Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avira reporting an ATRAPS.GEN2


  • This topic is locked This topic is locked
16 replies to this topic

#1 famke7

famke7

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 01 July 2012 - 02:23 PM

as the title says i have some sort of rootkit that has infected my computer, and i have been unable to remove it with malwarebytes or avira. they detect it, but when they remove them, they ask for a reboot and after a reboot they come back.

- i ran the defogger.

- i can't turn on firewall, it seems to be disabled somehow and i cannot enable it.

- i attempted to run the DDS tool but it locks up about 30 seconds into running and i have to power down the computer.

results of gmer.log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-01 12:22:16
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:59 PM

Posted 01 July 2012 - 05:26 PM

Hello famke7 ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



    1.

    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Things to include in your next reply::
Otl.txt
Attach.txt
aswMBR log
Do you have a Usb Flash drive you can use?





" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 famke7

famke7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 01 July 2012 - 07:51 PM

i tried running the OTL 2x, both attempts it got to "creating a restore point DO NOT ATTEMPT ANYTHING" and my computer locked up, had to hold the power button in.

here is the results of the other log though, and i do indeed have a USB flash drive handy.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 17:32:51
-----------------------------
17:32:51.548 OS Version: Windows x64 6.1.7601 Service Pack 1
17:32:51.548 Number of processors: 4 586 0x2A07
17:32:51.548 ComputerName: FAMKE-PC UserName: Famke
17:32:53.543 Initialize success
17:33:34.837 AVAST engine defs: 12070101
17:33:41.935 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:33:41.935 Disk 0 Vendor: ST950032 0011 Size: 476940MB BusType: 3
17:33:41.966 Disk 0 MBR read successfully
17:33:41.966 Disk 0 MBR scan
17:33:41.982 Disk 0 Windows 7 default MBR code
17:33:41.997 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
17:33:42.013 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
17:33:42.029 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
17:33:42.060 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
17:33:42.107 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
17:33:42.200 Disk 0 scanning C:\windows\system32\drivers
17:33:54.446 Service scanning
17:34:22.729 Modules scanning
17:34:22.745 Disk 0 trace - called modules:
17:34:22.838 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:34:22.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e4a060]
17:34:22.854 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80060e0050]
17:34:23.977 AVAST engine scan C:\windows
17:34:27.799 AVAST engine scan C:\windows\system32
17:37:07.887 AVAST engine scan C:\windows\system32\drivers
17:37:18.510 AVAST engine scan C:\Users\Famke
17:39:15.250 AVAST engine scan C:\ProgramData
17:40:15.142 Scan finished successfully
17:43:38.996 Disk 0 MBR has been saved successfully to "C:\Users\Famke\Desktop\MBR.dat"
17:43:38.996 The log file has been saved successfully to "C:\Users\Famke\Desktop\aswMBR.txt"

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:59 PM

Posted 01 July 2012 - 08:33 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 famke7

famke7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 01 July 2012 - 10:05 PM

Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 01-07-2012 20:00:05
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167960 2011-03-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391704 2011-03-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [418840 2011-03-28] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [TpShocks] C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-03-01] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-01] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Famke\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\Famke\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-01] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Notification Packages] scecli
EgisPwdFilter
EgisDSPwdFilter
EgisPLPwdFilter
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ======

2 EgisTec Service; "C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe" [703856 2010-12-13] (Egis Technology Inc. )
2 EgisTec Service Help; "C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe" [327024 2010-10-22] (Egis Technology Inc. )
2 EgisTec Ticket Service; "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" [650096 2010-12-13] (Egis Technology Inc. )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
2 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47712 2009-12-09] (Lenovo.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [986112 2011-06-14] (Intel® Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [x]
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
4 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [x]

========================== Drivers (Whitelisted) =============

3 ACPIVPC; C:\Windows\System32\Drivers\ACPIVPC.sys [29792 2012-03-01] (Lenovo Corporation)
1 BPntDrv; C:\Windows\System32\Drivers\BPntDrv.sys [13408 2012-03-01] (Lenovo)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-12-24] (CyberLink Corporation)
1 EgisTecFF; C:\Windows\System32\Drivers\EgisTecFF.sys [55880 2012-03-01] (Egis Technology Inc.)
0 fbfmon; C:\Windows\System32\Drivers\fbfmon.sys [57952 2012-03-01] (Lenovo)
2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [35952 2010-10-31] (Egis Technology Inc.)
0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [39008 2012-03-01] (Lenovo.)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [307304 2010-11-29] (Realtek Semiconductor Corp.)
3 rtsuvc; C:\Windows\System32\Drivers\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [135776 2010-10-11] (Lenovo.)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23648 2009-12-09] (Lenovo.)
3 wsvd; C:\Windows\System32\Drivers\wsvd.sys [121840 2009-07-21] (CyberLink)
3 BcmSqlStartupSvc; [x]
2 CLKMSVC10_3A60B698; [x]
2 CLKMSVC10_C3B3B687; [x]
2 DriverService; [x]
2 IAStorDataMgrSvc; [x]
2 iATAgentService; [x]
2 idealife Update Service; [x]
3 IGRS; [x]
2 IviRegMgr; [x]
2 nvUpdatusService; [x]
2 Oasis2Service; [x]
2 PCCarerService; [x]
2 ReadyComm.DirectRouter; [x]
2 RichVideo; [x]
2 RtLedService; [x]
2 SeaPort; [x]
2 SoftwareService; [x]
3 SQLWriter; [x]
2 Stereo Service; [x]

========================== NetSvcs (Whitelisted) ===========

NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ==> No File.

