Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help in removing searchsafer


  • This topic is locked This topic is locked
18 replies to this topic

#1 Kerius

Kerius

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 September 2012 - 12:07 PM

Hi my firefox browser keeps rerouting to searchsafer.com rather than google which I have assigned on the settings. I have used malwarebytes to run a scan but it doesn't help. Need some help on removing it thanks!!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 09 September 2012 - 12:21 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Kerius

Kerius
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 September 2012 - 12:37 PM

Hi here are the logs as requested:

Results of screen317's Security Check version 0.99.50
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Advanced SystemCare with Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
IObit Advanced SystemCare with Antivirus 2013 ascsvc.exe
IObit Advanced SystemCare with Antivirus 2013 ascavsvc.exe
IObit Advanced SystemCare with Antivirus 2013 ASCTray.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30/11/2009 9:43:39 AM
System Uptime: 10/9/2012 1:19:04 AM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 2.555 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2C9487DB&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2C9487DB&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
《三国志12》游侠汉化完整硬盘版
2007 Microsoft Office system
7-Zip 9.20
Activate Norton Online Backup
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 7.0
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader 9.4.1
Advanced SystemCare with Antivirus 2013
AhnLab Online Security
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
Baldur's Gate™ II - Throne of Bhaal ™
BitComet 1.32 64-bit
Business Contact Manager for Outlook 2007 SP2
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to Disc
Click to Disc Editor
Company of Heroes
Company of Heroes - FAKEMSI
D3DX10
DAEMON Tools Lite
Diablo II
Diablo III
Facebook Plug-In
FileZilla Client 3.3.5.1
Garena Plus
GIMP 2.6.11
Google Chrome
Java Auto Updater
Java™ 6 Update 31
Java™ 7 Update 5
JavaFX 2.1.1
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.62.0.1300
MapleStorySEA
Metal Slug Complete PC 1.0
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Project Standard 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MpcStar 5.4
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Path of Exile
PDFCreator
Primo
PrimoPDF -- brought to you by Nitro PDF Software
ProDiscover Basic 7.0.0.8
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RealUpgrade 1.1
Return of Warrior
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Setting Utility Series
ShowRoom for PowerPoint
Skyrim Dawnguard DLC+Update v1.7706-=AviaRa=- 1.7706
SmartDraw 2012
SmartSound Quicktracks for Premiere Elements
SopCast 3.5.0
Sophos Virus Removal Tool
Spybot - Search & Destroy
StarCraft II
StarUML 5.0.2.1570
Steam
Street Fighter X Tekken
Swiff Player 1.7.1
System Requirements Lab CYRI
Theme Hospital
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Content Metadata Manager Settings
VAIO Content Monitoring Settings
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Original Function Settings
VAIO Power Management
VAIO Smart Network
VAIO Transfer Support
VAIO Update 4
VLC media player 2.0.1
Vodafone Mobile Connect Lite
Warcraft III
Warcraft III Reign of Chaos & The Frozen Throne
WBFS Manager 3.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR 4.10 beta 1 (32-bit)
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
9/9/2012 9:37:05 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/9/2012 12:07:08 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/9/2012 12:07:08 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/9/2012 11:53:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2012 11:53:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2012 11:53:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/9/2012 11:53:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/9/2012 11:53:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/9/2012 11:53:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/9/2012 11:53:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
9/9/2012 11:52:33 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/9/2012 4:36:37 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.31. The computer with the IP address 192.168.1.44 did not allow the name to be claimed by this computer.
6/9/2012 1:30:52 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
6/9/2012 1:26:26 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5F120DC3-68E1-4F0E-B1FF-E9E690DAB71C} because another computer on the network has the same name. The server could not start.
6/9/2012 1:26:26 AM, Error: NetBT [4321] - The name "GRUNTY :20" could not be registered on the interface with IP address 192.168.1.31. The computer with the IP address 169.254.186.207 did not allow the name to be claimed by this computer.
6/9/2012 1:26:26 AM, Error: NetBT [4321] - The name "GRUNTY :0" could not be registered on the interface with IP address 192.168.1.31. The computer with the IP address 169.254.186.207 did not allow the name to be claimed by this computer.
5/9/2012 11:00:26 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
10/9/2012 12:43:14 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
10/9/2012 12:42:45 AM, Error: Service Control Manager [7023] - The WLAN AutoConfig service terminated with the following error: The system cannot find the path specified.
10/9/2012 12:42:45 AM, Error: Microsoft-Windows-WLAN-AutoConfig [4002] - WLAN AutoConfig service has failed to start. Error Code: 3
10/9/2012 12:30:50 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/9/2012 12:10:51 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/9/2012 1:19:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
10/9/2012 1:19:20 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
10/9/2012 1:19:20 AM, Error: atikmdag [43029] - Display is not active
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Julia at 1:30:29 on 2012-09-10
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.4063.2438 [GMT 8:00]
.
AV: Advanced SystemCare with Antivirus *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k defragsvc
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://sony.msn.com
uSearch Bar =
mStart Page = hxxp://search.chatzum.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - C:\Program Files (x86)\Thunder Network\WebThunder\WebThunderBHO_Now.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\Julia\AppData\Local\Temp\Rpcqt.dll,Sets
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe" /AutoStart
uRun: [Google Update] "C:\Users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sabreholdings.webex.com/client/T27L10NSP11EP5/nbr/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{12C764DB-FD5B-4E26-97E5-1A764FE08B3B} : DhcpNameServer = 203.116.1.94 203.116.1.78
TCP: Interfaces\{5F120DC3-68E1-4F0E-B1FF-E9E690DAB71C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F32F344-156D-4737-BDA4-D4BB846C6A6D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F32F344-156D-4737-BDA4-D4BB846C6A6D}\14355535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F32F344-156D-4737-BDA4-D4BB846C6A6D}\D4972556075726C69636D293732443 : DhcpNameServer = 103.11.48.190 103.11.48.126
TCP: Interfaces\{E592B533-C1CC-4B46-86A4-5059344FD6BD} : DhcpNameServer = 165.21.83.88 165.21.100.88
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: WebThunder Browser Helper: {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files (x86)\Thunder Network\WebThunder\WebThunderBHO_Now.dll
BHO-X64: WebThunderBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-X64: XunleiBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\11a7zhqb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.http - proxy.singnet.com.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Julia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Julia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - d2233c91000000000000002637bd3942
FF - user.js: extensions.BabylonToolbar_i.hardId - d2233c91000000000000002637bd3942
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15336
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:17:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101382
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCSvc.exe [2012-9-9 514432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCAvSvc.exe [2012-9-9 906112]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-9 655944]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-20 189984]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-11 1153368]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-23 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-23 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-23 642920]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-4 14336]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2009-9-23 522240]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-27 362992]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-9 169312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\DRIVERS\massfilter.sys --> C:\Windows\system32\DRIVERS\massfilter.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-27 313840]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys --> C:\Windows\system32\drivers\CM10864.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" --> C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\system32\DRIVERS\ZTEusbnet.sys --> C:\Windows\system32\DRIVERS\ZTEusbnet.sys [?]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\Windows\system32\DRIVERS\ZTEusbvoice.sys [?]
.
=============== Created Last 30 ================
.
2012-09-09 17:29:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{472E2925-A11B-4249-A3EA-25198D7C0396}\offreg.dll
2012-09-09 16:51:28 -------- d-----w- C:\Windows\L2Schemas
2012-09-09 16:51:28 -------- d-----w- C:\Program Files\DVD Maker
2012-09-09 13:36:47 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-09-09 13:36:43 431176 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-09-09 13:36:42 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2012-09-09 13:36:40 -------- d-----w- C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
2012-09-09 13:36:39 -------- d-----w- C:\ProgramData\iobit
2012-09-09 13:36:36 -------- d-----w- C:\Users\Julia\AppData\Roaming\IObit
2012-09-09 13:36:21 -------- d-----w- C:\Program Files (x86)\IObit
2012-09-09 13:30:50 -------- d-----w- C:\Users\Julia\AppData\Roaming\Malwarebytes
2012-09-09 13:30:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-09 13:30:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-09 13:30:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-09 13:20:46 -------- d-----w- C:\Users\Julia\AppData\Local\{35FE8217-880D-4873-8F1D-CF9A9D8B108A}
2012-09-09 12:56:22 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-09 12:56:08 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-09 12:56:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-09-09 04:07:20 -------- d-----w- C:\Users\Julia\AppData\Local\{319F9799-77A2-44D3-8291-4B6DED0D0DFB}
2012-09-08 05:42:57 -------- d-----w- C:\Users\Julia\AppData\Local\{D0306ED1-CF83-419D-A81F-7004A8DA2ACA}
2012-09-07 17:42:31 -------- d-----w- C:\Users\Julia\AppData\Local\{AF40F2C1-FDEA-4F9C-A8EB-433FA026F87B}
2012-09-07 07:38:04 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-09-07 05:42:04 -------- d-----w- C:\Users\Julia\AppData\Local\{52EF0516-AD52-42D5-8875-918C1FD15FF9}
2012-09-06 01:29:07 -------- d-----w- C:\Users\Julia\AppData\Local\{DA13B1BD-0FE0-4C06-9EF3-5AFFD98B0B0B}
2012-09-05 04:32:10 -------- d-----w- C:\ProgramData\Sophos
2012-09-05 04:32:01 73728 ----a-r- C:\Users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-05 04:32:01 73728 ----a-r- C:\Users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-05 04:32:01 73728 ----a-r- C:\Users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-05 04:31:52 -------- d-----w- C:\Program Files (x86)\Sophos
2012-09-05 02:54:32 -------- d-----w- C:\Users\Julia\AppData\Local\{ACBCD6EC-0F06-4819-9D18-F48FD4802591}
2012-09-04 06:29:29 -------- d-----w- C:\Users\Julia\AppData\Local\{4A3FFF02-1503-421C-B943-320D28A006FA}
2012-09-03 03:48:00 -------- d-----w- C:\Users\Julia\AppData\Local\{B08E1252-BE4D-48E0-9C80-413783453BE1}
2012-09-02 13:57:39 8757248 ------w- C:\Windows\SysWow64\CM108.dll
2012-09-02 13:57:39 804352 ------w- C:\Windows\System32\Cmeau108.exe
2012-09-02 13:57:39 389120 ------w- C:\Windows\System32\CM108.cpl
2012-09-02 13:57:39 200704 ------w- C:\Windows\SysWow64\cmpa108.dll
2012-09-02 13:57:39 143360 ------w- C:\Windows\Vmix108.dll
2012-09-02 13:56:58 524768 ----a-w- C:\Windows\difxapi.dll
2012-09-02 13:56:58 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2012-09-02 13:56:57 315392 ----a-w- C:\Windows\system\fltr108.dll
2012-09-02 13:56:57 1310720 ----a-w- C:\Windows\System32\drivers\CM10864.sys
2012-09-02 13:37:20 -------- d-----w- C:\Users\Julia\AppData\Local\{2A385F3B-FB27-4FC1-B33D-316CFDF6EF43}
2012-09-01 16:51:51 -------- d-----w- C:\Users\Julia\AppData\Local\{7F46F50B-C746-40CE-A687-CB5522E94AA0}
2012-09-01 04:51:24 -------- d-----w- C:\Users\Julia\AppData\Local\{4220946E-A902-40CB-96BC-F0810AAFE7DC}
2012-08-31 04:17:49 -------- d-----w- C:\Users\Julia\AppData\Local\{2EC2EE43-AA0B-44BD-A15A-9C40C6BB3C04}
2012-08-30 13:27:59 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-08-30 02:58:09 -------- d-----w- C:\Users\Julia\AppData\Local\{60D4043D-1E9C-4EF8-8EF8-3321E948721F}
2012-08-29 03:54:12 -------- d-----w- C:\Users\Julia\AppData\Local\{FF3CE7E1-F90B-47B1-921E-A6534C54AB40}
2012-08-28 03:53:52 -------- d-----w- C:\Users\Julia\AppData\Local\{9F653838-EB30-4766-8280-E568922C0BE2}
2012-08-27 03:17:14 -------- d-----w- C:\Users\Julia\AppData\Local\{2289A4E5-2304-4444-97D1-275DF74AF183}
2012-08-26 02:35:49 -------- d-----w- C:\Users\Julia\AppData\Local\{92AE7290-3EA9-484E-87EF-D3DC227F0075}
2012-08-25 03:10:22 -------- d-----w- C:\Users\Julia\AppData\Local\{3CD2AC8A-D30E-4981-96EB-D1ED6ED02906}
2012-08-24 03:22:25 -------- d-----w- C:\Users\Julia\AppData\Local\{D06AF77B-CC42-4D99-9C80-0BB2C97F863E}
2012-08-23 01:57:42 -------- d-----w- C:\Users\Julia\AppData\Local\{82878ABB-F953-4864-96EC-78958E80ADB5}
2012-08-22 01:48:53 -------- d-----w- C:\Users\Julia\AppData\Local\{7556F468-2B99-4282-8D64-A1EA0760C904}
2012-08-21 06:58:09 -------- d-----w- C:\Users\Julia\AppData\Local\{858A6D72-DC6C-4AF7-B014-B078147240CF}
2012-08-20 22:07:23 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{472E2925-A11B-4249-A3EA-25198D7C0396}\mpengine.dll
2012-08-20 18:57:41 -------- d-----w- C:\Users\Julia\AppData\Local\{F910783C-BEE4-4C45-8552-89ACC62F4129}
2012-08-20 03:25:27 -------- d-----w- C:\Users\Julia\AppData\Local\{3EE3B39A-7CAB-488E-B347-B5550A4AC5B3}
2012-08-19 07:20:12 4079608 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-08-19 07:20:02 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-08-19 07:20:01 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-08-19 07:19:49 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-08-19 07:02:31 -------- d-----w- C:\Program Files (x86)\directx
2012-08-19 06:55:25 -------- d-----w- C:\Program Files (x86)\YouxiLand
2012-08-19 06:54:50 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-08-19 06:54:50 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-08-19 06:54:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-08-19 06:54:50 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-08-19 06:54:50 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-08-19 06:54:49 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-08-19 06:54:49 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-08-19 03:39:42 -------- d-----w- C:\Users\Julia\AppData\Local\{A0AD099D-82EB-4DEF-B705-6E33938ACE0B}
2012-08-19 03:29:57 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-08-18 03:19:34 -------- d-----w- C:\Users\Julia\AppData\Local\{D2B9664D-FDB5-46CF-AE94-768DCC48055A}
2012-08-17 15:09:02 -------- d-----w- C:\Users\Julia\AppData\Local\{C427C103-9D0E-468D-B573-170D50959361}
2012-08-17 09:07:45 7839790 ----a-w- C:\BGMain.exe
2012-08-17 02:18:49 -------- d-----w- C:\Users\Julia\AppData\Local\{A2091A00-9B85-4243-8A53-2289EBA8BC91}
2012-08-16 03:30:51 -------- d-----w- C:\Users\Julia\AppData\Local\{0529B94C-190A-416A-BE76-AB3E120D9C32}
2012-08-15 13:14:23 -------- d-----w- C:\Program Files (x86)\ChatZum Toolbar
2012-08-15 03:28:16 -------- d-----w- C:\Users\Julia\AppData\Local\{A35F5193-3DB4-4D5B-BC08-46ADFE50D2D6}
2012-08-14 03:12:40 -------- d-----w- C:\Users\Julia\AppData\Local\{2970640D-B151-46AC-939D-56FED5056787}
2012-08-13 04:25:26 -------- d-----w- C:\Users\Julia\AppData\Local\{BC4878D0-15CA-44AC-A497-E57FAADFB31F}
2012-08-12 03:53:55 -------- d-----w- C:\Users\Julia\AppData\Local\{F94B3808-C44A-43AC-A758-A4EFDFF45922}
2012-08-11 04:43:14 -------- d-----w- C:\Users\Julia\AppData\Local\{878C8BAB-71D2-4F4D-AEF2-7CE169F8CAFC}
.
==================== Find3M ====================
.
2012-08-15 14:58:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 14:58:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-05 14:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 14:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 09:06:22 79824 ----a-w- C:\Windows\xinstaller.dll
2012-07-04 09:06:22 34768 ----a-w- C:\Windows\xinstaller.exe
.
============= FINISH: 1:31:12.73 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 09 September 2012 - 12:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Kerius

