:37:39.0564 3568 Modem - ok
03:37:39.0580 3568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:37:39.0580 3568 monitor - ok
03:37:39.0611 3568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:37:39.0611 3568 mouclass - ok
03:37:39.0642 3568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:37:39.0642 3568 mouhid - ok
03:37:39.0674 3568 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
03:37:39.0674 3568 mountmgr - ok
03:37:39.0705 3568 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
03:37:39.0705 3568 mpio - ok
03:37:39.0752 3568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:37:39.0752 3568 mpsdrv - ok
03:37:39.0845 3568 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
03:37:39.0845 3568 MpsSvc - ok
03:37:39.0876 3568 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
03:37:39.0876 3568 MRxDAV - ok
03:37:39.0923 3568 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:37:39.0923 3568 mrxsmb - ok
03:37:40.0001 3568 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:37:40.0001 3568 mrxsmb10 - ok
03:37:40.0017 3568 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:37:40.0017 3568 mrxsmb20 - ok
03:37:40.0048 3568 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
03:37:40.0048 3568 msahci - ok
03:37:40.0064 3568 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
03:37:40.0064 3568 msdsm - ok
03:37:40.0095 3568 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:37:40.0095 3568 MSDTC - ok
03:37:40.0126 3568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:37:40.0126 3568 Msfs - ok
03:37:40.0142 3568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:37:40.0142 3568 mshidkmdf - ok
03:37:40.0157 3568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
03:37:40.0157 3568 msisadrv - ok
03:37:40.0188 3568 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:37:40.0188 3568 MSiSCSI - ok
03:37:40.0188 3568 msiserver - ok
03:37:40.0220 3568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:37:40.0220 3568 MSKSSRV - ok
03:37:40.0235 3568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:37:40.0235 3568 MSPCLOCK - ok
03:37:40.0235 3568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:37:40.0235 3568 MSPQM - ok
03:37:40.0251 3568 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
03:37:40.0251 3568 MsRPC - ok
03:37:40.0266 3568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
03:37:40.0266 3568 mssmbios - ok
03:37:40.0298 3568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:37:40.0298 3568 MSTEE - ok
03:37:40.0298 3568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
03:37:40.0313 3568 MTConfig - ok
03:37:40.0329 3568 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\Windows\system32\DRIVERS\ASACPI.sys
03:37:40.0329 3568 MTsensor - ok
03:37:40.0360 3568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:37:40.0360 3568 Mup - ok
03:37:40.0391 3568 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
03:37:40.0391 3568 napagent - ok
03:37:40.0469 3568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:37:40.0469 3568 NativeWifiP - ok
03:37:40.0594 3568 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
03:37:40.0594 3568 NAUpdate - ok
03:37:40.0656 3568 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
03:37:40.0672 3568 NDIS - ok
03:37:40.0703 3568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:37:40.0703 3568 NdisCap - ok
03:37:40.0719 3568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:37:40.0719 3568 NdisTapi - ok
03:37:40.0734 3568 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
03:37:40.0734 3568 Ndisuio - ok
03:37:40.0750 3568 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
03:37:40.0750 3568 NdisWan - ok
03:37:40.0766 3568 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
03:37:40.0781 3568 NDProxy - ok
03:37:40.0781 3568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:37:40.0781 3568 NetBIOS - ok
03:37:40.0844 3568 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
03:37:40.0844 3568 NetBT - ok
03:37:40.0875 3568 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:40.0875 3568 Netlogon - ok
03:37:40.0922 3568 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:37:40.0922 3568 Netman - ok
03:37:40.0968 3568 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:37:40.0984 3568 netprofm - ok
03:37:41.0093 3568 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:37:41.0093 3568 NetTcpPortSharing - ok
03:37:41.0124 3568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
03:37:41.0124 3568 nfrd960 - ok
03:37:41.0171 3568 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
03:37:41.0171 3568 NlaSvc - ok
03:37:41.0202 3568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:37:41.0202 3568 Npfs - ok
03:37:41.0234 3568 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:37:41.0234 3568 nsi - ok
03:37:41.0234 3568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:37:41.0234 3568 nsiproxy - ok
03:37:41.0343 3568 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
03:37:41.0358 3568 Ntfs - ok
03:37:41.0468 3568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:37:41.0468 3568 Null - ok
03:37:41.0514 3568 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
03:37:41.0530 3568 nvraid - ok
03:37:41.0546 3568 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
03:37:41.0546 3568 nvstor - ok
03:37:41.0561 3568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
03:37:41.0561 3568 nv_agp - ok
03:37:41.0577 3568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
03:37:41.0577 3568 ohci1394 - ok
03:37:41.0608 3568 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:37:41.0624 3568 p2pimsvc - ok
03:37:41.0670 3568 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:37:41.0670 3568 p2psvc - ok
03:37:41.0702 3568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
03:37:41.0702 3568 Parport - ok
03:37:41.0717 3568 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
03:37:41.0717 3568 partmgr - ok
03:37:41.0748 3568 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:37:41.0748 3568 PcaSvc - ok
03:37:41.0780 3568 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
03:37:41.0780 3568 pci - ok
03:37:41.0795 3568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
03:37:41.0795 3568 pciide - ok
03:37:41.0795 3568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
03:37:41.0811 3568 pcmcia - ok
03:37:41.0858 3568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:37:41.0858 3568 pcw - ok
03:37:41.0904 3568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:37:41.0904 3568 PEAUTH - ok
03:37:41.0967 3568 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
03:37:41.0967 3568 PeerDistSvc - ok
03:37:42.0045 3568 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:37:42.0045 3568 PerfHost - ok
03:37:42.0170 3568 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
03:37:42.0185 3568 pla - ok
03:37:42.0248 3568 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
03:37:42.0248 3568 PlugPlay - ok
03:37:42.0248 3568 PnkBstrA - ok
03:37:42.0279 3568 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:37:42.0279 3568 PNRPAutoReg - ok
03:37:42.0310 3568 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:37:42.0310 3568 PNRPsvc - ok
03:37:42.0357 3568 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
03:37:42.0357 3568 PolicyAgent - ok
03:37:42.0388 3568 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:37:42.0388 3568 Power - ok
03:37:42.0482 3568 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
03:37:42.0482 3568 PptpMiniport - ok
03:37:42.0497 3568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
03:37:42.0497 3568 Processor - ok
03:37:42.0560 3568 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
03:37:42.0560 3568 ProfSvc - ok
03:37:42.0591 3568 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:42.0591 3568 ProtectedStorage - ok
03:37:42.0622 3568 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
03:37:42.0622 3568 Psched - ok
03:37:42.0684 3568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
03:37:42.0700 3568 ql2300 - ok
03:37:42.0825 3568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
03:37:42.0825 3568 ql40xx - ok
03:37:42.0887 3568 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:37:42.0887 3568 QWAVE - ok
03:37:42.0918 3568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:37:42.0918 3568 QWAVEdrv - ok
03:37:42.0918 3568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:37:42.0918 3568 RasAcd - ok
03:37:42.0950 3568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:37:42.0950 3568 RasAgileVpn - ok
03:37:42.0965 3568 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:37:42.0965 3568 RasAuto - ok
03:37:42.0996 3568 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:37:42.0996 3568 Rasl2tp - ok
03:37:43.0043 3568 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
03:37:43.0059 3568 RasMan - ok
03:37:43.0074 3568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:37:43.0074 3568 RasPppoe - ok
03:37:43.0106 3568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:37:43.0106 3568 RasSstp - ok
03:37:43.0137 3568 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
03:37:43.0137 3568 rdbss - ok
03:37:43.0152 3568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:37:43.0168 3568 rdpbus - ok
03:37:43.0168 3568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:37:43.0168 3568 RDPCDD - ok
03:37:43.0199 3568 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
03:37:43.0199 3568 RDPDR - ok
03:37:43.0215 3568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:37:43.0215 3568 RDPENCDD - ok
03:37:43.0246 3568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:37:43.0246 3568 RDPREFMP - ok
03:37:43.0277 3568 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
03:37:43.0277 3568 RdpVideoMiniport - ok
03:37:43.0293 3568 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
03:37:43.0293 3568 RDPWD - ok
03:37:43.0308 3568 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
03:37:43.0308 3568 rdyboost - ok
03:37:43.0340 3568 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:37:43.0340 3568 RemoteAccess - ok
03:37:43.0371 3568 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:37:43.0371 3568 RemoteRegistry - ok
03:37:43.0402 3568 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:37:43.0402 3568 RpcEptMapper - ok
03:37:43.0433 3568 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:37:43.0433 3568 RpcLocator - ok
03:37:43.0464 3568 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:37:43.0464 3568 RpcSs - ok
03:37:43.0496 3568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:37:43.0496 3568 rspndr - ok
03:37:43.0542 3568 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
03:37:43.0542 3568 RTL8167 - ok
03:37:43.0574 3568 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
03:37:43.0574 3568 s3cap - ok
03:37:43.0605 3568 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:43.0605 3568 SamSs - ok
03:37:43.0620 3568 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
03:37:43.0620 3568 sbp2port - ok
03:37:43.0652 3568 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:37:43.0667 3568 SCardSvr - ok
03:37:43.0683 3568 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
03:37:43.0683 3568 scfilter - ok
03:37:43.0745 3568 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
03:37:43.0745 3568 Schedule - ok
03:37:43.0776 3568 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:37:43.0776 3568 SCPolicySvc - ok
03:37:43.0808 3568 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
03:37:43.0808 3568 SDRSVC - ok
03:37:43.0917 3568 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
03:37:43.0917 3568 SeaPort - ok
03:37:43.0979 3568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:37:43.0979 3568 secdrv - ok
03:37:43.0995 3568 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
03:37:44.0010 3568 seclogon - ok
03:37:44.0042 3568 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:37:44.0042 3568 SENS - ok
03:37:44.0088 3568 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:37:44.0088 3568 SensrSvc - ok
03:37:44.0104 3568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:37:44.0104 3568 Serenum - ok
03:37:44.0182 3568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:37:44.0182 3568 Serial - ok
03:37:44.0198 3568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
03:37:44.0198 3568 sermouse - ok
03:37:44.0229 3568 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
03:37:44.0229 3568 SessionEnv - ok
03:37:44.0260 3568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
03:37:44.0260 3568 sffdisk - ok
03:37:44.0260 3568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
03:37:44.0260 3568 sffp_mmc - ok
03:37:44.0291 3568 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
03:37:44.0291 3568 sffp_sd - ok
03:37:44.0307 3568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
03:37:44.0307 3568 sfloppy - ok
03:37:44.0385 3568 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:37:44.0385 3568 SharedAccess - ok
03:37:44.0432 3568 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
03:37:44.0432 3568 ShellHWDetection - ok
03:37:44.0463 3568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
03:37:44.0463 3568 SiSRaid2 - ok
03:37:44.0478 3568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
03:37:44.0494 3568 SiSRaid4 - ok
03:37:44.0541 3568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:37:44.0556 3568 Smb - ok
03:37:44.0588 3568 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:37:44.0588 3568 SNMPTRAP - ok
03:37:44.0619 3568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:37:44.0619 3568 spldr - ok
03:37:44.0666 3568 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
03:37:44.0666 3568 Spooler - ok
03:37:44.0806 3568 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
03:37:44.0837 3568 sppsvc - ok
03:37:44.0993 3568 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:37:44.0993 3568 sppuinotify - ok
03:37:45.0071 3568 sptd (ee037bd2e873d209dd4d49467ed965a3) C:\Windows\system32\Drivers\sptd.sys
03:37:45.0087 3568 sptd - ok
03:37:45.0134 3568 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
03:37:45.0149 3568 srv - ok
03:37:45.0196 3568 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
03:37:45.0212 3568 srv2 - ok
03:37:45.0258 3568 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
03:37:45.0258 3568 srvnet - ok
03:37:45.0305 3568 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:37:45.0305 3568 SSDPSRV - ok
03:37:45.0321 3568 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:37:45.0321 3568 SstpSvc - ok
03:37:45.0336 3568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
03:37:45.0336 3568 stexstor - ok
03:37:45.0399 3568 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
03:37:45.0399 3568 stisvc - ok
03:37:45.0430 3568 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
03:37:45.0430 3568 storflt - ok
03:37:45.0446 3568 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
03:37:45.0446 3568 storvsc - ok
03:37:45.0477 3568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