============ One Month Created Files and Folders ==============

2012-07-01 19:59 - 2012-07-01 20:00 - 00000000 ____D C:\FRST
2012-07-01 17:57 - 2012-07-01 17:57 - 01430427 ____A C:\Users\Famke\Downloads\FRST64.exe
2012-07-01 16:43 - 2012-07-01 16:43 - 00002097 ____A C:\Users\Famke\Desktop\aswMBR.txt
2012-07-01 16:43 - 2012-07-01 16:43 - 00000512 ____A C:\Users\Famke\Desktop\MBR.dat
2012-07-01 16:32 - 2012-07-01 16:32 - 04731392 ____A (AVAST Software) C:\Users\Famke\Downloads\aswMBR.exe
2012-07-01 16:24 - 2012-07-01 16:24 - 00595968 ____A (OldTimer Tools) C:\Users\Famke\Desktop\OTL.exe
2012-07-01 11:22 - 2012-07-01 11:22 - 00000407 ____A C:\Users\Famke\Desktop\gmer.log
2012-07-01 10:57 - 2012-07-01 10:57 - 00294216 ____A C:\Users\Famke\Downloads\gmer.zip
2012-07-01 10:54 - 2012-07-01 10:54 - 00302592 ____A C:\Users\Famke\Downloads\xqygnstm.exe
2012-07-01 10:35 - 2012-07-01 10:35 - 00050477 ____A C:\Users\Famke\Downloads\Defogger (1).exe
2012-07-01 10:27 - 2012-07-01 10:27 - 00607260 ____R (Swearware) C:\Users\Famke\Desktop\dds.scr
2012-07-01 10:26 - 2012-07-01 10:26 - 00302592 ____A C:\Users\Famke\Downloads\bn63bnl1.exe
2012-07-01 10:25 - 2012-07-01 10:25 - 00050477 ____A C:\Users\Famke\Downloads\Defogger.exe
2012-07-01 10:25 - 2012-07-01 10:25 - 00000472 ____A C:\Users\Famke\Downloads\defogger_disable.log
2012-07-01 10:25 - 2012-07-01 10:25 - 00000000 ____A C:\Users\Famke\defogger_reenable
2012-07-01 10:11 - 2012-07-01 10:11 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\Famke\Downloads\tdsskiller.exe
2012-07-01 09:49 - 2012-07-01 09:49 - 00000000 ____D C:\Windows\erdnt
2012-07-01 09:47 - 2012-07-01 09:47 - 04568829 ____R (Swearware) C:\Users\Famke\Downloads\ComboFix.exe
2012-07-01 09:41 - 2012-07-01 09:41 - 01411144 ____A (PortableApps.com) C:\Users\Famke\Downloads\GoogleChromePortable_20.0.1132.47_online.paf (1).exe
2012-07-01 09:31 - 2012-07-01 09:31 - 01411144 ____A (PortableApps.com) C:\Users\Famke\Downloads\GoogleChromePortable_20.0.1132.47_online.paf.exe
2012-06-29 17:36 - 2010-05-05 18:22 - 427458611 ____A C:\Users\Famke\Desktop\Insanity Core Cardio and Balance.mp4
2012-06-29 11:44 - 2012-06-29 11:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-29 11:44 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 11:43 - 2012-06-29 11:43 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Famke\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-28 16:37 - 2012-06-28 16:37 - 00262144 ____A C:\Windows\Minidump\062812-22479-01.dmp
2012-06-28 16:31 - 2012-06-28 16:31 - 00000000 ____D C:\avrescue
2012-06-28 15:57 - 2012-06-28 15:57 - 00036631 ____A C:\Users\Famke\Desktop\Capture.PNG
2012-06-28 15:17 - 2012-06-28 17:36 - 00000000 ____D C:\ComboFix
2012-06-28 15:16 - 2012-06-28 15:16 - 00000000 ____D C:\Qoobox
2012-06-28 15:11 - 2012-07-01 09:57 - 00000000 ___SD C:\32788R22FWJFW
2012-06-28 11:50 - 2012-06-29 11:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 11:50 - 2012-06-28 11:50 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Malwarebytes
2012-06-28 11:50 - 2012-06-28 11:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-28 11:35 - 2012-06-28 11:35 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Avira
2012-06-28 11:30 - 2012-06-28 11:30 - 00000000 ____D C:\Users\All Users\Avira
2012-06-28 11:30 - 2012-06-28 11:30 - 00000000 ____D C:\Program Files (x86)\Avira
2012-06-28 08:22 - 2012-06-28 08:22 - 00806400 ____A C:\Users\Famke\Downloads\MicrosoftFixit50692.msi
2012-06-28 08:16 - 2012-06-28 08:16 - 00014984 ____A C:\FixitRegBackup.reg
2012-06-28 08:15 - 2012-06-28 08:15 - 00899584 ____A C:\Users\Famke\Downloads\MicrosoftFixit50535.msi
2012-06-28 08:03 - 2012-06-28 08:03 - 00985600 ____A C:\Users\Famke\Downloads\MicrosoftFixit50123 (1).msi
2012-06-28 08:02 - 2012-06-28 08:02 - 00985600 ____A C:\Users\Famke\Downloads\MicrosoftFixit50123.msi
2012-06-28 07:53 - 2012-06-28 07:53 - 00000000 ____D C:\Users\All Users\Office Genuine Advantage
2012-06-28 07:31 - 2012-06-28 07:31 - 00113569 ____A C:\Users\Famke\Desktop\MSE claims that Windows did not pass genuine validation. - Microsoft Answers.htm
2012-06-28 07:31 - 2012-06-28 07:31 - 00000446 ____A C:\Users\Famke\Downloads\chromehtml.reg
2012-06-28 07:31 - 2012-06-28 07:31 - 00000000 ____D C:\Users\Famke\Desktop\MSE claims that Windows did not pass genuine validation. - Microsoft Answers_files
2012-06-28 07:15 - 2012-06-28 07:15 - 01606064 ____A C:\Users\Famke\Downloads\googletalk-setup.exe
2012-06-28 07:09 - 2012-06-28 07:09 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall (3).exe
2012-06-28 07:09 - 2012-06-28 07:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-28 07:08 - 2012-06-28 07:08 - 01528184 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\GenuineCheck.exe
2012-06-28 07:08 - 2012-06-28 07:08 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage
2012-06-28 07:07 - 2012-06-28 07:07 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall (2).exe
2012-06-28 06:59 - 2012-06-28 06:59 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-28 06:54 - 2012-06-28 06:54 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall (1).exe
2012-06-27 21:51 - 2012-06-27 21:51 - 00159144 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\WindowsActivationUpdate.exe
2012-06-27 21:36 - 2012-06-27 21:36 - 16859064 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\Windows-KB890830-x64-V4.9.exe
2012-06-27 21:30 - 2012-06-27 21:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA038AF6200478AD
2012-06-27 20:00 - 2012-06-27 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EA5BB9B08FAA6FD
2012-06-27 19:54 - 2012-06-27 19:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0069F714A6754FE
2012-06-27 19:54 - 2012-06-27 19:54 - 00000000 ____A C:\Users\Famke\Downloads\277.tmp
2012-06-27 19:53 - 2012-06-27 19:53 - 00001270 ____A C:\Users\Famke\Desktop\shutdown (2).lnk
2012-06-27 19:51 - 2012-06-27 19:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1439FD639D748D2A
2012-06-27 19:50 - 2012-06-27 19:51 - 00001270 ____A C:\Users\Famke\Desktop\shutdown.lnk
2012-06-27 19:45 - 2012-06-27 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.76A62D8D5B8B79D2
2012-06-27 19:45 - 2012-06-27 19:45 - 00000000 ____A C:\Users\Famke\Downloads\2545.tmp
2012-06-27 19:41 - 2012-06-27 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C8CF26C95EC6FBF
2012-06-27 19:38 - 2012-06-27 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27718F8D81F9A493
2012-06-27 19:35 - 2012-06-27 19:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B47505DD58237679
2012-06-27 19:31 - 2012-06-27 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6C218952E5CB4FB
2012-06-27 19:25 - 2012-06-28 07:11 - 00002150 ____A C:\Windows\epplauncher.mif
2012-06-27 19:24 - 2012-06-28 17:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-27 19:24 - 2012-06-28 07:09 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-27 19:20 - 2012-06-27 19:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall.exe
2012-06-27 16:24 - 2012-06-27 17:21 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-25 14:05 - 2012-06-25 14:05 - 01837056 ____A C:\Windows\SysWOW64\ipnathlp.dll
2012-06-25 14:05 - 2012-06-25 14:05 - 00000378 ____A C:\Windows\SysWOW64\ipnathlp.ocx
2012-06-25 09:37 - 2012-06-25 09:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-22 19:24 - 2012-06-22 19:24 - 00073924 ____A C:\Users\Famke\Downloads\footballfield8 (1).png
2012-06-22 19:19 - 2012-06-22 19:19 - 00073924 ____A C:\Users\Famke\Downloads\footballfield8.png
2012-06-21 20:05 - 2012-06-28 16:37 - 348201649 ____A C:\Windows\MEMORY.DMP
2012-06-21 20:05 - 2012-06-28 16:37 - 00000000 ____D C:\Windows\Minidump
2012-06-21 20:05 - 2012-06-21 20:05 - 00262144 ____A C:\Windows\Minidump\062212-30482-01.dmp
2012-06-21 06:24 - 2012-06-03 19:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-21 06:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 06:13 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 06:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 06:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 06:13 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 06:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 06:13 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 06:13 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 06:13 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 19:52 - 2012-06-29 17:02 - 00000000 ____D C:\Users\Famke\AppData\Roaming\vlc
2012-06-20 19:52 - 2012-06-20 19:52 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-06-20 19:47 - 2012-06-20 19:51 - 22259528 ____A C:\Users\Famke\Downloads\vlc-2.0.1-win32.exe
2012-06-20 19:47 - 2012-06-20 19:47 - 00000000 ____D C:\Users\Famke\AppData\Local\Nero_AG
2012-06-20 13:33 - 2012-06-20 13:55 - 00000132 ____A C:\Users\Famke\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-06-20 13:29 - 2012-06-20 13:29 - 00033495 ____A C:\Users\Famke\Downloads\Attachments_2012_06_20.zip
2012-06-19 20:08 - 2012-06-27 13:24 - 00000010 ____A C:\Windows\VDEN.bkm
2012-06-19 20:06 - 2012-06-19 20:06 - 29365165 ____A C:\Users\Famke\Downloads\VanDale.zip
2012-06-19 20:06 - 2012-06-19 20:06 - 00000000 ____D C:\Program Files (x86)\VanDale
2012-06-18 14:50 - 2012-06-18 14:50 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Google
2012-06-18 06:05 - 2012-06-20 13:57 - 00000000 ____D C:\Users\Famke\Desktop\zooi
2012-06-17 17:32 - 2012-06-17 17:35 - 00000000 ____D C:\Users\Famke\Desktop\The Super Hero Squad Show - Season 2
2012-06-17 17:24 - 2012-06-17 18:29 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Nero
2012-06-17 17:24 - 2012-06-17 17:24 - 00000000 ____D C:\Users\Famke\Documents\NeroVideo
2012-06-17 17:24 - 2012-06-17 17:24 - 00000000 ____D C:\Users\Famke\AppData\Local\Nero
2012-06-17 17:17 - 2012-06-17 17:18 - 00000000 ____D C:\Users\All Users\Nero
2012-06-17 17:14 - 2010-05-26 07:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-06-17 17:14 - 2010-05-26 07:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-06-17 17:14 - 2010-05-26 07:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-06-17 17:14 - 2010-05-26 07:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-06-17 17:14 - 2010-05-26 07:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-06-17 17:13 - 2009-09-04 13:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-06-17 17:13 - 2009-09-04 13:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-06-17 17:12 - 2008-10-15 02:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-06-17 17:12 - 2007-05-16 12:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-06-17 17:11 - 2006-03-31 08:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-06-17 17:08 - 2012-06-17 17:21 - 00000000 ____D C:\Program Files (x86)\Nero
2012-06-16 08:33 - 2012-06-16 16:42 - 00000132 ____A C:\Users\Famke\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-14 03:51 - 2011-04-27 19:55 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-06-14 03:51 - 2011-04-27 19:54 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-06-13 09:37 - 2012-06-17 17:17 - 00414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-13 09:37 - 2012-06-13 09:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-13 09:37 - 2012-06-13 09:37 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-13 09:27 - 2012-06-13 09:27 - 00000687 ____A C:\Users\Famke\Desktop\Famke HD - Shortcut.lnk
2012-06-13 06:16 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-13 06:16 - 2012-02-29 22:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-13 06:16 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-13 06:16 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-13 06:16 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-06-13 06:16 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-06-13 06:16 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-06-13 06:13 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 06:13 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 06:13 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 06:13 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 06:13 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 06:13 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 06:13 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 06:13 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 06:13 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 06:13 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 06:13 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 06:13 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 06:13 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 06:13 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 06:13 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 06:13 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 06:13 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 06:13 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 06:13 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 06:13 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 06:13 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 06:13 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 06:13 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 06:13 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 06:13 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 06:13 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 06:13 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 06:13 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 05:53 - 2012-06-26 14:28 - 00000000 ____D C:\Famke HD
2012-06-13 05:41 - 2012-06-13 05:41 - 02672035 ____A C:\Users\Famke\Downloads\EUROPA JESSE.psd
2012-06-13 05:40 - 2012-06-13 05:41 - 01715611 ____A C:\Users\Famke\Downloads\EUROPA.ai
2012-06-13 04:44 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 04:44 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 04:44 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 04:44 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 04:44 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 04:44 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 04:44 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 04:00 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 03:50 - 2012-06-13 06:39 - 00000000 ____D C:\Users\Famke\AppData\Local\EgisTec
2012-06-13 01:10 - 2012-06-13 01:13 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2012-06-13 01:10 - 2012-06-13 01:10 - 00000000 ____D C:\Users\Famke\Downloads\log
2012-06-13 01:10 - 2012-06-13 01:10 - 00000000 ____D C:\Users\All Users\Leapfrog
2012-06-13 01:09 - 2012-06-13 01:10 - 10249568 ____A (LeapFrog Enterprises, Inc.) C:\Users\Famke\Downloads\LeapFrogConnectSetup_LeapsterExplorer.exe
2012-06-13 00:32 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-13 00:32 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-06-13 00:32 - 2011-11-16 22:49 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-13 00:32 - 2011-11-16 22:49 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-13 00:32 - 2011-11-16 22:44 - 00459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-13 00:32 - 2011-11-16 22:35 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-06-13 00:32 - 2011-11-16 22:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-06-13 00:32 - 2011-11-16 22:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-13 00:32 - 2011-11-16 22:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-06-13 00:32 - 2011-11-16 22:35 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-06-13 00:32 - 2011-11-16 22:35 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-06-13 00:32 - 2011-11-16 22:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-06-13 00:32 - 2011-11-16 21:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-06-13 00:32 - 2011-11-16 21:34 - 00224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-13 00:32 - 2011-11-16 21:34 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-13 00:32 - 2011-11-16 21:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-13 00:32 - 2011-10-25 21:25 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-06-13 00:32 - 2011-10-25 21:25 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-13 00:32 - 2011-10-25 21:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-06-13 00:32 - 2011-10-25 20:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-06-13 00:32 - 2011-10-25 20:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-13 00:32 - 2011-07-08 18:46 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-06-13 00:32 - 2011-06-15 02:02 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-06-13 00:32 - 2011-06-15 02:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-06-13 00:32 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-06-13 00:32 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-06-13 00:32 - 2011-06-15 00:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-06-13 00:32 - 2011-06-15 00:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-06-13 00:32 - 2011-06-15 00:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-06-13 00:32 - 2011-06-15 00:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-06-13 00:32 - 2011-06-15 00:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-06-13 00:32 - 2011-04-08 22:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-06-13 00:32 - 2011-04-08 21:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2012-06-13 00:31 - 2011-12-27 19:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-06-13 00:31 - 2011-08-16 21:26 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-06-13 00:31 - 2011-08-16 21:25 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-06-13 00:31 - 2011-08-16 20:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-06-13 00:31 - 2011-08-16 20:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-06-13 00:30 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-13 00:30 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-06-13 00:30 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-06-13 00:30 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-06-13 00:30 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-06-13 00:30 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-06-13 00:30 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-06-13 00:30 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-06-13 00:30 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-06-13 00:30 - 2011-07-15 21:41 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-06-13 00:30 - 2011-07-15 21:41 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-06-13 00:30 - 2011-07-15 21:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-06-13 00:30 - 2011-07-15 21:39 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-06-13 00:30 - 2011-07-15 21:37 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-06-13 00:30 - 2011-07-15 21:37 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-06-13 00:30 - 2011-07-15 20:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-06-13 00:30 - 2011-07-15 20:24 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-06-13 00:30 - 2011-07-15 20:24 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-06-13 00:30 - 2011-07-15 20:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 18:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-06-13 00:30 - 2011-07-15 18:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-06-13 00:30 - 2011-07-15 18:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 18:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 18:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-06-13 00:30 - 2011-07-15 18:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-06-13 00:30 - 2011-06-23 21:34 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-06-13 00:30 - 2011-06-23 21:25 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-06-13 00:30 - 2011-05-24 03:42 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-06-13 00:30 - 2011-05-24 02:40 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-06-13 00:30 - 2011-05-24 02:40 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-06-13 00:30 - 2011-05-24 02:39 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-06-13 00:30 - 2011-05-24 02:37 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-06-13 00:30 - 2011-02-22 20:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-06-13 00:29 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-13 00:29 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-06-13 00:29 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-06-13 00:29 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-06-13 00:29 - 2011-11-16 22:41 - 00000000 __SHD C:\Users\Famke\AppData\Local\{a513b98b-39d2-311b-e4ee-7f5f99151347}
2012-06-13 00:29 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-06-13 00:29 - 2011-11-04 21:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-06-13 00:29 - 2011-11-04 20:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-06-12 15:49 - 2012-06-28 07:15 - 00000000 ____D C:\Users\Famke\AppData\Local\Google
2012-06-12 15:49 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-12 15:49 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-06-12 15:49 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-12 15:48 - 2012-06-28 17:36 - 00000000 ____D C:\Users\Famke\AppData\Local\BioExcess
2012-06-12 15:48 - 2012-06-13 06:37 - 00114888 ____A C:\Users\Famke\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-12 15:48 - 2012-06-12 15:48 - 00000000 ____D C:\Users\Famke\AppData\Local\EgisTec IPS
2012-06-12 15:48 - 2012-06-12 15:48 - 00000000 ____D C:\Users\Famke\AppData\Local\Apps\2.0
2012-06-12 15:48 - 2012-06-12 15:48 - 00000000 ____D C:\Users\All Users\Energy Management
2012-06-12 15:48 - 2012-06-12 04:20 - 00000000 ____D C:\Users\Famke\AppData\Local\Deployment
2012-06-12 15:47 - 2012-07-01 10:25 - 00000000 ____D C:\users\Famke
2012-06-12 15:47 - 2012-06-19 20:11 - 00000000 ____D C:\Users\Famke\AppData\Local\VirtualStore
2012-06-12 15:47 - 2012-06-12 15:47 - 00000020 ___SH C:\Users\Famke\ntuser.ini
2012-06-12 15:47 - 2012-06-12 15:47 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Intel
2012-06-12 15:46 - 2012-06-12 15:46 - 00000000 __SHD C:\Recovery
2012-06-12 15:00 - 2012-06-26 15:39 - 00000000 ___RD C:\Users\Famke\Desktop\ICONS
2012-06-12 12:06 - 2012-06-12 12:06 - 01106761 ____A C:\Users\Famke\Documents\six dice.ai
2012-06-12 04:45 - 2012-07-01 11:35 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Skype
2012-06-12 04:45 - 2012-06-25 15:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-12 04:45 - 2012-06-25 15:05 - 00000000 ____D C:\Users\All Users\Skype
2012-06-12 04:44 - 2012-06-12 04:44 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Famke\Downloads\SkypeSetup.exe
2012-06-12 04:35 - 2012-06-12 04:35 - 00000000 ____D C:\Users\All Users\ALM
2012-06-12 04:26 - 2012-06-12 04:28 - 00000000 ____D C:\Users\Famke\Desktop\Adobe Illustrator cs5 me
2012-06-12 04:20 - 2012-06-12 04:20 - 00000000 ____D C:\Users\Famke\AppData\Local\Best Buy pc app
2012-06-12 04:16 - 2012-06-12 04:36 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-12 04:16 - 2012-06-12 04:16 - 00000000 ____D C:\Program Files\Adobe
2012-06-12 04:14 - 2012-06-12 04:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-12 04:13 - 2012-06-12 04:13 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-06-12 04:12 - 2012-06-12 04:12 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-12 04:12 - 2012-06-12 04:12 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-12 04:10 - 2012-06-20 06:42 - 00000000 ____D C:\Users\Famke\AppData\Local\Adobe
2012-06-12 04:07 - 2012-06-12 04:07 - 00000000 ____D C:\Users\Famke\Desktop\Adobe photoshop CS5 extended + Crack
2012-06-12 03:54 - 2012-06-22 19:22 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Adobe
2012-06-12 03:54 - 2012-06-12 03:54 - 00000000 ____D C:\Users\Famke\AppData\Roaming\Macromedia