Kerius
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 September 2012 - 02:35 PM

Hi here are the results from combofix:


ComboFix 12-09-09.02 - Julia 9/2012 Mon 2:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.4063.2572 [GMT 8:00]
执行位置: c:\users\Julia\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120910011904.359599
c:\users\Julia\AppData\Local\Temp\Rpcqt.dll
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( 2012-08-09 至 2012-09-09 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-09-09 16:51 . 2012-09-09 16:51 -------- d-----w- c:\windows\L2Schemas
2012-09-09 16:51 . 2012-09-09 16:51 -------- d-----w- c:\program files\DVD Maker
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\programdata\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\programdata\iobit
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\users\Julia\AppData\Roaming\IObit
2012-09-09 13:36 . 2012-09-09 18:41 -------- d-----w- c:\program files (x86)\IObit
2012-09-09 13:30 . 2012-09-09 13:30 -------- d-----w- c:\users\Julia\AppData\Roaming\Malwarebytes
2012-09-09 13:30 . 2012-09-09 13:30 -------- d-----w- c:\programdata\Malwarebytes
2012-09-09 13:30 . 2012-09-09 13:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-09 13:30 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 12:56 . 2012-09-09 12:56 -------- d-----w- c:\program files\Enigma Software Group
2012-09-09 12:56 . 2012-09-09 13:25 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-09 12:56 . 2012-09-09 12:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-07 07:38 . 2012-09-07 07:56 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-09-05 04:32 . 2012-09-05 04:32 -------- d-----w- c:\programdata\Sophos
2012-09-05 04:32 . 2012-09-05 04:32 73728 ----a-r- c:\users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-05 04:32 . 2012-09-05 04:32 73728 ----a-r- c:\users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-05 04:32 . 2012-09-05 04:32 73728 ----a-r- c:\users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-05 04:31 . 2012-09-05 04:31 -------- d-----w- c:\program files (x86)\Sophos
2012-09-02 13:57 . 2010-10-13 11:06 8757248 ------w- c:\windows\SysWow64\CM108.dll
2012-09-02 13:57 . 2010-07-13 15:26 804352 ------w- c:\windows\system32\Cmeau108.exe
2012-09-02 13:57 . 2009-04-02 16:59 143360 ------w- c:\windows\Vmix108.dll
2012-09-02 13:57 . 2008-07-23 19:00 389120 ------w- c:\windows\system32\CM108.cpl
2012-09-02 13:57 . 2006-09-13 10:21 200704 ------w- c:\windows\SysWow64\cmpa108.dll
2012-09-02 13:56 . 2009-08-19 16:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-09-02 13:56 . 2006-10-06 05:45 524768 ----a-w- c:\windows\difxapi.dll
2012-09-02 13:56 . 2010-08-12 18:26 1310720 ----a-w- c:\windows\system32\drivers\CM10864.sys
2012-09-02 13:56 . 2004-04-14 11:28 315392 ----a-w- c:\windows\system\fltr108.dll
2012-08-30 13:27 . 2012-08-30 13:27 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-08-30 13:27 . 2012-08-30 13:27 -------- d-----w- c:\users\Julia\AppData\Roaming\SystemRequirementsLab
2012-08-21 09:59 . 2012-08-21 09:59 -------- d-----w- c:\users\Julia\AppData\Roaming\dvdcss
2012-08-20 22:07 . 2012-08-19 17:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{472E2925-A11B-4249-A3EA-25198D7C0396}\mpengine.dll
2012-08-19 07:20 . 2012-04-11 16:14 4079608 ----a-w- c:\windows\SysWow64\GameMon.des
2012-08-19 07:20 . 2004-12-29 00:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-08-19 07:20 . 2003-07-14 09:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-08-19 07:19 . 2012-08-19 07:19 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-08-19 07:02 . 2012-08-19 07:02 -------- d-----w- c:\program files (x86)\directx
2012-08-19 06:55 . 2012-08-19 06:55 -------- d-----w- c:\program files (x86)\YouxiLand
2012-08-19 06:54 . 2002-12-05 06:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-08-19 06:54 . 2002-12-05 06:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-08-19 06:54 . 2002-12-02 07:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-08-19 06:54 . 2002-12-02 05:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-08-19 06:54 . 2002-12-02 05:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-08-19 06:54 . 2012-08-19 06:54 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-08-19 06:54 . 2012-08-19 06:54 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-08-19 03:29 . 2009-03-18 09:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-08-17 09:07 . 2003-12-18 15:11 7839790 ----a-w- C:\BGMain.exe
2012-08-15 13:14 . 2012-08-16 03:04 -------- d-----w- c:\program files (x86)\ChatZum Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:58 . 2012-04-04 13:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 14:58 . 2011-08-19 04:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 14:06 . 2012-08-05 07:27 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 14:06 . 2011-05-19 13:37 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 09:06 . 2012-07-04 09:06 79824 ----a-w- c:\windows\xinstaller.dll
2012-07-04 09:06 . 2012-07-04 09:06 34768 ----a-w- c:\windows\xinstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-05-30 02:56 247760 ----a-w- c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.38.(66).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-31 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-11-12 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2010-08-12 1310720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-26 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-11-12 167424]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2008-11-12 150656]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-08-13 522240]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-07-31 292864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
‘计划任务’ 文件夹 里的内容
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:58]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37869317-963882951-3326000770-1003Core.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 16:57]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37869317-963882951-3326000770-1003UA.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 16:57]
.
2012-09-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-03-03 18:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2010-10-13 8757248]
"combofix"="c:\combofix\CF9564.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\11a7zhqb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.http - proxy.singnet.com.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - d2233c91000000000000002637bd3942
FF - user.js: extensions.BabylonToolbar_i.hardId - d2233c91000000000000002637bd3942
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15336
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101382
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Skyrim Dawnguard DLC+Update v1.7706-=AviaRa=- 1.7706 - c:\program files (x86)\The Elder Scrolls V Skyrim\Skyrim\Skyrim Dawnguard DLC+Update v1.7706-=AviaRa=-\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
完成时间: 2012-09-10 03:33:38 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-09-09 19:33
.
Pre-Run: 92,770,304 bytes free
Post-Run: 1,887,420,416 bytes free
.
- - End Of File - - 57F2326BB0CCBE68375B4344F3D3F68B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 09 September 2012 - 02:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Kerius

Kerius
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 September 2012 - 09:51 PM

Hi here are the results:


10:20:00.0346 4688 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:20:01.0133 4688 ============================================================
10:20:01.0133 4688 Current date / time: 2012/09/10 10:20:01.0133
10:20:01.0133 4688 SystemInfo:
10:20:01.0133 4688
10:20:01.0133 4688 OS Version: 6.1.7600 ServicePack: 0.0
10:20:01.0133 4688 Product type: Workstation
10:20:01.0133 4688 ComputerName: GRUNTY
10:20:01.0133 4688 UserName: Julia
10:20:01.0133 4688 Windows directory: C:\Windows
10:20:01.0133 4688 System windows directory: C:\Windows
10:20:01.0133 4688 Running under WOW64
10:20:01.0133 4688 Processor architecture: Intel x64
10:20:01.0133 4688 Number of processors: 2
10:20:01.0133 4688 Page size: 0x1000
10:20:01.0133 4688 Boot type: Normal boot
10:20:01.0134 4688 ============================================================
10:20:02.0862 4688 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:20:02.0867 4688 ============================================================
10:20:02.0867 4688 \Device\Harddisk0\DR0:
10:20:02.0867 4688 MBR partitions:
10:20:02.0867 4688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17CB800, BlocksNum 0x32000
10:20:02.0867 4688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17FD800, BlocksNum 0x23C30AB0
10:20:02.0867 4688 ============================================================
10:20:02.0905 4688 C: <-> \Device\Harddisk0\DR0\Partition2
10:20:02.0905 4688 ============================================================
10:20:02.0905 4688 Initialize success
10:20:02.0905 4688 ============================================================
10:20:07.0772 3568 ============================================================
10:20:07.0772 3568 Scan started
10:20:07.0772 3568 Mode: Manual;
10:20:07.0772 3568 ============================================================
10:20:08.0611 3568 ================ Scan system memory ========================
10:20:08.0611 3568 System memory - ok
10:20:08.0611 3568 ================ Scan services =============================
10:20:08.0801 3568 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:20:08.0805 3568 1394ohci - ok
10:20:08.0899 3568 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:20:08.0902 3568 ACDaemon - ok
10:20:08.0965 3568 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
10:20:08.0970 3568 ACPI - ok
10:20:09.0041 3568 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
10:20:09.0042 3568 AcpiPmi - ok
10:20:09.0127 3568 [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
10:20:09.0132 3568 AdobeActiveFileMonitor7.0 - ok
10:20:09.0342 3568 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:20:09.0347 3568 AdobeFlashPlayerUpdateSvc - ok
10:20:09.0418 3568 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:20:09.0426 3568 adp94xx - ok
10:20:09.0514 3568 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:20:09.0521 3568 adpahci - ok
10:20:09.0579 3568 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:20:09.0582 3568 adpu320 - ok
10:20:09.0637 3568 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:20:09.0639 3568 AeLookupSvc - ok
10:20:09.0704 3568 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
10:20:09.0712 3568 AFD - ok
10:20:09.0793 3568 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
10:20:09.0795 3568 agp440 - ok
10:20:09.0845 3568 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:20:09.0847 3568 ALG - ok
10:20:09.0902 3568 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
10:20:09.0903 3568 aliide - ok
10:20:09.0958 3568 [ 322A2C5D390109A4E50679AB58DEA870 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:20:09.0960 3568 AMD External Events Utility - ok
10:20:10.0030 3568 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
10:20:10.0031 3568 amdide - ok
10:20:10.0071 3568 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:20:10.0073 3568 AmdK8 - ok
10:20:10.0094 3568 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:20:10.0096 3568 AmdPPM - ok
10:20:10.0152 3568 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:20:10.0154 3568 amdsata - ok
10:20:10.0216 3568 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:20:10.0220 3568 amdsbs - ok
10:20:10.0275 3568 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:20:10.0276 3568 amdxata - ok
10:20:10.0348 3568 [ 56BD886820C4AEDF493CFCDF1CCFB004 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
10:20:10.0350 3568 ApfiltrService - ok
10:20:10.0410 3568 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
10:20:10.0412 3568 AppID - ok
10:20:10.0439 3568 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:20:10.0441 3568 AppIDSvc - ok
10:20:10.0455 3568 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
10:20:10.0457 3568 Appinfo - ok
10:20:10.0531 3568 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:20:10.0533 3568 Apple Mobile Device - ok
10:20:10.0620 3568 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:20:10.0622 3568 arc - ok
10:20:10.0651 3568 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:20:10.0653 3568 arcsas - ok
10:20:10.0709 3568 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
10:20:10.0710 3568 ArcSoftKsUFilter - ok
10:20:10.0759 3568 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:20:10.0760 3568 AsyncMac - ok
10:20:10.0797 3568 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
10:20:10.0798 3568 atapi - ok
10:20:10.0889 3568 [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:20:10.0912 3568 athr - ok
10:20:11.0092 3568 [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:20:11.0445 3568 atikmdag - ok
10:20:11.0509 3568 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:20:11.0520 3568 AudioEndpointBuilder - ok
10:20:11.0537 3568 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:20:11.0541 3568 AudioSrv - ok
10:20:11.0594 3568 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:20:11.0596 3568 AxInstSV - ok
10:20:11.0660 3568 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:20:11.0669 3568 b06bdrv - ok
10:20:11.0748 3568 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:20:11.0752 3568 b57nd60a - ok
10:20:11.0903 3568 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
10:20:11.0905 3568 BcmSqlStartupSvc - ok
10:20:11.0973 3568 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:20:11.0975 3568 BDESVC - ok
10:20:12.0042 3568 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:20:12.0042 3568 Beep - ok
10:20:12.0104 3568 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
10:20:12.0115 3568 BFE - ok
10:20:12.0283 3568 BITCOMET_HELPER_SERVICE - ok
10:20:12.0321 3568 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
10:20:12.0335 3568 BITS - ok
10:20:12.0386 3568 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:20:12.0387 3568 blbdrive - ok
10:20:12.0508 3568 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:20:12.0515 3568 Bonjour Service - ok
10:20:12.0577 3568 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:20:12.0578 3568 bowser - ok
10:20:12.0629 3568 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:20:12.0630 3568 BrFiltLo - ok
10:20:12.0656 3568 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:20:12.0658 3568 BrFiltUp - ok
10:20:12.0789 3568 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:20:12.0791 3568 BridgeMP - ok
10:20:12.0845 3568 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
10:20:12.0848 3568 Browser - ok
10:20:12.0873 3568 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:20:12.0878 3568 Brserid - ok
10:20:12.0911 3568 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:20:12.0913 3568 BrSerWdm - ok
10:20:12.0926 3568 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:20:12.0927 3568 BrUsbMdm - ok
10:20:12.0939 3568 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:20:12.0941 3568 BrUsbSer - ok
10:20:13.0024 3568 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:20:13.0025 3568 BthEnum - ok
10:20:13.0084 3568 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:20:13.0086 3568 BTHMODEM - ok
10:20:13.0123 3568 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:20:13.0126 3568 BthPan - ok
10:20:13.0179 3568 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:20:13.0188 3568 BTHPORT - ok
10:20:13.0233 3568 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:20:13.0235 3568 bthserv - ok
10:20:13.0264 3568 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:20:13.0266 3568 BTHUSB - ok
10:20:13.0326 3568 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:20:13.0328 3568 btwaudio - ok
10:20:13.0406 3568 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
10:20:13.0408 3568 btwavdt - ok
10:20:13.0497 3568 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:20:13.0510 3568 btwdins - ok
10:20:13.0569 3568 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:20:13.0571 3568 btwl2cap - ok
10:20:13.0610 3568 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:20:13.0611 3568 btwrchid - ok
10:20:13.0682 3568 catchme - ok
10:20:13.0764 3568 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:20:13.0769 3568 CAXHWAZL - ok
10:20:13.0837 3568 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:20:13.0840 3568 cdfs - ok
10:20:13.0879 3568 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:20:13.0882 3568 cdrom - ok
10:20:13.0938 3568 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
10:20:13.0940 3568 CertPropSvc - ok
10:20:13.0962 3568 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:20:13.0963 3568 circlass - ok
10:20:13.0990 3568 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:20:13.0995 3568 CLFS - ok
10:20:14.0074 3568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:20:14.0077 3568 clr_optimization_v2.0.50727_32 - ok
10:20:14.0112 3568 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:20:14.0115 3568 clr_optimization_v2.0.50727_64 - ok
10:20:14.0224 3568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:20:14.0259 3568 clr_optimization_v4.0.30319_32 - ok
10:20:14.0334 3568 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:20:14.0336 3568 clr_optimization_v4.0.30319_64 - ok
10:20:14.0381 3568 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:20:14.0382 3568 CmBatt - ok
10:20:14.0410 3568 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
10:20:14.0411 3568 cmdide - ok
10:20:14.0480 3568 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
10:20:14.0487 3568 CNG - ok
10:20:14.0535 3568 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:20:14.0535 3568 Compbatt - ok
10:20:14.0585 3568 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:20:14.0586 3568 CompositeBus - ok
10:20:14.0605 3568 COMSysApp - ok
10:20:14.0650 3568 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:20:14.0652 3568 crcdisk - ok
10:20:14.0712 3568 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:20:14.0715 3568 CryptSvc - ok
10:20:14.0753 3568 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:20:14.0761 3568 DcomLaunch - ok
10:20:14.0809 3568 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:20:14.0814 3568 defragsvc - ok
10:20:14.0872 3568 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:20:14.0874 3568 DfsC - ok
10:20:14.0929 3568 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
10:20:14.0935 3568 Dhcp - ok
10:20:14.0963 3568 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:20:14.0964 3568 discache - ok
10:20:15.0045 3568 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:20:15.0046 3568 Disk - ok
10:20:15.0075 3568 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:20:15.0078 3568 Dnscache - ok
10:20:15.0121 3568 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
10:20:15.0126 3568 dot3svc - ok
10:20:15.0147 3568 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
10:20:15.0150 3568 DPS - ok
10:20:15.0201 3568 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:20:15.0202 3568 drmkaud - ok
10:20:15.0269 3568 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:20:15.0271 3568 dtsoftbus01 - ok
10:20:15.0345 3568 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:20:15.0351 3568 DXGKrnl - ok
10:20:15.0369 3568 EagleX64 - ok
10:20:15.0397 3568 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:20:15.0400 3568 EapHost - ok
10:20:15.0502 3568 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:20:15.0581 3568 ebdrv - ok
10:20:15.0635 3568 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
10:20:15.0637 3568 EFS - ok
10:20:15.0720 3568 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:20:15.0731 3568 ehRecvr - ok
10:20:15.0768 3568 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:20:15.0771 3568 ehSched - ok
10:20:15.0838 3568 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:20:15.0847 3568 elxstor - ok
10:20:15.0877 3568 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
10:20:15.0878 3568 ErrDev - ok
10:20:15.0948 3568 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:20:15.0954 3568 EventSystem - ok
10:20:16.0004 3568 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:20:16.0008 3568 exfat - ok
10:20:16.0049 3568 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:20:16.0052 3568 fastfat - ok
10:20:16.0127 3568 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
10:20:16.0137 3568 Fax - ok
10:20:16.0183 3568 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:20:16.0184 3568 fdc - ok
10:20:16.0208 3568 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:20:16.0209 3568 fdPHost - ok
10:20:16.0226 3568 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:20:16.0228 3568 FDResPub - ok
10:20:16.0290 3568 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:20:16.0291 3568 FileInfo - ok
10:20:16.0306 3568 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:20:16.0308 3568 Filetrace - ok
10:20:16.0348 3568 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:20:16.0358 3568 FLEXnet Licensing Service - ok
10:20:16.0420 3568 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:20:16.0422 3568 flpydisk - ok
10:20:16.0443 3568 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:20:16.0447 3568 FltMgr - ok
10:20:16.0526 3568 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
10:20:16.0543 3568 FontCache - ok
10:20:16.0588 3568 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:20:16.0590 3568 FontCache3.0.0.0 - ok
10:20:16.0623 3568 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:20:16.0625 3568 FsDepends - ok
10:20:16.0702 3568 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:20:16.0703 3568 fssfltr - ok
10:20:16.0853 3568 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:20:16.0875 3568 fsssvc - ok
10:20:16.0892 3568 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:20:16.0893 3568 Fs_Rec - ok
10:20:16.0954 3568 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:20:16.0957 3568 fvevol - ok
10:20:17.0015 3568 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:20:17.0017 3568 gagp30kx - ok
10:20:17.0082 3568 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:20:17.0083 3568 GEARAspiWDM - ok
10:20:17.0175 3568 GGSAFERDriver - ok
10:20:17.0217 3568 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
10:20:17.0229 3568 gpsvc - ok
10:20:17.0288 3568 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
10:20:17.0289 3568 hamachi - ok
10:20:17.0344 3568 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:20:17.0345 3568 hcw85cir - ok
10:20:17.0399 3568 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:20:17.0405 3568 HdAudAddService - ok
10:20:17.0461 3568 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:20:17.0463 3568 HDAudBus - ok
10:20:17.0480 3568 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:20:17.0481 3568 HidBatt - ok
10:20:17.0500 3568 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:20:17.0503 3568 HidBth - ok
10:20:17.0543 3568 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:20:17.0544 3568 HidIr - ok
10:20:17.0570 3568 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:20:17.0572 3568 hidserv - ok
10:20:17.0630 3568 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:20:17.0631 3568 HidUsb - ok
10:20:17.0656 3568 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:20:17.0659 3568 hkmsvc - ok
10:20:17.0721 3568 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:20:17.0726 3568 HomeGroupListener - ok
10:20:17.0761 3568 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:20:17.0765 3568 HomeGroupProvider - ok
10:20:17.0802 3568 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
10:20:17.0805 3568 HpSAMD - ok
10:20:17.0954 3568 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:20:17.0962 3568 HsfXAudioService - ok
10:20:18.0016 3568 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:20:18.0038 3568 HSF_DPV - ok
10:20:18.0116 3568 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:20:18.0127 3568 HTTP - ok
10:20:18.0143 3568 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:20:18.0143 3568 hwpolicy - ok
10:20:18.0228 3568 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:20:18.0230 3568 i8042prt - ok
10:20:18.0313 3568 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:20:18.0316 3568 IAANTMON - ok
10:20:18.0374 3568 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:20:18.0376 3568 iaStor - ok
10:20:18.0425 3568 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:20:18.0432 3568 iaStorV - ok
10:20:18.0504 3568 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:20:18.0517 3568 idsvc - ok
10:20:18.0755 3568 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:20:18.0982 3568 igfx - ok
10:20:19.0029 3568 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:20:19.0031 3568 iirsp - ok
10:20:19.0114 3568 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
10:20:19.0127 3568 IKEEXT - ok
10:20:19.0230 3568 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:20:19.0264 3568 IntcAzAudAddService - ok
10:20:19.0349 3568 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
10:20:19.0352 3568 IntcHdmiAddService - ok
10:20:19.0409 3568 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:20:19.0410 3568 intelide - ok
10:20:19.0467 3568 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:20:19.0468 3568 intelppm - ok
10:20:19.0493 3568 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:20:19.0496 3568 IPBusEnum - ok
10:20:19.0538 3568 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:20:19.0540 3568 IpFilterDriver - ok
10:20:19.0602 3568 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:20:19.0611 3568 iphlpsvc - ok
10:20:19.0645 3568 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:20:19.0648 3568 IPMIDRV - ok
10:20:19.0674 3568 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:20:19.0676 3568 IPNAT - ok
10:20:19.0799 3568 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:20:19.0812 3568 iPod Service - ok
10:20:19.0865 3568 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:20:19.0867 3568 IRENUM - ok
10:20:19.0916 3568 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
10:20:19.0918 3568 isapnp - ok
10:20:19.0960 3568 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:20:19.0964 3568 iScsiPrt - ok
10:20:19.0997 3568 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:20:19.0998 3568 kbdclass - ok
10:20:20.0066 3568 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:20:20.0068 3568 kbdhid - ok
10:20:20.0090 3568 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
10:20:20.0091 3568 KeyIso - ok
10:20:20.0129 3568 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:20:20.0131 3568 KSecDD - ok
10:20:20.0140 3568 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:20:20.0142 3568 KSecPkg - ok
10:20:20.0162 3568 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:20:20.0163 3568 ksthunk - ok
10:20:20.0202 3568 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:20:20.0209 3568 KtmRm - ok
10:20:20.0298 3568 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:20:20.0303 3568 LanmanServer - ok
10:20:20.0333 3568 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:20:20.0337 3568 LanmanWorkstation - ok
10:20:20.0401 3568 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:20:20.0403 3568 lltdio - ok
10:20:20.0423 3568 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:20:20.0428 3568 lltdsvc - ok
10:20:20.0465 3568 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:20:20.0467 3568 lmhosts - ok
10:20:20.0532 3568 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:20:20.0535 3568 LSI_FC - ok
10:20:20.0562 3568 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:20:20.0565 3568 LSI_SAS - ok
10:20:20.0600 3568 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:20:20.0602 3568 LSI_SAS2 - ok
10:20:20.0617 3568 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:20:20.0620 3568 LSI_SCSI - ok