03:37:45.0477 3568 swenum - ok
03:37:45.0602 3568 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:37:45.0617 3568 SwitchBoard - ok
03:37:45.0648 3568 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:37:45.0648 3568 swprv - ok
03:37:45.0680 3568 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
03:37:45.0680 3568 Synth3dVsc - ok
03:37:45.0758 3568 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
03:37:45.0758 3568 SysMain - ok
03:37:45.0867 3568 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
03:37:45.0867 3568 TabletInputService - ok
03:37:45.0898 3568 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
03:37:45.0898 3568 TapiSrv - ok
03:37:45.0929 3568 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:37:45.0929 3568 TBS - ok
03:37:46.0070 3568 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
03:37:46.0085 3568 Tcpip - ok
03:37:46.0288 3568 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
03:37:46.0304 3568 TCPIP6 - ok
03:37:46.0413 3568 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
03:37:46.0428 3568 tcpipreg - ok
03:37:46.0428 3568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:37:46.0444 3568 TDPIPE - ok
03:37:46.0444 3568 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:37:46.0444 3568 TDTCP - ok
03:37:46.0475 3568 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
03:37:46.0475 3568 tdx - ok
03:37:46.0491 3568 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
03:37:46.0506 3568 TermDD - ok
03:37:46.0522 3568 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
03:37:46.0522 3568 terminpt - ok
03:37:46.0569 3568 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
03:37:46.0584 3568 TermService - ok
03:37:46.0600 3568 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:37:46.0600 3568 Themes - ok
03:37:46.0631 3568 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:37:46.0631 3568 THREADORDER - ok
03:37:46.0662 3568 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:37:46.0662 3568 TrkWks - ok
03:37:46.0725 3568 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
03:37:46.0725 3568 TrustedInstaller - ok
03:37:46.0787 3568 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:37:46.0787 3568 tssecsrv - ok
03:37:46.0803 3568 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
03:37:46.0803 3568 TsUsbFlt - ok
03:37:46.0818 3568 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
03:37:46.0818 3568 TsUsbGD - ok
03:37:46.0850 3568 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
03:37:46.0850 3568 tsusbhub - ok
03:37:46.0881 3568 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
03:37:46.0896 3568 tunnel - ok
03:37:46.0912 3568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
03:37:46.0912 3568 uagp35 - ok
03:37:46.0928 3568 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
03:37:46.0943 3568 udfs - ok
03:37:46.0959 3568 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:37:46.0974 3568 UI0Detect - ok
03:37:46.0990 3568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
03:37:46.0990 3568 uliagpkx - ok
03:37:47.0084 3568 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
03:37:47.0084 3568 UltraMonUtility - ok
03:37:47.0115 3568 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
03:37:47.0115 3568 umbus - ok
03:37:47.0130 3568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
03:37:47.0130 3568 UmPass - ok
03:37:47.0177 3568 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
03:37:47.0177 3568 UmRdpService - ok
03:37:47.0208 3568 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:37:47.0224 3568 upnphost - ok
03:37:47.0255 3568 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
03:37:47.0255 3568 usbccgp - ok
03:37:47.0286 3568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
03:37:47.0286 3568 usbcir - ok
03:37:47.0333 3568 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
03:37:47.0333 3568 usbehci - ok
03:37:47.0380 3568 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
03:37:47.0380 3568 usbhub - ok
03:37:47.0396 3568 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
03:37:47.0396 3568 usbohci - ok
03:37:47.0411 3568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
03:37:47.0427 3568 usbprint - ok
03:37:47.0458 3568 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:37:47.0458 3568 USBSTOR - ok
03:37:47.0474 3568 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
03:37:47.0474 3568 usbuhci - ok
03:37:47.0505 3568 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:37:47.0505 3568 UxSms - ok
03:37:47.0536 3568 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:47.0536 3568 VaultSvc - ok
03:37:47.0552 3568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
03:37:47.0552 3568 vdrvroot - ok
03:37:47.0614 3568 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
03:37:47.0614 3568 vds - ok
03:37:47.0630 3568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:37:47.0630 3568 vga - ok
03:37:47.0645 3568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:37:47.0645 3568 VgaSave - ok
03:37:47.0661 3568 VGPU - ok
03:37:47.0676 3568 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
03:37:47.0676 3568 vhdmp - ok
03:37:47.0708 3568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
03:37:47.0708 3568 viaide - ok
03:37:47.0723 3568 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
03:37:47.0723 3568 vmbus - ok
03:37:47.0739 3568 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
03:37:47.0739 3568 VMBusHID - ok
03:37:47.0754 3568 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
03:37:47.0770 3568 vncmirror - ok
03:37:47.0801 3568 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
03:37:47.0801 3568 volmgr - ok
03:37:47.0832 3568 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
03:37:47.0832 3568 volmgrx - ok
03:37:47.0864 3568 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
03:37:47.0864 3568 volsnap - ok
03:37:47.0895 3568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
03:37:47.0895 3568 vsmraid - ok
03:37:47.0973 3568 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
03:37:47.0973 3568 VSS - ok
03:37:48.0113 3568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:37:48.0113 3568 vwifibus - ok
03:37:48.0129 3568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:37:48.0129 3568 vwififlt - ok
03:37:48.0176 3568 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:37:48.0176 3568 W32Time - ok
03:37:48.0207 3568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
03:37:48.0207 3568 WacomPen - ok
03:37:48.0222 3568 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:37:48.0222 3568 WANARP - ok
03:37:48.0222 3568 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:37:48.0222 3568 Wanarpv6 - ok
03:37:48.0316 3568 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
03:37:48.0316 3568 WatAdminSvc - ok
03:37:48.0394 3568 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
03:37:48.0410 3568 wbengine - ok
03:37:48.0503 3568 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:37:48.0503 3568 WbioSrvc - ok
03:37:48.0550 3568 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
03:37:48.0550 3568 wcncsvc - ok
03:37:48.0581 3568 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:37:48.0581 3568 WcsPlugInService - ok
03:37:48.0644 3568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
03:37:48.0644 3568 Wd - ok
03:37:48.0675 3568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:37:48.0675 3568 Wdf01000 - ok
03:37:48.0706 3568 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:37:48.0706 3568 WdiServiceHost - ok
03:37:48.0706 3568 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:37:48.0722 3568 WdiSystemHost - ok
03:37:48.0737 3568 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
03:37:48.0737 3568 WebClient - ok
03:37:48.0784 3568 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:37:48.0784 3568 Wecsvc - ok
03:37:48.0800 3568 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:37:48.0800 3568 wercplsupport - ok
03:37:48.0831 3568 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:37:48.0831 3568 WerSvc - ok
03:37:48.0893 3568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:37:48.0893 3568 WfpLwf - ok
03:37:48.0909 3568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:37:48.0909 3568 WIMMount - ok
03:37:48.0940 3568 WinDefend - ok
03:37:48.0940 3568 WinHttpAutoProxySvc - ok
03:37:48.0987 3568 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:37:49.0002 3568 Winmgmt - ok
03:37:49.0096 3568 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
03:37:49.0127 3568 WinRM - ok
03:37:49.0252 3568 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
03:37:49.0252 3568 WinUsb - ok
03:37:49.0377 3568 WinVNC4 (127bec0b5d33e228f1121ca4dad550b1) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
03:37:49.0392 3568 WinVNC4 - ok
03:37:49.0517 3568 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:37:49.0517 3568 Wlansvc - ok
03:37:49.0658 3568 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:37:49.0658 3568 wlcrasvc - ok
03:37:49.0782 3568 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:37:49.0782 3568 wlidsvc - ok
03:37:49.0938 3568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
03:37:49.0938 3568 WmiAcpi - ok
03:37:50.0001 3568 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:37:50.0001 3568 wmiApSrv - ok
03:37:50.0048 3568 WMPNetworkSvc - ok
03:37:50.0079 3568 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:37:50.0079 3568 WPCSvc - ok
03:37:50.0094 3568 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
03:37:50.0110 3568 WPDBusEnum - ok
03:37:50.0126 3568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:37:50.0126 3568 ws2ifsl - ok
03:37:50.0141 3568 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:37:50.0157 3568 wscsvc - ok
03:37:50.0157 3568 WSearch - ok
03:37:50.0250 3568 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
03:37:50.0250 3568 wuauserv - ok
03:37:50.0375 3568 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
03:37:50.0375 3568 WudfPf - ok
03:37:50.0391 3568 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:37:50.0391 3568 WUDFRd - ok
03:37:50.0438 3568 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
03:37:50.0438 3568 wudfsvc - ok
03:37:50.0453 3568 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:37:50.0453 3568 WwanSvc - ok
03:37:50.0562 3568 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:37:50.0578 3568 YahooAUService - ok
03:37:50.0687 3568 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
03:37:50.0687 3568 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
03:37:50.0703 3568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:37:51.0046 3568 \Device\Harddisk0\DR0 - ok
03:37:51.0062 3568 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
03:37:51.0062 3568 \Device\Harddisk1\DR1 - ok
03:37:51.0062 3568 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
03:37:51.0077 3568 \Device\Harddisk2\DR2 - ok
03:37:51.0077 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
03:37:51.0077 3568 \Device\Harddisk3\DR3 - ok
03:37:51.0108 3568 Boot (0x1200) (3f64442ed679ae216470325c9e1221da) \Device\Harddisk0\DR0\Partition0
03:37:51.0140 3568 \Device\Harddisk0\DR0\Partition0 - ok
03:37:51.0140 3568 Boot (0x1200) (806018dfd65998abc58183d0ae72ef45) \Device\Harddisk1\DR1\Partition0
03:37:51.0140 3568 \Device\Harddisk1\DR1\Partition0 - ok
03:37:51.0140 3568 Boot (0x1200) (6f343131971e69df7da089614ceca7a1) \Device\Harddisk2\DR2\Partition0
03:37:51.0155 3568 \Device\Harddisk2\DR2\Partition0 - ok
03:37:51.0155 3568 Boot (0x1200) (abb79791b5cf23ad4ce311362cccc64d) \Device\Harddisk3\DR3\Partition0
03:37:51.0155 3568 \Device\Harddisk3\DR3\Partition0 - ok
03:37:51.0155 3568 ============================================================
03:37:51.0155 3568 Scan finished
03:37:51.0155 3568 ============================================================
03:37:51.0155 2096 Detected object count: 0
03:37:51.0155 2096 Actual detected object count: 0
03:38:07.0348 5044 ============================================================

#14 m0x

m0x
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 May 2012 - 04:05 PM

03:37:30.0610 3568 Scan started
03:37:30.0610 3568 Mode: Manual;
03:37:30.0610 3568 ============================================================
03:37:31.0312 3568 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
03:37:31.0312 3568 1394ohci - ok
03:37:31.0359 3568 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
03:37:31.0359 3568 ACPI - ok
03:37:31.0390 3568 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
03:37:31.0390 3568 AcpiPmi - ok
03:37:31.0515 3568 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:37:31.0515 3568 AdobeFlashPlayerUpdateSvc - ok
03:37:31.0562 3568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
03:37:31.0562 3568 adp94xx - ok
03:37:31.0593 3568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
03:37:31.0593 3568 adpahci - ok
03:37:31.0624 3568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
03:37:31.0624 3568 adpu320 - ok
03:37:31.0671 3568 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:37:31.0671 3568 AeLookupSvc - ok
03:37:31.0749 3568 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
03:37:31.0764 3568 AFD - ok
03:37:31.0796 3568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
03:37:31.0796 3568 agp440 - ok
03:37:31.0827 3568 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:37:31.0827 3568 ALG - ok
03:37:31.0827 3568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
03:37:31.0827 3568 aliide - ok
03:37:31.0936 3568 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
03:37:31.0936 3568 AMD External Events Utility - ok
03:37:31.0967 3568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
03:37:31.0967 3568 amdide - ok
03:37:31.0983 3568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
03:37:31.0983 3568 AmdK8 - ok
03:37:32.0342 3568 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:37:32.0420 3568 amdkmdag - ok
03:37:32.0560 3568 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
03:37:32.0560 3568 amdkmdap - ok
03:37:32.0607 3568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
03:37:32.0607 3568 AmdPPM - ok
03:37:32.0669 3568 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
03:37:32.0669 3568 amdsata - ok
03:37:32.0716 3568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
03:37:32.0716 3568 amdsbs - ok
03:37:32.0747 3568 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
03:37:32.0747 3568 amdxata - ok
03:37:32.0778 3568 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
03:37:32.0778 3568 AppID - ok
03:37:32.0794 3568 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:37:32.0794 3568 AppIDSvc - ok
03:37:32.0810 3568 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
03:37:32.0810 3568 Appinfo - ok
03:37:32.0841 3568 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
03:37:32.0841 3568 AppMgmt - ok
03:37:32.0856 3568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
03:37:32.0856 3568 arc - ok