============ 3 Months Modified Files ========================

2012-07-01 18:02 - 2009-07-13 20:45 - 00028928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-01 18:02 - 2009-07-13 20:45 - 00028928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-01 18:01 - 2012-03-01 09:02 - 00303258 ____A C:\FaceProv.log
2012-07-01 18:00 - 2009-07-13 21:13 - 00729514 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-01 17:57 - 2012-07-01 17:57 - 01430427 ____A C:\Users\Famke\Downloads\FRST64.exe
2012-07-01 17:55 - 2012-03-01 09:17 - 00237141 ____A C:\Windows\System32\fastboot.set
2012-07-01 17:55 - 2012-03-01 09:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-01 17:55 - 2012-03-01 09:06 - 00025856 ____A C:\Windows\System32\TPHDLOG0.LOG
2012-07-01 17:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-01 17:55 - 2009-07-13 20:51 - 00047000 ____A C:\Windows\setupact.log
2012-07-01 16:54 - 2012-03-01 09:14 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-01 16:54 - 2012-03-01 09:06 - 00100864 ____A C:\Windows\System32\TPAPSLOG.LOG
2012-07-01 16:43 - 2012-07-01 16:43 - 00002097 ____A C:\Users\Famke\Desktop\aswMBR.txt
2012-07-01 16:43 - 2012-07-01 16:43 - 00000512 ____A C:\Users\Famke\Desktop\MBR.dat
2012-07-01 16:32 - 2012-07-01 16:32 - 04731392 ____A (AVAST Software) C:\Users\Famke\Downloads\aswMBR.exe
2012-07-01 16:24 - 2012-07-01 16:24 - 00595968 ____A (OldTimer Tools) C:\Users\Famke\Desktop\OTL.exe
2012-07-01 11:22 - 2012-07-01 11:22 - 00000407 ____A C:\Users\Famke\Desktop\gmer.log
2012-07-01 10:57 - 2012-07-01 10:57 - 00294216 ____A C:\Users\Famke\Downloads\gmer.zip
2012-07-01 10:54 - 2012-07-01 10:54 - 00302592 ____A C:\Users\Famke\Downloads\xqygnstm.exe
2012-07-01 10:35 - 2012-07-01 10:35 - 00050477 ____A C:\Users\Famke\Downloads\Defogger (1).exe
2012-07-01 10:27 - 2012-07-01 10:27 - 00607260 ____R (Swearware) C:\Users\Famke\Desktop\dds.scr
2012-07-01 10:26 - 2012-07-01 10:26 - 00302592 ____A C:\Users\Famke\Downloads\bn63bnl1.exe
2012-07-01 10:25 - 2012-07-01 10:25 - 00050477 ____A C:\Users\Famke\Downloads\Defogger.exe
2012-07-01 10:25 - 2012-07-01 10:25 - 00000472 ____A C:\Users\Famke\Downloads\defogger_disable.log
2012-07-01 10:25 - 2012-07-01 10:25 - 00000000 ____A C:\Users\Famke\defogger_reenable
2012-07-01 10:11 - 2012-07-01 10:11 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\Famke\Downloads\tdsskiller.exe
2012-07-01 09:47 - 2012-07-01 09:47 - 04568829 ____R (Swearware) C:\Users\Famke\Downloads\ComboFix.exe
2012-07-01 09:41 - 2012-07-01 09:41 - 01411144 ____A (PortableApps.com) C:\Users\Famke\Downloads\GoogleChromePortable_20.0.1132.47_online.paf (1).exe
2012-07-01 09:31 - 2012-07-01 09:31 - 01411144 ____A (PortableApps.com) C:\Users\Famke\Downloads\GoogleChromePortable_20.0.1132.47_online.paf.exe
2012-06-30 06:47 - 2012-03-01 08:20 - 01172583 ____A C:\Windows\WindowsUpdate.log
2012-06-29 17:06 - 2010-11-20 19:47 - 00015484 ____A C:\Windows\PFRO.log
2012-06-29 11:44 - 2012-06-29 11:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-29 11:43 - 2012-06-29 11:43 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Famke\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-28 16:37 - 2012-06-28 16:37 - 00262144 ____A C:\Windows\Minidump\062812-22479-01.dmp
2012-06-28 16:37 - 2012-06-21 20:05 - 348201649 ____A C:\Windows\MEMORY.DMP
2012-06-28 15:57 - 2012-06-28 15:57 - 00036631 ____A C:\Users\Famke\Desktop\Capture.PNG
2012-06-28 08:22 - 2012-06-28 08:22 - 00806400 ____A C:\Users\Famke\Downloads\MicrosoftFixit50692.msi
2012-06-28 08:16 - 2012-06-28 08:16 - 00014984 ____A C:\FixitRegBackup.reg
2012-06-28 08:15 - 2012-06-28 08:15 - 00899584 ____A C:\Users\Famke\Downloads\MicrosoftFixit50535.msi
2012-06-28 08:03 - 2012-06-28 08:03 - 00985600 ____A C:\Users\Famke\Downloads\MicrosoftFixit50123 (1).msi
2012-06-28 08:02 - 2012-06-28 08:02 - 00985600 ____A C:\Users\Famke\Downloads\MicrosoftFixit50123.msi
2012-06-28 07:31 - 2012-06-28 07:31 - 00113569 ____A C:\Users\Famke\Desktop\MSE claims that Windows did not pass genuine validation. - Microsoft Answers.htm
2012-06-28 07:31 - 2012-06-28 07:31 - 00000446 ____A C:\Users\Famke\Downloads\chromehtml.reg
2012-06-28 07:15 - 2012-06-28 07:15 - 01606064 ____A C:\Users\Famke\Downloads\googletalk-setup.exe
2012-06-28 07:11 - 2012-06-27 19:25 - 00002150 ____A C:\Windows\epplauncher.mif
2012-06-28 07:09 - 2012-06-28 07:09 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall (3).exe
2012-06-28 07:09 - 2012-06-27 19:24 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-28 07:08 - 2012-06-28 07:08 - 01528184 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\GenuineCheck.exe
2012-06-28 07:07 - 2012-06-28 07:07 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall (2).exe
2012-06-28 06:54 - 2012-06-28 06:54 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall (1).exe
2012-06-27 21:51 - 2012-06-27 21:51 - 00159144 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\WindowsActivationUpdate.exe
2012-06-27 21:36 - 2012-06-27 21:36 - 16859064 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\Windows-KB890830-x64-V4.9.exe
2012-06-27 21:30 - 2012-06-27 21:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA038AF6200478AD
2012-06-27 20:00 - 2012-06-27 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EA5BB9B08FAA6FD
2012-06-27 19:54 - 2012-06-27 19:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0069F714A6754FE
2012-06-27 19:54 - 2012-06-27 19:54 - 00000000 ____A C:\Users\Famke\Downloads\277.tmp
2012-06-27 19:53 - 2012-06-27 19:53 - 00001270 ____A C:\Users\Famke\Desktop\shutdown (2).lnk
2012-06-27 19:51 - 2012-06-27 19:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1439FD639D748D2A
2012-06-27 19:51 - 2012-06-27 19:50 - 00001270 ____A C:\Users\Famke\Desktop\shutdown.lnk
2012-06-27 19:45 - 2012-06-27 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.76A62D8D5B8B79D2
2012-06-27 19:45 - 2012-06-27 19:45 - 00000000 ____A C:\Users\Famke\Downloads\2545.tmp
2012-06-27 19:41 - 2012-06-27 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C8CF26C95EC6FBF
2012-06-27 19:38 - 2012-06-27 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27718F8D81F9A493
2012-06-27 19:35 - 2012-06-27 19:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B47505DD58237679
2012-06-27 19:31 - 2012-06-27 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6C218952E5CB4FB
2012-06-27 19:20 - 2012-06-27 19:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Famke\Downloads\mseinstall.exe
2012-06-27 13:24 - 2012-06-19 20:08 - 00000010 ____A C:\Windows\VDEN.bkm
2012-06-25 14:05 - 2012-06-25 14:05 - 01837056 ____A C:\Windows\SysWOW64\ipnathlp.dll
2012-06-25 14:05 - 2012-06-25 14:05 - 00000378 ____A C:\Windows\SysWOW64\ipnathlp.ocx
2012-06-25 09:37 - 2012-06-25 09:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-22 19:24 - 2012-06-22 19:24 - 00073924 ____A C:\Users\Famke\Downloads\footballfield8 (1).png
2012-06-22 19:19 - 2012-06-22 19:19 - 00073924 ____A C:\Users\Famke\Downloads\footballfield8.png
2012-06-21 20:05 - 2012-06-21 20:05 - 00262144 ____A C:\Windows\Minidump\062212-30482-01.dmp
2012-06-20 19:51 - 2012-06-20 19:47 - 22259528 ____A C:\Users\Famke\Downloads\vlc-2.0.1-win32.exe
2012-06-20 13:55 - 2012-06-20 13:33 - 00000132 ____A C:\Users\Famke\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-06-20 13:29 - 2012-06-20 13:29 - 00033495 ____A C:\Users\Famke\Downloads\Attachments_2012_06_20.zip
2012-06-19 20:06 - 2012-06-19 20:06 - 29365165 ____A C:\Users\Famke\Downloads\VanDale.zip
2012-06-17 17:17 - 2012-06-13 09:37 - 00414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 16:42 - 2012-06-16 08:33 - 00000132 ____A C:\Users\Famke\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-13 09:37 - 2012-06-13 09:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-13 09:27 - 2012-06-13 09:27 - 00000687 ____A C:\Users\Famke\Desktop\Famke HD - Shortcut.lnk
2012-06-13 06:37 - 2012-06-12 15:48 - 00114888 ____A C:\Users\Famke\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-13 06:36 - 2009-07-13 20:45 - 05054240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 05:41 - 2012-06-13 05:41 - 02672035 ____A C:\Users\Famke\Downloads\EUROPA JESSE.psd
2012-06-13 05:41 - 2012-06-13 05:40 - 01715611 ____A C:\Users\Famke\Downloads\EUROPA.ai
2012-06-13 01:13 - 2012-03-01 08:37 - 00024434 ____A C:\Windows\DPINST.LOG
2012-06-13 01:10 - 2012-06-13 01:09 - 10249568 ____A (LeapFrog Enterprises, Inc.) C:\Users\Famke\Downloads\LeapFrogConnectSetup_LeapsterExplorer.exe
2012-06-12 15:47 - 2012-06-12 15:47 - 00000020 ___SH C:\Users\Famke\ntuser.ini
2012-06-12 12:06 - 2012-06-12 12:06 - 01106761 ____A C:\Users\Famke\Documents\six dice.ai
2012-06-12 11:45 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-06-12 11:45 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-06-12 04:44 - 2012-06-12 04:44 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Famke\Downloads\SkypeSetup.exe
2012-06-03 19:28 - 2012-06-21 06:24 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-21 06:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 06:13 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 06:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 06:13 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 06:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 06:13 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 06:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 06:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 18:47 - 2012-06-13 06:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 06:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 06:13 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 06:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 06:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 06:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 06:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 06:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 06:13 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 06:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 06:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 06:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 06:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 06:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 06:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 06:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 06:13 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 06:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 06:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 06:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 06:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 06:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 06:13 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 06:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 06:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 06:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 06:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 06:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 04:44 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 03:06 - 2012-06-13 04:44 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 04:44 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 04:44 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 19:55 - 2012-06-13 04:00 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 04:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 04:44 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 04:44 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-04 14:56 - 2012-06-29 11:44 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


ZeroAccess:
C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}
C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\@
C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\L
C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U
C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U\00000001.@
C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U\80000000.@
C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U\800000cb.@

ZeroAccess:
C:\Users\Famke\AppData\Local\{a513b98b-39d2-311b-e4ee-7f5f99151347}
C:\Users\Famke\AppData\Local\{a513b98b-39d2-311b-e4ee-7f5f99151347}\@
C:\Users\Famke\AppData\Local\{a513b98b-39d2-311b-e4ee-7f5f99151347}\L
C:\Users\Famke\AppData\Local\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6058.14 MB
Available physical RAM: 5364.96 MB
Total Pagefile: 6056.34 MB
Available Pagefile: 5349.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:421.81 GB) (Free:364.97 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.24 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 421 GB 201 MB
Partition 0 Extended 28 GB 422 GB
Partition 4 Logical 28 GB 422 GB
Partition 3 OEM 14 GB 451 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 421 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LENOVO NTFS Partition 28 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB DISK FAT Removable 1908 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 06:54

======================= End Of Log ==========================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:59 PM

Posted 02 July 2012 - 03:10 PM

Hello,



1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}
C:\Users\Famke\AppData\Local\{a513b98b-39d2-311b-e4ee-7f5f99151347}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.



2.
We need to find a replacement file on your system

Please do the following:


[*]boot into System Recovery Options and run FRST64.

[*]Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe


Click Search button and post the log it makes to your reply.


Things to include in your next reply:
fix log
Search log





The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 famke7

famke7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 02 July 2012 - 04:01 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012 01
Ran by SYSTEM at 2012-07-02 13:52:58 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347} moved successfully.
C:\Users\Famke\AppData\Local\{a513b98b-39d2-311b-e4ee-7f5f99151347} moved successfully.

==== End of Fixlog ====

Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 2012-07-02 13:50:02
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:59 PM

Posted 02 July 2012 - 05:22 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by fireman4it, 02 July 2012 - 05:22 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 famke7

famke7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 02 July 2012 - 06:49 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012 01
Ran by SYSTEM at 2012-07-02 16:48:18 Run:2
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:59 PM

Posted 03 July 2012 - 02:36 PM

Hello,

Now that we have fixed those lets go ahead and run some tools in normal mode.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 famke7

famke7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 03 July 2012 - 04:14 PM

TDS killer detected 3 possible threats, though the only option was to delete, so i skipped. when i tried running the combofix it locked up at the same spot as before (where it says folder C:/32788R22FWJFW), the only option is to power down the computer. i did verify that after running the frst64 scan again it says
C:\Windows\System32\services.exe => MD5 is legit