10:20:20.0657 3568 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:20:20.0709 3568 luafv - ok
10:20:20.0785 3568 [ B5E86524918EF32B32D1032E0C8E92A3 ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
10:20:20.0787 3568 massfilter - ok
10:20:20.0849 3568 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:20:20.0851 3568 Mcx2Svc - ok
10:20:20.0879 3568 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:20:20.0880 3568 mdmxsdk - ok
10:20:20.0910 3568 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:20:20.0912 3568 megasas - ok
10:20:20.0951 3568 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:20:20.0956 3568 MegaSR - ok
10:20:20.0993 3568 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:20:20.0995 3568 MMCSS - ok
10:20:21.0012 3568 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:20:21.0013 3568 Modem - ok
10:20:21.0062 3568 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:20:21.0063 3568 monitor - ok
10:20:21.0118 3568 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:20:21.0118 3568 mouclass - ok
10:20:21.0164 3568 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:20:21.0166 3568 mouhid - ok
10:20:21.0176 3568 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:20:21.0178 3568 mountmgr - ok
10:20:21.0373 3568 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:20:21.0376 3568 MozillaMaintenance - ok
10:20:21.0418 3568 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
10:20:21.0421 3568 mpio - ok
10:20:21.0447 3568 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:20:21.0448 3568 mpsdrv - ok
10:20:21.0498 3568 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:20:21.0511 3568 MpsSvc - ok
10:20:21.0548 3568 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:20:21.0551 3568 MRxDAV - ok
10:20:21.0577 3568 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:20:21.0580 3568 mrxsmb - ok
10:20:21.0607 3568 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:20:21.0611 3568 mrxsmb10 - ok
10:20:21.0631 3568 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:20:21.0633 3568 mrxsmb20 - ok
10:20:21.0699 3568 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
10:20:21.0700 3568 msahci - ok
10:20:21.0740 3568 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
10:20:21.0743 3568 msdsm - ok
10:20:21.0772 3568 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:20:21.0776 3568 MSDTC - ok
10:20:21.0814 3568 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:20:21.0815 3568 Msfs - ok
10:20:21.0834 3568 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:20:21.0835 3568 mshidkmdf - ok
10:20:21.0868 3568 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
10:20:21.0869 3568 msisadrv - ok
10:20:21.0936 3568 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:20:21.0940 3568 MSiSCSI - ok
10:20:21.0945 3568 msiserver - ok
10:20:22.0006 3568 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:20:22.0008 3568 MSKSSRV - ok
10:20:22.0037 3568 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:20:22.0038 3568 MSPCLOCK - ok
10:20:22.0057 3568 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:20:22.0058 3568 MSPQM - ok
10:20:22.0082 3568 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:20:22.0087 3568 MsRPC - ok
10:20:22.0118 3568 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:20:22.0119 3568 mssmbios - ok
10:20:22.0228 3568 MSSQL$MSSMLBIZ - ok
10:20:22.0257 3568 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:20:22.0259 3568 MSSQLServerADHelper - ok
10:20:22.0308 3568 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:20:22.0310 3568 MSTEE - ok
10:20:22.0333 3568 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:20:22.0334 3568 MTConfig - ok
10:20:22.0355 3568 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:20:22.0356 3568 Mup - ok
10:20:22.0396 3568 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
10:20:22.0404 3568 napagent - ok
10:20:22.0458 3568 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:20:22.0463 3568 NativeWifiP - ok
10:20:22.0496 3568 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:20:22.0510 3568 NDIS - ok
10:20:22.0545 3568 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:20:22.0546 3568 NdisCap - ok
10:20:22.0598 3568 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:20:22.0599 3568 NdisTapi - ok
10:20:22.0619 3568 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:20:22.0620 3568 Ndisuio - ok
10:20:22.0634 3568 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:20:22.0637 3568 NdisWan - ok
10:20:22.0687 3568 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:20:22.0698 3568 NDProxy - ok
10:20:22.0782 3568 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
10:20:22.0784 3568 Netaapl - ok
10:20:22.0802 3568 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:20:22.0804 3568 NetBIOS - ok
10:20:22.0825 3568 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:20:22.0829 3568 NetBT - ok
10:20:22.0845 3568 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
10:20:22.0847 3568 Netlogon - ok
10:20:22.0914 3568 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:20:22.0920 3568 Netman - ok
10:20:22.0945 3568 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:20:22.0952 3568 netprofm - ok
10:20:22.0981 3568 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:20:22.0984 3568 NetTcpPortSharing - ok
10:20:23.0162 3568 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:20:23.0354 3568 netw5v64 - ok
10:20:23.0429 3568 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:20:23.0430 3568 nfrd960 - ok
10:20:23.0527 3568 [ D333A5FB3BEAFD554FB8FF5FD5BF762E ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
10:20:23.0532 3568 NitroReaderDriverReadSpool2 - ok
10:20:23.0588 3568 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:20:23.0594 3568 NlaSvc - ok
10:20:23.0608 3568 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:20:23.0609 3568 Npfs - ok
10:20:23.0627 3568 npggsvc - ok
10:20:23.0635 3568 NPPTNT2 - ok
10:20:23.0659 3568 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:20:23.0670 3568 nsi - ok
10:20:23.0711 3568 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:20:23.0712 3568 nsiproxy - ok
10:20:23.0775 3568 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:20:23.0799 3568 Ntfs - ok
10:20:23.0826 3568 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:20:23.0827 3568 Null - ok
10:20:23.0892 3568 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:20:23.0895 3568 nvraid - ok
10:20:23.0922 3568 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:20:23.0926 3568 nvstor - ok
10:20:23.0983 3568 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
10:20:23.0986 3568 nv_agp - ok
10:20:24.0135 3568 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:20:24.0144 3568 odserv - ok
10:20:24.0176 3568 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:20:24.0178 3568 ohci1394 - ok
10:20:24.0231 3568 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:20:24.0234 3568 ose - ok
10:20:24.0268 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:20:24.0274 3568 p2pimsvc - ok
10:20:24.0302 3568 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:20:24.0309 3568 p2psvc - ok
10:20:24.0333 3568 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:20:24.0336 3568 Parport - ok
10:20:24.0372 3568 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:20:24.0373 3568 partmgr - ok
10:20:24.0401 3568 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:20:24.0406 3568 PcaSvc - ok
10:20:24.0429 3568 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
10:20:24.0431 3568 pci - ok
10:20:24.0465 3568 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
10:20:24.0467 3568 pciide - ok
10:20:24.0510 3568 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:20:24.0514 3568 pcmcia - ok
10:20:24.0549 3568 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:20:24.0550 3568 pcw - ok
10:20:24.0583 3568 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:20:24.0592 3568 PEAUTH - ok
10:20:24.0626 3568 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:20:24.0627 3568 PerfHost - ok
10:20:24.0733 3568 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
10:20:24.0754 3568 pla - ok
10:20:24.0825 3568 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:20:24.0833 3568 PlugPlay - ok
10:20:24.0899 3568 [ 8AC5649C9070674D4607301C180AB10B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
10:20:24.0900 3568 pneteth - ok
10:20:24.0930 3568 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:20:24.0932 3568 PNRPAutoReg - ok
10:20:24.0978 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:20:24.0981 3568 PNRPsvc - ok
10:20:25.0010 3568 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:20:25.0018 3568 PolicyAgent - ok
10:20:25.0050 3568 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:20:25.0055 3568 Power - ok
10:20:25.0107 3568 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:20:25.0109 3568 PptpMiniport - ok
10:20:25.0136 3568 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:20:25.0137 3568 Processor - ok
10:20:25.0188 3568 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
10:20:25.0192 3568 ProfSvc - ok
10:20:25.0224 3568 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:20:25.0226 3568 ProtectedStorage - ok
10:20:25.0271 3568 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:20:25.0273 3568 Psched - ok
10:20:25.0339 3568 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:20:25.0340 3568 PxHlpa64 - ok
10:20:25.0401 3568 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:20:25.0424 3568 ql2300 - ok
10:20:25.0448 3568 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:20:25.0450 3568 ql40xx - ok
10:20:25.0483 3568 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:20:25.0488 3568 QWAVE - ok
10:20:25.0518 3568 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:20:25.0520 3568 QWAVEdrv - ok
10:20:25.0534 3568 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:20:25.0535 3568 RasAcd - ok
10:20:25.0577 3568 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:20:25.0578 3568 RasAgileVpn - ok
10:20:25.0599 3568 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:20:25.0602 3568 RasAuto - ok
10:20:25.0632 3568 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:20:25.0634 3568 Rasl2tp - ok
10:20:25.0716 3568 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
10:20:25.0722 3568 RasMan - ok
10:20:25.0747 3568 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:20:25.0749 3568 RasPppoe - ok
10:20:25.0808 3568 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:20:25.0810 3568 RasSstp - ok
10:20:25.0835 3568 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:20:25.0840 3568 rdbss - ok
10:20:25.0877 3568 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:20:25.0879 3568 rdpbus - ok
10:20:25.0925 3568 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:20:25.0926 3568 RDPCDD - ok
10:20:25.0935 3568 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:20:25.0935 3568 RDPENCDD - ok
10:20:25.0977 3568 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:20:25.0978 3568 RDPREFMP - ok
10:20:25.0998 3568 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:20:26.0002 3568 RDPWD - ok
10:20:26.0042 3568 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:20:26.0045 3568 rdyboost - ok
10:20:26.0068 3568 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:20:26.0071 3568 RemoteAccess - ok
10:20:26.0108 3568 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:20:26.0112 3568 RemoteRegistry - ok
10:20:26.0164 3568 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:20:26.0167 3568 RFCOMM - ok
10:20:26.0213 3568 [ 258AADB43E3F3468B5CF8CB0F84872C2 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
10:20:26.0214 3568 rimsptsk - ok
10:20:26.0238 3568 RimUsb - ok
10:20:26.0305 3568 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:20:26.0307 3568 RimVSerPort - ok
10:20:26.0363 3568 [ 71E182A0DE1CECB3F912960716345405 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
10:20:26.0365 3568 risdptsk - ok
10:20:26.0389 3568 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
10:20:26.0390 3568 ROOTMODEM - ok
10:20:26.0471 3568 [ D02E5A46F77C182CA1964080BCD586F7 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
10:20:26.0476 3568 Roxio UPnP Renderer 10 - ok
10:20:26.0514 3568 [ E5809597278802D09273EE07B5FC56E1 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
10:20:26.0520 3568 Roxio Upnp Server 10 - ok
10:20:26.0574 3568 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:20:26.0576 3568 RpcEptMapper - ok
10:20:26.0601 3568 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:20:26.0602 3568 RpcLocator - ok
10:20:26.0631 3568 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
10:20:26.0635 3568 RpcSs - ok
10:20:26.0706 3568 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:20:26.0708 3568 rspndr - ok
10:20:26.0760 3568 [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:20:26.0763 3568 RTHDMIAzAudService - ok
10:20:26.0835 3568 [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
10:20:26.0837 3568 RtkAudioService - ok
10:20:26.0846 3568 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
10:20:26.0847 3568 SamSs - ok
10:20:26.0881 3568 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
10:20:26.0884 3568 sbp2port - ok
10:20:27.0078 3568 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:20:27.0085 3568 SBSDWSCService - ok
10:20:27.0115 3568 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:20:27.0119 3568 SCardSvr - ok
10:20:27.0148 3568 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:20:27.0150 3568 scfilter - ok
10:20:27.0219 3568 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
10:20:27.0236 3568 Schedule - ok
10:20:27.0271 3568 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:20:27.0272 3568 SCPolicySvc - ok
10:20:27.0299 3568 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:20:27.0301 3568 sdbus - ok
10:20:27.0332 3568 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:20:27.0336 3568 SDRSVC - ok
10:20:27.0375 3568 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:20:27.0376 3568 secdrv - ok
10:20:27.0388 3568 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
10:20:27.0390 3568 seclogon - ok
10:20:27.0416 3568 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:20:27.0419 3568 SENS - ok
10:20:27.0459 3568 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:20:27.0461 3568 SensrSvc - ok
10:20:27.0520 3568 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:20:27.0521 3568 Serenum - ok
10:20:27.0568 3568 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:20:27.0570 3568 Serial - ok
10:20:27.0634 3568 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:20:27.0636 3568 sermouse - ok
10:20:27.0696 3568 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
10:20:27.0700 3568 SessionEnv - ok
10:20:27.0760 3568 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
10:20:27.0761 3568 SFEP - ok
10:20:27.0788 3568 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:20:27.0790 3568 sffdisk - ok
10:20:27.0824 3568 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:20:27.0826 3568 sffp_mmc - ok
10:20:27.0856 3568 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:20:27.0857 3568 sffp_sd - ok
10:20:27.0884 3568 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:20:27.0885 3568 sfloppy - ok
10:20:27.0959 3568 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:20:27.0965 3568 SharedAccess - ok
10:20:28.0005 3568 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:20:28.0012 3568 ShellHWDetection - ok
10:20:28.0094 3568 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:20:28.0096 3568 SiSRaid2 - ok
10:20:28.0124 3568 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:20:28.0126 3568 SiSRaid4 - ok
10:20:28.0180 3568 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:20:28.0182 3568 Smb - ok
10:20:28.0244 3568 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:20:28.0246 3568 SNMPTRAP - ok
10:20:28.0261 3568 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:20:28.0262 3568 spldr - ok
10:20:28.0304 3568 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
10:20:28.0314 3568 Spooler - ok
10:20:28.0418 3568 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
10:20:28.0509 3568 sppsvc - ok
10:20:28.0542 3568 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:20:28.0545 3568 sppuinotify - ok
10:20:28.0641 3568 sptd - ok
10:20:28.0732 3568 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:20:28.0735 3568 SQLBrowser - ok
10:20:28.0812 3568 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:20:28.0814 3568 SQLWriter - ok
10:20:28.0886 3568 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:20:28.0893 3568 srv - ok
10:20:28.0918 3568 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:20:28.0925 3568 srv2 - ok
10:20:28.0988 3568 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:20:28.0993 3568 SrvHsfHDA - ok
10:20:29.0039 3568 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:20:29.0062 3568 SrvHsfV92 - ok
10:20:29.0091 3568 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:20:29.0102 3568 SrvHsfWinac - ok
10:20:29.0134 3568 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:20:29.0137 3568 srvnet - ok
10:20:29.0183 3568 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:20:29.0187 3568 SSDPSRV - ok
10:20:29.0216 3568 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:20:29.0218 3568 SstpSvc - ok
10:20:29.0300 3568 Steam Client Service - ok
10:20:29.0345 3568 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:20:29.0346 3568 stexstor - ok
10:20:29.0389 3568 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
10:20:29.0399 3568 stisvc - ok
10:20:29.0418 3568 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:20:29.0418 3568 swenum - ok
10:20:29.0457 3568 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:20:29.0466 3568 swprv - ok
10:20:29.0546 3568 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
10:20:29.0573 3568 SysMain - ok
10:20:29.0598 3568 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:20:29.0602 3568 TabletInputService - ok
10:20:29.0635 3568 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
10:20:29.0641 3568 TapiSrv - ok
10:20:29.0681 3568 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:20:29.0692 3568 TBS - ok
10:20:29.0788 3568 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:20:29.0799 3568 Tcpip - ok
10:20:29.0888 3568 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:20:29.0899 3568 TCPIP6 - ok
10:20:29.0928 3568 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:20:29.0930 3568 tcpipreg - ok
10:20:29.0955 3568 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:20:29.0956 3568 TDPIPE - ok
10:20:29.0962 3568 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:20:29.0964 3568 TDTCP - ok
10:20:29.0982 3568 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:20:29.0984 3568 tdx - ok
10:20:30.0050 3568 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:20:30.0051 3568 TermDD - ok
10:20:30.0086 3568 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
10:20:30.0097 3568 TermService - ok
10:20:30.0118 3568 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:20:30.0120 3568 Themes - ok
10:20:30.0149 3568 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:20:30.0150 3568 THREADORDER - ok
10:20:30.0161 3568 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:20:30.0164 3568 TrkWks - ok
10:20:30.0228 3568 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:20:30.0231 3568 TrustedInstaller - ok
10:20:30.0265 3568 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:20:30.0266 3568 tssecsrv - ok
10:20:30.0339 3568 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:20:30.0341 3568 tunnel - ok
10:20:30.0366 3568 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:20:30.0368 3568 uagp35 - ok
10:20:30.0421 3568 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
10:20:30.0423 3568 uCamMonitor - ok
10:20:30.0440 3568 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:20:30.0446 3568 udfs - ok
10:20:30.0501 3568 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:20:30.0504 3568 UI0Detect - ok
10:20:30.0569 3568 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
10:20:30.0571 3568 uliagpkx - ok
10:20:30.0633 3568 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:20:30.0635 3568 umbus - ok
10:20:30.0690 3568 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:20:30.0691 3568 UmPass - ok
10:20:30.0717 3568 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:20:30.0724 3568 upnphost - ok