03:37:32.0888 3568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
03:37:32.0888 3568 arcsas - ok
03:37:32.0903 3568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:37:32.0903 3568 AsyncMac - ok
03:37:32.0919 3568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
03:37:32.0919 3568 atapi - ok
03:37:32.0997 3568 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
03:37:32.0997 3568 athr - ok
03:37:33.0137 3568 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
03:37:33.0137 3568 AtiHDAudioService - ok
03:37:33.0168 3568 AtiHdmiService (71a05d829483380de8d00f73e440d18a) C:\Windows\system32\drivers\AtiHdmi.sys
03:37:33.0168 3568 AtiHdmiService - ok
03:37:33.0496 3568 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:37:33.0558 3568 atikmdag - ok
03:37:33.0683 3568 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:37:33.0683 3568 AudioEndpointBuilder - ok
03:37:33.0699 3568 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:37:33.0699 3568 AudioSrv - ok
03:37:33.0730 3568 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
03:37:33.0730 3568 AxInstSV - ok
03:37:33.0824 3568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
03:37:33.0839 3568 b06bdrv - ok
03:37:33.0839 3568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:37:33.0855 3568 b57nd60a - ok
03:37:33.0917 3568 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
03:37:33.0933 3568 BBSvc - ok
03:37:33.0964 3568 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:37:33.0964 3568 BDESVC - ok
03:37:33.0964 3568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:37:33.0964 3568 Beep - ok
03:37:34.0011 3568 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
03:37:34.0011 3568 BFE - ok
03:37:34.0058 3568 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
03:37:34.0073 3568 BITS - ok
03:37:34.0136 3568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:37:34.0136 3568 blbdrive - ok
03:37:34.0214 3568 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
03:37:34.0214 3568 Bonjour Service - ok
03:37:34.0260 3568 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
03:37:34.0260 3568 bowser - ok
03:37:34.0292 3568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
03:37:34.0292 3568 BrFiltLo - ok
03:37:34.0323 3568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
03:37:34.0323 3568 BrFiltUp - ok
03:37:34.0370 3568 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:37:34.0370 3568 BridgeMP - ok
03:37:34.0401 3568 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
03:37:34.0401 3568 Browser - ok
03:37:34.0416 3568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:37:34.0416 3568 Brserid - ok
03:37:34.0448 3568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:37:34.0448 3568 BrSerWdm - ok
03:37:34.0448 3568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:37:34.0448 3568 BrUsbMdm - ok
03:37:34.0463 3568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:37:34.0463 3568 BrUsbSer - ok
03:37:34.0479 3568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
03:37:34.0479 3568 BTHMODEM - ok
03:37:34.0541 3568 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:37:34.0541 3568 bthserv - ok
03:37:34.0541 3568 catchme - ok
03:37:34.0572 3568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:37:34.0572 3568 cdfs - ok
03:37:34.0604 3568 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
03:37:34.0619 3568 cdrom - ok
03:37:34.0635 3568 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:37:34.0635 3568 CertPropSvc - ok
03:37:34.0650 3568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
03:37:34.0650 3568 circlass - ok
03:37:34.0682 3568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:37:34.0682 3568 CLFS - ok
03:37:34.0760 3568 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:37:34.0760 3568 clr_optimization_v2.0.50727_32 - ok
03:37:34.0822 3568 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:37:34.0822 3568 clr_optimization_v2.0.50727_64 - ok
03:37:34.0916 3568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:37:34.0916 3568 clr_optimization_v4.0.30319_32 - ok
03:37:34.0994 3568 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:37:34.0994 3568 clr_optimization_v4.0.30319_64 - ok
03:37:35.0025 3568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
03:37:35.0025 3568 CmBatt - ok
03:37:35.0056 3568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
03:37:35.0056 3568 cmdide - ok
03:37:35.0087 3568 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
03:37:35.0103 3568 CNG - ok
03:37:35.0103 3568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
03:37:35.0103 3568 Compbatt - ok
03:37:35.0134 3568 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:37:35.0134 3568 CompositeBus - ok
03:37:35.0134 3568 COMSysApp - ok
03:37:35.0165 3568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
03:37:35.0165 3568 crcdisk - ok
03:37:35.0212 3568 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
03:37:35.0212 3568 CryptSvc - ok
03:37:35.0243 3568 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
03:37:35.0259 3568 CSC - ok
03:37:35.0290 3568 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
03:37:35.0290 3568 CscService - ok
03:37:35.0337 3568 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:37:35.0352 3568 DcomLaunch - ok
03:37:35.0384 3568 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:37:35.0384 3568 defragsvc - ok
03:37:35.0446 3568 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
03:37:35.0446 3568 DfsC - ok
03:37:35.0477 3568 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
03:37:35.0477 3568 Dhcp - ok
03:37:35.0508 3568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:37:35.0508 3568 discache - ok
03:37:35.0524 3568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
03:37:35.0524 3568 Disk - ok
03:37:35.0555 3568 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
03:37:35.0555 3568 dmvsc - ok
03:37:35.0602 3568 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
03:37:35.0602 3568 Dnscache - ok
03:37:35.0649 3568 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
03:37:35.0649 3568 dot3svc - ok
03:37:35.0664 3568 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
03:37:35.0664 3568 DPS - ok
03:37:35.0696 3568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:37:35.0696 3568 drmkaud - ok
03:37:35.0758 3568 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
03:37:35.0758 3568 DXGKrnl - ok
03:37:35.0789 3568 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:37:35.0789 3568 EapHost - ok
03:37:35.0914 3568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
03:37:35.0945 3568 ebdrv - ok
03:37:36.0054 3568 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
03:37:36.0054 3568 EFS - ok
03:37:36.0117 3568 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
03:37:36.0117 3568 ehRecvr - ok
03:37:36.0148 3568 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:37:36.0148 3568 ehSched - ok
03:37:36.0242 3568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
03:37:36.0242 3568 elxstor - ok
03:37:36.0257 3568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
03:37:36.0257 3568 ErrDev - ok
03:37:36.0304 3568 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:37:36.0304 3568 EventSystem - ok
03:37:36.0320 3568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:37:36.0320 3568 exfat - ok
03:37:36.0366 3568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:37:36.0366 3568 fastfat - ok
03:37:36.0429 3568 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
03:37:36.0444 3568 Fax - ok
03:37:36.0444 3568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:37:36.0444 3568 fdc - ok
03:37:36.0476 3568 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:37:36.0476 3568 fdPHost - ok
03:37:36.0507 3568 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:37:36.0507 3568 FDResPub - ok
03:37:36.0522 3568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:37:36.0538 3568 FileInfo - ok
03:37:36.0538 3568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:37:36.0538 3568 Filetrace - ok
03:37:36.0632 3568 FLEXnet Licensing Service (5d607317935132ef6d0d604cfa57be9f) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:37:36.0647 3568 FLEXnet Licensing Service - ok
03:37:36.0663 3568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:37:36.0663 3568 flpydisk - ok
03:37:36.0694 3568 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
03:37:36.0694 3568 FltMgr - ok
03:37:36.0741 3568 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
03:37:36.0756 3568 FontCache - ok
03:37:36.0866 3568 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:37:36.0866 3568 FontCache3.0.0.0 - ok
03:37:36.0959 3568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:37:36.0959 3568 FsDepends - ok
03:37:37.0006 3568 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
03:37:37.0006 3568 fssfltr - ok
03:37:37.0162 3568 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:37:37.0178 3568 fsssvc - ok
03:37:37.0287 3568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:37:37.0287 3568 Fs_Rec - ok
03:37:37.0334 3568 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:37:37.0334 3568 fvevol - ok
03:37:37.0334 3568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
03:37:37.0334 3568 gagp30kx - ok
03:37:37.0396 3568 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
03:37:37.0396 3568 gpsvc - ok
03:37:37.0412 3568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:37:37.0412 3568 hcw85cir - ok
03:37:37.0458 3568 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
03:37:37.0458 3568 HdAudAddService - ok
03:37:37.0474 3568 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:37:37.0474 3568 HDAudBus - ok
03:37:37.0505 3568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
03:37:37.0505 3568 HidBatt - ok
03:37:37.0521 3568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
03:37:37.0521 3568 HidBth - ok
03:37:37.0536 3568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
03:37:37.0536 3568 HidIr - ok
03:37:37.0568 3568 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:37:37.0568 3568 hidserv - ok
03:37:37.0599 3568 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
03:37:37.0599 3568 HidUsb - ok
03:37:37.0646 3568 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
03:37:37.0646 3568 hkmsvc - ok
03:37:37.0677 3568 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
03:37:37.0677 3568 HomeGroupListener - ok
03:37:37.0708 3568 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
03:37:37.0724 3568 HomeGroupProvider - ok
03:37:37.0755 3568 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
03:37:37.0755 3568 HpSAMD - ok
03:37:37.0802 3568 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
03:37:37.0817 3568 HTTP - ok
03:37:37.0833 3568 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
03:37:37.0833 3568 hwpolicy - ok
03:37:37.0848 3568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
03:37:37.0848 3568 i8042prt - ok
03:37:37.0895 3568 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
03:37:37.0895 3568 iaStorV - ok
03:37:37.0942 3568 IDMWFP (a9414fc657023cfb4c37e2d8938125d9) C:\Windows\system32\DRIVERS\idmwfp.sys
03:37:37.0942 3568 IDMWFP - ok
03:37:38.0067 3568 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:37:38.0067 3568 idsvc - ok
03:37:38.0098 3568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
03:37:38.0098 3568 iirsp - ok
03:37:38.0145 3568 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
03:37:38.0160 3568 IKEEXT - ok
03:37:38.0192 3568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
03:37:38.0192 3568 intelide - ok
03:37:38.0207 3568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:37:38.0207 3568 intelppm - ok
03:37:38.0254 3568 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:37:38.0254 3568 IPBusEnum - ok
03:37:38.0270 3568 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:37:38.0270 3568 IpFilterDriver - ok
03:37:38.0301 3568 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
03:37:38.0301 3568 iphlpsvc - ok
03:37:38.0332 3568 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
03:37:38.0332 3568 IPMIDRV - ok
03:37:38.0348 3568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:37:38.0348 3568 IPNAT - ok
03:37:38.0363 3568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:37:38.0363 3568 IRENUM - ok
03:37:38.0363 3568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
03:37:38.0363 3568 isapnp - ok
03:37:38.0410 3568 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
03:37:38.0410 3568 iScsiPrt - ok
03:37:38.0472 3568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:37:38.0472 3568 kbdclass - ok
03:37:38.0488 3568 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
03:37:38.0488 3568 kbdhid - ok
03:37:38.0504 3568 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:38.0504 3568 KeyIso - ok
03:37:38.0535 3568 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
03:37:38.0550 3568 KSecDD - ok
03:37:38.0550 3568 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
03:37:38.0550 3568 KSecPkg - ok
03:37:38.0566 3568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:37:38.0566 3568 ksthunk - ok
03:37:38.0597 3568 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:37:38.0613 3568 KtmRm - ok
03:37:38.0644 3568 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
03:37:38.0660 3568 LanmanServer - ok
03:37:38.0691 3568 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
03:37:38.0691 3568 LanmanWorkstation - ok
03:37:38.0706 3568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:37:38.0706 3568 lltdio - ok
03:37:38.0753 3568 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:37:38.0753 3568 lltdsvc - ok
03:37:38.0769 3568 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:37:38.0769 3568 lmhosts - ok
03:37:38.0800 3568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
03:37:38.0800 3568 LSI_FC - ok
03:37:39.0034 3568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
03:37:39.0034 3568 LSI_SAS - ok
03:37:39.0065 3568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
03:37:39.0065 3568 LSI_SAS2 - ok
03:37:39.0081 3568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
03:37:39.0096 3568 LSI_SCSI - ok
03:37:39.0128 3568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:37:39.0128 3568 luafv - ok
03:37:39.0174 3568 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
03:37:39.0174 3568 MBAMProtector - ok
03:37:39.0315 3568 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:37:39.0315 3568 MBAMService - ok
03:37:39.0393 3568 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
03:37:39.0393 3568 McComponentHostService - ok
03:37:39.0440 3568 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
03:37:39.0440 3568 Mcx2Svc - ok
03:37:39.0455 3568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
03:37:39.0455 3568 megasas - ok
03:37:39.0486 3568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
03:37:39.0502 3568 MegaSR - ok
03:37:39.0533 3568 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:37:39.0533 3568 MMCSS - ok
03:37:39.0564 3568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:37:39.0564 3568 Modem - ok