13:21:30.0838 4232 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:21:31.0602 4232 ============================================================
13:21:31.0602 4232 Current date / time: 2012/07/03 13:21:31.0602
13:21:31.0602 4232 SystemInfo:
13:21:31.0602 4232
13:21:31.0602 4232 OS Version: 6.1.7601 ServicePack: 1.0
13:21:31.0602 4232 Product type: Workstation
13:21:31.0602 4232 ComputerName: FAMKE-PC
13:21:31.0602 4232 UserName: Famke
13:21:31.0602 4232 Windows directory: C:\windows
13:21:31.0602 4232 System windows directory: C:\windows
13:21:31.0602 4232 Running under WOW64
13:21:31.0618 4232 Processor architecture: Intel x64
13:21:31.0618 4232 Number of processors: 4
13:21:31.0618 4232 Page size: 0x1000
13:21:31.0618 4232 Boot type: Normal boot
13:21:31.0618 4232 ============================================================
13:21:34.0722 4232 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:34.0722 4232 ============================================================
13:21:34.0722 4232 \Device\Harddisk0\DR0:
13:21:34.0722 4232 MBR partitions:
13:21:34.0722 4232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
13:21:34.0722 4232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
13:21:34.0754 4232 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
13:21:34.0754 4232 ============================================================
13:21:34.0816 4232 C: <-> \Device\Harddisk0\DR0\Partition1
13:21:35.0034 4232 D: <-> \Device\Harddisk0\DR0\Partition2
13:21:35.0034 4232 ============================================================
13:21:35.0034 4232 Initialize success
13:21:35.0034 4232 ============================================================
13:22:22.0162 4460 ============================================================
13:22:22.0162 4460 Scan started
13:22:22.0162 4460 Mode: Manual;
13:22:22.0162 4460 ============================================================
13:22:22.0926 4460 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:22:22.0942 4460 1394ohci - ok
13:22:22.0989 4460 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:22:23.0020 4460 ACPI - ok
13:22:23.0036 4460 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:22:23.0036 4460 AcpiPmi - ok
13:22:23.0082 4460 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
13:22:23.0082 4460 ACPIVPC - ok
13:22:23.0160 4460 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
13:22:23.0192 4460 adp94xx - ok
13:22:23.0223 4460 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
13:22:23.0223 4460 adpahci - ok
13:22:23.0254 4460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
13:22:23.0270 4460 adpu320 - ok
13:22:23.0285 4460 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
13:22:23.0301 4460 AeLookupSvc - ok
13:22:23.0363 4460 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
13:22:23.0394 4460 AFD - ok
13:22:23.0426 4460 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:22:23.0441 4460 agp440 - ok
13:22:23.0457 4460 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
13:22:23.0457 4460 ALG - ok
13:22:23.0472 4460 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:22:23.0472 4460 aliide - ok
13:22:23.0488 4460 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:22:23.0504 4460 amdide - ok
13:22:23.0504 4460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
13:22:23.0519 4460 AmdK8 - ok
13:22:23.0519 4460 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
13:22:23.0519 4460 AmdPPM - ok
13:22:23.0582 4460 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:22:23.0582 4460 amdsata - ok
13:22:23.0597 4460 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
13:22:23.0613 4460 amdsbs - ok
13:22:23.0628 4460 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:22:23.0628 4460 amdxata - ok
13:22:23.0660 4460 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:22:23.0660 4460 AppID - ok
13:22:23.0691 4460 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
13:22:23.0706 4460 AppIDSvc - ok
13:22:23.0738 4460 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
13:22:23.0738 4460 Appinfo - ok
13:22:23.0753 4460 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
13:22:23.0753 4460 arc - ok
13:22:23.0769 4460 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
13:22:23.0769 4460 arcsas - ok
13:22:23.0800 4460 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:22:23.0800 4460 AsyncMac - ok
13:22:23.0816 4460 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:22:23.0816 4460 atapi - ok
13:22:23.0909 4460 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:22:23.0925 4460 AudioEndpointBuilder - ok
13:22:23.0940 4460 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:22:23.0940 4460 AudioSrv - ok
13:22:24.0003 4460 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
13:22:24.0018 4460 AxInstSV - ok
13:22:24.0081 4460 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
13:22:24.0096 4460 b06bdrv - ok
13:22:24.0143 4460 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:22:24.0159 4460 b57nd60a - ok
13:22:24.0221 4460 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
13:22:24.0237 4460 BDESVC - ok
13:22:24.0252 4460 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:22:24.0252 4460 Beep - ok
13:22:24.0299 4460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:22:24.0299 4460 blbdrive - ok
13:22:24.0346 4460 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:22:24.0346 4460 bowser - ok
13:22:24.0393 4460 bpenum (56e4345f392f17d66683225e214840cb) C:\windows\system32\DRIVERS\bpenum.sys
13:22:24.0408 4460 bpenum - ok
13:22:24.0424 4460 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\windows\system32\DRIVERS\bpmp.sys
13:22:24.0424 4460 bpmp - ok
13:22:24.0471 4460 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
13:22:24.0471 4460 BPntDrv - ok
13:22:24.0502 4460 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\windows\system32\Drivers\bpusb.sys
13:22:24.0502 4460 bpusb - ok
13:22:24.0533 4460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
13:22:24.0533 4460 BrFiltLo - ok
13:22:24.0533 4460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
13:22:24.0549 4460 BrFiltUp - ok
13:22:24.0596 4460 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
13:22:24.0611 4460 Browser - ok
13:22:24.0642 4460 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:22:24.0674 4460 Brserid - ok
13:22:24.0674 4460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:22:24.0689 4460 BrSerWdm - ok
13:22:24.0689 4460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:22:24.0689 4460 BrUsbMdm - ok
13:22:24.0689 4460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:22:24.0705 4460 BrUsbSer - ok
13:22:24.0752 4460 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
13:22:24.0752 4460 BthEnum - ok
13:22:24.0767 4460 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
13:22:24.0767 4460 BTHMODEM - ok
13:22:24.0798 4460 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
13:22:24.0798 4460 BthPan - ok
13:22:24.0861 4460 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
13:22:24.0876 4460 BTHPORT - ok
13:22:24.0923 4460 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
13:22:24.0923 4460 bthserv - ok
13:22:24.0954 4460 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
13:22:24.0954 4460 BTHUSB - ok
13:22:24.0986 4460 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:22:24.0986 4460 cdfs - ok
13:22:25.0032 4460 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
13:22:25.0048 4460 cdrom - ok
13:22:25.0095 4460 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:22:25.0110 4460 CertPropSvc - ok
13:22:25.0126 4460 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
13:22:25.0126 4460 circlass - ok
13:22:25.0157 4460 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:22:25.0188 4460 CLFS - ok
13:22:25.0266 4460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:25.0282 4460 clr_optimization_v2.0.50727_32 - ok
13:22:25.0329 4460 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:22:25.0329 4460 clr_optimization_v2.0.50727_64 - ok
13:22:25.0422 4460 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:25.0422 4460 clr_optimization_v4.0.30319_32 - ok
13:22:25.0454 4460 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:22:25.0454 4460 clr_optimization_v4.0.30319_64 - ok
13:22:25.0516 4460 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
13:22:25.0516 4460 clwvd - ok
13:22:25.0563 4460 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:22:25.0563 4460 CmBatt - ok
13:22:25.0578 4460 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:22:25.0594 4460 cmdide - ok
13:22:25.0672 4460 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
13:22:25.0688 4460 CNG - ok
13:22:25.0719 4460 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
13:22:25.0719 4460 Compbatt - ok
13:22:25.0750 4460 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
13:22:25.0750 4460 CompositeBus - ok
13:22:25.0766 4460 COMSysApp - ok
13:22:25.0797 4460 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
13:22:25.0797 4460 crcdisk - ok
13:22:25.0859 4460 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
13:22:25.0875 4460 CryptSvc - ok
13:22:25.0937 4460 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:22:25.0984 4460 DcomLaunch - ok
13:22:26.0015 4460 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
13:22:26.0031 4460 defragsvc - ok
13:22:26.0078 4460 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:22:26.0078 4460 DfsC - ok
13:22:26.0124 4460 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
13:22:26.0140 4460 Dhcp - ok
13:22:26.0156 4460 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:22:26.0171 4460 discache - ok
13:22:26.0202 4460 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
13:22:26.0202 4460 Disk - ok
13:22:26.0312 4460 DMAgent (e7b489fa5b15d2fec3e52066e015b788) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
13:22:26.0343 4460 DMAgent - ok
13:22:26.0374 4460 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
13:22:26.0390 4460 Dnscache - ok
13:22:26.0436 4460 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
13:22:26.0452 4460 dot3svc - ok
13:22:26.0468 4460 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
13:22:26.0483 4460 DPS - ok
13:22:26.0530 4460 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:22:26.0530 4460 drmkaud - ok
13:22:26.0608 4460 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:22:26.0624 4460 DXGKrnl - ok
13:22:26.0639 4460 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
13:22:26.0655 4460 EapHost - ok
13:22:26.0811 4460 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
13:22:26.0904 4460 ebdrv - ok
13:22:27.0029 4460 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
13:22:27.0029 4460 EFS - ok
13:22:27.0170 4460 EgisTec Service (2c1a297638e4319179a1112d4d6522b8) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
13:22:27.0201 4460 EgisTec Service - ok
13:22:27.0279 4460 EgisTec Service Help (0ac3baa7df250c76dd9bcfc51565cb5f) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
13:22:27.0310 4460 EgisTec Service Help - ok
13:22:27.0372 4460 EgisTec Ticket Service (7745aaffb61438c28c75e18ce98d4e64) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
13:22:27.0419 4460 EgisTec Ticket Service - ok
13:22:27.0528 4460 EgisTecFF (33708c6d915f8de734cf3abb0731515b) C:\windows\system32\DRIVERS\EgisTecFF.sys
13:22:27.0528 4460 EgisTecFF - ok
13:22:27.0606 4460 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
13:22:27.0653 4460 ehRecvr - ok
13:22:27.0669 4460 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
13:22:27.0684 4460 ehSched - ok
13:22:27.0762 4460 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
13:22:27.0778 4460 elxstor - ok
13:22:27.0794 4460 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:22:27.0794 4460 ErrDev - ok
13:22:27.0840 4460 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
13:22:27.0856 4460 EventSystem - ok
13:22:28.0043 4460 EvtEng (f8f610093e1d7fdfa477fc34d15d5c60) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:22:28.0106 4460 EvtEng - ok
13:22:28.0262 4460 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:22:28.0277 4460 exfat - ok
13:22:28.0308 4460 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:22:28.0324 4460 fastfat - ok
13:22:28.0402 4460 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
13:22:28.0464 4460 Fax - ok
13:22:28.0496 4460 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
13:22:28.0496 4460 fbfmon - ok
13:22:28.0558 4460 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
13:22:28.0558 4460 fdc - ok
13:22:28.0589 4460 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
13:22:28.0605 4460 fdPHost - ok
13:22:28.0636 4460 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
13:22:28.0636 4460 FDResPub - ok
13:22:28.0652 4460 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:22:28.0652 4460 FileInfo - ok
13:22:28.0667 4460 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:22:28.0667 4460 Filetrace - ok
13:22:28.0683 4460 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
13:22:28.0683 4460 flpydisk - ok
13:22:28.0714 4460 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:22:28.0714 4460 FltMgr - ok
13:22:28.0808 4460 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
13:22:28.0886 4460 FontCache - ok
13:22:28.0948 4460 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:22:28.0948 4460 FontCache3.0.0.0 - ok
13:22:29.0026 4460 FPSensor (1899d0fb4c5ad0d6d0bfa258c54903f7) C:\windows\system32\Drivers\FPSensor.sys
13:22:29.0026 4460 FPSensor - ok
13:22:29.0073 4460 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:22:29.0088 4460 FsDepends - ok
13:22:29.0135 4460 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
13:22:29.0135 4460 Fs_Rec - ok
13:22:29.0166 4460 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:22:29.0166 4460 fvevol - ok
13:22:29.0244 4460 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
13:22:29.0244 4460 gagp30kx - ok
13:22:29.0307 4460 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
13:22:29.0385 4460 gpsvc - ok
13:22:29.0463 4460 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:22:29.0463 4460 gupdate - ok
13:22:29.0463 4460 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:22:29.0463 4460 gupdatem - ok
13:22:29.0510 4460 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:22:29.0525 4460 gusvc - ok
13:22:29.0556 4460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:22:29.0572 4460 hcw85cir - ok
13:22:29.0634 4460 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:22:29.0650 4460 HdAudAddService - ok
13:22:29.0697 4460 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
13:22:29.0697 4460 HDAudBus - ok
13:22:29.0712 4460 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
13:22:29.0712 4460 HidBatt - ok
13:22:29.0728 4460 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
13:22:29.0728 4460 HidBth - ok
13:22:29.0744 4460 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
13:22:29.0744 4460 HidIr - ok
13:22:29.0790 4460 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
13:22:29.0790 4460 hidserv - ok
13:22:29.0822 4460 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
13:22:29.0822 4460 HidUsb - ok
13:22:29.0868 4460 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
13:22:29.0884 4460 hkmsvc - ok
13:22:29.0931 4460 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
13:22:29.0946 4460 HomeGroupListener - ok
13:22:29.0993 4460 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
13:22:30.0009 4460 HomeGroupProvider - ok
13:22:30.0071 4460 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:22:30.0071 4460 HpSAMD - ok
13:22:30.0118 4460 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:22:30.0165 4460 HTTP - ok
13:22:30.0180 4460 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:22:30.0180 4460 hwpolicy - ok
13:22:30.0196 4460 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
13:22:30.0196 4460 i8042prt - ok
13:22:30.0274 4460 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
13:22:30.0274 4460 iaStor - ok
13:22:30.0352 4460 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:22:30.0368 4460 iaStorV - ok
13:22:30.0492 4460 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:22:30.0570 4460 idsvc - ok
13:22:31.0085 4460 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
13:22:31.0366 4460 igfx - ok
13:22:31.0522 4460 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
13:22:31.0522 4460 iirsp - ok
13:22:31.0600 4460 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
13:22:31.0662 4460 IKEEXT - ok
13:22:31.0865 4460 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\windows\system32\drivers\RTKVHD64.sys
13:22:31.0865 4460 IntcAzAudAddService - ok
13:22:32.0021 4460 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
13:22:32.0037 4460 IntcDAud - ok
13:22:32.0068 4460 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:22:32.0068 4460 intelide - ok
13:22:32.0099 4460 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:22:32.0099 4460 intelppm - ok
13:22:32.0162 4460 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
13:22:32.0177 4460 IPBusEnum - ok
13:22:32.0193 4460 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:22:32.0193 4460 IpFilterDriver - ok
13:22:32.0240 4460 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:22:32.0255 4460 IPMIDRV - ok
13:22:32.0271 4460 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:22:32.0286 4460 IPNAT - ok
13:22:32.0318 4460 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:22:32.0318 4460 IRENUM - ok
13:22:32.0318 4460 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:22:32.0318 4460 isapnp - ok
13:22:32.0349 4460 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:22:32.0349 4460 iScsiPrt - ok
13:22:32.0380 4460 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
13:22:32.0380 4460 kbdclass - ok
13:22:32.0396 4460 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:22:32.0396 4460 kbdhid - ok
13:22:32.0442 4460 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:22:32.0442 4460 KeyIso - ok
13:22:32.0458 4460 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
13:22:32.0458 4460 KSecDD - ok
13:22:32.0474 4460 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
13:22:32.0489 4460 KSecPkg - ok
13:22:32.0505 4460 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:22:32.0505 4460 ksthunk - ok
13:22:32.0552 4460 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
13:22:32.0567 4460 KtmRm - ok
13:22:32.0630 4460 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
13:22:32.0661 4460 LanmanServer - ok
13:22:32.0708 4460 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
13:22:32.0723 4460 LanmanWorkstation - ok
13:22:33.0066 4460 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
13:22:33.0207 4460 LeapFrog Connect Device Service - ok
13:22:33.0347 4460 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\windows\system32\DRIVERS\btblan.sys
13:22:33.0363 4460 Leapfrog-USBLAN - ok
13:22:33.0394 4460 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
13:22:33.0394 4460 LHDmgr - ok
13:22:33.0441 4460 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:22:33.0441 4460 lltdio - ok
13:22:33.0503 4460 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
13:22:33.0534 4460 lltdsvc - ok
13:22:33.0550 4460 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
13:22:33.0566 4460 lmhosts - ok
13:22:33.0659 4460 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:22:33.0675 4460 LMS - ok
13:22:33.0737 4460 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
13:22:33.0753 4460 LSI_FC - ok
13:22:33.0768 4460 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
13:22:33.0784 4460 LSI_SAS - ok
13:22:33.0784 4460 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
13:22:33.0784 4460 LSI_SAS2 - ok
13:22:33.0800 4460 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
13:22:33.0800 4460 LSI_SCSI - ok
13:22:33.0846 4460 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:22:33.0846 4460 luafv - ok
13:22:33.0893 4460 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
13:22:33.0893 4460 MBAMProtector - ok
13:22:33.0987 4460 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:22:34.0049 4460 MBAMService - ok
13:22:34.0096 4460 McMPFSvc - ok
13:22:34.0096 4460 mcmscsvc - ok
13:22:34.0127 4460 McNaiAnn - ok
13:22:34.0127 4460 McNASvc - ok
13:22:34.0143 4460 McODS - ok
13:22:34.0143 4460 McProxy - ok
13:22:34.0190 4460 Mcx2Svc - ok
13:22:34.0236 4460 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
13:22:34.0236 4460 megasas - ok
13:22:34.0283 4460 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
13:22:34.0299 4460 MegaSR - ok
13:22:34.0346 4460 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
13:22:34.0346 4460 MEIx64 - ok
13:22:34.0377 4460 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:22:34.0377 4460 MMCSS - ok
13:22:34.0392 4460 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:22:34.0392 4460 Modem - ok
13:22:34.0439 4460 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:22:34.0439 4460 monitor - ok
13:22:34.0455 4460 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
13:22:34.0455 4460 mouclass - ok
13:22:34.0486 4460 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:22:34.0486 4460 mouhid - ok
13:22:34.0517 4460 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:22:34.0517 4460 mountmgr - ok
13:22:34.0548 4460 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:22:34.0564 4460 mpio - ok
13:22:34.0580 4460 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:22:34.0580 4460 mpsdrv - ok
13:22:34.0595 4460 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:22:34.0595 4460 MRxDAV - ok
13:22:34.0626 4460 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:22:34.0642 4460 mrxsmb - ok
13:22:34.0673 4460 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:22:34.0704 4460 mrxsmb10 - ok
13:22:34.0720 4460 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:22:34.0720 4460 mrxsmb20 - ok
13:22:34.0751 4460 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
13:22:34.0751 4460 msahci - ok
13:22:34.0767 4460 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:22:34.0782 4460 msdsm - ok
13:22:34.0814 4460 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
13:22:34.0829 4460 MSDTC - ok
13:22:34.0845 4460 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:22:34.0845 4460 Msfs - ok
13:22:34.0845 4460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:22:34.0845 4460 mshidkmdf - ok
13:22:34.0860 4460 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:22:34.0860 4460 msisadrv - ok
13:22:34.0938 4460 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
13:22:34.0954 4460 MSiSCSI - ok
13:22:34.0954 4460 msiserver - ok
13:22:35.0001 4460 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:22:35.0001 4460 MSKSSRV - ok
13:22:35.0079 4460 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:22:35.0079 4460 MsMpSvc - ok
13:22:35.0126 4460 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:22:35.0126 4460 MSPCLOCK - ok
13:22:35.0141 4460 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:22:35.0157 4460 MSPQM - ok
13:22:35.0188 4460 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:22:35.0204 4460 MsRPC - ok
13:22:35.0219 4460 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
13:22:35.0219 4460 mssmbios - ok
13:22:35.0235 4460 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:22:35.0235 4460 MSTEE - ok
13:22:35.0250 4460 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
13:22:35.0250 4460 MTConfig - ok