10:20:30.0780 3568 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:20:30.0782 3568 USBAAPL64 - ok
10:20:30.0861 3568 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:20:30.0863 3568 usbaudio - ok
10:20:30.0897 3568 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:20:30.0899 3568 usbccgp - ok
10:20:30.0948 3568 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
10:20:30.0950 3568 usbcir - ok
10:20:30.0982 3568 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:20:30.0983 3568 usbehci - ok
10:20:31.0027 3568 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:20:31.0032 3568 usbhub - ok
10:20:31.0051 3568 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:20:31.0054 3568 usbohci - ok
10:20:31.0183 3568 [ 538233FBBC748AA1D57B7B53F150DE9A ] USBPNPA C:\Windows\system32\drivers\CM10864.sys
10:20:31.0203 3568 USBPNPA - ok
10:20:31.0242 3568 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:20:31.0244 3568 usbprint - ok
10:20:31.0305 3568 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:20:31.0306 3568 usbscan - ok
10:20:31.0330 3568 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:20:31.0333 3568 USBSTOR - ok
10:20:31.0357 3568 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:20:31.0358 3568 usbuhci - ok
10:20:31.0426 3568 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:20:31.0429 3568 usbvideo - ok
10:20:31.0459 3568 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:20:31.0461 3568 UxSms - ok
10:20:31.0570 3568 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
10:20:31.0572 3568 VAIO Entertainment TV Device Arbitration Service - ok
10:20:31.0635 3568 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
10:20:31.0636 3568 VAIO Event Service - ok
10:20:31.0729 3568 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
10:20:31.0735 3568 VAIO Power Management - ok
10:20:31.0768 3568 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
10:20:31.0769 3568 VaultSvc - ok
10:20:31.0838 3568 [ 06FE5BEDDADB158D84E6DE33CBE19F3E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
10:20:31.0846 3568 VCFw - ok
10:20:31.0895 3568 VcmXmlIfHelper - ok
10:20:31.0899 3568 Vcsw - ok
10:20:31.0946 3568 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
10:20:31.0947 3568 vdrvroot - ok
10:20:31.0988 3568 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
10:20:31.0998 3568 vds - ok
10:20:32.0060 3568 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:20:32.0061 3568 vga - ok
10:20:32.0083 3568 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:20:32.0085 3568 VgaSave - ok
10:20:32.0124 3568 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
10:20:32.0128 3568 vhdmp - ok
10:20:32.0152 3568 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
10:20:32.0153 3568 viaide - ok
10:20:32.0170 3568 vmci - ok
10:20:32.0257 3568 [ 2256D5D7ADB516964646135EBB33958B ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
10:20:32.0257 3568 VMCService - ok
10:20:32.0263 3568 VMnetAdapter - ok
10:20:32.0317 3568 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
10:20:32.0318 3568 volmgr - ok
10:20:32.0356 3568 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:20:32.0362 3568 volmgrx - ok
10:20:32.0380 3568 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
10:20:32.0384 3568 volsnap - ok
10:20:32.0433 3568 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:20:32.0436 3568 vsmraid - ok
10:20:32.0514 3568 [ E9638E51373D527E22438B80126B64F9 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
10:20:32.0522 3568 VSNService - ok
10:20:32.0602 3568 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
10:20:32.0627 3568 VSS - ok
10:20:32.0651 3568 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:20:32.0660 3568 vwifibus - ok
10:20:32.0709 3568 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:20:32.0711 3568 vwififlt - ok
10:20:32.0753 3568 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:20:32.0754 3568 vwifimp - ok
10:20:32.0815 3568 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
10:20:32.0816 3568 VzCdbSvc - ok
10:20:32.0848 3568 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:20:32.0855 3568 W32Time - ok
10:20:32.0895 3568 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:20:32.0897 3568 WacomPen - ok
10:20:32.0958 3568 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:20:32.0960 3568 WANARP - ok
10:20:32.0965 3568 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:20:32.0967 3568 Wanarpv6 - ok
10:20:33.0066 3568 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:20:33.0085 3568 WatAdminSvc - ok
10:20:33.0150 3568 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
10:20:33.0173 3568 wbengine - ok
10:20:33.0200 3568 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:20:33.0205 3568 WbioSrvc - ok
10:20:33.0272 3568 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:20:33.0279 3568 wcncsvc - ok
10:20:33.0322 3568 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:20:33.0324 3568 WcsPlugInService - ok
10:20:33.0365 3568 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:20:33.0366 3568 Wd - ok
10:20:33.0399 3568 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:20:33.0409 3568 Wdf01000 - ok
10:20:33.0431 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:20:33.0434 3568 WdiServiceHost - ok
10:20:33.0439 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:20:33.0442 3568 WdiSystemHost - ok
10:20:33.0490 3568 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
10:20:33.0496 3568 WebClient - ok
10:20:33.0525 3568 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:20:33.0530 3568 Wecsvc - ok
10:20:33.0559 3568 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:20:33.0562 3568 wercplsupport - ok
10:20:33.0601 3568 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:20:33.0604 3568 WerSvc - ok
10:20:33.0662 3568 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:20:33.0663 3568 WfpLwf - ok
10:20:33.0685 3568 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:20:33.0686 3568 WIMMount - ok
10:20:33.0721 3568 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:20:33.0732 3568 winachsf - ok
10:20:33.0798 3568 WinDefend - ok
10:20:33.0805 3568 WinHttpAutoProxySvc - ok
10:20:33.0858 3568 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:20:33.0862 3568 Winmgmt - ok
10:20:33.0938 3568 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
10:20:33.0969 3568 WinRM - ok
10:20:34.0037 3568 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:20:34.0038 3568 WinUsb - ok
10:20:34.0092 3568 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:20:34.0107 3568 Wlansvc - ok
10:20:34.0247 3568 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:20:34.0304 3568 wlidsvc - ok
10:20:34.0336 3568 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:20:34.0338 3568 WmiAcpi - ok
10:20:34.0377 3568 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:20:34.0380 3568 wmiApSrv - ok
10:20:34.0428 3568 WMPNetworkSvc - ok
10:20:34.0464 3568 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:20:34.0466 3568 WPCSvc - ok
10:20:34.0492 3568 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:20:34.0496 3568 WPDBusEnum - ok
10:20:34.0522 3568 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:20:34.0523 3568 ws2ifsl - ok
10:20:34.0598 3568 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
10:20:34.0601 3568 wscsvc - ok
10:20:34.0606 3568 WSearch - ok
10:20:34.0778 3568 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
10:20:34.0847 3568 wuauserv - ok
10:20:34.0880 3568 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:20:34.0882 3568 WudfPf - ok
10:20:34.0933 3568 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:20:34.0936 3568 WUDFRd - ok
10:20:34.0965 3568 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:20:34.0968 3568 wudfsvc - ok
10:20:34.0995 3568 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:20:35.0000 3568 WwanSvc - ok
10:20:35.0047 3568 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
10:20:35.0048 3568 XAudio - ok
10:20:35.0106 3568 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:20:35.0112 3568 yukonw7 - ok
10:20:35.0177 3568 [ C5F6B47D291B13E1D259648F6D86D924 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
10:20:35.0180 3568 ZTEusbmdm6k - ok
10:20:35.0212 3568 [ 551F0F8D2A3C85594192049EF69579D9 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
10:20:35.0216 3568 ZTEusbnet - ok
10:20:35.0272 3568 [ 216020E1180B3E51933340A6B1987F38 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
10:20:35.0276 3568 ZTEusbnmea - ok
10:20:35.0315 3568 [ C5F6B47D291B13E1D259648F6D86D924 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
10:20:35.0319 3568 ZTEusbser6k - ok
10:20:35.0375 3568 [ C5F6B47D291B13E1D259648F6D86D924 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
10:20:35.0390 3568 ZTEusbvoice - ok
10:20:35.0480 3568 ================ Scan global ===============================
10:20:35.0506 3568 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:20:35.0527 3568 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:20:35.0539 3568 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:20:35.0580 3568 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:20:35.0611 3568 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:20:35.0617 3568 [Global] - ok
10:20:35.0618 3568 ================ Scan MBR ==================================
10:20:35.0662 3568 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:20:35.0895 3568 \Device\Harddisk0\DR0 - ok
10:20:35.0896 3568 ================ Scan VBR ==================================
10:20:35.0899 3568 [ A27036C0BB865A347CB4BAADD7BE29D1 ] \Device\Harddisk0\DR0\Partition1
10:20:35.0901 3568 \Device\Harddisk0\DR0\Partition1 - ok
10:20:35.0915 3568 [ 6D6E2CA66C0F94881ED6E18C3955824B ] \Device\Harddisk0\DR0\Partition2
10:20:35.0917 3568 \Device\Harddisk0\DR0\Partition2 - ok
10:20:35.0917 3568 ============================================================
10:20:35.0917 3568 Scan finished
10:20:35.0917 3568 ============================================================
10:20:35.0930 3380 Detected object count: 0
10:20:35.0930 3380 Actual detected object count: 0
10:21:06.0312 1060 ============================================================
10:21:06.0312 1060 Scan started
10:21:06.0312 1060 Mode: Manual;
10:21:06.0312 1060 ============================================================
10:21:06.0424 1060 ================ Scan system memory ========================
10:21:06.0425 1060 System memory - ok
10:21:06.0425 1060 ================ Scan services =============================
10:21:06.0567 1060 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:21:06.0569 1060 1394ohci - ok
10:21:06.0631 1060 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:21:06.0632 1060 ACDaemon - ok
10:21:06.0664 1060 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
10:21:06.0666 1060 ACPI - ok
10:21:06.0696 1060 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
10:21:06.0696 1060 AcpiPmi - ok
10:21:06.0759 1060 [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
10:21:06.0761 1060 AdobeActiveFileMonitor7.0 - ok
10:21:06.0908 1060 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:21:06.0910 1060 AdobeFlashPlayerUpdateSvc - ok
10:21:06.0962 1060 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:21:06.0965 1060 adp94xx - ok
10:21:07.0025 1060 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:21:07.0027 1060 adpahci - ok
10:21:07.0067 1060 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:21:07.0068 1060 adpu320 - ok
10:21:07.0103 1060 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:21:07.0104 1060 AeLookupSvc - ok
10:21:07.0159 1060 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
10:21:07.0162 1060 AFD - ok
10:21:07.0215 1060 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
10:21:07.0215 1060 agp440 - ok
10:21:07.0233 1060 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:21:07.0234 1060 ALG - ok
10:21:07.0245 1060 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
10:21:07.0246 1060 aliide - ok
10:21:07.0279 1060 [ 322A2C5D390109A4E50679AB58DEA870 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:21:07.0281 1060 AMD External Events Utility - ok
10:21:07.0307 1060 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
10:21:07.0308 1060 amdide - ok
10:21:07.0348 1060 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:21:07.0348 1060 AmdK8 - ok
10:21:07.0371 1060 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:21:07.0371 1060 AmdPPM - ok
10:21:07.0407 1060 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:21:07.0408 1060 amdsata - ok
10:21:07.0437 1060 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:21:07.0439 1060 amdsbs - ok
10:21:07.0452 1060 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:21:07.0453 1060 amdxata - ok
10:21:07.0492 1060 [ 56BD886820C4AEDF493CFCDF1CCFB004 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
10:21:07.0493 1060 ApfiltrService - ok
10:21:07.0543 1060 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
10:21:07.0544 1060 AppID - ok
10:21:07.0572 1060 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:21:07.0572 1060 AppIDSvc - ok
10:21:07.0587 1060 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
10:21:07.0588 1060 Appinfo - ok
10:21:07.0641 1060 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:21:07.0642 1060 Apple Mobile Device - ok
10:21:07.0674 1060 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:21:07.0675 1060 arc - ok
10:21:07.0706 1060 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:21:07.0707 1060 arcsas - ok
10:21:07.0753 1060 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
10:21:07.0753 1060 ArcSoftKsUFilter - ok
10:21:07.0780 1060 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:07.0781 1060 AsyncMac - ok
10:21:07.0808 1060 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
10:21:07.0808 1060 atapi - ok
10:21:07.0877 1060 [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:21:07.0886 1060 athr - ok
10:21:08.0035 1060 [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:08.0069 1060 atikmdag - ok
10:21:08.0120 1060 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:21:08.0124 1060 AudioEndpointBuilder - ok
10:21:08.0138 1060 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:21:08.0142 1060 AudioSrv - ok
10:21:08.0160 1060 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:21:08.0161 1060 AxInstSV - ok
10:21:08.0204 1060 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:21:08.0207 1060 b06bdrv - ok
10:21:08.0247 1060 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:21:08.0249 1060 b57nd60a - ok
10:21:08.0336 1060 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
10:21:08.0336 1060 BcmSqlStartupSvc - ok
10:21:08.0372 1060 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:21:08.0373 1060 BDESVC - ok
10:21:08.0396 1060 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:21:08.0397 1060 Beep - ok
10:21:08.0426 1060 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
10:21:08.0430 1060 BFE - ok
10:21:08.0549 1060 BITCOMET_HELPER_SERVICE - ok
10:21:08.0587 1060 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
10:21:08.0593 1060 BITS - ok
10:21:08.0619 1060 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:21:08.0619 1060 blbdrive - ok
10:21:08.0663 1060 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:21:08.0665 1060 Bonjour Service - ok
10:21:08.0687 1060 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:21:08.0688 1060 bowser - ok
10:21:08.0717 1060 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:21:08.0718 1060 BrFiltLo - ok
10:21:08.0744 1060 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:21:08.0745 1060 BrFiltUp - ok
10:21:08.0777 1060 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:21:08.0778 1060 BridgeMP - ok
10:21:08.0811 1060 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
10:21:08.0812 1060 Browser - ok
10:21:08.0839 1060 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:21:08.0841 1060 Brserid - ok
10:21:08.0877 1060 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:08.0878 1060 BrSerWdm - ok
10:21:08.0892 1060 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:08.0893 1060 BrUsbMdm - ok
10:21:08.0905 1060 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:08.0906 1060 BrUsbSer - ok
10:21:08.0934 1060 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:21:08.0935 1060 BthEnum - ok
10:21:08.0961 1060 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:08.0962 1060 BTHMODEM - ok
10:21:09.0001 1060 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:21:09.0002 1060 BthPan - ok
10:21:09.0023 1060 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:21:09.0026 1060 BTHPORT - ok
10:21:09.0054 1060 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:21:09.0055 1060 bthserv - ok
10:21:09.0086 1060 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:21:09.0087 1060 BTHUSB - ok
10:21:09.0114 1060 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:21:09.0115 1060 btwaudio - ok
10:21:09.0149 1060 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
10:21:09.0150 1060 btwavdt - ok
10:21:09.0196 1060 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:21:09.0202 1060 btwdins - ok
10:21:09.0235 1060 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:21:09.0236 1060 btwl2cap - ok
10:21:09.0254 1060 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:21:09.0255 1060 btwrchid - ok
10:21:09.0258 1060 catchme - ok
10:21:09.0297 1060 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:21:09.0299 1060 CAXHWAZL - ok
10:21:09.0359 1060 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:21:09.0360 1060 cdfs - ok
10:21:09.0378 1060 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:21:09.0380 1060 cdrom - ok
10:21:09.0415 1060 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
10:21:09.0416 1060 CertPropSvc - ok
10:21:09.0439 1060 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:21:09.0440 1060 circlass - ok
10:21:09.0467 1060 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:21:09.0469 1060 CLFS - ok
10:21:09.0540 1060 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:09.0540 1060 clr_optimization_v2.0.50727_32 - ok
10:21:09.0578 1060 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:21:09.0579 1060 clr_optimization_v2.0.50727_64 - ok
10:21:09.0635 1060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:21:09.0636 1060 clr_optimization_v4.0.30319_32 - ok
10:21:09.0666 1060 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:21:09.0668 1060 clr_optimization_v4.0.30319_64 - ok
10:21:09.0691 1060 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:09.0692 1060 CmBatt - ok
10:21:09.0720 1060 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
10:21:09.0721 1060 cmdide - ok
10:21:09.0757 1060 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
10:21:09.0760 1060 CNG - ok
10:21:09.0778 1060 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:21:09.0779 1060 Compbatt - ok
10:21:09.0806 1060 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:21:09.0807 1060 CompositeBus - ok
10:21:09.0813 1060 COMSysApp - ok
10:21:09.0850 1060 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:21:09.0850 1060 crcdisk - ok
10:21:09.0878 1060 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:21:09.0880 1060 CryptSvc - ok
10:21:09.0919 1060 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:21:09.0923 1060 DcomLaunch - ok
10:21:09.0952 1060 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:21:09.0955 1060 defragsvc - ok
10:21:09.0983 1060 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:21:09.0984 1060 DfsC - ok
10:21:10.0007 1060 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
10:21:10.0009 1060 Dhcp - ok
10:21:10.0040 1060 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:21:10.0041 1060 discache - ok
10:21:10.0067 1060 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:21:10.0067 1060 Disk - ok
10:21:10.0097 1060 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:21:10.0098 1060 Dnscache - ok
10:21:10.0132 1060 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
10:21:10.0134 1060 dot3svc - ok
10:21:10.0158 1060 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
10:21:10.0159 1060 DPS - ok
10:21:10.0189 1060 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:21:10.0190 1060 drmkaud - ok
10:21:10.0213 1060 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:21:10.0215 1060 dtsoftbus01 - ok
10:21:10.0278 1060 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:21:10.0283 1060 DXGKrnl - ok
10:21:10.0289 1060 EagleX64 - ok
10:21:10.0319 1060 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:21:10.0320 1060 EapHost - ok