03:37:39.0580 3568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:37:39.0580 3568 monitor - ok
03:37:39.0611 3568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:37:39.0611 3568 mouclass - ok
03:37:39.0642 3568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:37:39.0642 3568 mouhid - ok
03:37:39.0674 3568 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
03:37:39.0674 3568 mountmgr - ok
03:37:39.0705 3568 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
03:37:39.0705 3568 mpio - ok
03:37:39.0752 3568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:37:39.0752 3568 mpsdrv - ok
03:37:39.0845 3568 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
03:37:39.0845 3568 MpsSvc - ok
03:37:39.0876 3568 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
03:37:39.0876 3568 MRxDAV - ok
03:37:39.0923 3568 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:37:39.0923 3568 mrxsmb - ok
03:37:40.0001 3568 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:37:40.0001 3568 mrxsmb10 - ok
03:37:40.0017 3568 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:37:40.0017 3568 mrxsmb20 - ok
03:37:40.0048 3568 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
03:37:40.0048 3568 msahci - ok
03:37:40.0064 3568 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
03:37:40.0064 3568 msdsm - ok
03:37:40.0095 3568 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:37:40.0095 3568 MSDTC - ok
03:37:40.0126 3568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:37:40.0126 3568 Msfs - ok
03:37:40.0142 3568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:37:40.0142 3568 mshidkmdf - ok
03:37:40.0157 3568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
03:37:40.0157 3568 msisadrv - ok
03:37:40.0188 3568 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:37:40.0188 3568 MSiSCSI - ok
03:37:40.0188 3568 msiserver - ok
03:37:40.0220 3568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:37:40.0220 3568 MSKSSRV - ok
03:37:40.0235 3568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:37:40.0235 3568 MSPCLOCK - ok
03:37:40.0235 3568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:37:40.0235 3568 MSPQM - ok
03:37:40.0251 3568 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
03:37:40.0251 3568 MsRPC - ok
03:37:40.0266 3568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
03:37:40.0266 3568 mssmbios - ok
03:37:40.0298 3568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:37:40.0298 3568 MSTEE - ok
03:37:40.0298 3568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
03:37:40.0313 3568 MTConfig - ok
03:37:40.0329 3568 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\Windows\system32\DRIVERS\ASACPI.sys
03:37:40.0329 3568 MTsensor - ok
03:37:40.0360 3568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:37:40.0360 3568 Mup - ok
03:37:40.0391 3568 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
03:37:40.0391 3568 napagent - ok
03:37:40.0469 3568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:37:40.0469 3568 NativeWifiP - ok
03:37:40.0594 3568 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
03:37:40.0594 3568 NAUpdate - ok
03:37:40.0656 3568 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
03:37:40.0672 3568 NDIS - ok
03:37:40.0703 3568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:37:40.0703 3568 NdisCap - ok
03:37:40.0719 3568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:37:40.0719 3568 NdisTapi - ok
03:37:40.0734 3568 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
03:37:40.0734 3568 Ndisuio - ok
03:37:40.0750 3568 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
03:37:40.0750 3568 NdisWan - ok
03:37:40.0766 3568 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
03:37:40.0781 3568 NDProxy - ok
03:37:40.0781 3568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:37:40.0781 3568 NetBIOS - ok
03:37:40.0844 3568 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
03:37:40.0844 3568 NetBT - ok
03:37:40.0875 3568 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:40.0875 3568 Netlogon - ok
03:37:40.0922 3568 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:37:40.0922 3568 Netman - ok
03:37:40.0968 3568 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:37:40.0984 3568 netprofm - ok
03:37:41.0093 3568 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:37:41.0093 3568 NetTcpPortSharing - ok
03:37:41.0124 3568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
03:37:41.0124 3568 nfrd960 - ok
03:37:41.0171 3568 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
03:37:41.0171 3568 NlaSvc - ok
03:37:41.0202 3568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:37:41.0202 3568 Npfs - ok
03:37:41.0234 3568 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:37:41.0234 3568 nsi - ok
03:37:41.0234 3568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:37:41.0234 3568 nsiproxy - ok
03:37:41.0343 3568 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
03:37:41.0358 3568 Ntfs - ok
03:37:41.0468 3568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:37:41.0468 3568 Null - ok
03:37:41.0514 3568 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
03:37:41.0530 3568 nvraid - ok
03:37:41.0546 3568 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
03:37:41.0546 3568 nvstor - ok
03:37:41.0561 3568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
03:37:41.0561 3568 nv_agp - ok
03:37:41.0577 3568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
03:37:41.0577 3568 ohci1394 - ok
03:37:41.0608 3568 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:37:41.0624 3568 p2pimsvc - ok
03:37:41.0670 3568 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:37:41.0670 3568 p2psvc - ok
03:37:41.0702 3568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
03:37:41.0702 3568 Parport - ok
03:37:41.0717 3568 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
03:37:41.0717 3568 partmgr - ok
03:37:41.0748 3568 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:37:41.0748 3568 PcaSvc - ok
03:37:41.0780 3568 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
03:37:41.0780 3568 pci - ok
03:37:41.0795 3568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
03:37:41.0795 3568 pciide - ok
03:37:41.0795 3568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
03:37:41.0811 3568 pcmcia - ok
03:37:41.0858 3568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:37:41.0858 3568 pcw - ok
03:37:41.0904 3568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:37:41.0904 3568 PEAUTH - ok
03:37:41.0967 3568 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
03:37:41.0967 3568 PeerDistSvc - ok
03:37:42.0045 3568 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:37:42.0045 3568 PerfHost - ok
03:37:42.0170 3568 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
03:37:42.0185 3568 pla - ok
03:37:42.0248 3568 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
03:37:42.0248 3568 PlugPlay - ok
03:37:42.0248 3568 PnkBstrA - ok
03:37:42.0279 3568 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:37:42.0279 3568 PNRPAutoReg - ok
03:37:42.0310 3568 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:37:42.0310 3568 PNRPsvc - ok
03:37:42.0357 3568 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
03:37:42.0357 3568 PolicyAgent - ok
03:37:42.0388 3568 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:37:42.0388 3568 Power - ok
03:37:42.0482 3568 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
03:37:42.0482 3568 PptpMiniport - ok
03:37:42.0497 3568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
03:37:42.0497 3568 Processor - ok
03:37:42.0560 3568 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
03:37:42.0560 3568 ProfSvc - ok
03:37:42.0591 3568 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:42.0591 3568 ProtectedStorage - ok
03:37:42.0622 3568 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
03:37:42.0622 3568 Psched - ok
03:37:42.0684 3568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
03:37:42.0700 3568 ql2300 - ok
03:37:42.0825 3568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
03:37:42.0825 3568 ql40xx - ok
03:37:42.0887 3568 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:37:42.0887 3568 QWAVE - ok
03:37:42.0918 3568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:37:42.0918 3568 QWAVEdrv - ok
03:37:42.0918 3568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:37:42.0918 3568 RasAcd - ok
03:37:42.0950 3568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:37:42.0950 3568 RasAgileVpn - ok
03:37:42.0965 3568 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:37:42.0965 3568 RasAuto - ok
03:37:42.0996 3568 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:37:42.0996 3568 Rasl2tp - ok
03:37:43.0043 3568 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
03:37:43.0059 3568 RasMan - ok
03:37:43.0074 3568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:37:43.0074 3568 RasPppoe - ok
03:37:43.0106 3568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:37:43.0106 3568 RasSstp - ok
03:37:43.0137 3568 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
03:37:43.0137 3568 rdbss - ok
03:37:43.0152 3568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:37:43.0168 3568 rdpbus - ok
03:37:43.0168 3568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:37:43.0168 3568 RDPCDD - ok
03:37:43.0199 3568 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
03:37:43.0199 3568 RDPDR - ok
03:37:43.0215 3568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:37:43.0215 3568 RDPENCDD - ok
03:37:43.0246 3568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:37:43.0246 3568 RDPREFMP - ok
03:37:43.0277 3568 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
03:37:43.0277 3568 RdpVideoMiniport - ok
03:37:43.0293 3568 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
03:37:43.0293 3568 RDPWD - ok
03:37:43.0308 3568 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
03:37:43.0308 3568 rdyboost - ok
03:37:43.0340 3568 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:37:43.0340 3568 RemoteAccess - ok
03:37:43.0371 3568 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:37:43.0371 3568 RemoteRegistry - ok
03:37:43.0402 3568 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:37:43.0402 3568 RpcEptMapper - ok
03:37:43.0433 3568 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:37:43.0433 3568 RpcLocator - ok
03:37:43.0464 3568 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:37:43.0464 3568 RpcSs - ok
03:37:43.0496 3568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:37:43.0496 3568 rspndr - ok
03:37:43.0542 3568 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
03:37:43.0542 3568 RTL8167 - ok
03:37:43.0574 3568 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
03:37:43.0574 3568 s3cap - ok
03:37:43.0605 3568 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:43.0605 3568 SamSs - ok
03:37:43.0620 3568 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
03:37:43.0620 3568 sbp2port - ok
03:37:43.0652 3568 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:37:43.0667 3568 SCardSvr - ok
03:37:43.0683 3568 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
03:37:43.0683 3568 scfilter - ok
03:37:43.0745 3568 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
03:37:43.0745 3568 Schedule - ok
03:37:43.0776 3568 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:37:43.0776 3568 SCPolicySvc - ok
03:37:43.0808 3568 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
03:37:43.0808 3568 SDRSVC - ok
03:37:43.0917 3568 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
03:37:43.0917 3568 SeaPort - ok
03:37:43.0979 3568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:37:43.0979 3568 secdrv - ok
03:37:43.0995 3568 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
03:37:44.0010 3568 seclogon - ok
03:37:44.0042 3568 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:37:44.0042 3568 SENS - ok
03:37:44.0088 3568 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:37:44.0088 3568 SensrSvc - ok
03:37:44.0104 3568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:37:44.0104 3568 Serenum - ok
03:37:44.0182 3568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:37:44.0182 3568 Serial - ok
03:37:44.0198 3568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
03:37:44.0198 3568 sermouse - ok
03:37:44.0229 3568 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
03:37:44.0229 3568 SessionEnv - ok
03:37:44.0260 3568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
03:37:44.0260 3568 sffdisk - ok
03:37:44.0260 3568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
03:37:44.0260 3568 sffp_mmc - ok
03:37:44.0291 3568 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
03:37:44.0291 3568 sffp_sd - ok
03:37:44.0307 3568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
03:37:44.0307 3568 sfloppy - ok
03:37:44.0385 3568 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:37:44.0385 3568 SharedAccess - ok
03:37:44.0432 3568 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
03:37:44.0432 3568 ShellHWDetection - ok
03:37:44.0463 3568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
03:37:44.0463 3568 SiSRaid2 - ok
03:37:44.0478 3568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
03:37:44.0494 3568 SiSRaid4 - ok
03:37:44.0541 3568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:37:44.0556 3568 Smb - ok
03:37:44.0588 3568 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:37:44.0588 3568 SNMPTRAP - ok
03:37:44.0619 3568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:37:44.0619 3568 spldr - ok
03:37:44.0666 3568 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
03:37:44.0666 3568 Spooler - ok
03:37:44.0806 3568 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
03:37:44.0837 3568 sppsvc - ok
03:37:44.0993 3568 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:37:44.0993 3568 sppuinotify - ok
03:37:45.0071 3568 sptd (ee037bd2e873d209dd4d49467ed965a3) C:\Windows\system32\Drivers\sptd.sys
03:37:45.0087 3568 sptd - ok
03:37:45.0134 3568 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
03:37:45.0149 3568 srv - ok
03:37:45.0196 3568 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
03:37:45.0212 3568 srv2 - ok
03:37:45.0258 3568 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
03:37:45.0258 3568 srvnet - ok
03:37:45.0305 3568 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:37:45.0305 3568 SSDPSRV - ok
03:37:45.0321 3568 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:37:45.0321 3568 SstpSvc - ok
03:37:45.0336 3568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
03:37:45.0336 3568 stexstor - ok
03:37:45.0399 3568 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
03:37:45.0399 3568 stisvc - ok
03:37:45.0430 3568 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
03:37:45.0430 3568 storflt - ok
03:37:45.0446 3568 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
03:37:45.0446 3568 storvsc - ok