13:22:35.0266 4460 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:22:35.0266 4460 Mup - ok
13:22:35.0282 4460 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\windows\system32\DRIVERS\mwlPSDFilter.sys
13:22:35.0282 4460 mwlPSDFilter - ok
13:22:35.0282 4460 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\windows\system32\DRIVERS\mwlPSDNServ.sys
13:22:35.0282 4460 mwlPSDNServ - ok
13:22:35.0297 4460 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
13:22:35.0297 4460 mwlPSDVDisk - ok
13:22:35.0375 4460 MyWiFiDHCPDNS (f6ea50dbc391f04ca49427010657ccb3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:22:35.0406 4460 MyWiFiDHCPDNS - ok
13:22:35.0469 4460 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
13:22:35.0484 4460 napagent - ok
13:22:35.0547 4460 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:22:35.0578 4460 NativeWifiP - ok
13:22:35.0640 4460 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:22:35.0672 4460 NDIS - ok
13:22:35.0687 4460 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:22:35.0687 4460 NdisCap - ok
13:22:35.0718 4460 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:22:35.0718 4460 NdisTapi - ok
13:22:35.0750 4460 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:22:35.0750 4460 Ndisuio - ok
13:22:35.0781 4460 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:22:35.0781 4460 NdisWan - ok
13:22:35.0796 4460 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:22:35.0796 4460 NDProxy - ok
13:22:35.0828 4460 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:22:35.0828 4460 NetBIOS - ok
13:22:35.0859 4460 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:22:35.0859 4460 NetBT - ok
13:22:35.0890 4460 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:22:35.0906 4460 Netlogon - ok
13:22:35.0952 4460 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
13:22:35.0984 4460 Netman - ok
13:22:35.0999 4460 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
13:22:36.0015 4460 netprofm - ok
13:22:36.0062 4460 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:22:36.0077 4460 NetTcpPortSharing - ok
13:22:36.0467 4460 NETwNs64 (30933bb56fb611d0252bad488adfb533) C:\windows\system32\DRIVERS\NETwNs64.sys
13:22:36.0670 4460 NETwNs64 - ok
13:22:36.0810 4460 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
13:22:36.0810 4460 nfrd960 - ok
13:22:36.0888 4460 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
13:22:36.0888 4460 NisDrv - ok
13:22:36.0982 4460 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:22:37.0013 4460 NisSrv - ok
13:22:37.0076 4460 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
13:22:37.0091 4460 NlaSvc - ok
13:22:37.0107 4460 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:22:37.0107 4460 Npfs - ok
13:22:37.0122 4460 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
13:22:37.0122 4460 nsi - ok
13:22:37.0138 4460 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:22:37.0138 4460 nsiproxy - ok
13:22:37.0247 4460 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:22:37.0294 4460 Ntfs - ok
13:22:37.0388 4460 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:22:37.0403 4460 Null - ok
13:22:37.0450 4460 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:22:37.0450 4460 nvraid - ok
13:22:37.0497 4460 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:22:37.0512 4460 nvstor - ok
13:22:37.0575 4460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:22:37.0575 4460 nv_agp - ok
13:22:37.0590 4460 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:22:37.0606 4460 ohci1394 - ok
13:22:37.0653 4460 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:22:37.0668 4460 p2pimsvc - ok
13:22:37.0715 4460 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
13:22:37.0731 4460 p2psvc - ok
13:22:37.0762 4460 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
13:22:37.0778 4460 Parport - ok
13:22:37.0809 4460 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
13:22:37.0809 4460 partmgr - ok
13:22:37.0871 4460 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
13:22:37.0902 4460 Partner Service - ok
13:22:37.0934 4460 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
13:22:37.0949 4460 PcaSvc - ok
13:22:38.0012 4460 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:22:38.0027 4460 pci - ok
13:22:38.0043 4460 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
13:22:38.0058 4460 pciide - ok
13:22:38.0090 4460 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
13:22:38.0105 4460 pcmcia - ok
13:22:38.0105 4460 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:22:38.0105 4460 pcw - ok
13:22:38.0183 4460 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:22:38.0199 4460 PEAUTH - ok
13:22:38.0292 4460 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
13:22:38.0308 4460 PerfHost - ok
13:22:38.0402 4460 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
13:22:38.0448 4460 pla - ok
13:22:38.0526 4460 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
13:22:38.0542 4460 PlugPlay - ok
13:22:38.0558 4460 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
13:22:38.0558 4460 PNRPAutoReg - ok
13:22:38.0604 4460 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:22:38.0604 4460 PNRPsvc - ok
13:22:38.0651 4460 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
13:22:38.0667 4460 PolicyAgent - ok
13:22:38.0698 4460 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
13:22:38.0714 4460 Power - ok
13:22:38.0807 4460 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:22:38.0807 4460 PptpMiniport - ok
13:22:38.0838 4460 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
13:22:38.0838 4460 Processor - ok
13:22:38.0885 4460 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
13:22:38.0901 4460 ProfSvc - ok
13:22:38.0932 4460 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:22:38.0932 4460 ProtectedStorage - ok
13:22:39.0010 4460 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:22:39.0010 4460 Psched - ok
13:22:39.0119 4460 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
13:22:39.0166 4460 ql2300 - ok
13:22:39.0291 4460 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
13:22:39.0291 4460 ql40xx - ok
13:22:39.0322 4460 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
13:22:39.0338 4460 QWAVE - ok
13:22:39.0353 4460 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:22:39.0353 4460 QWAVEdrv - ok
13:22:39.0369 4460 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:22:39.0369 4460 RasAcd - ok
13:22:39.0416 4460 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:22:39.0416 4460 RasAgileVpn - ok
13:22:39.0431 4460 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
13:22:39.0447 4460 RasAuto - ok
13:22:39.0462 4460 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:22:39.0462 4460 Rasl2tp - ok
13:22:39.0509 4460 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
13:22:39.0540 4460 RasMan - ok
13:22:39.0556 4460 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:22:39.0556 4460 RasPppoe - ok
13:22:39.0572 4460 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:22:39.0572 4460 RasSstp - ok
13:22:39.0587 4460 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:22:39.0603 4460 rdbss - ok
13:22:39.0618 4460 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
13:22:39.0634 4460 rdpbus - ok
13:22:39.0634 4460 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:22:39.0650 4460 RDPCDD - ok
13:22:39.0681 4460 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:22:39.0681 4460 RDPENCDD - ok
13:22:39.0696 4460 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:22:39.0696 4460 RDPREFMP - ok
13:22:39.0728 4460 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
13:22:39.0743 4460 RDPWD - ok
13:22:39.0774 4460 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:22:39.0790 4460 rdyboost - ok
13:22:39.0915 4460 RegSrvc (9276f4d4109fc349925d28e00e533146) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:22:39.0946 4460 RegSrvc - ok
13:22:39.0993 4460 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
13:22:39.0993 4460 RemoteAccess - ok
13:22:40.0024 4460 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
13:22:40.0040 4460 RemoteRegistry - ok
13:22:40.0133 4460 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
13:22:40.0149 4460 RFCOMM - ok
13:22:40.0196 4460 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
13:22:40.0196 4460 RpcEptMapper - ok
13:22:40.0211 4460 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
13:22:40.0227 4460 RpcLocator - ok
13:22:40.0274 4460 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:22:40.0274 4460 RpcSs - ok
13:22:40.0336 4460 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:22:40.0352 4460 rspndr - ok
13:22:40.0398 4460 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RtsUVStor.sys
13:22:40.0398 4460 RSUSBVSTOR - ok
13:22:40.0461 4460 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\windows\system32\DRIVERS\Rt64win7.sys
13:22:40.0476 4460 RTL8167 - ok
13:22:40.0866 4460 rtsuvc (8ac69f3c7a8a8bd94ea26a08ae5d1839) C:\windows\system32\DRIVERS\rtsuvc.sys
13:22:40.0898 4460 rtsuvc - ok
13:22:41.0007 4460 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:22:41.0007 4460 SamSs - ok
13:22:41.0054 4460 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:22:41.0069 4460 sbp2port - ok
13:22:41.0100 4460 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
13:22:41.0132 4460 SCardSvr - ok
13:22:41.0147 4460 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:22:41.0147 4460 scfilter - ok
13:22:41.0210 4460 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
13:22:41.0256 4460 Schedule - ok
13:22:41.0288 4460 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:22:41.0288 4460 SCPolicySvc - ok
13:22:41.0319 4460 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
13:22:41.0334 4460 SDRSVC - ok
13:22:41.0412 4460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:22:41.0412 4460 secdrv - ok
13:22:41.0444 4460 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
13:22:41.0459 4460 seclogon - ok
13:22:41.0490 4460 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
13:22:41.0506 4460 SENS - ok
13:22:41.0522 4460 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
13:22:41.0522 4460 SensrSvc - ok
13:22:41.0537 4460 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
13:22:41.0553 4460 Serenum - ok
13:22:41.0584 4460 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
13:22:41.0600 4460 Serial - ok
13:22:41.0631 4460 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
13:22:41.0631 4460 sermouse - ok
13:22:41.0678 4460 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
13:22:41.0678 4460 SessionEnv - ok
13:22:41.0678 4460 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:22:41.0693 4460 sffdisk - ok
13:22:41.0709 4460 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:22:41.0724 4460 sffp_mmc - ok
13:22:41.0724 4460 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:22:41.0724 4460 sffp_sd - ok
13:22:41.0740 4460 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
13:22:41.0740 4460 sfloppy - ok
13:22:41.0771 4460 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
13:22:41.0802 4460 ShellHWDetection - ok
13:22:41.0849 4460 Shockprf (c10d453b07e3e7e00e5103bba9bad524) C:\windows\system32\DRIVERS\Apsx64.sys
13:22:41.0865 4460 Shockprf - ok
13:22:41.0912 4460 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
13:22:41.0927 4460 SiSRaid2 - ok
13:22:41.0943 4460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
13:22:41.0943 4460 SiSRaid4 - ok
13:22:42.0177 4460 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:22:42.0270 4460 Skype C2C Service - ok
13:22:42.0395 4460 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:22:42.0395 4460 SkypeUpdate - ok
13:22:42.0520 4460 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:22:42.0520 4460 Smb - ok
13:22:42.0582 4460 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
13:22:42.0582 4460 SNMPTRAP - ok
13:22:42.0614 4460 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:22:42.0614 4460 spldr - ok
13:22:42.0660 4460 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
13:22:42.0692 4460 Spooler - ok
13:22:42.0863 4460 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
13:22:42.0957 4460 sppsvc - ok
13:22:43.0035 4460 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
13:22:43.0050 4460 sppuinotify - ok
13:22:43.0113 4460 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:22:43.0144 4460 srv - ok
13:22:43.0175 4460 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:22:43.0191 4460 srv2 - ok
13:22:43.0222 4460 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:22:43.0222 4460 srvnet - ok
13:22:43.0269 4460 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
13:22:43.0284 4460 SSDPSRV - ok
13:22:43.0300 4460 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
13:22:43.0316 4460 SstpSvc - ok
13:22:43.0378 4460 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
13:22:43.0378 4460 stexstor - ok
13:22:43.0456 4460 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
13:22:43.0487 4460 stisvc - ok
13:22:43.0503 4460 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
13:22:43.0503 4460 swenum - ok
13:22:43.0643 4460 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:22:43.0659 4460 SwitchBoard - ok
13:22:43.0721 4460 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
13:22:43.0752 4460 swprv - ok
13:22:43.0862 4460 SynTP (08425cd92972c6430f350a9697f4a553) C:\windows\system32\DRIVERS\SynTP.sys
13:22:43.0877 4460 SynTP - ok
13:22:44.0064 4460 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
13:22:44.0127 4460 SysMain - ok
13:22:44.0189 4460 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
13:22:44.0205 4460 TabletInputService - ok
13:22:44.0236 4460 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
13:22:44.0252 4460 TapiSrv - ok
13:22:44.0283 4460 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
13:22:44.0283 4460 TBS - ok
13:22:44.0439 4460 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
13:22:44.0501 4460 Tcpip - ok
13:22:44.0704 4460 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
13:22:44.0735 4460 TCPIP6 - ok
13:22:44.0813 4460 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:22:44.0813 4460 tcpipreg - ok
13:22:44.0829 4460 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:22:44.0829 4460 TDPIPE - ok
13:22:44.0860 4460 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
13:22:44.0860 4460 TDTCP - ok
13:22:44.0876 4460 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:22:44.0876 4460 tdx - ok
13:22:44.0891 4460 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
13:22:44.0891 4460 TermDD - ok
13:22:44.0969 4460 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
13:22:45.0000 4460 TermService - ok
13:22:45.0016 4460 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
13:22:45.0032 4460 Themes - ok
13:22:45.0047 4460 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:22:45.0047 4460 THREADORDER - ok
13:22:45.0078 4460 TPDIGIMN (74868c001c7214fbd88b1a57ebb04811) C:\windows\system32\DRIVERS\ApsHM64.sys
13:22:45.0078 4460 TPDIGIMN - ok
13:22:45.0094 4460 TPHDEXLGSVC (130e6b36a8eee48aa4f0ac404236836b) C:\windows\system32\TPHDEXLG64.exe
13:22:45.0094 4460 TPHDEXLGSVC - ok
13:22:45.0125 4460 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
13:22:45.0125 4460 TrkWks - ok
13:22:45.0188 4460 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
13:22:45.0203 4460 TrustedInstaller - ok
13:22:45.0219 4460 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:22:45.0219 4460 tssecsrv - ok
13:22:45.0266 4460 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:22:45.0266 4460 TsUsbFlt - ok
13:22:45.0281 4460 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
13:22:45.0281 4460 TsUsbGD - ok
13:22:45.0328 4460 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:22:45.0328 4460 tunnel - ok
13:22:45.0344 4460 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
13:22:45.0344 4460 uagp35 - ok
13:22:45.0375 4460 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:22:45.0406 4460 udfs - ok
13:22:45.0437 4460 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
13:22:45.0437 4460 UI0Detect - ok
13:22:45.0484 4460 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:22:45.0484 4460 uliagpkx - ok
13:22:45.0515 4460 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
13:22:45.0531 4460 umbus - ok
13:22:45.0531 4460 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
13:22:45.0531 4460 UmPass - ok
13:22:45.0749 4460 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:22:45.0765 4460 UNS - ok
13:22:45.0890 4460 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
13:22:45.0905 4460 upnphost - ok
13:22:45.0952 4460 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:22:45.0968 4460 usbccgp - ok
13:22:45.0983 4460 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:22:45.0983 4460 usbcir - ok
13:22:45.0999 4460 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
13:22:45.0999 4460 usbehci - ok
13:22:46.0061 4460 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
13:22:46.0077 4460 usbhub - ok
13:22:46.0108 4460 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:22:46.0108 4460 usbohci - ok
13:22:46.0139 4460 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
13:22:46.0139 4460 usbprint - ok
13:22:46.0170 4460 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:22:46.0170 4460 USBSTOR - ok
13:22:46.0186 4460 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:22:46.0186 4460 usbuhci - ok
13:22:46.0233 4460 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
13:22:46.0248 4460 usbvideo - ok
13:22:46.0280 4460 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
13:22:46.0280 4460 UxSms - ok
13:22:46.0311 4460 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:22:46.0326 4460 VaultSvc - ok
13:22:46.0373 4460 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:22:46.0373 4460 vdrvroot - ok
13:22:46.0404 4460 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
13:22:46.0436 4460 vds - ok
13:22:46.0451 4460 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:22:46.0451 4460 vga - ok
13:22:46.0467 4460 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:22:46.0467 4460 VgaSave - ok
13:22:46.0498 4460 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:22:46.0514 4460 vhdmp - ok
13:22:46.0514 4460 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:22:46.0529 4460 viaide - ok
13:22:46.0529 4460 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:22:46.0529 4460 volmgr - ok
13:22:46.0576 4460 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:22:46.0576 4460 volmgrx - ok
13:22:46.0607 4460 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
13:22:46.0623 4460 volsnap - ok
13:22:46.0670 4460 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
13:22:46.0670 4460 vsmraid - ok
13:22:46.0779 4460 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
13:22:46.0810 4460 VSS - ok
13:22:46.0919 4460 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:22:46.0935 4460 vwifibus - ok
13:22:46.0966 4460 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:22:46.0966 4460 vwififlt - ok
13:22:46.0982 4460 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:22:46.0982 4460 vwifimp - ok
13:22:47.0028 4460 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
13:22:47.0060 4460 W32Time - ok
13:22:47.0075 4460 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
13:22:47.0091 4460 WacomPen - ok
13:22:47.0138 4460 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:22:47.0138 4460 WANARP - ok
13:22:47.0153 4460 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:22:47.0153 4460 Wanarpv6 - ok
13:22:47.0262 4460 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
13:22:47.0294 4460 WatAdminSvc - ok
13:22:47.0387 4460 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
13:22:47.0418 4460 wbengine - ok
13:22:47.0528 4460 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
13:22:47.0543 4460 WbioSrvc - ok
13:22:47.0574 4460 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
13:22:47.0590 4460 wcncsvc - ok
13:22:47.0606 4460 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
13:22:47.0621 4460 WcsPlugInService - ok
13:22:47.0668 4460 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
13:22:47.0668 4460 Wd - ok
13:22:47.0730 4460 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:22:47.0762 4460 Wdf01000 - ok
13:22:47.0777 4460 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:22:47.0777 4460 WdiServiceHost - ok
13:22:47.0793 4460 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:22:47.0793 4460 WdiSystemHost - ok
13:22:47.0808 4460 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
13:22:47.0808 4460 wdkmd - ok
13:22:47.0871 4460 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
13:22:47.0886 4460 WebClient - ok
13:22:47.0902 4460 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
13:22:47.0918 4460 Wecsvc - ok
13:22:47.0933 4460 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
13:22:47.0949 4460 wercplsupport - ok
13:22:47.0964 4460 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
13:22:47.0980 4460 WerSvc - ok
13:22:48.0011 4460 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:22:48.0011 4460 WfpLwf - ok
13:22:48.0152 4460 WiMAXAppSrv (245ea6a2cfae7b183ee9a14a4673b1f1) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
13:22:48.0198 4460 WiMAXAppSrv - ok
13:22:48.0214 4460 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:22:48.0214 4460 WIMMount - ok
13:22:48.0230 4460 WinHttpAutoProxySvc - ok
13:22:48.0276 4460 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
13:22:48.0292 4460 Winmgmt - ok
13:22:48.0417 4460 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
13:22:48.0495 4460 WinRM - ok
13:22:48.0651 4460 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
13:22:48.0666 4460 WinUsb - ok
13:22:48.0744 4460 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
13:22:48.0791 4460 Wlansvc - ok
13:22:48.0838 4460 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:22:48.0854 4460 wlcrasvc - ok
13:22:49.0010 4460 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:22:49.0025 4460 wlidsvc - ok
13:22:49.0150 4460 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
13:22:49.0150 4460 WmiAcpi - ok
13:22:49.0212 4460 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
13:22:49.0228 4460 wmiApSrv - ok
13:22:49.0259 4460 WMPNetworkSvc - ok
13:22:49.0306 4460 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
13:22:49.0306 4460 WPCSvc - ok
13:22:49.0337 4460 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
13:22:49.0353 4460 WPDBusEnum - ok
13:22:49.0384 4460 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:22:49.0384 4460 ws2ifsl - ok
13:22:49.0384 4460 WSearch - ok
13:22:49.0431 4460 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
13:22:49.0431 4460 wsvd - ok
13:22:49.0446 4460 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:22:49.0446 4460 WudfPf - ok
13:22:49.0493 4460 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:22:49.0493 4460 WUDFRd - ok
13:22:49.0524 4460 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
13:22:49.0524 4460 wudfsvc - ok
13:22:49.0540 4460 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
13:22:49.0556 4460 WwanSvc - ok
13:22:49.0602 4460 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:22:49.0977 4460 \Device\Harddisk0\DR0 - ok
13:22:49.0992 4460 Boot (0x1200) (29efd4f444ed22649e2f7e024f24abb7) \Device\Harddisk0\DR0\Partition0
13:22:49.0992 4460 \Device\Harddisk0\DR0\Partition0 - ok