10:21:10.0423 1060 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:21:10.0442 1060 ebdrv - ok
10:21:10.0479 1060 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
10:21:10.0480 1060 EFS - ok
10:21:10.0542 1060 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:21:10.0546 1060 ehRecvr - ok
10:21:10.0579 1060 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:21:10.0580 1060 ehSched - ok
10:21:10.0615 1060 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:21:10.0618 1060 elxstor - ok
10:21:10.0643 1060 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
10:21:10.0644 1060 ErrDev - ok
10:21:10.0692 1060 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:21:10.0695 1060 EventSystem - ok
10:21:10.0715 1060 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:21:10.0716 1060 exfat - ok
10:21:10.0737 1060 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:21:10.0738 1060 fastfat - ok
10:21:10.0782 1060 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
10:21:10.0786 1060 Fax - ok
10:21:10.0805 1060 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:21:10.0805 1060 fdc - ok
10:21:10.0819 1060 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:21:10.0819 1060 fdPHost - ok
10:21:10.0837 1060 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:21:10.0838 1060 FDResPub - ok
10:21:10.0867 1060 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:21:10.0868 1060 FileInfo - ok
10:21:10.0884 1060 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:21:10.0884 1060 Filetrace - ok
10:21:10.0925 1060 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:21:10.0929 1060 FLEXnet Licensing Service - ok
10:21:10.0964 1060 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:10.0965 1060 flpydisk - ok
10:21:10.0987 1060 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:21:10.0989 1060 FltMgr - ok
10:21:11.0059 1060 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
10:21:11.0067 1060 FontCache - ok
10:21:11.0109 1060 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:21:11.0110 1060 FontCache3.0.0.0 - ok
10:21:11.0145 1060 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:21:11.0146 1060 FsDepends - ok
10:21:11.0190 1060 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:21:11.0191 1060 fssfltr - ok
10:21:11.0330 1060 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:21:11.0340 1060 fsssvc - ok
10:21:11.0359 1060 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:21:11.0359 1060 Fs_Rec - ok
10:21:11.0422 1060 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:21:11.0423 1060 fvevol - ok
10:21:11.0481 1060 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:11.0482 1060 gagp30kx - ok
10:21:11.0515 1060 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:11.0516 1060 GEARAspiWDM - ok
10:21:11.0563 1060 GGSAFERDriver - ok
10:21:11.0606 1060 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
10:21:11.0611 1060 gpsvc - ok
10:21:11.0665 1060 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
10:21:11.0666 1060 hamachi - ok
10:21:11.0699 1060 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:21:11.0699 1060 hcw85cir - ok
10:21:11.0731 1060 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:21:11.0734 1060 HdAudAddService - ok
10:21:11.0761 1060 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:21:11.0762 1060 HDAudBus - ok
10:21:11.0779 1060 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:21:11.0780 1060 HidBatt - ok
10:21:11.0800 1060 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:21:11.0801 1060 HidBth - ok
10:21:11.0820 1060 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:21:11.0821 1060 HidIr - ok
10:21:11.0847 1060 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:21:11.0848 1060 hidserv - ok
10:21:11.0874 1060 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:21:11.0875 1060 HidUsb - ok
10:21:11.0900 1060 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:21:11.0902 1060 hkmsvc - ok
10:21:11.0932 1060 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:21:11.0935 1060 HomeGroupListener - ok
10:21:11.0982 1060 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:21:11.0985 1060 HomeGroupProvider - ok
10:21:12.0024 1060 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
10:21:12.0025 1060 HpSAMD - ok
10:21:12.0143 1060 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:21:12.0147 1060 HsfXAudioService - ok
10:21:12.0215 1060 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:21:12.0224 1060 HSF_DPV - ok
10:21:12.0271 1060 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:21:12.0275 1060 HTTP - ok
10:21:12.0298 1060 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:21:12.0298 1060 hwpolicy - ok
10:21:12.0327 1060 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:21:12.0328 1060 i8042prt - ok
10:21:12.0379 1060 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:21:12.0381 1060 IAANTMON - ok
10:21:12.0429 1060 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:21:12.0431 1060 iaStor - ok
10:21:12.0480 1060 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:21:12.0483 1060 iaStorV - ok
10:21:12.0548 1060 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:21:12.0553 1060 idsvc - ok
10:21:12.0754 1060 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:21:12.0796 1060 igfx - ok
10:21:12.0850 1060 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:21:12.0851 1060 iirsp - ok
10:21:12.0902 1060 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
10:21:12.0908 1060 IKEEXT - ok
10:21:12.0973 1060 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:21:12.0984 1060 IntcAzAudAddService - ok
10:21:13.0015 1060 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
10:21:13.0016 1060 IntcHdmiAddService - ok
10:21:13.0053 1060 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:21:13.0054 1060 intelide - ok
10:21:13.0089 1060 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:21:13.0089 1060 intelppm - ok
10:21:13.0115 1060 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:21:13.0116 1060 IPBusEnum - ok
10:21:13.0138 1060 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:13.0139 1060 IpFilterDriver - ok
10:21:13.0168 1060 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:21:13.0172 1060 iphlpsvc - ok
10:21:13.0201 1060 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:21:13.0201 1060 IPMIDRV - ok
10:21:13.0218 1060 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:21:13.0219 1060 IPNAT - ok
10:21:13.0288 1060 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:21:13.0293 1060 iPod Service - ok
10:21:13.0321 1060 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:21:13.0321 1060 IRENUM - ok
10:21:13.0360 1060 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
10:21:13.0361 1060 isapnp - ok
10:21:13.0405 1060 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:21:13.0406 1060 iScsiPrt - ok
10:21:13.0452 1060 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:13.0453 1060 kbdclass - ok
10:21:13.0477 1060 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:21:13.0477 1060 kbdhid - ok
10:21:13.0534 1060 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
10:21:13.0536 1060 KeyIso - ok
10:21:13.0562 1060 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:21:13.0563 1060 KSecDD - ok
10:21:13.0573 1060 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:21:13.0574 1060 KSecPkg - ok
10:21:13.0617 1060 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:21:13.0618 1060 ksthunk - ok
10:21:13.0657 1060 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:21:13.0661 1060 KtmRm - ok
10:21:13.0720 1060 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:21:13.0723 1060 LanmanServer - ok
10:21:13.0789 1060 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:21:13.0791 1060 LanmanWorkstation - ok
10:21:13.0845 1060 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:21:13.0846 1060 lltdio - ok
10:21:13.0867 1060 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:21:13.0870 1060 lltdsvc - ok
10:21:13.0920 1060 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:21:13.0922 1060 lmhosts - ok
10:21:13.0965 1060 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:21:13.0966 1060 LSI_FC - ok
10:21:13.0995 1060 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:21:13.0996 1060 LSI_SAS - ok
10:21:14.0021 1060 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:21:14.0022 1060 LSI_SAS2 - ok
10:21:14.0039 1060 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:21:14.0040 1060 LSI_SCSI - ok
10:21:14.0068 1060 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:21:14.0069 1060 luafv - ok
10:21:14.0096 1060 [ B5E86524918EF32B32D1032E0C8E92A3 ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
10:21:14.0096 1060 massfilter - ok
10:21:14.0126 1060 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:21:14.0128 1060 Mcx2Svc - ok
10:21:14.0157 1060 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:21:14.0157 1060 mdmxsdk - ok
10:21:14.0188 1060 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:21:14.0188 1060 megasas - ok
10:21:14.0229 1060 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:21:14.0231 1060 MegaSR - ok
10:21:14.0281 1060 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:21:14.0283 1060 MMCSS - ok
10:21:14.0300 1060 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:21:14.0301 1060 Modem - ok
10:21:14.0317 1060 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:21:14.0317 1060 monitor - ok
10:21:14.0339 1060 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:21:14.0340 1060 mouclass - ok
10:21:14.0353 1060 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:21:14.0353 1060 mouhid - ok
10:21:14.0365 1060 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:21:14.0366 1060 mountmgr - ok
10:21:14.0428 1060 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:21:14.0429 1060 MozillaMaintenance - ok
10:21:14.0473 1060 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
10:21:14.0474 1060 mpio - ok
10:21:14.0491 1060 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:21:14.0491 1060 mpsdrv - ok
10:21:14.0542 1060 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:21:14.0548 1060 MpsSvc - ok
10:21:14.0581 1060 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:21:14.0582 1060 MRxDAV - ok
10:21:14.0621 1060 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:14.0622 1060 mrxsmb - ok
10:21:14.0651 1060 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:14.0653 1060 mrxsmb10 - ok
10:21:14.0664 1060 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:14.0665 1060 mrxsmb20 - ok
10:21:14.0687 1060 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
10:21:14.0688 1060 msahci - ok
10:21:14.0717 1060 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
10:21:14.0718 1060 msdsm - ok
10:21:14.0738 1060 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:21:14.0740 1060 MSDTC - ok
10:21:14.0791 1060 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:21:14.0792 1060 Msfs - ok
10:21:14.0811 1060 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:21:14.0812 1060 mshidkmdf - ok
10:21:14.0845 1060 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
10:21:14.0846 1060 msisadrv - ok
10:21:14.0880 1060 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:21:14.0882 1060 MSiSCSI - ok
10:21:14.0888 1060 msiserver - ok
10:21:14.0928 1060 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:21:14.0929 1060 MSKSSRV - ok
10:21:14.0948 1060 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:14.0948 1060 MSPCLOCK - ok
10:21:14.0968 1060 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:21:14.0968 1060 MSPQM - ok
10:21:15.0004 1060 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:21:15.0006 1060 MsRPC - ok
10:21:15.0051 1060 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:21:15.0052 1060 mssmbios - ok
10:21:15.0150 1060 MSSQL$MSSMLBIZ - ok
10:21:15.0179 1060 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:21:15.0179 1060 MSSQLServerADHelper - ok
10:21:15.0197 1060 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:21:15.0197 1060 MSTEE - ok
10:21:15.0221 1060 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:21:15.0222 1060 MTConfig - ok
10:21:15.0243 1060 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:21:15.0244 1060 Mup - ok
10:21:15.0284 1060 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
10:21:15.0288 1060 napagent - ok
10:21:15.0346 1060 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:21:15.0348 1060 NativeWifiP - ok
10:21:15.0418 1060 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:21:15.0424 1060 NDIS - ok
10:21:15.0444 1060 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:15.0445 1060 NdisCap - ok
10:21:15.0475 1060 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:15.0476 1060 NdisTapi - ok
10:21:15.0485 1060 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:15.0485 1060 Ndisuio - ok
10:21:15.0500 1060 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:15.0501 1060 NdisWan - ok
10:21:15.0520 1060 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:21:15.0521 1060 NDProxy - ok
10:21:15.0571 1060 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
10:21:15.0571 1060 Netaapl - ok
10:21:15.0591 1060 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:21:15.0592 1060 NetBIOS - ok
10:21:15.0614 1060 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:21:15.0616 1060 NetBT - ok
10:21:15.0656 1060 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
10:21:15.0658 1060 Netlogon - ok
10:21:15.0691 1060 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:21:15.0694 1060 Netman - ok
10:21:15.0733 1060 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:21:15.0737 1060 netprofm - ok
10:21:15.0792 1060 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:15.0793 1060 NetTcpPortSharing - ok
10:21:15.0939 1060 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:21:15.0971 1060 netw5v64 - ok
10:21:16.0039 1060 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:21:16.0040 1060 nfrd960 - ok
10:21:16.0104 1060 [ D333A5FB3BEAFD554FB8FF5FD5BF762E ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
10:21:16.0106 1060 NitroReaderDriverReadSpool2 - ok
10:21:16.0143 1060 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:21:16.0146 1060 NlaSvc - ok
10:21:16.0174 1060 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:21:16.0175 1060 Npfs - ok
10:21:16.0180 1060 npggsvc - ok
10:21:16.0188 1060 NPPTNT2 - ok
10:21:16.0215 1060 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:21:16.0217 1060 nsi - ok
10:21:16.0245 1060 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:21:16.0246 1060 nsiproxy - ok
10:21:16.0330 1060 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:21:16.0340 1060 Ntfs - ok
10:21:16.0370 1060 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:21:16.0371 1060 Null - ok
10:21:16.0402 1060 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:21:16.0403 1060 nvraid - ok
10:21:16.0433 1060 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:21:16.0434 1060 nvstor - ok
10:21:16.0461 1060 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
10:21:16.0462 1060 nv_agp - ok
10:21:16.0591 1060 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:21:16.0593 1060 odserv - ok
10:21:16.0654 1060 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:21:16.0655 1060 ohci1394 - ok
10:21:16.0708 1060 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:16.0709 1060 ose - ok
10:21:16.0767 1060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:21:16.0770 1060 p2pimsvc - ok
10:21:16.0801 1060 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:21:16.0805 1060 p2psvc - ok
10:21:16.0822 1060 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:21:16.0823 1060 Parport - ok
10:21:16.0860 1060 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:21:16.0861 1060 partmgr - ok
10:21:16.0879 1060 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:21:16.0881 1060 PcaSvc - ok
10:21:16.0906 1060 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
10:21:16.0908 1060 pci - ok
10:21:16.0943 1060 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
10:21:16.0943 1060 pciide - ok
10:21:16.0987 1060 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:16.0989 1060 pcmcia - ok
10:21:17.0026 1060 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:21:17.0027 1060 pcw - ok
10:21:17.0049 1060 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:21:17.0054 1060 PEAUTH - ok
10:21:17.0092 1060 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:21:17.0093 1060 PerfHost - ok
10:21:17.0166 1060 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
10:21:17.0175 1060 pla - ok
10:21:17.0225 1060 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:21:17.0229 1060 PlugPlay - ok
10:21:17.0254 1060 [ 8AC5649C9070674D4607301C180AB10B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
10:21:17.0254 1060 pneteth - ok
10:21:17.0285 1060 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:21:17.0286 1060 PNRPAutoReg - ok
10:21:17.0311 1060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:21:17.0315 1060 PNRPsvc - ok
10:21:17.0354 1060 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:21:17.0358 1060 PolicyAgent - ok
10:21:17.0394 1060 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:21:17.0397 1060 Power - ok
10:21:17.0440 1060 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:21:17.0441 1060 PptpMiniport - ok
10:21:17.0469 1060 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:21:17.0469 1060 Processor - ok
10:21:17.0510 1060 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
10:21:17.0512 1060 ProfSvc - ok
10:21:17.0557 1060 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:21:17.0559 1060 ProtectedStorage - ok
10:21:17.0570 1060 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:21:17.0571 1060 Psched - ok
10:21:17.0606 1060 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:21:17.0606 1060 PxHlpa64 - ok
10:21:17.0667 1060 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:21:17.0676 1060 ql2300 - ok
10:21:17.0703 1060 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:21:17.0704 1060 ql40xx - ok
10:21:17.0738 1060 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:21:17.0741 1060 QWAVE - ok
10:21:17.0762 1060 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:21:17.0763 1060 QWAVEdrv - ok
10:21:17.0789 1060 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:21:17.0790 1060 RasAcd - ok
10:21:17.0809 1060 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:17.0810 1060 RasAgileVpn - ok
10:21:17.0832 1060 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:21:17.0834 1060 RasAuto - ok
10:21:17.0854 1060 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:17.0855 1060 Rasl2tp - ok
10:21:17.0871 1060 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
10:21:17.0874 1060 RasMan - ok
10:21:17.0891 1060 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:17.0892 1060 RasPppoe - ok
10:21:17.0930 1060 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:21:17.0931 1060 RasSstp - ok
10:21:17.0957 1060 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:21:17.0959 1060 rdbss - ok
10:21:17.0988 1060 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:21:17.0989 1060 rdpbus - ok
10:21:18.0014 1060 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:18.0014 1060 RDPCDD - ok
10:21:18.0023 1060 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:21:18.0023 1060 RDPENCDD - ok
10:21:18.0043 1060 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:21:18.0044 1060 RDPREFMP - ok
10:21:18.0065 1060 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:21:18.0066 1060 RDPWD - ok
10:21:18.0086 1060 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:21:18.0087 1060 rdyboost - ok
10:21:18.0112 1060 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:21:18.0114 1060 RemoteAccess - ok
10:21:18.0152 1060 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:21:18.0155 1060 RemoteRegistry - ok
10:21:18.0174 1060 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:21:18.0176 1060 RFCOMM - ok
10:21:18.0190 1060 [ 258AADB43E3F3468B5CF8CB0F84872C2 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
10:21:18.0191 1060 rimsptsk - ok
10:21:18.0196 1060 RimUsb - ok
10:21:18.0249 1060 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:21:18.0250 1060 RimVSerPort - ok
10:21:18.0285 1060 [ 71E182A0DE1CECB3F912960716345405 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
10:21:18.0286 1060 risdptsk - ok
10:21:18.0311 1060 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
10:21:18.0312 1060 ROOTMODEM - ok