03:37:45.0477 3568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
03:37:45.0477 3568 swenum - ok
03:37:45.0602 3568 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:37:45.0617 3568 SwitchBoard - ok
03:37:45.0648 3568 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:37:45.0648 3568 swprv - ok
03:37:45.0680 3568 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
03:37:45.0680 3568 Synth3dVsc - ok
03:37:45.0758 3568 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
03:37:45.0758 3568 SysMain - ok
03:37:45.0867 3568 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
03:37:45.0867 3568 TabletInputService - ok
03:37:45.0898 3568 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
03:37:45.0898 3568 TapiSrv - ok
03:37:45.0929 3568 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:37:45.0929 3568 TBS - ok
03:37:46.0070 3568 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
03:37:46.0085 3568 Tcpip - ok
03:37:46.0288 3568 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
03:37:46.0304 3568 TCPIP6 - ok
03:37:46.0413 3568 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
03:37:46.0428 3568 tcpipreg - ok
03:37:46.0428 3568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:37:46.0444 3568 TDPIPE - ok
03:37:46.0444 3568 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:37:46.0444 3568 TDTCP - ok
03:37:46.0475 3568 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
03:37:46.0475 3568 tdx - ok
03:37:46.0491 3568 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
03:37:46.0506 3568 TermDD - ok
03:37:46.0522 3568 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
03:37:46.0522 3568 terminpt - ok
03:37:46.0569 3568 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
03:37:46.0584 3568 TermService - ok
03:37:46.0600 3568 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:37:46.0600 3568 Themes - ok
03:37:46.0631 3568 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:37:46.0631 3568 THREADORDER - ok
03:37:46.0662 3568 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:37:46.0662 3568 TrkWks - ok
03:37:46.0725 3568 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
03:37:46.0725 3568 TrustedInstaller - ok
03:37:46.0787 3568 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:37:46.0787 3568 tssecsrv - ok
03:37:46.0803 3568 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
03:37:46.0803 3568 TsUsbFlt - ok
03:37:46.0818 3568 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
03:37:46.0818 3568 TsUsbGD - ok
03:37:46.0850 3568 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
03:37:46.0850 3568 tsusbhub - ok
03:37:46.0881 3568 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
03:37:46.0896 3568 tunnel - ok
03:37:46.0912 3568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
03:37:46.0912 3568 uagp35 - ok
03:37:46.0928 3568 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
03:37:46.0943 3568 udfs - ok
03:37:46.0959 3568 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:37:46.0974 3568 UI0Detect - ok
03:37:46.0990 3568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
03:37:46.0990 3568 uliagpkx - ok
03:37:47.0084 3568 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
03:37:47.0084 3568 UltraMonUtility - ok
03:37:47.0115 3568 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
03:37:47.0115 3568 umbus - ok
03:37:47.0130 3568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
03:37:47.0130 3568 UmPass - ok
03:37:47.0177 3568 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
03:37:47.0177 3568 UmRdpService - ok
03:37:47.0208 3568 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:37:47.0224 3568 upnphost - ok
03:37:47.0255 3568 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
03:37:47.0255 3568 usbccgp - ok
03:37:47.0286 3568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
03:37:47.0286 3568 usbcir - ok
03:37:47.0333 3568 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
03:37:47.0333 3568 usbehci - ok
03:37:47.0380 3568 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
03:37:47.0380 3568 usbhub - ok
03:37:47.0396 3568 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
03:37:47.0396 3568 usbohci - ok
03:37:47.0411 3568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
03:37:47.0427 3568 usbprint - ok
03:37:47.0458 3568 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:37:47.0458 3568 USBSTOR - ok
03:37:47.0474 3568 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
03:37:47.0474 3568 usbuhci - ok
03:37:47.0505 3568 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:37:47.0505 3568 UxSms - ok
03:37:47.0536 3568 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:37:47.0536 3568 VaultSvc - ok
03:37:47.0552 3568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
03:37:47.0552 3568 vdrvroot - ok
03:37:47.0614 3568 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
03:37:47.0614 3568 vds - ok
03:37:47.0630 3568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:37:47.0630 3568 vga - ok
03:37:47.0645 3568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:37:47.0645 3568 VgaSave - ok
03:37:47.0661 3568 VGPU - ok
03:37:47.0676 3568 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
03:37:47.0676 3568 vhdmp - ok
03:37:47.0708 3568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
03:37:47.0708 3568 viaide - ok
03:37:47.0723 3568 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
03:37:47.0723 3568 vmbus - ok
03:37:47.0739 3568 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
03:37:47.0739 3568 VMBusHID - ok
03:37:47.0754 3568 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
03:37:47.0770 3568 vncmirror - ok
03:37:47.0801 3568 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
03:37:47.0801 3568 volmgr - ok
03:37:47.0832 3568 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
03:37:47.0832 3568 volmgrx - ok
03:37:47.0864 3568 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
03:37:47.0864 3568 volsnap - ok
03:37:47.0895 3568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
03:37:47.0895 3568 vsmraid - ok
03:37:47.0973 3568 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
03:37:47.0973 3568 VSS - ok
03:37:48.0113 3568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:37:48.0113 3568 vwifibus - ok
03:37:48.0129 3568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:37:48.0129 3568 vwififlt - ok
03:37:48.0176 3568 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:37:48.0176 3568 W32Time - ok
03:37:48.0207 3568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
03:37:48.0207 3568 WacomPen - ok
03:37:48.0222 3568 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:37:48.0222 3568 WANARP - ok
03:37:48.0222 3568 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:37:48.0222 3568 Wanarpv6 - ok
03:37:48.0316 3568 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
03:37:48.0316 3568 WatAdminSvc - ok
03:37:48.0394 3568 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
03:37:48.0410 3568 wbengine - ok
03:37:48.0503 3568 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:37:48.0503 3568 WbioSrvc - ok
03:37:48.0550 3568 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
03:37:48.0550 3568 wcncsvc - ok
03:37:48.0581 3568 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:37:48.0581 3568 WcsPlugInService - ok
03:37:48.0644 3568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
03:37:48.0644 3568 Wd - ok
03:37:48.0675 3568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:37:48.0675 3568 Wdf01000 - ok
03:37:48.0706 3568 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:37:48.0706 3568 WdiServiceHost - ok
03:37:48.0706 3568 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:37:48.0722 3568 WdiSystemHost - ok
03:37:48.0737 3568 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
03:37:48.0737 3568 WebClient - ok
03:37:48.0784 3568 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:37:48.0784 3568 Wecsvc - ok
03:37:48.0800 3568 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:37:48.0800 3568 wercplsupport - ok
03:37:48.0831 3568 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:37:48.0831 3568 WerSvc - ok
03:37:48.0893 3568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:37:48.0893 3568 WfpLwf - ok
03:37:48.0909 3568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:37:48.0909 3568 WIMMount - ok
03:37:48.0940 3568 WinDefend - ok
03:37:48.0940 3568 WinHttpAutoProxySvc - ok
03:37:48.0987 3568 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:37:49.0002 3568 Winmgmt - ok
03:37:49.0096 3568 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
03:37:49.0127 3568 WinRM - ok
03:37:49.0252 3568 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
03:37:49.0252 3568 WinUsb - ok
03:37:49.0377 3568 WinVNC4 (127bec0b5d33e228f1121ca4dad550b1) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
03:37:49.0392 3568 WinVNC4 - ok
03:37:49.0517 3568 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:37:49.0517 3568 Wlansvc - ok
03:37:49.0658 3568 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:37:49.0658 3568 wlcrasvc - ok
03:37:49.0782 3568 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:37:49.0782 3568 wlidsvc - ok
03:37:49.0938 3568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
03:37:49.0938 3568 WmiAcpi - ok
03:37:50.0001 3568 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:37:50.0001 3568 wmiApSrv - ok
03:37:50.0048 3568 WMPNetworkSvc - ok
03:37:50.0079 3568 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:37:50.0079 3568 WPCSvc - ok
03:37:50.0094 3568 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
03:37:50.0110 3568 WPDBusEnum - ok
03:37:50.0126 3568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:37:50.0126 3568 ws2ifsl - ok
03:37:50.0141 3568 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:37:50.0157 3568 wscsvc - ok
03:37:50.0157 3568 WSearch - ok
03:37:50.0250 3568 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
03:37:50.0250 3568 wuauserv - ok
03:37:50.0375 3568 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
03:37:50.0375 3568 WudfPf - ok
03:37:50.0391 3568 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:37:50.0391 3568 WUDFRd - ok
03:37:50.0438 3568 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
03:37:50.0438 3568 wudfsvc - ok
03:37:50.0453 3568 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:37:50.0453 3568 WwanSvc - ok
03:37:50.0562 3568 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:37:50.0578 3568 YahooAUService - ok
03:37:50.0687 3568 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
03:37:50.0687 3568 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
03:37:50.0703 3568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:37:51.0046 3568 \Device\Harddisk0\DR0 - ok
03:37:51.0062 3568 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
03:37:51.0062 3568 \Device\Harddisk1\DR1 - ok
03:37:51.0062 3568 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
03:37:51.0077 3568 \Device\Harddisk2\DR2 - ok
03:37:51.0077 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
03:37:51.0077 3568 \Device\Harddisk3\DR3 - ok
03:37:51.0108 3568 Boot (0x1200) (3f64442ed679ae216470325c9e1221da) \Device\Harddisk0\DR0\Partition0
03:37:51.0140 3568 \Device\Harddisk0\DR0\Partition0 - ok
03:37:51.0140 3568 Boot (0x1200) (806018dfd65998abc58183d0ae72ef45) \Device\Harddisk1\DR1\Partition0
03:37:51.0140 3568 \Device\Harddisk1\DR1\Partition0 - ok
03:37:51.0140 3568 Boot (0x1200) (6f343131971e69df7da089614ceca7a1) \Device\Harddisk2\DR2\Partition0
03:37:51.0155 3568 \Device\Harddisk2\DR2\Partition0 - ok
03:37:51.0155 3568 Boot (0x1200) (abb79791b5cf23ad4ce311362cccc64d) \Device\Harddisk3\DR3\Partition0
03:37:51.0155 3568 \Device\Harddisk3\DR3\Partition0 - ok
03:37:51.0155 3568 ============================================================
03:37:51.0155 3568 Scan finished
03:37:51.0155 3568 ============================================================
03:37:51.0155 2096 Detected object count: 0
03:37:51.0155 2096 Actual detected object count: 0
03:38:07.0348 5044 ============================================================
03:38:07.0348 5044 Scan started
03:38:07.0348 5044 Mode: Manual; SigCheck; TDLFS;
03:38:07.0348 5044 ============================================================
03:38:07.0988 5044 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
03:38:08.0112 5044 1394ohci - ok
03:38:08.0144 5044 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
03:38:08.0159 5044 ACPI - ok
03:38:08.0190 5044 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
03:38:08.0300 5044 AcpiPmi - ok
03:38:08.0456 5044 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:38:08.0471 5044 AdobeFlashPlayerUpdateSvc - ok
03:38:08.0518 5044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
03:38:08.0549 5044 adp94xx - ok
03:38:08.0596 5044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
03:38:08.0612 5044 adpahci - ok
03:38:08.0643 5044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
03:38:08.0658 5044 adpu320 - ok
03:38:08.0705 5044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:38:08.0846 5044 AeLookupSvc - ok
03:38:08.0908 5044 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
03:38:08.0986 5044 AFD - ok
03:38:09.0017 5044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
03:38:09.0017 5044 agp440 - ok
03:38:09.0064 5044 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:38:09.0142 5044 ALG - ok
03:38:09.0158 5044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
03:38:09.0173 5044 aliide - ok
03:38:09.0236 5044 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
03:38:09.0329 5044 AMD External Events Utility - ok
03:38:09.0360 5044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
03:38:09.0376 5044 amdide - ok
03:38:09.0392 5044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
03:38:09.0438 5044 AmdK8 - ok
03:38:09.0813 5044 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:38:10.0000 5044 amdkmdag - ok
03:38:10.0156 5044 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
03:38:10.0218 5044 amdkmdap - ok
03:38:10.0250 5044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
03:38:10.0296 5044 AmdPPM - ok
03:38:10.0328 5044 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
03:38:10.0343 5044 amdsata - ok
03:38:10.0390 5044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
03:38:10.0406 5044 amdsbs - ok
03:38:10.0452 5044 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
03:38:10.0468 5044 amdxata - ok
03:38:10.0499 5044 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
03:38:10.0686 5044 AppID - ok
03:38:10.0718 5044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:38:10.0780 5044 AppIDSvc - ok
03:38:10.0811 5044 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
03:38:10.0874 5044 Appinfo - ok
03:38:10.0920 5044 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
03:38:10.0983 5044 AppMgmt - ok
03:38:10.0998 5044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
03:38:11.0014 5044 arc - ok
03:38:11.0045 5044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