13:22:50.0008 4460 Boot (0x1200) (ddb68df64022629016772a545c6a285b) \Device\Harddisk0\DR0\Partition1
13:22:50.0039 4460 \Device\Harddisk0\DR0\Partition1 - ok
13:22:50.0102 4460 Boot (0x1200) (47c2076e7314bc7eac03fae4c7d7e862) \Device\Harddisk0\DR0\Partition2
13:22:50.0117 4460 \Device\Harddisk0\DR0\Partition2 - ok
13:22:50.0117 4460 ============================================================
13:22:50.0117 4460 Scan finished
13:22:50.0117 4460 ============================================================
13:22:50.0133 2360 Detected object count: 0
13:22:50.0133 2360 Actual detected object count: 0
13:23:43.0814 1860 ============================================================
13:23:43.0814 1860 Scan started
13:23:43.0814 1860 Mode: Manual; SigCheck; TDLFS;
13:23:43.0814 1860 ============================================================
13:23:43.0923 1860 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:23:44.0126 1860 1394ohci - ok
13:23:44.0172 1860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:23:44.0188 1860 ACPI - ok
13:23:44.0188 1860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:23:44.0282 1860 AcpiPmi - ok
13:23:44.0313 1860 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
13:23:44.0516 1860 ACPIVPC - ok
13:23:44.0594 1860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
13:23:44.0609 1860 adp94xx - ok
13:23:44.0640 1860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
13:23:44.0640 1860 adpahci - ok
13:23:44.0656 1860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
13:23:44.0672 1860 adpu320 - ok
13:23:44.0718 1860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
13:23:44.0874 1860 AeLookupSvc - ok
13:23:44.0952 1860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
13:23:45.0015 1860 AFD - ok
13:23:45.0046 1860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:23:45.0062 1860 agp440 - ok
13:23:45.0093 1860 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
13:23:45.0155 1860 ALG - ok
13:23:45.0155 1860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:23:45.0171 1860 aliide - ok
13:23:45.0171 1860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:23:45.0171 1860 amdide - ok
13:23:45.0186 1860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
13:23:45.0249 1860 AmdK8 - ok
13:23:45.0249 1860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
13:23:45.0296 1860 AmdPPM - ok
13:23:45.0327 1860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:23:45.0342 1860 amdsata - ok
13:23:45.0358 1860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
13:23:45.0374 1860 amdsbs - ok
13:23:45.0405 1860 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:23:45.0405 1860 amdxata - ok
13:23:45.0420 1860 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:23:45.0639 1860 AppID - ok
13:23:45.0654 1860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
13:23:45.0732 1860 AppIDSvc - ok
13:23:45.0748 1860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
13:23:45.0779 1860 Appinfo - ok
13:23:45.0795 1860 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
13:23:45.0795 1860 arc - ok
13:23:45.0826 1860 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
13:23:45.0842 1860 arcsas - ok
13:23:45.0842 1860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:23:45.0920 1860 AsyncMac - ok
13:23:45.0935 1860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:23:45.0935 1860 atapi - ok
13:23:45.0998 1860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:23:46.0060 1860 AudioEndpointBuilder - ok
13:23:46.0076 1860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:23:46.0107 1860 AudioSrv - ok
13:23:46.0138 1860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
13:23:46.0232 1860 AxInstSV - ok
13:23:46.0278 1860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
13:23:46.0325 1860 b06bdrv - ok
13:23:46.0356 1860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:23:46.0419 1860 b57nd60a - ok
13:23:46.0466 1860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
13:23:46.0528 1860 BDESVC - ok
13:23:46.0559 1860 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:23:46.0637 1860 Beep - ok
13:23:46.0653 1860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:23:46.0684 1860 blbdrive - ok
13:23:46.0715 1860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:23:46.0746 1860 bowser - ok
13:23:46.0778 1860 bpenum (56e4345f392f17d66683225e214840cb) C:\windows\system32\DRIVERS\bpenum.sys
13:23:46.0840 1860 bpenum - ok
13:23:46.0871 1860 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\windows\system32\DRIVERS\bpmp.sys
13:23:46.0918 1860 bpmp - ok
13:23:46.0949 1860 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
13:23:46.0965 1860 BPntDrv - ok
13:23:46.0980 1860 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\windows\system32\Drivers\bpusb.sys
13:23:47.0012 1860 bpusb - ok
13:23:47.0043 1860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
13:23:47.0074 1860 BrFiltLo - ok
13:23:47.0074 1860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
13:23:47.0090 1860 BrFiltUp - ok
13:23:47.0136 1860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
13:23:47.0230 1860 Browser - ok
13:23:47.0261 1860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:23:47.0324 1860 Brserid - ok
13:23:47.0339 1860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:23:47.0370 1860 BrSerWdm - ok
13:23:47.0386 1860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:23:47.0402 1860 BrUsbMdm - ok
13:23:47.0402 1860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:23:47.0417 1860 BrUsbSer - ok
13:23:47.0448 1860 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
13:23:47.0511 1860 BthEnum - ok
13:23:47.0542 1860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
13:23:47.0589 1860 BTHMODEM - ok
13:23:47.0604 1860 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
13:23:47.0620 1860 BthPan - ok
13:23:47.0667 1860 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
13:23:47.0698 1860 BTHPORT - ok
13:23:47.0729 1860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
13:23:47.0823 1860 bthserv - ok
13:23:47.0854 1860 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
13:23:47.0901 1860 BTHUSB - ok
13:23:47.0932 1860 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:23:47.0963 1860 cdfs - ok
13:23:47.0994 1860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
13:23:48.0026 1860 cdrom - ok
13:23:48.0057 1860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:23:48.0150 1860 CertPropSvc - ok
13:23:48.0166 1860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
13:23:48.0197 1860 circlass - ok
13:23:48.0244 1860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:23:48.0275 1860 CLFS - ok
13:23:48.0338 1860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:48.0353 1860 clr_optimization_v2.0.50727_32 - ok
13:23:48.0400 1860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:23:48.0416 1860 clr_optimization_v2.0.50727_64 - ok
13:23:48.0478 1860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:48.0509 1860 clr_optimization_v4.0.30319_32 - ok
13:23:48.0525 1860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:23:48.0540 1860 clr_optimization_v4.0.30319_64 - ok
13:23:48.0572 1860 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
13:23:48.0572 1860 clwvd - ok
13:23:48.0603 1860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:23:48.0634 1860 CmBatt - ok
13:23:48.0650 1860 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:23:48.0665 1860 cmdide - ok
13:23:48.0759 1860 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
13:23:48.0790 1860 CNG - ok
13:23:48.0806 1860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
13:23:48.0806 1860 Compbatt - ok
13:23:48.0806 1860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
13:23:48.0837 1860 CompositeBus - ok
13:23:48.0837 1860 COMSysApp - ok
13:23:48.0884 1860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
13:23:48.0884 1860 crcdisk - ok
13:23:48.0915 1860 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
13:23:48.0962 1860 CryptSvc - ok
13:23:49.0024 1860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:23:49.0118 1860 DcomLaunch - ok
13:23:49.0164 1860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
13:23:49.0242 1860 defragsvc - ok
13:23:49.0274 1860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:23:49.0320 1860 DfsC - ok
13:23:49.0352 1860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
13:23:49.0398 1860 Dhcp - ok
13:23:49.0414 1860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:23:49.0461 1860 discache - ok
13:23:49.0476 1860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
13:23:49.0476 1860 Disk - ok
13:23:49.0586 1860 DMAgent (e7b489fa5b15d2fec3e52066e015b788) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
13:23:49.0632 1860 DMAgent ( UnsignedFile.Multi.Generic ) - warning
13:23:49.0632 1860 DMAgent - detected UnsignedFile.Multi.Generic (1)
13:23:49.0664 1860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
13:23:49.0726 1860 Dnscache - ok
13:23:49.0757 1860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
13:23:49.0835 1860 dot3svc - ok
13:23:49.0851 1860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
13:23:49.0882 1860 DPS - ok
13:23:49.0929 1860 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:23:49.0929 1860 drmkaud - ok
13:23:49.0991 1860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:23:50.0022 1860 DXGKrnl - ok
13:23:50.0038 1860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
13:23:50.0100 1860 EapHost - ok
13:23:50.0272 1860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
13:23:50.0319 1860 ebdrv - ok
13:23:50.0444 1860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
13:23:50.0506 1860 EFS - ok
13:23:50.0600 1860 EgisTec Service (2c1a297638e4319179a1112d4d6522b8) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
13:23:50.0631 1860 EgisTec Service - ok
13:23:50.0678 1860 EgisTec Service Help (0ac3baa7df250c76dd9bcfc51565cb5f) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
13:23:50.0693 1860 EgisTec Service Help - ok
13:23:50.0756 1860 EgisTec Ticket Service (7745aaffb61438c28c75e18ce98d4e64) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
13:23:50.0787 1860 EgisTec Ticket Service - ok
13:23:50.0896 1860 EgisTecFF (33708c6d915f8de734cf3abb0731515b) C:\windows\system32\DRIVERS\EgisTecFF.sys
13:23:50.0912 1860 EgisTecFF - ok
13:23:51.0005 1860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
13:23:51.0083 1860 ehRecvr - ok
13:23:51.0099 1860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
13:23:51.0146 1860 ehSched - ok
13:23:51.0192 1860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
13:23:51.0208 1860 elxstor - ok
13:23:51.0208 1860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:23:51.0239 1860 ErrDev - ok
13:23:51.0286 1860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
13:23:51.0333 1860 EventSystem - ok
13:23:51.0458 1860 EvtEng (f8f610093e1d7fdfa477fc34d15d5c60) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:23:51.0504 1860 EvtEng - ok
13:23:51.0629 1860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:23:51.0692 1860 exfat - ok
13:23:51.0723 1860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:23:51.0770 1860 fastfat - ok
13:23:51.0832 1860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
13:23:51.0894 1860 Fax - ok
13:23:51.0926 1860 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
13:23:51.0941 1860 fbfmon - ok
13:23:51.0957 1860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
13:23:52.0004 1860 fdc - ok
13:23:52.0035 1860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
13:23:52.0082 1860 fdPHost - ok
13:23:52.0097 1860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
13:23:52.0144 1860 FDResPub - ok
13:23:52.0160 1860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:23:52.0191 1860 FileInfo - ok
13:23:52.0191 1860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:23:52.0238 1860 Filetrace - ok
13:23:52.0253 1860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
13:23:52.0253 1860 flpydisk - ok
13:23:52.0284 1860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:23:52.0300 1860 FltMgr - ok
13:23:52.0394 1860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
13:23:52.0456 1860 FontCache - ok
13:23:52.0534 1860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:23:52.0550 1860 FontCache3.0.0.0 - ok
13:23:52.0612 1860 FPSensor (1899d0fb4c5ad0d6d0bfa258c54903f7) C:\windows\system32\Drivers\FPSensor.sys
13:23:52.0628 1860 FPSensor - ok
13:23:52.0659 1860 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:23:52.0674 1860 FsDepends - ok
13:23:52.0721 1860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
13:23:52.0737 1860 Fs_Rec - ok
13:23:52.0768 1860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:23:52.0784 1860 fvevol - ok
13:23:52.0799 1860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
13:23:52.0815 1860 gagp30kx - ok
13:23:52.0893 1860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
13:23:52.0940 1860 gpsvc - ok
13:23:53.0002 1860 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:53.0018 1860 gupdate - ok
13:23:53.0018 1860 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:53.0033 1860 gupdatem - ok
13:23:53.0064 1860 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:23:53.0064 1860 gusvc - ok
13:23:53.0096 1860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:23:53.0142 1860 hcw85cir - ok
13:23:53.0174 1860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:23:53.0205 1860 HdAudAddService - ok
13:23:53.0236 1860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
13:23:53.0252 1860 HDAudBus - ok
13:23:53.0267 1860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
13:23:53.0284 1860 HidBatt - ok
13:23:53.0296 1860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
13:23:53.0312 1860 HidBth - ok
13:23:53.0320 1860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
13:23:53.0332 1860 HidIr - ok
13:23:53.0362 1860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
13:23:53.0404 1860 hidserv - ok
13:23:53.0429 1860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
13:23:53.0438 1860 HidUsb - ok
13:23:53.0467 1860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
13:23:53.0509 1860 hkmsvc - ok
13:23:53.0535 1860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
13:23:53.0565 1860 HomeGroupListener - ok
13:23:53.0589 1860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
13:23:53.0616 1860 HomeGroupProvider - ok
13:23:53.0650 1860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:23:53.0657 1860 HpSAMD - ok
13:23:53.0691 1860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:23:53.0748 1860 HTTP - ok
13:23:53.0751 1860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:23:53.0763 1860 hwpolicy - ok
13:23:53.0774 1860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
13:23:53.0786 1860 i8042prt - ok
13:23:53.0831 1860 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
13:23:53.0842 1860 iaStor - ok
13:23:53.0883 1860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:23:53.0895 1860 iaStorV - ok
13:23:54.0363 1860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:23:54.0380 1860 idsvc - ok
13:23:54.0738 1860 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
13:23:54.0888 1860 igfx - ok
13:23:54.0988 1860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
13:23:54.0998 1860 iirsp - ok
13:23:55.0048 1860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
13:23:55.0088 1860 IKEEXT - ok
13:23:55.0198 1860 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\windows\system32\drivers\RTKVHD64.sys
13:23:55.0238 1860 IntcAzAudAddService - ok
13:23:55.0328 1860 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
13:23:55.0358 1860 IntcDAud - ok
13:23:55.0368 1860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:23:55.0378 1860 intelide - ok
13:23:55.0398 1860 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:23:55.0418 1860 intelppm - ok
13:23:55.0458 1860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
13:23:55.0508 1860 IPBusEnum - ok
13:23:55.0518 1860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:23:55.0538 1860 IpFilterDriver - ok
13:23:55.0568 1860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:23:55.0588 1860 IPMIDRV - ok
13:23:55.0598 1860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:23:55.0638 1860 IPNAT - ok
13:23:55.0658 1860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:23:55.0708 1860 IRENUM - ok
13:23:55.0738 1860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:23:55.0748 1860 isapnp - ok
13:23:55.0768 1860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:23:55.0778 1860 iScsiPrt - ok
13:23:55.0788 1860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
13:23:55.0798 1860 kbdclass - ok
13:23:55.0798 1860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:23:55.0828 1860 kbdhid - ok
13:23:55.0858 1860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:23:55.0888 1860 KeyIso - ok
13:23:55.0908 1860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
13:23:55.0918 1860 KSecDD - ok
13:23:55.0938 1860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
13:23:55.0958 1860 KSecPkg - ok
13:23:55.0978 1860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:23:56.0038 1860 ksthunk - ok
13:23:56.0088 1860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
13:23:56.0128 1860 KtmRm - ok
13:23:56.0178 1860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
13:23:56.0218 1860 LanmanServer - ok
13:23:56.0258 1860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
13:23:56.0308 1860 LanmanWorkstation - ok
13:23:56.0628 1860 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
13:23:56.0698 1860 LeapFrog Connect Device Service - ok
13:23:56.0798 1860 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\windows\system32\DRIVERS\btblan.sys
13:23:56.0834 1860 Leapfrog-USBLAN - ok
13:23:56.0865 1860 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
13:23:56.0880 1860 LHDmgr - ok
13:23:56.0896 1860 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:23:56.0974 1860 lltdio - ok
13:23:57.0021 1860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
13:23:57.0083 1860 lltdsvc - ok
13:23:57.0099 1860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
13:23:57.0130 1860 lmhosts - ok
13:23:57.0224 1860 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:23:57.0239 1860 LMS - ok
13:23:57.0286 1860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
13:23:57.0302 1860 LSI_FC - ok
13:23:57.0302 1860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
13:23:57.0317 1860 LSI_SAS - ok
13:23:57.0333 1860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
13:23:57.0333 1860 LSI_SAS2 - ok
13:23:57.0348 1860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
13:23:57.0364 1860 LSI_SCSI - ok
13:23:57.0380 1860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:23:57.0411 1860 luafv - ok
13:23:57.0458 1860 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
13:23:57.0458 1860 MBAMProtector - ok
13:23:57.0536 1860 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:23:57.0567 1860 MBAMService - ok
13:23:57.0598 1860 McMPFSvc - ok
13:23:57.0598 1860 mcmscsvc - ok
13:23:57.0614 1860 McNaiAnn - ok
13:23:57.0614 1860 McNASvc - ok
13:23:57.0614 1860 McODS - ok
13:23:57.0614 1860 McProxy - ok
13:23:57.0660 1860 Mcx2Svc - ok
13:23:57.0692 1860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
13:23:57.0723 1860 megasas - ok
13:23:57.0738 1860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
13:23:57.0770 1860 MegaSR - ok
13:23:57.0801 1860 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
13:23:57.0801 1860 MEIx64 - ok
13:23:57.0832 1860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:23:57.0894 1860 MMCSS - ok
13:23:57.0894 1860 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:23:57.0957 1860 Modem - ok
13:23:57.0972 1860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:23:58.0004 1860 monitor - ok
13:23:58.0019 1860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
13:23:58.0019 1860 mouclass - ok
13:23:58.0035 1860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:23:58.0066 1860 mouhid - ok
13:23:58.0082 1860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:23:58.0082 1860 mountmgr - ok
13:23:58.0113 1860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:23:58.0128 1860 mpio - ok
13:23:58.0128 1860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:23:58.0160 1860 mpsdrv - ok
13:23:58.0175 1860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:23:58.0238 1860 MRxDAV - ok
13:23:58.0269 1860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:23:58.0331 1860 mrxsmb - ok
13:23:58.0378 1860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:23:58.0409 1860 mrxsmb10 - ok
13:23:58.0425 1860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:23:58.0456 1860 mrxsmb20 - ok
13:23:58.0472 1860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
13:23:58.0487 1860 msahci - ok
13:23:58.0503 1860 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:23:58.0518 1860 msdsm - ok
13:23:58.0534 1860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
13:23:58.0565 1860 MSDTC - ok
13:23:58.0581 1860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:23:58.0596 1860 Msfs - ok
13:23:58.0628 1860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:23:58.0690 1860 mshidkmdf - ok
13:23:58.0706 1860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:23:58.0706 1860 msisadrv - ok
13:23:58.0752 1860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
13:23:58.0799 1860 MSiSCSI - ok
13:23:58.0799 1860 msiserver - ok
13:23:58.0830 1860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:23:58.0893 1860 MSKSSRV - ok
13:23:58.0971 1860 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:23:59.0002 1860 MsMpSvc - ok
13:23:59.0018 1860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:23:59.0064 1860 MSPCLOCK - ok
13:23:59.0096 1860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:23:59.0127 1860 MSPQM - ok
13:23:59.0174 1860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:23:59.0189 1860 MsRPC - ok
13:23:59.0189 1860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
13:23:59.0205 1860 mssmbios - ok
13:23:59.0205 1860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:23:59.0236 1860 MSTEE - ok
13:23:59.0236 1860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
13:23:59.0252 1860 MTConfig - ok
13:23:59.0252 1860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:23:59.0267 1860 Mup - ok
13:23:59.0283 1860 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\windows\system32\DRIVERS\mwlPSDFilter.sys
13:23:59.0298 1860 mwlPSDFilter - ok
13:23:59.0298 1860 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\windows\system32\DRIVERS\mwlPSDNServ.sys
13:23:59.0314 1860 mwlPSDNServ - ok
13:23:59.0330 1860 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
13:23:59.0330 1860 mwlPSDVDisk - ok
13:23:59.0392 1860 MyWiFiDHCPDNS (f6ea50dbc391f04ca49427010657ccb3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:23:59.0423 1860 MyWiFiDHCPDNS - ok
13:23:59.0454 1860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
13:23:59.0517 1860 napagent - ok
13:23:59.0579 1860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:23:59.0626 1860 NativeWifiP - ok
13:23:59.0688 1860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:23:59.0735 1860 NDIS - ok
13:23:59.0766 1860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:23:59.0813 1860 NdisCap - ok