10:21:18.0381 1060 [ D02E5A46F77C182CA1964080BCD586F7 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
10:21:18.0383 1060 Roxio UPnP Renderer 10 - ok
10:21:18.0414 1060 [ E5809597278802D09273EE07B5FC56E1 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
10:21:18.0416 1060 Roxio Upnp Server 10 - ok
10:21:18.0451 1060 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:21:18.0453 1060 RpcEptMapper - ok
10:21:18.0478 1060 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:21:18.0479 1060 RpcLocator - ok
10:21:18.0508 1060 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
10:21:18.0513 1060 RpcSs - ok
10:21:18.0528 1060 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:21:18.0528 1060 rspndr - ok
10:21:18.0560 1060 [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:21:18.0561 1060 RTHDMIAzAudService - ok
10:21:18.0601 1060 [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
10:21:18.0602 1060 RtkAudioService - ok
10:21:18.0612 1060 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
10:21:18.0614 1060 SamSs - ok
10:21:18.0647 1060 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
10:21:18.0648 1060 sbp2port - ok
10:21:18.0722 1060 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:21:18.0729 1060 SBSDWSCService - ok
10:21:18.0759 1060 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:21:18.0761 1060 SCardSvr - ok
10:21:18.0792 1060 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:21:18.0793 1060 scfilter - ok
10:21:18.0863 1060 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
10:21:18.0871 1060 Schedule - ok
10:21:18.0904 1060 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:21:18.0905 1060 SCPolicySvc - ok
10:21:18.0932 1060 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:21:18.0933 1060 sdbus - ok
10:21:18.0965 1060 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:21:18.0967 1060 SDRSVC - ok
10:21:18.0986 1060 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:21:18.0986 1060 secdrv - ok
10:21:18.0998 1060 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
10:21:19.0000 1060 seclogon - ok
10:21:19.0016 1060 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:21:19.0018 1060 SENS - ok
10:21:19.0073 1060 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:21:19.0075 1060 SensrSvc - ok
10:21:19.0109 1060 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:21:19.0109 1060 Serenum - ok
10:21:19.0123 1060 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:21:19.0124 1060 Serial - ok
10:21:19.0156 1060 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:21:19.0157 1060 sermouse - ok
10:21:19.0207 1060 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
10:21:19.0209 1060 SessionEnv - ok
10:21:19.0238 1060 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
10:21:19.0238 1060 SFEP - ok
10:21:19.0266 1060 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:21:19.0266 1060 sffdisk - ok
10:21:19.0302 1060 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:21:19.0302 1060 sffp_mmc - ok
10:21:19.0333 1060 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:21:19.0334 1060 sffp_sd - ok
10:21:19.0361 1060 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:19.0362 1060 sfloppy - ok
10:21:19.0403 1060 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:21:19.0406 1060 SharedAccess - ok
10:21:19.0450 1060 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:21:19.0453 1060 ShellHWDetection - ok
10:21:19.0483 1060 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:21:19.0483 1060 SiSRaid2 - ok
10:21:19.0513 1060 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:21:19.0513 1060 SiSRaid4 - ok
10:21:19.0535 1060 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:21:19.0536 1060 Smb - ok
10:21:19.0555 1060 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:21:19.0557 1060 SNMPTRAP - ok
10:21:19.0572 1060 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:21:19.0572 1060 spldr - ok
10:21:19.0615 1060 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
10:21:19.0620 1060 Spooler - ok
10:21:19.0729 1060 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
10:21:19.0750 1060 sppsvc - ok
10:21:19.0786 1060 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:21:19.0788 1060 sppuinotify - ok
10:21:19.0792 1060 sptd - ok
10:21:19.0821 1060 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:21:19.0822 1060 SQLBrowser - ok
10:21:19.0900 1060 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:21:19.0901 1060 SQLWriter - ok
10:21:19.0941 1060 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:21:19.0944 1060 srv - ok
10:21:19.0963 1060 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:21:19.0965 1060 srv2 - ok
10:21:19.0998 1060 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:21:20.0001 1060 SrvHsfHDA - ok
10:21:20.0050 1060 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:21:20.0059 1060 SrvHsfV92 - ok
10:21:20.0090 1060 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:21:20.0095 1060 SrvHsfWinac - ok
10:21:20.0134 1060 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:21:20.0135 1060 srvnet - ok
10:21:20.0160 1060 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:21:20.0163 1060 SSDPSRV - ok
10:21:20.0182 1060 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:21:20.0184 1060 SstpSvc - ok
10:21:20.0210 1060 Steam Client Service - ok
10:21:20.0256 1060 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:21:20.0256 1060 stexstor - ok
10:21:20.0299 1060 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
10:21:20.0305 1060 stisvc - ok
10:21:20.0318 1060 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:21:20.0318 1060 swenum - ok
10:21:20.0356 1060 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:21:20.0361 1060 swprv - ok
10:21:20.0413 1060 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
10:21:20.0424 1060 SysMain - ok
10:21:20.0465 1060 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:21:20.0467 1060 TabletInputService - ok
10:21:20.0490 1060 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
10:21:20.0494 1060 TapiSrv - ok
10:21:20.0514 1060 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:21:20.0516 1060 TBS - ok
10:21:20.0587 1060 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:21:20.0598 1060 Tcpip - ok
10:21:20.0633 1060 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:21:20.0644 1060 TCPIP6 - ok
10:21:20.0683 1060 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:21:20.0684 1060 tcpipreg - ok
10:21:20.0710 1060 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:21:20.0711 1060 TDPIPE - ok
10:21:20.0716 1060 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:21:20.0717 1060 TDTCP - ok
10:21:20.0737 1060 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:21:20.0738 1060 tdx - ok
10:21:20.0771 1060 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:21:20.0772 1060 TermDD - ok
10:21:20.0808 1060 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
10:21:20.0814 1060 TermService - ok
10:21:20.0829 1060 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:21:20.0831 1060 Themes - ok
10:21:20.0860 1060 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:21:20.0861 1060 THREADORDER - ok
10:21:20.0872 1060 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:21:20.0874 1060 TrkWks - ok
10:21:20.0938 1060 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:21:20.0940 1060 TrustedInstaller - ok
10:21:20.0965 1060 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:20.0965 1060 tssecsrv - ok
10:21:20.0994 1060 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:21:20.0995 1060 tunnel - ok
10:21:21.0021 1060 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:21:21.0022 1060 uagp35 - ok
10:21:21.0065 1060 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
10:21:21.0066 1060 uCamMonitor - ok
10:21:21.0084 1060 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:21:21.0086 1060 udfs - ok
10:21:21.0134 1060 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:21:21.0137 1060 UI0Detect - ok
10:21:21.0191 1060 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
10:21:21.0192 1060 uliagpkx - ok
10:21:21.0222 1060 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:21:21.0223 1060 umbus - ok
10:21:21.0256 1060 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:21:21.0257 1060 UmPass - ok
10:21:21.0284 1060 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:21:21.0288 1060 upnphost - ok
10:21:21.0325 1060 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:21:21.0326 1060 USBAAPL64 - ok
10:21:21.0360 1060 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:21:21.0361 1060 usbaudio - ok
10:21:21.0397 1060 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:21.0398 1060 usbccgp - ok
10:21:21.0425 1060 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
10:21:21.0426 1060 usbcir - ok
10:21:21.0459 1060 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:21:21.0460 1060 usbehci - ok
10:21:21.0482 1060 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:21:21.0485 1060 usbhub - ok
10:21:21.0506 1060 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:21:21.0507 1060 usbohci - ok
10:21:21.0583 1060 [ 538233FBBC748AA1D57B7B53F150DE9A ] USBPNPA C:\Windows\system32\drivers\CM10864.sys
10:21:21.0591 1060 USBPNPA - ok
10:21:21.0620 1060 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:21:21.0620 1060 usbprint - ok
10:21:21.0671 1060 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:21:21.0672 1060 usbscan - ok
10:21:21.0697 1060 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:21.0698 1060 USBSTOR - ok
10:21:21.0724 1060 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:21:21.0724 1060 usbuhci - ok
10:21:21.0759 1060 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:21:21.0761 1060 usbvideo - ok
10:21:21.0781 1060 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:21:21.0783 1060 UxSms - ok
10:21:21.0870 1060 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
10:21:21.0870 1060 VAIO Entertainment TV Device Arbitration Service - ok
10:21:21.0934 1060 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
10:21:21.0936 1060 VAIO Event Service - ok
10:21:22.0028 1060 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
10:21:22.0031 1060 VAIO Power Management - ok
10:21:22.0046 1060 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
10:21:22.0047 1060 VaultSvc - ok
10:21:22.0115 1060 [ 06FE5BEDDADB158D84E6DE33CBE19F3E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
10:21:22.0119 1060 VCFw - ok
10:21:22.0139 1060 VcmXmlIfHelper - ok
10:21:22.0143 1060 Vcsw - ok
10:21:22.0168 1060 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
10:21:22.0169 1060 vdrvroot - ok
10:21:22.0210 1060 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
10:21:22.0215 1060 vds - ok
10:21:22.0248 1060 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:22.0249 1060 vga - ok
10:21:22.0261 1060 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:21:22.0262 1060 VgaSave - ok
10:21:22.0312 1060 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
10:21:22.0314 1060 vhdmp - ok
10:21:22.0340 1060 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
10:21:22.0341 1060 viaide - ok
10:21:22.0347 1060 vmci - ok
10:21:22.0401 1060 [ 2256D5D7ADB516964646135EBB33958B ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
10:21:22.0402 1060 VMCService - ok
10:21:22.0407 1060 VMnetAdapter - ok
10:21:22.0461 1060 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
10:21:22.0462 1060 volmgr - ok
10:21:22.0512 1060 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:21:22.0514 1060 volmgrx - ok
10:21:22.0535 1060 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
10:21:22.0537 1060 volsnap - ok
10:21:22.0566 1060 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:21:22.0567 1060 vsmraid - ok
10:21:22.0625 1060 [ E9638E51373D527E22438B80126B64F9 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
10:21:22.0628 1060 VSNService - ok
10:21:22.0702 1060 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
10:21:22.0713 1060 VSS - ok
10:21:22.0739 1060 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:22.0740 1060 vwifibus - ok
10:21:22.0765 1060 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:22.0765 1060 vwififlt - ok
10:21:22.0775 1060 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:22.0775 1060 vwifimp - ok
10:21:22.0837 1060 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
10:21:22.0838 1060 VzCdbSvc - ok
10:21:22.0869 1060 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:21:22.0874 1060 W32Time - ok
10:21:22.0895 1060 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:21:22.0896 1060 WacomPen - ok
10:21:22.0913 1060 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:21:22.0914 1060 WANARP - ok
10:21:22.0920 1060 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:21:22.0921 1060 Wanarpv6 - ok
10:21:22.0976 1060 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:21:22.0984 1060 WatAdminSvc - ok
10:21:23.0051 1060 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
10:21:23.0061 1060 wbengine - ok
10:21:23.0089 1060 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:21:23.0092 1060 WbioSrvc - ok
10:21:23.0138 1060 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:21:23.0142 1060 wcncsvc - ok
10:21:23.0177 1060 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:21:23.0180 1060 WcsPlugInService - ok
10:21:23.0209 1060 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:21:23.0210 1060 Wd - ok
10:21:23.0255 1060 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:21:23.0259 1060 Wdf01000 - ok
10:21:23.0286 1060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:21:23.0289 1060 WdiServiceHost - ok
10:21:23.0294 1060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:21:23.0297 1060 WdiSystemHost - ok
10:21:23.0345 1060 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
10:21:23.0349 1060 WebClient - ok
10:21:23.0380 1060 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:21:23.0383 1060 Wecsvc - ok
10:21:23.0414 1060 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:21:23.0416 1060 wercplsupport - ok
10:21:23.0434 1060 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:21:23.0436 1060 WerSvc - ok
10:21:23.0462 1060 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:23.0463 1060 WfpLwf - ok
10:21:23.0485 1060 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:21:23.0485 1060 WIMMount - ok
10:21:23.0520 1060 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:21:23.0525 1060 winachsf - ok
10:21:23.0554 1060 WinDefend - ok
10:21:23.0562 1060 WinHttpAutoProxySvc - ok
10:21:23.0613 1060 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:21:23.0614 1060 Winmgmt - ok
10:21:23.0705 1060 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
10:21:23.0718 1060 WinRM - ok
10:21:23.0759 1060 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:23.0759 1060 WinUsb - ok
10:21:23.0814 1060 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:21:23.0821 1060 Wlansvc - ok
10:21:23.0924 1060 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:21:23.0937 1060 wlidsvc - ok
10:21:23.0969 1060 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:21:23.0970 1060 WmiAcpi - ok
10:21:24.0010 1060 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:21:24.0011 1060 wmiApSrv - ok
10:21:24.0039 1060 WMPNetworkSvc - ok
10:21:24.0074 1060 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:21:24.0077 1060 WPCSvc - ok
10:21:24.0103 1060 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:21:24.0106 1060 WPDBusEnum - ok
10:21:24.0133 1060 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:21:24.0134 1060 ws2ifsl - ok
10:21:24.0176 1060 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
10:21:24.0178 1060 wscsvc - ok
10:21:24.0183 1060 WSearch - ok
10:21:24.0256 1060 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
10:21:24.0272 1060 wuauserv - ok
10:21:24.0313 1060 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:21:24.0314 1060 WudfPf - ok
10:21:24.0333 1060 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:24.0334 1060 WUDFRd - ok
10:21:24.0365 1060 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:21:24.0367 1060 wudfsvc - ok
10:21:24.0394 1060 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:21:24.0398 1060 WwanSvc - ok
10:21:24.0425 1060 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
10:21:24.0425 1060 XAudio - ok
10:21:24.0450 1060 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:21:24.0452 1060 yukonw7 - ok
10:21:24.0477 1060 [ C5F6B47D291B13E1D259648F6D86D924 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
10:21:24.0478 1060 ZTEusbmdm6k - ok
10:21:24.0490 1060 [ 551F0F8D2A3C85594192049EF69579D9 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
10:21:24.0491 1060 ZTEusbnet - ok
10:21:24.0517 1060 [ 216020E1180B3E51933340A6B1987F38 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
10:21:24.0518 1060 ZTEusbnmea - ok
10:21:24.0537 1060 [ C5F6B47D291B13E1D259648F6D86D924 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
10:21:24.0539 1060 ZTEusbser6k - ok
10:21:24.0553 1060 [ C5F6B47D291B13E1D259648F6D86D924 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
10:21:24.0554 1060 ZTEusbvoice - ok
10:21:24.0580 1060 ================ Scan global ===============================
10:21:24.0606 1060 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:21:24.0627 1060 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:21:24.0637 1060 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:21:24.0658 1060 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:21:24.0689 1060 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:21:24.0692 1060 [Global] - ok
10:21:24.0693 1060 ================ Scan MBR ==================================
10:21:24.0706 1060 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:21:24.0937 1060 \Device\Harddisk0\DR0 - ok
10:21:24.0938 1060 ================ Scan VBR ==================================
10:21:24.0941 1060 [ A27036C0BB865A347CB4BAADD7BE29D1 ] \Device\Harddisk0\DR0\Partition1
10:21:24.0943 1060 \Device\Harddisk0\DR0\Partition1 - ok
10:21:24.0959 1060 [ 6D6E2CA66C0F94881ED6E18C3955824B ] \Device\Harddisk0\DR0\Partition2
10:21:24.0961 1060 \Device\Harddisk0\DR0\Partition2 - ok
10:21:24.0962 1060 ============================================================
10:21:24.0962 1060 Scan finished
10:21:24.0962 1060 ============================================================
10:21:24.0972 1364 Detected object count: 0
10:21:24.0972 1364 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-10 10:21:51
-----------------------------
10:21:51.447 OS Version: Windows x64 6.1.7600
10:21:51.448 Number of processors: 2 586 0x170A
10:21:51.449 ComputerName: GRUNTY UserName: Julia
10:21:52.728 Initialize success
10:25:36.015 AVAST engine defs: 12090901
10:25:46.020 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:25:46.022 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
10:25:46.025 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000074
10:25:46.027 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
10:25:46.030 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000075
10:25:46.033 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
10:25:46.048 Disk 0 MBR read successfully
10:25:46.052 Disk 0 MBR scan
10:25:46.057 Disk 0 Windows 7 default MBR code
10:25:46.063 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12182 MB offset 2048
10:25:46.083 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24950784
10:25:46.102 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292961 MB offset 25155584
10:25:46.139 Disk 0 scanning C:\Windows\system32\drivers
10:25:58.431 Service scanning
10:26:38.520 Modules scanning
10:26:38.526 Disk 0 trace - called modules:
10:26:38.559 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:26:38.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800570b2d0]
10:26:38.570 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> [0xfffffa8003d01e40]
10:26:38.575 5 ACPI.sys[fffff88000f50781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800473d050]
10:26:41.103 AVAST engine scan C:\Windows
10:26:45.003 AVAST engine scan C:\Windows\system32
10:30:16.368 AVAST engine scan C:\Windows\system32\drivers
10:30:32.201 AVAST engine scan C:\Users\Julia
10:39:32.420 AVAST engine scan C:\ProgramData
10:49:12.296 Scan finished successfully
10:49:58.724 Disk 0 MBR has been saved successfully to "C:\Users\Julia\Desktop\MBR.dat"
10:49:58.731 The log file has been saved successfully to "C:\Users\Julia\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 10 September 2012 - 12:49 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Kerius