03:38:11.0061 5044 arcsas - ok
03:38:11.0092 5044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:38:11.0154 5044 AsyncMac - ok
03:38:11.0186 5044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
03:38:11.0201 5044 atapi - ok
03:38:11.0451 5044 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
03:38:11.0513 5044 athr - ok
03:38:11.0654 5044 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
03:38:11.0700 5044 AtiHDAudioService - ok
03:38:11.0732 5044 AtiHdmiService (71a05d829483380de8d00f73e440d18a) C:\Windows\system32\drivers\AtiHdmi.sys
03:38:11.0747 5044 AtiHdmiService - ok
03:38:12.0137 5044 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:38:12.0293 5044 atikmdag - ok
03:38:12.0434 5044 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:38:12.0496 5044 AudioEndpointBuilder - ok
03:38:12.0512 5044 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:38:12.0558 5044 AudioSrv - ok
03:38:12.0621 5044 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
03:38:12.0668 5044 AxInstSV - ok
03:38:12.0761 5044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
03:38:12.0808 5044 b06bdrv - ok
03:38:12.0855 5044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:38:12.0902 5044 b57nd60a - ok
03:38:12.0995 5044 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
03:38:13.0011 5044 BBSvc - ok
03:38:13.0058 5044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:38:13.0120 5044 BDESVC - ok
03:38:13.0136 5044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:38:13.0198 5044 Beep - ok
03:38:13.0276 5044 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
03:38:13.0338 5044 BFE - ok
03:38:13.0416 5044 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
03:38:13.0494 5044 BITS - ok
03:38:13.0572 5044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:38:13.0604 5044 blbdrive - ok
03:38:13.0713 5044 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
03:38:13.0744 5044 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
03:38:13.0744 5044 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
03:38:13.0791 5044 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
03:38:13.0853 5044 bowser - ok
03:38:13.0884 5044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
03:38:13.0931 5044 BrFiltLo - ok
03:38:13.0962 5044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
03:38:13.0978 5044 BrFiltUp - ok
03:38:14.0025 5044 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:38:14.0072 5044 BridgeMP - ok
03:38:14.0118 5044 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
03:38:14.0181 5044 Browser - ok
03:38:14.0228 5044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:38:14.0290 5044 Brserid - ok
03:38:14.0306 5044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:38:14.0353 5044 BrSerWdm - ok
03:38:14.0384 5044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:38:14.0415 5044 BrUsbMdm - ok
03:38:14.0462 5044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:38:14.0493 5044 BrUsbSer - ok
03:38:14.0524 5044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
03:38:14.0587 5044 BTHMODEM - ok
03:38:14.0649 5044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:38:14.0711 5044 bthserv - ok
03:38:14.0727 5044 catchme - ok
03:38:14.0774 5044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:38:14.0836 5044 cdfs - ok
03:38:14.0883 5044 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
03:38:14.0914 5044 cdrom - ok
03:38:14.0961 5044 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:38:15.0023 5044 CertPropSvc - ok
03:38:15.0055 5044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
03:38:15.0101 5044 circlass - ok
03:38:15.0148 5044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:38:15.0179 5044 CLFS - ok
03:38:15.0273 5044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:38:15.0273 5044 clr_optimization_v2.0.50727_32 - ok
03:38:15.0367 5044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:38:15.0382 5044 clr_optimization_v2.0.50727_64 - ok
03:38:15.0476 5044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:38:15.0507 5044 clr_optimization_v4.0.30319_32 - ok
03:38:15.0585 5044 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:38:15.0601 5044 clr_optimization_v4.0.30319_64 - ok
03:38:15.0632 5044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
03:38:15.0663 5044 CmBatt - ok
03:38:15.0694 5044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
03:38:15.0710 5044 cmdide - ok
03:38:15.0757 5044 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
03:38:15.0788 5044 CNG - ok
03:38:15.0803 5044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
03:38:15.0819 5044 Compbatt - ok
03:38:15.0850 5044 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:38:15.0897 5044 CompositeBus - ok
03:38:15.0913 5044 COMSysApp - ok
03:38:15.0959 5044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
03:38:15.0975 5044 crcdisk - ok
03:38:16.0022 5044 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
03:38:16.0084 5044 CryptSvc - ok
03:38:16.0147 5044 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
03:38:16.0225 5044 CSC - ok
03:38:16.0271 5044 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
03:38:16.0349 5044 CscService - ok
03:38:16.0412 5044 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:38:16.0474 5044 DcomLaunch - ok
03:38:16.0521 5044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:38:16.0583 5044 defragsvc - ok
03:38:16.0693 5044 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
03:38:16.0771 5044 DfsC - ok
03:38:16.0817 5044 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
03:38:16.0880 5044 Dhcp - ok
03:38:16.0927 5044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:38:16.0989 5044 discache - ok
03:38:17.0036 5044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
03:38:17.0051 5044 Disk - ok
03:38:17.0083 5044 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
03:38:17.0145 5044 dmvsc - ok
03:38:17.0223 5044 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
03:38:17.0285 5044 Dnscache - ok
03:38:17.0363 5044 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
03:38:17.0426 5044 dot3svc - ok
03:38:17.0473 5044 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
03:38:17.0535 5044 DPS - ok
03:38:17.0566 5044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:38:17.0613 5044 drmkaud - ok
03:38:17.0691 5044 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
03:38:17.0722 5044 DXGKrnl - ok
03:38:17.0785 5044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:38:17.0847 5044 EapHost - ok
03:38:18.0019 5044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
03:38:18.0065 5044 ebdrv - ok
03:38:18.0175 5044 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
03:38:18.0206 5044 EFS - ok
03:38:18.0268 5044 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
03:38:18.0331 5044 ehRecvr - ok
03:38:18.0362 5044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:38:18.0440 5044 ehSched - ok
03:38:18.0565 5044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
03:38:18.0580 5044 elxstor - ok
03:38:18.0611 5044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
03:38:18.0658 5044 ErrDev - ok
03:38:18.0721 5044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:38:18.0845 5044 EventSystem - ok
03:38:18.0892 5044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:38:18.0923 5044 exfat - ok
03:38:18.0986 5044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:38:19.0048 5044 fastfat - ok
03:38:19.0111 5044 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
03:38:19.0173 5044 Fax - ok
03:38:19.0204 5044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:38:19.0235 5044 fdc - ok
03:38:19.0282 5044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:38:19.0454 5044 fdPHost - ok
03:38:19.0501 5044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:38:19.0594 5044 FDResPub - ok
03:38:19.0625 5044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:38:19.0641 5044 FileInfo - ok
03:38:19.0657 5044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:38:19.0719 5044 Filetrace - ok
03:38:19.0828 5044 FLEXnet Licensing Service (5d607317935132ef6d0d604cfa57be9f) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:38:19.0875 5044 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
03:38:19.0875 5044 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
03:38:19.0922 5044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:38:19.0922 5044 flpydisk - ok
03:38:19.0953 5044 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
03:38:19.0969 5044 FltMgr - ok
03:38:20.0047 5044 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
03:38:20.0265 5044 FontCache - ok
03:38:20.0390 5044 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:38:20.0405 5044 FontCache3.0.0.0 - ok
03:38:20.0468 5044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:38:20.0483 5044 FsDepends - ok
03:38:20.0530 5044 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
03:38:20.0546 5044 fssfltr - ok
03:38:20.0702 5044 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:38:20.0749 5044 fsssvc - ok
03:38:20.0905 5044 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:38:20.0905 5044 Fs_Rec - ok
03:38:20.0936 5044 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:38:20.0967 5044 fvevol - ok
03:38:20.0998 5044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
03:38:21.0029 5044 gagp30kx - ok
03:38:21.0076 5044 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
03:38:21.0123 5044 gpsvc - ok
03:38:21.0170 5044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:38:21.0217 5044 hcw85cir - ok
03:38:21.0279 5044 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
03:38:21.0310 5044 HdAudAddService - ok
03:38:21.0357 5044 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:38:21.0388 5044 HDAudBus - ok
03:38:21.0435 5044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
03:38:21.0466 5044 HidBatt - ok
03:38:21.0513 5044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
03:38:21.0622 5044 HidBth - ok
03:38:21.0653 5044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
03:38:21.0731 5044 HidIr - ok
03:38:21.0778 5044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:38:21.0934 5044 hidserv - ok
03:38:21.0981 5044 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
03:38:22.0075 5044 HidUsb - ok
03:38:22.0106 5044 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
03:38:22.0277 5044 hkmsvc - ok
03:38:22.0324 5044 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
03:38:22.0480 5044 HomeGroupListener - ok
03:38:22.0527 5044 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
03:38:22.0652 5044 HomeGroupProvider - ok
03:38:22.0699 5044 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
03:38:22.0699 5044 HpSAMD - ok
03:38:22.0761 5044 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
03:38:22.0933 5044 HTTP - ok
03:38:22.0964 5044 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
03:38:22.0979 5044 hwpolicy - ok
03:38:23.0120 5044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
03:38:23.0213 5044 i8042prt - ok
03:38:23.0291 5044 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
03:38:23.0323 5044 iaStorV - ok
03:38:23.0354 5044 IDMWFP (a9414fc657023cfb4c37e2d8938125d9) C:\Windows\system32\DRIVERS\idmwfp.sys
03:38:23.0385 5044 IDMWFP - ok
03:38:23.0525 5044 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:38:23.0541 5044 idsvc - ok
03:38:23.0588 5044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
03:38:23.0603 5044 iirsp - ok
03:38:23.0666 5044 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
03:38:23.0869 5044 IKEEXT - ok
03:38:23.0931 5044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
03:38:23.0947 5044 intelide - ok
03:38:23.0962 5044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:38:24.0071 5044 intelppm - ok
03:38:24.0118 5044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:38:24.0259 5044 IPBusEnum - ok
03:38:24.0290 5044 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:38:24.0415 5044 IpFilterDriver - ok
03:38:24.0461 5044 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
03:38:24.0539 5044 iphlpsvc - ok
03:38:24.0586 5044 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
03:38:24.0617 5044 IPMIDRV - ok
03:38:24.0664 5044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:38:24.0758 5044 IPNAT - ok
03:38:24.0805 5044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:38:24.0836 5044 IRENUM - ok
03:38:24.0851 5044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
03:38:24.0851 5044 isapnp - ok
03:38:24.0914 5044 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
03:38:24.0929 5044 iScsiPrt - ok
03:38:24.0961 5044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:38:24.0976 5044 kbdclass - ok
03:38:24.0992 5044 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
03:38:25.0023 5044 kbdhid - ok
03:38:25.0070 5044 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:38:25.0132 5044 KeyIso - ok
03:38:25.0179 5044 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
03:38:25.0179 5044 KSecDD - ok
03:38:25.0226 5044 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
03:38:25.0226 5044 KSecPkg - ok
03:38:25.0257 5044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:38:25.0460 5044 ksthunk - ok
03:38:25.0522 5044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:38:25.0585 5044 KtmRm - ok
03:38:25.0631 5044 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
03:38:25.0741 5044 LanmanServer - ok
03:38:25.0787 5044 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
03:38:25.0850 5044 LanmanWorkstation - ok
03:38:25.0897 5044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:38:25.0959 5044 lltdio - ok
03:38:26.0006 5044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:38:26.0131 5044 lltdsvc - ok
03:38:26.0162 5044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:38:26.0209 5044 lmhosts - ok
03:38:26.0240 5044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
03:38:26.0255 5044 LSI_FC - ok
03:38:26.0271 5044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
03:38:26.0287 5044 LSI_SAS - ok
03:38:26.0333 5044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
03:38:26.0349 5044 LSI_SAS2 - ok
03:38:26.0365 5044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
03:38:26.0380 5044 LSI_SCSI - ok
03:38:26.0427 5044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:38:26.0536 5044 luafv - ok
03:38:26.0583 5044 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
03:38:26.0614 5044 MBAMProtector - ok
03:38:26.0723 5044 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:38:26.0755 5044 MBAMService - ok
03:38:26.0833 5044 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
03:38:26.0864 5044 McComponentHostService - ok
03:38:26.0926 5044 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
03:38:26.0942 5044 Mcx2Svc - ok
03:38:26.0973 5044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
03:38:26.0989 5044 megasas - ok
03:38:27.0020 5044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
03:38:27.0035 5044 MegaSR - ok