13:23:59.0844 1860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:23:59.0860 1860 NdisTapi - ok
13:23:59.0876 1860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:23:59.0907 1860 Ndisuio - ok
13:23:59.0938 1860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:23:59.0985 1860 NdisWan - ok
13:23:59.0985 1860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:24:00.0016 1860 NDProxy - ok
13:24:00.0032 1860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:24:00.0078 1860 NetBIOS - ok
13:24:00.0125 1860 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:24:00.0172 1860 NetBT - ok
13:24:00.0188 1860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:24:00.0203 1860 Netlogon - ok
13:24:00.0234 1860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
13:24:00.0281 1860 Netman - ok
13:24:00.0359 1860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
13:24:00.0453 1860 netprofm - ok
13:24:00.0515 1860 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:00.0531 1860 NetTcpPortSharing - ok
13:24:00.0983 1860 NETwNs64 (30933bb56fb611d0252bad488adfb533) C:\windows\system32\DRIVERS\NETwNs64.sys
13:24:01.0092 1860 NETwNs64 - ok
13:24:01.0217 1860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
13:24:01.0248 1860 nfrd960 - ok
13:24:01.0280 1860 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
13:24:01.0295 1860 NisDrv - ok
13:24:01.0373 1860 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:24:01.0404 1860 NisSrv - ok
13:24:01.0451 1860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
13:24:01.0529 1860 NlaSvc - ok
13:24:01.0560 1860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:24:01.0607 1860 Npfs - ok
13:24:01.0607 1860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
13:24:01.0654 1860 nsi - ok
13:24:01.0654 1860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:24:01.0685 1860 nsiproxy - ok
13:24:01.0857 1860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:24:01.0888 1860 Ntfs - ok
13:24:02.0013 1860 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:24:02.0060 1860 Null - ok
13:24:02.0091 1860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:24:02.0122 1860 nvraid - ok
13:24:02.0153 1860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:24:02.0169 1860 nvstor - ok
13:24:02.0200 1860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:24:02.0216 1860 nv_agp - ok
13:24:02.0216 1860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:24:02.0262 1860 ohci1394 - ok
13:24:02.0309 1860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:24:02.0387 1860 p2pimsvc - ok
13:24:02.0434 1860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
13:24:02.0465 1860 p2psvc - ok
13:24:02.0481 1860 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
13:24:02.0496 1860 Parport - ok
13:24:02.0528 1860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
13:24:02.0559 1860 partmgr - ok
13:24:02.0621 1860 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
13:24:02.0652 1860 Partner Service - ok
13:24:02.0684 1860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
13:24:02.0730 1860 PcaSvc - ok
13:24:02.0793 1860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:24:02.0808 1860 pci - ok
13:24:02.0824 1860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
13:24:02.0840 1860 pciide - ok
13:24:02.0855 1860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
13:24:02.0871 1860 pcmcia - ok
13:24:02.0871 1860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:24:02.0886 1860 pcw - ok
13:24:02.0964 1860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:24:03.0089 1860 PEAUTH - ok
13:24:03.0183 1860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
13:24:03.0245 1860 PerfHost - ok
13:24:03.0339 1860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
13:24:03.0386 1860 pla - ok
13:24:03.0448 1860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
13:24:03.0526 1860 PlugPlay - ok
13:24:03.0557 1860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
13:24:03.0588 1860 PNRPAutoReg - ok
13:24:03.0635 1860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:24:03.0666 1860 PNRPsvc - ok
13:24:03.0713 1860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
13:24:03.0776 1860 PolicyAgent - ok
13:24:03.0807 1860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
13:24:03.0854 1860 Power - ok
13:24:03.0916 1860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:24:03.0994 1860 PptpMiniport - ok
13:24:04.0010 1860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
13:24:04.0041 1860 Processor - ok
13:24:04.0088 1860 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
13:24:04.0134 1860 ProfSvc - ok
13:24:04.0166 1860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:24:04.0166 1860 ProtectedStorage - ok
13:24:04.0212 1860 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:24:04.0244 1860 Psched - ok
13:24:04.0322 1860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
13:24:04.0384 1860 ql2300 - ok
13:24:04.0493 1860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
13:24:04.0524 1860 ql40xx - ok
13:24:04.0556 1860 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
13:24:04.0587 1860 QWAVE - ok
13:24:04.0602 1860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:24:04.0618 1860 QWAVEdrv - ok
13:24:04.0634 1860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:24:04.0665 1860 RasAcd - ok
13:24:04.0696 1860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:24:04.0727 1860 RasAgileVpn - ok
13:24:04.0758 1860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
13:24:04.0821 1860 RasAuto - ok
13:24:04.0852 1860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:24:04.0914 1860 Rasl2tp - ok
13:24:04.0946 1860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
13:24:05.0008 1860 RasMan - ok
13:24:05.0024 1860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:24:05.0117 1860 RasPppoe - ok
13:24:05.0148 1860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:24:05.0226 1860 RasSstp - ok
13:24:05.0258 1860 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:24:05.0304 1860 rdbss - ok
13:24:05.0320 1860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
13:24:05.0351 1860 rdpbus - ok
13:24:05.0367 1860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:24:05.0429 1860 RDPCDD - ok
13:24:05.0460 1860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:24:05.0538 1860 RDPENCDD - ok
13:24:05.0554 1860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:24:05.0585 1860 RDPREFMP - ok
13:24:05.0616 1860 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
13:24:05.0648 1860 RDPWD - ok
13:24:05.0663 1860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:24:05.0679 1860 rdyboost - ok
13:24:06.0630 1860 RegSrvc (9276f4d4109fc349925d28e00e533146) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:24:06.0662 1860 RegSrvc - ok
13:24:06.0708 1860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
13:24:06.0771 1860 RemoteAccess - ok
13:24:06.0818 1860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
13:24:06.0864 1860 RemoteRegistry - ok
13:24:06.0958 1860 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
13:24:07.0020 1860 RFCOMM - ok
13:24:07.0067 1860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
13:24:07.0161 1860 RpcEptMapper - ok
13:24:07.0223 1860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
13:24:07.0254 1860 RpcLocator - ok
13:24:07.0332 1860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:24:07.0395 1860 RpcSs - ok
13:24:07.0473 1860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:24:07.0551 1860 rspndr - ok
13:24:07.0598 1860 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RtsUVStor.sys
13:24:07.0613 1860 RSUSBVSTOR - ok
13:24:07.0660 1860 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\windows\system32\DRIVERS\Rt64win7.sys
13:24:07.0660 1860 RTL8167 - ok
13:24:08.0331 1860 rtsuvc (8ac69f3c7a8a8bd94ea26a08ae5d1839) C:\windows\system32\DRIVERS\rtsuvc.sys
13:24:08.0424 1860 rtsuvc - ok
13:24:08.0534 1860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:24:08.0549 1860 SamSs - ok
13:24:08.0612 1860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:24:08.0627 1860 sbp2port - ok
13:24:08.0658 1860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
13:24:08.0721 1860 SCardSvr - ok
13:24:08.0736 1860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:24:08.0768 1860 scfilter - ok
13:24:08.0830 1860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
13:24:08.0892 1860 Schedule - ok
13:24:08.0924 1860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:24:08.0955 1860 SCPolicySvc - ok
13:24:08.0986 1860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
13:24:09.0002 1860 SDRSVC - ok
13:24:09.0048 1860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:24:09.0111 1860 secdrv - ok
13:24:09.0158 1860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
13:24:09.0173 1860 seclogon - ok
13:24:09.0189 1860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
13:24:09.0236 1860 SENS - ok
13:24:09.0251 1860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
13:24:09.0314 1860 SensrSvc - ok
13:24:09.0345 1860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
13:24:09.0376 1860 Serenum - ok
13:24:09.0407 1860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
13:24:09.0438 1860 Serial - ok
13:24:09.0438 1860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
13:24:09.0501 1860 sermouse - ok
13:24:09.0548 1860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
13:24:09.0672 1860 SessionEnv - ok
13:24:09.0704 1860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:24:09.0719 1860 sffdisk - ok
13:24:09.0735 1860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:24:09.0750 1860 sffp_mmc - ok
13:24:09.0782 1860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:24:09.0922 1860 sffp_sd - ok
13:24:09.0938 1860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
13:24:10.0000 1860 sfloppy - ok
13:24:10.0047 1860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
13:24:10.0109 1860 ShellHWDetection - ok
13:24:10.0140 1860 Shockprf (c10d453b07e3e7e00e5103bba9bad524) C:\windows\system32\DRIVERS\Apsx64.sys
13:24:10.0156 1860 Shockprf - ok
13:24:10.0172 1860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
13:24:10.0172 1860 SiSRaid2 - ok
13:24:10.0187 1860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
13:24:10.0187 1860 SiSRaid4 - ok
13:24:10.0390 1860 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:24:10.0452 1860 Skype C2C Service - ok
13:24:10.0499 1860 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:24:10.0530 1860 SkypeUpdate - ok
13:24:10.0624 1860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:24:10.0702 1860 Smb - ok
13:24:10.0733 1860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
13:24:10.0764 1860 SNMPTRAP - ok
13:24:10.0796 1860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:24:10.0811 1860 spldr - ok
13:24:10.0842 1860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
13:24:10.0889 1860 Spooler - ok
13:24:11.0061 1860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
13:24:11.0139 1860 sppsvc - ok
13:24:11.0217 1860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
13:24:11.0279 1860 sppuinotify - ok
13:24:11.0342 1860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:24:11.0420 1860 srv - ok
13:24:11.0466 1860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:24:11.0513 1860 srv2 - ok
13:24:11.0529 1860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:24:11.0544 1860 srvnet - ok
13:24:11.0576 1860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
13:24:11.0654 1860 SSDPSRV - ok
13:24:11.0669 1860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
13:24:11.0716 1860 SstpSvc - ok
13:24:11.0747 1860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
13:24:11.0763 1860 stexstor - ok
13:24:11.0810 1860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
13:24:11.0841 1860 stisvc - ok
13:24:11.0856 1860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
13:24:11.0872 1860 swenum - ok
13:24:11.0981 1860 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:24:12.0028 1860 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:24:12.0028 1860 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:24:12.0090 1860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
13:24:12.0200 1860 swprv - ok
13:24:12.0278 1860 SynTP (08425cd92972c6430f350a9697f4a553) C:\windows\system32\DRIVERS\SynTP.sys
13:24:12.0324 1860 SynTP - ok
13:24:12.0480 1860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
13:24:12.0558 1860 SysMain - ok
13:24:12.0621 1860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
13:24:12.0652 1860 TabletInputService - ok
13:24:12.0683 1860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
13:24:12.0777 1860 TapiSrv - ok
13:24:12.0792 1860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
13:24:12.0839 1860 TBS - ok
13:24:12.0995 1860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
13:24:13.0026 1860 Tcpip - ok
13:24:13.0182 1860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
13:24:13.0214 1860 TCPIP6 - ok
13:24:13.0292 1860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:24:13.0385 1860 tcpipreg - ok
13:24:13.0401 1860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:24:13.0463 1860 TDPIPE - ok
13:24:13.0494 1860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
13:24:13.0526 1860 TDTCP - ok
13:24:13.0572 1860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:24:13.0619 1860 tdx - ok
13:24:13.0619 1860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
13:24:13.0635 1860 TermDD - ok
13:24:13.0697 1860 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
13:24:13.0775 1860 TermService - ok
13:24:13.0806 1860 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
13:24:13.0822 1860 Themes - ok
13:24:13.0853 1860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:24:13.0900 1860 THREADORDER - ok
13:24:13.0916 1860 TPDIGIMN (74868c001c7214fbd88b1a57ebb04811) C:\windows\system32\DRIVERS\ApsHM64.sys
13:24:13.0931 1860 TPDIGIMN - ok
13:24:13.0931 1860 TPHDEXLGSVC (130e6b36a8eee48aa4f0ac404236836b) C:\windows\system32\TPHDEXLG64.exe
13:24:13.0947 1860 TPHDEXLGSVC - ok
13:24:13.0962 1860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
13:24:14.0025 1860 TrkWks - ok
13:24:14.0087 1860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
13:24:14.0181 1860 TrustedInstaller - ok
13:24:14.0196 1860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:24:14.0243 1860 tssecsrv - ok
13:24:14.0274 1860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:24:14.0290 1860 TsUsbFlt - ok
13:24:14.0306 1860 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
13:24:14.0321 1860 TsUsbGD - ok
13:24:14.0321 1860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:24:14.0384 1860 tunnel - ok
13:24:14.0384 1860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
13:24:14.0399 1860 uagp35 - ok
13:24:14.0430 1860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:24:14.0477 1860 udfs - ok
13:24:14.0524 1860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
13:24:14.0555 1860 UI0Detect - ok
13:24:14.0555 1860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:24:14.0571 1860 uliagpkx - ok
13:24:14.0586 1860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
13:24:14.0618 1860 umbus - ok
13:24:14.0618 1860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
13:24:14.0649 1860 UmPass - ok
13:24:14.0852 1860 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:24:14.0883 1860 UNS - ok
13:24:14.0992 1860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
13:24:15.0054 1860 upnphost - ok
13:24:15.0101 1860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:24:15.0132 1860 usbccgp - ok
13:24:15.0148 1860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:24:15.0179 1860 usbcir - ok
13:24:15.0179 1860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
13:24:15.0226 1860 usbehci - ok
13:24:15.0273 1860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
13:24:15.0304 1860 usbhub - ok
13:24:15.0335 1860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:24:15.0366 1860 usbohci - ok
13:24:15.0398 1860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
13:24:15.0444 1860 usbprint - ok
13:24:15.0491 1860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:24:15.0554 1860 USBSTOR - ok
13:24:15.0569 1860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:24:15.0616 1860 usbuhci - ok
13:24:15.0647 1860 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
13:24:15.0678 1860 usbvideo - ok
13:24:15.0710 1860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
13:24:15.0756 1860 UxSms - ok
13:24:15.0788 1860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:24:15.0788 1860 VaultSvc - ok
13:24:15.0803 1860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:24:15.0803 1860 vdrvroot - ok
13:24:15.0850 1860 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
13:24:15.0897 1860 vds - ok
13:24:15.0928 1860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:24:15.0928 1860 vga - ok
13:24:15.0944 1860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:24:15.0990 1860 VgaSave - ok
13:24:16.0006 1860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:24:16.0022 1860 vhdmp - ok
13:24:16.0022 1860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:24:16.0037 1860 viaide - ok
13:24:16.0037 1860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:24:16.0053 1860 volmgr - ok
13:24:16.0084 1860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:24:16.0100 1860 volmgrx - ok
13:24:16.0146 1860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
13:24:16.0178 1860 volsnap - ok
13:24:16.0209 1860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
13:24:16.0224 1860 vsmraid - ok
13:24:16.0334 1860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
13:24:16.0427 1860 VSS - ok
13:24:16.0536 1860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:24:16.0583 1860 vwifibus - ok
13:24:16.0614 1860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:24:16.0646 1860 vwififlt - ok
13:24:16.0646 1860 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:24:16.0677 1860 vwifimp - ok
13:24:16.0724 1860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
13:24:16.0770 1860 W32Time - ok
13:24:16.0786 1860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
13:24:16.0817 1860 WacomPen - ok
13:24:16.0848 1860 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:24:16.0926 1860 WANARP - ok
13:24:16.0926 1860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:24:16.0942 1860 Wanarpv6 - ok
13:24:17.0036 1860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
13:24:17.0067 1860 WatAdminSvc - ok
13:24:17.0160 1860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
13:24:17.0238 1860 wbengine - ok
13:24:17.0316 1860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
13:24:17.0363 1860 WbioSrvc - ok
13:24:17.0394 1860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
13:24:17.0472 1860 wcncsvc - ok
13:24:17.0488 1860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
13:24:17.0519 1860 WcsPlugInService - ok
13:24:17.0550 1860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
13:24:17.0566 1860 Wd - ok
13:24:17.0597 1860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:24:17.0628 1860 Wdf01000 - ok
13:24:17.0644 1860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:24:17.0784 1860 WdiServiceHost - ok
13:24:17.0784 1860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:24:17.0800 1860 WdiSystemHost - ok
13:24:17.0831 1860 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
13:24:17.0831 1860 wdkmd - ok
13:24:17.0878 1860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
13:24:17.0940 1860 WebClient - ok
13:24:17.0987 1860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
13:24:18.0065 1860 Wecsvc - ok
13:24:18.0081 1860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
13:24:18.0112 1860 wercplsupport - ok
13:24:18.0112 1860 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
13:24:18.0143 1860 WerSvc - ok
13:24:18.0159 1860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:24:18.0190 1860 WfpLwf - ok
13:24:18.0284 1860 WiMAXAppSrv (245ea6a2cfae7b183ee9a14a4673b1f1) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
13:24:18.0330 1860 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning
13:24:18.0330 1860 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1)
13:24:18.0346 1860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:24:18.0362 1860 WIMMount - ok
13:24:18.0362 1860 WinHttpAutoProxySvc - ok
13:24:18.0424 1860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
13:24:18.0471 1860 Winmgmt - ok
13:24:18.0596 1860 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
13:24:18.0658 1860 WinRM - ok
13:24:18.0767 1860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
13:24:18.0814 1860 WinUsb - ok
13:24:18.0876 1860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
13:24:18.0954 1860 Wlansvc - ok
13:24:19.0017 1860 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:24:19.0048 1860 wlcrasvc - ok
13:24:19.0188 1860 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:24:19.0251 1860 wlidsvc - ok
13:24:19.0360 1860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
13:24:19.0407 1860 WmiAcpi - ok
13:24:19.0485 1860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
13:24:19.0532 1860 wmiApSrv - ok
13:24:19.0563 1860 WMPNetworkSvc - ok
13:24:19.0594 1860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
13:24:19.0641 1860 WPCSvc - ok
13:24:19.0656 1860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
13:24:19.0688 1860 WPDBusEnum - ok
13:24:19.0703 1860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:24:19.0734 1860 ws2ifsl - ok
13:24:19.0750 1860 WSearch - ok
13:24:19.0812 1860 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
13:24:19.0828 1860 wsvd - ok
13:24:19.0844 1860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:24:19.0953 1860 WudfPf - ok
13:24:19.0984 1860 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:24:20.0031 1860 WUDFRd - ok
13:24:20.0078 1860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
13:24:20.0109 1860 wudfsvc - ok
13:24:20.0124 1860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
13:24:20.0171 1860 WwanSvc - ok
13:24:20.0202 1860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:24:20.0639 1860 \Device\Harddisk0\DR0 - ok
13:24:20.0670 1860 Boot (0x1200) (29efd4f444ed22649e2f7e024f24abb7) \Device\Harddisk0\DR0\Partition0
13:24:20.0670 1860 \Device\Harddisk0\DR0\Partition0 - ok
13:24:20.0686 1860 Boot (0x1200) (ddb68df64022629016772a545c6a285b) \Device\Harddisk0\DR0\Partition1
13:24:20.0686 1860 \Device\Harddisk0\DR0\Partition1 - ok
13:24:20.0733 1860 Boot (0x1200) (47c2076e7314bc7eac03fae4c7d7e862) \Device\Harddisk0\DR0\Partition2
13:24:20.0733 1860 \Device\Harddisk0\DR0\Partition2 - ok
13:24:20.0733 1860 ============================================================
13:24:20.0733 1860 Scan finished
13:24:20.0733 1860 ============================================================
13:24:20.0748 4324 Detected object count: 3
13:24:20.0748 4324 Actual detected object count: 3
13:24:34.0554 4324 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:34.0554 4324 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:34.0554 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:34.0554 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:34.0554 4324 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:34.0554 4324 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:59 PM