03:38:27.0067 5044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:38:27.0129 5044 MMCSS - ok
03:38:27.0176 5044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:38:27.0238 5044 Modem - ok
03:38:27.0269 5044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:38:27.0301 5044 monitor - ok
03:38:27.0363 5044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:38:27.0363 5044 mouclass - ok
03:38:27.0394 5044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:38:27.0441 5044 mouhid - ok
03:38:27.0488 5044 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
03:38:27.0488 5044 mountmgr - ok
03:38:27.0519 5044 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
03:38:27.0535 5044 mpio - ok
03:38:27.0566 5044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:38:27.0597 5044 mpsdrv - ok
03:38:27.0675 5044 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
03:38:27.0753 5044 MpsSvc - ok
03:38:27.0784 5044 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
03:38:27.0831 5044 MRxDAV - ok
03:38:27.0862 5044 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:38:27.0987 5044 mrxsmb - ok
03:38:28.0049 5044 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:38:28.0065 5044 mrxsmb10 - ok
03:38:28.0112 5044 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:38:28.0143 5044 mrxsmb20 - ok
03:38:28.0205 5044 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
03:38:28.0205 5044 msahci - ok
03:38:28.0268 5044 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
03:38:28.0268 5044 msdsm - ok
03:38:28.0330 5044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:38:28.0377 5044 MSDTC - ok
03:38:28.0424 5044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:38:28.0471 5044 Msfs - ok
03:38:28.0549 5044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:38:28.0611 5044 mshidkmdf - ok
03:38:28.0627 5044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
03:38:28.0642 5044 msisadrv - ok
03:38:28.0736 5044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:38:28.0798 5044 MSiSCSI - ok
03:38:28.0814 5044 msiserver - ok
03:38:28.0876 5044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:38:28.0939 5044 MSKSSRV - ok
03:38:28.0985 5044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:38:29.0048 5044 MSPCLOCK - ok
03:38:29.0063 5044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:38:29.0141 5044 MSPQM - ok
03:38:29.0188 5044 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
03:38:29.0219 5044 MsRPC - ok
03:38:29.0235 5044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
03:38:29.0251 5044 mssmbios - ok
03:38:29.0282 5044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:38:29.0344 5044 MSTEE - ok
03:38:29.0375 5044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
03:38:29.0391 5044 MTConfig - ok
03:38:29.0422 5044 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\Windows\system32\DRIVERS\ASACPI.sys
03:38:29.0438 5044 MTsensor - ok
03:38:29.0485 5044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:38:29.0485 5044 Mup - ok
03:38:29.0531 5044 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
03:38:29.0609 5044 napagent - ok
03:38:29.0672 5044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:38:29.0719 5044 NativeWifiP - ok
03:38:29.0875 5044 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
03:38:29.0890 5044 NAUpdate - ok
03:38:29.0968 5044 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
03:38:29.0984 5044 NDIS - ok
03:38:30.0031 5044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:38:30.0093 5044 NdisCap - ok
03:38:30.0124 5044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:38:30.0171 5044 NdisTapi - ok
03:38:30.0187 5044 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
03:38:30.0233 5044 Ndisuio - ok
03:38:30.0280 5044 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
03:38:30.0343 5044 NdisWan - ok
03:38:30.0389 5044 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
03:38:30.0421 5044 NDProxy - ok
03:38:30.0452 5044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:38:30.0514 5044 NetBIOS - ok
03:38:30.0561 5044 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
03:38:30.0592 5044 NetBT - ok
03:38:30.0623 5044 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:38:30.0639 5044 Netlogon - ok
03:38:30.0686 5044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:38:30.0748 5044 Netman - ok
03:38:30.0826 5044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:38:30.0889 5044 netprofm - ok
03:38:30.0998 5044 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:38:31.0013 5044 NetTcpPortSharing - ok
03:38:31.0060 5044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
03:38:31.0060 5044 nfrd960 - ok
03:38:31.0123 5044 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
03:38:31.0185 5044 NlaSvc - ok
03:38:31.0232 5044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:38:31.0279 5044 Npfs - ok
03:38:31.0310 5044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:38:31.0372 5044 nsi - ok
03:38:31.0388 5044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:38:31.0466 5044 nsiproxy - ok
03:38:31.0559 5044 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
03:38:31.0606 5044 Ntfs - ok
03:38:31.0747 5044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:38:31.0778 5044 Null - ok
03:38:31.0825 5044 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
03:38:31.0840 5044 nvraid - ok
03:38:31.0856 5044 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
03:38:31.0871 5044 nvstor - ok
03:38:31.0918 5044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
03:38:31.0934 5044 nv_agp - ok
03:38:32.0012 5044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
03:38:32.0027 5044 ohci1394 - ok
03:38:32.0074 5044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:38:32.0137 5044 p2pimsvc - ok
03:38:32.0230 5044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:38:32.0246 5044 p2psvc - ok
03:38:32.0293 5044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
03:38:32.0308 5044 Parport - ok
03:38:32.0324 5044 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
03:38:32.0339 5044 partmgr - ok
03:38:32.0402 5044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:38:32.0464 5044 PcaSvc - ok
03:38:32.0527 5044 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
03:38:32.0527 5044 pci - ok
03:38:32.0573 5044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
03:38:32.0589 5044 pciide - ok
03:38:32.0636 5044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
03:38:32.0651 5044 pcmcia - ok
03:38:32.0683 5044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:38:32.0698 5044 pcw - ok
03:38:32.0729 5044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:38:32.0807 5044 PEAUTH - ok
03:38:32.0901 5044 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
03:38:32.0963 5044 PeerDistSvc - ok
03:38:33.0057 5044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:38:33.0104 5044 PerfHost - ok
03:38:33.0244 5044 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
03:38:33.0322 5044 pla - ok
03:38:33.0385 5044 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
03:38:33.0447 5044 PlugPlay - ok
03:38:33.0447 5044 PnkBstrA - ok
03:38:33.0494 5044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:38:33.0525 5044 PNRPAutoReg - ok
03:38:33.0587 5044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:38:33.0603 5044 PNRPsvc - ok
03:38:33.0665 5044 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
03:38:33.0728 5044 PolicyAgent - ok
03:38:33.0837 5044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:38:33.0899 5044 Power - ok
03:38:34.0024 5044 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
03:38:34.0087 5044 PptpMiniport - ok
03:38:34.0133 5044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
03:38:34.0165 5044 Processor - ok
03:38:34.0227 5044 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
03:38:34.0289 5044 ProfSvc - ok
03:38:34.0321 5044 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:38:34.0336 5044 ProtectedStorage - ok
03:38:34.0367 5044 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
03:38:34.0430 5044 Psched - ok
03:38:34.0508 5044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
03:38:34.0539 5044 ql2300 - ok
03:38:34.0633 5044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
03:38:34.0648 5044 ql40xx - ok
03:38:34.0711 5044 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:38:34.0726 5044 QWAVE - ok
03:38:34.0757 5044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:38:34.0804 5044 QWAVEdrv - ok
03:38:34.0835 5044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:38:34.0898 5044 RasAcd - ok
03:38:34.0945 5044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:38:34.0976 5044 RasAgileVpn - ok
03:38:35.0023 5044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:38:35.0069 5044 RasAuto - ok
03:38:35.0116 5044 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:38:35.0163 5044 Rasl2tp - ok
03:38:35.0225 5044 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
03:38:35.0272 5044 RasMan - ok
03:38:35.0303 5044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:38:35.0350 5044 RasPppoe - ok
03:38:35.0397 5044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:38:35.0444 5044 RasSstp - ok
03:38:35.0491 5044 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
03:38:35.0537 5044 rdbss - ok
03:38:35.0584 5044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:38:35.0615 5044 rdpbus - ok
03:38:35.0647 5044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:38:35.0709 5044 RDPCDD - ok
03:38:35.0756 5044 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
03:38:35.0771 5044 RDPDR - ok
03:38:35.0787 5044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:38:35.0834 5044 RDPENCDD - ok
03:38:35.0881 5044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:38:35.0927 5044 RDPREFMP - ok
03:38:35.0959 5044 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
03:38:36.0021 5044 RdpVideoMiniport - ok
03:38:36.0052 5044 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
03:38:36.0083 5044 RDPWD - ok
03:38:36.0099 5044 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
03:38:36.0115 5044 rdyboost - ok
03:38:36.0146 5044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:38:36.0193 5044 RemoteAccess - ok
03:38:36.0239 5044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:38:36.0286 5044 RemoteRegistry - ok
03:38:36.0333 5044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:38:36.0395 5044 RpcEptMapper - ok
03:38:36.0458 5044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:38:36.0473 5044 RpcLocator - ok
03:38:36.0551 5044 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:38:36.0598 5044 RpcSs - ok
03:38:36.0629 5044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:38:36.0661 5044 rspndr - ok
03:38:36.0707 5044 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
03:38:36.0739 5044 RTL8167 - ok
03:38:36.0785 5044 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
03:38:36.0817 5044 s3cap - ok
03:38:36.0863 5044 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:38:36.0895 5044 SamSs - ok
03:38:36.0910 5044 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
03:38:36.0926 5044 sbp2port - ok
03:38:36.0973 5044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:38:37.0019 5044 SCardSvr - ok
03:38:37.0051 5044 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
03:38:37.0113 5044 scfilter - ok
03:38:37.0191 5044 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
03:38:37.0269 5044 Schedule - ok
03:38:37.0316 5044 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:38:37.0363 5044 SCPolicySvc - ok
03:38:37.0394 5044 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
03:38:37.0441 5044 SDRSVC - ok
03:38:37.0550 5044 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
03:38:37.0565 5044 SeaPort - ok
03:38:37.0628 5044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:38:37.0690 5044 secdrv - ok
03:38:37.0737 5044 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
03:38:37.0784 5044 seclogon - ok
03:38:37.0815 5044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:38:37.0877 5044 SENS - ok
03:38:37.0924 5044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:38:37.0987 5044 SensrSvc - ok
03:38:38.0002 5044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:38:38.0018 5044 Serenum - ok
03:38:38.0065 5044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:38:38.0111 5044 Serial - ok
03:38:38.0143 5044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
03:38:38.0174 5044 sermouse - ok
03:38:38.0221 5044 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
03:38:38.0267 5044 SessionEnv - ok
03:38:38.0314 5044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
03:38:38.0314 5044 sffdisk - ok
03:38:38.0330 5044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
03:38:38.0377 5044 sffp_mmc - ok
03:38:38.0408 5044 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
03:38:38.0455 5044 sffp_sd - ok
03:38:38.0486 5044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
03:38:38.0533 5044 sfloppy - ok
03:38:38.0595 5044 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:38:38.0626 5044 SharedAccess - ok
03:38:38.0673 5044 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
03:38:38.0735 5044 ShellHWDetection - ok
03:38:38.0782 5044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
03:38:38.0798 5044 SiSRaid2 - ok
03:38:38.0813 5044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
03:38:38.0845 5044 SiSRaid4 - ok
03:38:38.0876 5044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:38:38.0938 5044 Smb - ok
03:38:38.0985 5044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:38:39.0032 5044 SNMPTRAP - ok
03:38:39.0063 5044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:38:39.0079 5044 spldr - ok
03:38:39.0125 5044 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
03:38:39.0172 5044 Spooler - ok
03:38:39.0313 5044 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
03:38:39.0422 5044 sppsvc - ok
03:38:39.0547 5044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:38:39.0578 5044 sppuinotify - ok
03:38:39.0687 5044 sptd (ee037bd2e873d209dd4d49467ed965a3) C:\Windows\system32\Drivers\sptd.sys
03:38:39.0703 5044 sptd - ok
03:38:39.0765 5044 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
03:38:39.0827 5044 srv - ok
03:38:39.0890 5044 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
03:38:39.0937 5044 srv2 - ok
03:38:39.0983 5044 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
03:38:39.0999 5044 srvnet - ok
03:38:40.0046 5044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:38:40.0124 5044 SSDPSRV - ok
03:38:40.0171 5044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:38:40.0202 5044 SstpSvc - ok
03:38:40.0249 5044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
03:38:40.0249 5044 stexstor - ok
03:38:40.0311 5044 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
03:38:40.0342 5044 stisvc - ok
03:38:40.0373 5044 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
03:38:40.0389 5044 storflt - ok
03:38:40.0420 5044 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
03:38:40.0436 5044 storvsc - ok
03:38:40.0467 5044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
03:38:40.0467 5044 swenum - ok
03:38:40.0623 5044 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:38:40.0701 5044 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
03:38:40.0701 5044 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
03:38:40.0763 5044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:38:40.0826 5044 swprv - ok
03:38:40.0873 5044 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
03:38:40.0888 5044 Synth3dVsc - ok
03:38:40.0982 5044 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
03:38:41.0044 5044 SysMain - ok
03:38:41.0169 5044 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
03:38:41.0216 5044 TabletInputService - ok
03:38:41.0263 5044 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
03:38:41.0341 5044 TapiSrv - ok
03:38:41.0387 5044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:38:41.0434 5044 TBS - ok
03:38:41.0575 5044 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
03:38:41.0621 5044 Tcpip - ok
03:38:41.0824 5044 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
03:38:41.0871 5044 TCPIP6 - ok
03:38:41.0980 5044 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
03:38:42.0043 5044 tcpipreg - ok
03:38:42.0089 5044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:38:42.0152 5044 TDPIPE - ok
03:38:42.0183 5044 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:38:42.0230 5044 TDTCP - ok
03:38:42.0277 5044 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
03:38:42.0308 5044 tdx - ok
03:38:42.0323 5044 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
03:38:42.0323 5044 TermDD - ok
03:38:42.0370 5044 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
03:38:42.0401 5044 terminpt - ok
03:38:42.0464 5044 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
03:38:42.0542 5044 TermService - ok
03:38:42.0589 5044 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:38:42.0620 5044 Themes - ok
03:38:42.0651 5044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:38:42.0682 5044 THREADORDER - ok
03:38:42.0713 5044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:38:42.0791 5044 TrkWks - ok
03:38:42.0854 5044 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
03:38:42.0916 5044 TrustedInstaller - ok
03:38:42.0963 5044 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:38:43.0025 5044 tssecsrv - ok
03:38:43.0057 5044 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
03:38:43.0072 5044 TsUsbFlt - ok
03:38:43.0088 5044 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
03:38:43.0135 5044 TsUsbGD - ok
03:38:43.0181 5044 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
03:38:43.0197 5044 tsusbhub - ok
03:38:43.0228 5044 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
03:38:43.0291 5044 tunnel - ok
03:38:43.0322 5044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
03:38:43.0337 5044 uagp35 - ok
03:38:43.0384 5044 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
03:38:43.0447 5044 udfs - ok
03:38:43.0509 5044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:38:43.0525 5044 UI0Detect - ok
03:38:43.0540 5044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
03:38:43.0556 5044 uliagpkx - ok
03:38:43.0665 5044 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
03:38:43.0712 5044 UltraMonUtility - ok
03:38:43.0743 5044 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
03:38:43.0774 5044 umbus - ok
03:38:43.0805 5044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
03:38:43.0852 5044 UmPass - ok
03:38:43.0899 5044 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
03:38:43.0930 5044 UmRdpService - ok
03:38:43.0993 5044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:38:44.0055 5044 upnphost - ok
03:38:44.0102 5044 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
03:38:44.0149 5044 usbccgp - ok
03:38:44.0180 5044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
03:38:44.0195 5044 usbcir - ok
03:38:44.0258 5044 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
03:38:44.0289 5044 usbehci - ok
03:38:44.0336 5044 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
03:38:44.0398 5044 usbhub - ok
03:38:44.0429 5044 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
03:38:44.0476 5044 usbohci - ok
03:38:44.0523 5044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
03:38:44.0570 5044 usbprint - ok
03:38:44.0601 5044 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:38:44.0648 5044 USBSTOR - ok
03:38:44.0695 5044 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
03:38:44.0726 5044 usbuhci - ok
03:38:44.0773 5044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:38:44.0835 5044 UxSms - ok
03:38:44.0866 5044 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:38:44.0882 5044 VaultSvc - ok
03:38:44.0929 5044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
03:38:44.0944 5044 vdrvroot - ok
03:38:44.0991 5044 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
03:38:45.0069 5044 vds - ok
03:38:45.0100 5044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:38:45.0116 5044 vga - ok
03:38:45.0147 5044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:38:45.0209 5044 VgaSave - ok
03:38:45.0225 5044 VGPU - ok
03:38:45.0256 5044 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
03:38:45.0272 5044 vhdmp - ok
03:38:45.0319 5044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
03:38:45.0319 5044 viaide - ok
03:38:45.0365 5044 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
03:38:45.0381 5044 vmbus - ok
03:38:45.0412 5044 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
03:38:45.0443 5044 VMBusHID - ok
03:38:45.0475 5044 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
03:38:45.0506 5044 vncmirror - ok
03:38:45.0537 5044 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
03:38:45.0553 5044 volmgr - ok
03:38:45.0584 5044 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
03:38:45.0599 5044 volmgrx - ok
03:38:45.0646 5044 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
03:38:45.0662 5044 volsnap - ok
03:38:45.0693 5044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
03:38:45.0709 5044 vsmraid - ok
03:38:45.0802 5044 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
03:38:45.0880 5044 VSS - ok
03:38:46.0005 5044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:38:46.0052 5044 vwifibus - ok
03:38:46.0083 5044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:38:46.0130 5044 vwififlt - ok
03:38:46.0192 5044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:38:46.0239 5044 W32Time - ok
03:38:46.0286 5044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
03:38:46.0333 5044 WacomPen - ok
03:38:46.0364 5044 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:38:46.0426 5044 WANARP - ok
03:38:46.0442 5044 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:38:46.0473 5044 Wanarpv6 - ok
03:38:46.0567 5044 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
03:38:46.0613 5044 WatAdminSvc - ok
03:38:46.0707 5044 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
03:38:46.0801 5044 wbengine - ok
03:38:46.0925 5044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:38:46.0941 5044 WbioSrvc - ok
03:38:46.0988 5044 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
03:38:47.0035 5044 wcncsvc - ok
03:38:47.0081 5044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:38:47.0097 5044 WcsPlugInService - ok
03:38:47.0175 5044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
03:38:47.0191 5044 Wd - ok
03:38:47.0237 5044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:38:47.0253 5044 Wdf01000 - ok
03:38:47.0284 5044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:38:47.0440 5044 WdiServiceHost - ok
03:38:47.0456 5044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:38:47.0471 5044 WdiSystemHost - ok
03:38:47.0581 5044 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
03:38:47.0627 5044 WebClient - ok
03:38:47.0674 5044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:38:47.0737 5044 Wecsvc - ok
03:38:47.0783 5044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:38:47.0830 5044 wercplsupport - ok
03:38:47.0877 5044 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:38:47.0939 5044 WerSvc - ok
03:38:48.0017 5044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:38:48.0064 5044 WfpLwf - ok
03:38:48.0080 5044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:38:48.0095 5044 WIMMount - ok
03:38:48.0127 5044 WinDefend - ok
03:38:48.0142 5044 WinHttpAutoProxySvc - ok
03:38:48.0205 5044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:38:48.0236 5044 Winmgmt - ok
03:38:48.0345 5044 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
03:38:48.0423 5044 WinRM - ok
03:38:48.0579 5044 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
03:38:48.0595 5044 WinUsb - ok
03:38:48.0751 5044 WinVNC4 (127bec0b5d33e228f1121ca4dad550b1) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
03:38:48.0782 5044 WinVNC4 - ok
03:38:48.0938 5044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:38:48.0985 5044 Wlansvc - ok
03:38:49.0094 5044 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:38:49.0109 5044 wlcrasvc - ok
03:38:49.0250 5044 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:38:49.0297 5044 wlidsvc - ok
03:38:49.0421 5044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
03:38:49.0453 5044 WmiAcpi - ok
03:38:49.0531 5044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:38:49.0577 5044 wmiApSrv - ok
03:38:49.0640 5044 WMPNetworkSvc - ok
03:38:49.0655 5044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:38:49.0687 5044 WPCSvc - ok
03:38:49.0718 5044 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
03:38:49.0749 5044 WPDBusEnum - ok
03:38:49.0780 5044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:38:49.0827 5044 ws2ifsl - ok
03:38:49.0874 5044 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:38:49.0921 5044 wscsvc - ok
03:38:49.0936 5044 WSearch - ok
03:38:50.0061 5044 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
03:38:50.0139 5044 wuauserv - ok
03:38:50.0311 5044 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
03:38:50.0373 5044 WudfPf - ok
03:38:50.0420 5044 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:38:50.0467 5044 WUDFRd - ok
03:38:50.0513 5044 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
03:38:50.0560 5044 wudfsvc - ok
03:38:50.0607 5044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:38:50.0654 5044 WwanSvc - ok
03:38:50.0810 5044 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:38:50.0825 5044 YahooAUService - ok
03:38:50.0966 5044 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
03:38:50.0981 5044 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
03:38:50.0981 5044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:38:51.0543 5044 \Device\Harddisk0\DR0 - ok
03:38:51.0559 5044 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
03:38:51.0746 5044 \Device\Harddisk1\DR1 - ok
03:38:51.0746 5044 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
03:38:51.0995 5044 \Device\Harddisk2\DR2 - ok
03:38:51.0995 5044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
03:38:52.0105 5044 \Device\Harddisk3\DR3 - ok
03:38:52.0136 5044 Boot (0x1200) (3f64442ed679ae216470325c9e1221da) \Device\Harddisk0\DR0\Partition0
03:38:52.0136 5044 \Device\Harddisk0\DR0\Partition0 - ok
03:38:52.0151 5044 Boot (0x1200) (806018dfd65998abc58183d0ae72ef45) \Device\Harddisk1\DR1\Partition0
03:38:52.0151 5044 \Device\Harddisk1\DR1\Partition0 - ok
03:38:52.0167 5044 Boot (0x1200) (6f343131971e69df7da089614ceca7a1) \Device\Harddisk2\DR2\Partition0
03:38:52.0167 5044 \Device\Harddisk2\DR2\Partition0 - ok
03:38:52.0167 5044 Boot (0x1200) (abb79791b5cf23ad4ce311362cccc64d) \Device\Harddisk3\DR3\Partition0
03:38:52.0167 5044 \Device\Harddisk3\DR3\Partition0 - ok
03:38:52.0183 5044 ============================================================
03:38:52.0183 5044 Scan finished
03:38:52.0183 5044 ============================================================
03:38:52.0183 3156 Detected object count: 3
03:38:52.0183 3156 Actual detected object count: 3
03:39:26.0237 3156 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:39:26.0237 3156 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:39:26.0237 3156 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:39:26.0237 3156 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:39:26.0253 3156 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
03:39:26.0253 3156 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip



awsMBR :


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 03:41:06
-----------------------------
03:41:06.156 OS Version: Windows x64 6.1.7601 Service Pack 1
03:41:06.156 Number of processors: 2 586 0xF06
03:41:06.156 ComputerName: KYOSHIRO-PC UserName: kyoshiro
03:41:08.574 Initialize success
03:43:57.836 AVAST engine defs: 12051700
03:44:19.332 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
03:44:19.332 Disk 0 Vendor: ST380211AS 3.AAE Size: 76319MB BusType: 3
03:44:19.364 Disk 0 MBR read successfully
03:44:19.364 Disk 0 MBR scan
03:44:19.364 Disk 0 Windows 7 default MBR code
03:44:19.364 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76318 MB offset 63
03:44:19.426 Disk 0 scanning C:\Windows\system32\drivers
03:44:28.911 Service scanning
03:44:42.140 Service FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe **INFECTED** Win32:Sality
03:45:16.553 Modules scanning
03:45:16.553 Disk 0 trace - called modules:
03:45:16.569 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:45:16.569 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800797f060]
03:45:17.084 3 CLASSPNP.SYS[fffff88001bc443f] -> nt!IofCallDriver -> [0xfffffa80073fb520]
03:45:17.084 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007401060]
03:45:17.786 AVAST engine scan C:\Windows
03:45:20.500 AVAST engine scan C:\Windows\system32
03:45:34.774 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
03:48:17.857 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
03:48:17.935 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
03:48:18.387 AVAST engine scan C:\Windows\system32\drivers
03:48:30.867 AVAST engine scan C:\Users\kyoshiro
03:48:43.316 File: C:\Users\kyoshiro\AppData\Local\Babylon\Setup\Setup.exe **INFECTED** Win32:Sality
03:49:08.604 File: C:\Users\kyoshiro\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\18.0.1025.168\chrome_updater.exe **INFECTED** Win32:Sality
03:52:18.269 Disk 0 MBR has been saved successfully to "C:\Users\kyoshiro\Desktop\MBR.dat"
03:52:18.284 The log file has been saved successfully to "C:\Users\kyoshiro\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 17 May 2012 - 04:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Windows\assembly\temp\U
C:\Users\kyoshiro\AppData\Local\Babylon
C:\Users\kyoshiro\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}

File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users