Posted 03 July 2012 - 06:49 PM

Hello,

Please run Combofix in Safemode.


Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 famke7

famke7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 03 July 2012 - 07:25 PM

i was able to run combofix in safemode with network support, but for some reason it thinks that McAfee is running, even though that was something i thought i uninstalled fully while trying to install MSE last week.


ComboFix 12-07-02.01 - Famke 07/03/2012 17:06:35.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4901 [GMT -7:00]
Running from: c:\users\Famke\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\gt.exe
c:\windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\@
c:\windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U\00000001.@
c:\windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U\80000000.@
c:\windows\Installer\{a513b98b-39d2-311b-e4ee-7f5f99151347}\U\800000cb.@
c:\windows\s.bat
c:\windows\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 00:10 . 2012-07-04 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 22:42 . 2012-05-02 22:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-03 22:42 . 2012-04-27 17:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-03 22:42 . 2012-04-25 07:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-03 04:14 . 2012-07-03 04:14 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-07-02 03:59 . 2012-07-02 04:00 -------- d-----w- C:\FRST
2012-06-29 19:44 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:31 . 2012-06-29 00:31 -------- d-----w- C:\avrescue
2012-06-28 19:50 . 2012-06-29 19:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-28 19:50 . 2012-06-28 19:50 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 19:30 . 2012-06-28 19:30 -------- d-----w- c:\programdata\Avira
2012-06-28 19:30 . 2012-06-28 19:30 -------- d-----w- c:\program files (x86)\Avira
2012-06-28 16:16 . 2012-06-28 16:16 14984 ----a-w- C:\FixitRegBackup.reg
2012-06-28 15:53 . 2012-06-28 15:53 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-06-28 15:48 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C364F28-94FF-4FB7-BC79-6EDEDF165359}\mpengine.dll
2012-06-28 15:09 . 2012-06-28 15:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-28 14:59 . 2012-06-28 14:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 05:30 . 2012-06-28 05:30 328704 ----a-w- c:\windows\system32\services.exe.BA038AF6200478AD
2012-06-28 04:00 . 2012-06-28 04:00 328704 ----a-w- c:\windows\system32\services.exe.1EA5BB9B08FAA6FD
2012-06-28 03:54 . 2012-06-28 03:54 328704 ----a-w- c:\windows\system32\services.exe.F0069F714A6754FE
2012-06-28 03:51 . 2012-06-28 03:51 328704 ----a-w- c:\windows\system32\services.exe.1439FD639D748D2A
2012-06-28 03:45 . 2012-06-28 03:45 328704 ----a-w- c:\windows\system32\services.exe.76A62D8D5B8B79D2
2012-06-28 03:41 . 2012-06-28 03:41 328704 ----a-w- c:\windows\system32\services.exe.6C8CF26C95EC6FBF
2012-06-28 03:38 . 2012-06-28 03:38 328704 ----a-w- c:\windows\system32\services.exe.27718F8D81F9A493
2012-06-28 03:35 . 2012-06-28 03:35 328704 ----a-w- c:\windows\system32\services.exe.B47505DD58237679
2012-06-28 03:31 . 2012-06-28 03:31 328704 ----a-w- c:\windows\system32\services.exe.F6C218952E5CB4FB
2012-06-28 03:24 . 2012-06-29 01:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-28 00:24 . 2012-06-28 01:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-25 22:05 . 2012-06-25 22:05 1837056 ----a-w- c:\windows\SysWow64\ipnathlp.dll
2012-06-21 14:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 14:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 14:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 14:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 14:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 14:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 14:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 14:13 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 14:13 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 03:52 . 2012-06-21 03:52 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-20 04:06 . 2012-06-20 04:06 -------- d-----w- c:\program files (x86)\VanDale
2012-06-18 01:17 . 2012-06-18 01:18 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-18 01:17 . 2012-06-18 01:18 -------- d-----w- c:\programdata\Nero
2012-06-18 01:15 . 2012-06-18 01:15 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-18 01:14 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-06-18 01:14 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-06-18 01:14 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-06-18 01:14 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-06-18 01:14 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-06-18 01:13 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-06-18 01:13 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-06-18 01:12 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-06-18 01:12 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-06-18 01:08 . 2012-06-18 01:21 -------- d-----w- c:\program files (x86)\Nero
2012-06-16 12:18 . 2012-06-16 12:18 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-16 12:18 . 2012-06-16 12:18 -------- d-----w- c:\windows\system32\Wat
2012-06-14 11:51 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-06-14 11:51 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-06-13 17:37 . 2012-06-18 01:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 17:37 . 2012-06-13 17:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 17:37 . 2012-06-13 17:37 -------- d-----w- c:\windows\system32\Macromed
2012-06-13 14:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-13 14:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-13 14:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-13 14:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-13 14:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-13 14:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-13 14:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-13 13:53 . 2012-06-26 22:28 -------- d-----w- C:\Famke HD
2012-06-13 12:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 12:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 12:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 12:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 12:44 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 12:44 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 12:44 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 12:00 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 09:10 . 2012-06-13 09:13 -------- d-----w- c:\program files (x86)\LeapFrog
2012-06-13 09:10 . 2012-06-13 09:10 -------- d-----w- c:\programdata\Leapfrog
2012-06-13 08:31 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-13 08:31 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-13 08:31 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-06-13 08:31 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-06-13 08:31 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-13 08:29 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-13 08:29 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-13 08:29 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-13 08:29 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-13 08:29 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-13 08:29 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-13 08:29 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-13 08:29 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-13 08:29 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-06-13 08:29 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-06-13 08:29 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-13 08:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-12 23:49 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-12 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-12 23:49 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-12 23:48 . 2012-06-12 23:48 -------- d-----w- c:\programdata\Energy Management
2012-06-12 23:47 . 2012-07-01 18:25 -------- d-----w- c:\users\Famke
2012-06-12 23:46 . 2012-06-12 23:46 -------- d-----w- C:\Recovery
2012-06-12 12:45 . 2012-06-12 12:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-12 12:45 . 2012-06-25 23:05 -------- d-----r- c:\program files (x86)\Skype
2012-06-12 12:45 . 2012-06-25 23:05 -------- d-----w- c:\programdata\Skype
2012-06-12 12:35 . 2012-06-12 12:35 -------- d-----w- c:\programdata\ALM
2012-06-12 12:16 . 2012-06-12 12:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-12 12:14 . 2012-06-12 12:16 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-12 12:13 . 2012-06-12 12:13 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-12 12:12 . 2012-06-12 12:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-01 329056]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
R1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-03-01 13408]
R1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys [2012-03-01 55880]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-01 22912]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-01 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-01 62584]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
R2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2012-03-01 332272]
R3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2010-12-15 8200552]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-16 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-03-01 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-03-01 39008]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-12-09 23648]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-03-01 29792]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 17:13]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-01 17:02 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-01 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-01 5908928]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-01 114688]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF22939.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF22939.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-03 17:15:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 00:15
.
Pre-Run: 394,819,342,336 bytes free
Post-Run: 395,008,049,152 bytes free
.
- - End Of File - - F5A8D0BCD865630356319E40722D4405

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:59 PM

Posted 04 July 2012 - 11:18 AM

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


Things to include in your next reply::
MBAM log
Roguekiller log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 famke7

famke7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 04 July 2012 - 11:57 AM

malwarebytes does not detect anything (it always used to detect something on a quick scan before) so i think replacing the services.exe definitely fixed something.


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Famke :: FAMKE-PC [administrator]

Protection: Enabled

7/4/2012 9:44:11 AM
mbam-log-2012-07-04 (09-44-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209415
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Famke [Admin rights]
Mode: Scan -- Date: 07/04/2012 09:48:43

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 8669c02a6df69d33d3b346db2f905c0b
[BSP] 05838d9a62069fd83c103d0547f66044 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users