Kerius
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 10 September 2012 - 01:25 AM

Hi here's the results:

ComboFix 12-09-09.02 - Julia 9/2012 Mon 14:10:30.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.4063.2379 [GMT 8:00]
执行位置: c:\users\Julia\Desktop\ComboFix.exe
Command switches used :: c:\users\Julia\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120910101519.359599
.
.
((((((((((((((((((((((((( 2012-08-10 至 2012-09-10 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-09-10 06:20 . 2012-09-10 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-10 04:09 . 2012-09-10 04:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-10 02:14 . 2012-09-10 02:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{472E2925-A11B-4249-A3EA-25198D7C0396}\offreg.dll
2012-09-09 16:51 . 2012-09-09 16:51 -------- d-----w- c:\windows\L2Schemas
2012-09-09 16:51 . 2012-09-09 16:51 -------- d-----w- c:\program files\DVD Maker
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\programdata\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\programdata\iobit
2012-09-09 13:36 . 2012-09-09 13:36 -------- d-----w- c:\users\Julia\AppData\Roaming\IObit
2012-09-09 13:36 . 2012-09-09 18:41 -------- d-----w- c:\program files (x86)\IObit
2012-09-09 13:30 . 2012-09-09 13:30 -------- d-----w- c:\users\Julia\AppData\Roaming\Malwarebytes
2012-09-09 13:30 . 2012-09-09 13:30 -------- d-----w- c:\programdata\Malwarebytes
2012-09-09 12:56 . 2012-09-09 12:56 -------- d-----w- c:\program files\Enigma Software Group
2012-09-09 12:56 . 2012-09-09 13:25 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-09 12:56 . 2012-09-09 12:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-07 07:38 . 2012-09-07 07:56 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-09-05 04:32 . 2012-09-05 04:32 -------- d-----w- c:\programdata\Sophos
2012-09-05 04:32 . 2012-09-05 04:32 73728 ----a-r- c:\users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-05 04:32 . 2012-09-05 04:32 73728 ----a-r- c:\users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-05 04:32 . 2012-09-05 04:32 73728 ----a-r- c:\users\Julia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-05 04:31 . 2012-09-05 04:31 -------- d-----w- c:\program files (x86)\Sophos
2012-09-02 13:57 . 2010-10-13 11:06 8757248 ------w- c:\windows\SysWow64\CM108.dll
2012-09-02 13:57 . 2010-07-13 15:26 804352 ------w- c:\windows\system32\Cmeau108.exe
2012-09-02 13:57 . 2009-04-02 16:59 143360 ------w- c:\windows\Vmix108.dll
2012-09-02 13:57 . 2008-07-23 19:00 389120 ------w- c:\windows\system32\CM108.cpl
2012-09-02 13:57 . 2006-09-13 10:21 200704 ------w- c:\windows\SysWow64\cmpa108.dll
2012-09-02 13:56 . 2009-08-19 16:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-09-02 13:56 . 2006-10-06 05:45 524768 ----a-w- c:\windows\difxapi.dll
2012-09-02 13:56 . 2010-08-12 18:26 1310720 ----a-w- c:\windows\system32\drivers\CM10864.sys
2012-09-02 13:56 . 2004-04-14 11:28 315392 ----a-w- c:\windows\system\fltr108.dll
2012-08-30 13:27 . 2012-08-30 13:27 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-08-30 13:27 . 2012-08-30 13:27 -------- d-----w- c:\users\Julia\AppData\Roaming\SystemRequirementsLab
2012-08-21 09:59 . 2012-08-21 09:59 -------- d-----w- c:\users\Julia\AppData\Roaming\dvdcss
2012-08-20 22:07 . 2012-08-19 17:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{472E2925-A11B-4249-A3EA-25198D7C0396}\mpengine.dll
2012-08-19 07:20 . 2012-04-11 16:14 4079608 ----a-w- c:\windows\SysWow64\GameMon.des
2012-08-19 07:20 . 2004-12-29 00:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-08-19 07:20 . 2003-07-14 09:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-08-19 07:19 . 2012-08-19 07:19 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-08-19 07:02 . 2012-08-19 07:02 -------- d-----w- c:\program files (x86)\directx
2012-08-19 06:55 . 2012-08-19 06:55 -------- d-----w- c:\program files (x86)\YouxiLand
2012-08-19 06:54 . 2002-12-05 06:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-08-19 06:54 . 2002-12-05 06:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-08-19 06:54 . 2002-12-02 07:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-08-19 06:54 . 2002-12-02 05:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-08-19 06:54 . 2002-12-02 05:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-08-19 06:54 . 2012-08-19 06:54 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-08-19 06:54 . 2012-08-19 06:54 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-08-19 03:29 . 2009-03-18 09:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-08-17 09:07 . 2003-12-18 15:11 7839790 ----a-w- C:\BGMain.exe
2012-08-15 13:14 . 2012-08-16 03:04 -------- d-----w- c:\program files (x86)\ChatZum Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:58 . 2012-04-04 13:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 14:58 . 2011-08-19 04:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 14:06 . 2012-08-05 07:27 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 14:06 . 2011-05-19 13:37 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 09:06 . 2012-07-04 09:06 79824 ----a-w- c:\windows\xinstaller.dll
2012-07-04 09:06 . 2012-07-04 09:06 34768 ----a-w- c:\windows\xinstaller.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-09_19.08.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 20:58 . 2012-09-10 02:17 92964 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-10 02:17 52440 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-30 01:45 . 2012-09-10 02:17 32516 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-37869317-963882951-3326000770-1003_UserData.bin
- 2012-09-09 19:07 . 2012-09-09 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-10 02:15 . 2012-09-10 02:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 19:07 . 2012-09-09 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-10 02:15 . 2012-09-10 02:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-09 19:07 414696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-10 02:14 414696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-13 06:50 . 2012-09-10 02:14 48975724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-37869317-963882951-3326000770-1003-12288.dat
- 2011-08-13 06:50 . 2012-09-09 19:07 48975724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-37869317-963882951-3326000770-1003-12288.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-05-30 02:56 247760 ----a-w- c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.38.(66).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-31 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-11-12 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2010-08-12 1310720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-26 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-11-12 167424]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2008-11-12 150656]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-08-13 522240]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-07-31 292864]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12533980
*NewlyCreated* - ASWMBR
*Deregistered* - 12533980
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
‘计划任务’ 文件夹 里的内容
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:58]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37869317-963882951-3326000770-1003Core.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 16:57]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37869317-963882951-3326000770-1003UA.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 16:57]
.
2012-09-10 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-03-03 18:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2010-10-13 8757248]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\11a7zhqb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.http - proxy.singnet.com.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - d2233c91000000000000002637bd3942
FF - user.js: extensions.BabylonToolbar_i.hardId - d2233c91000000000000002637bd3942
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15336
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101382
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-09-10 14:23:59
ComboFix-quarantined-files.txt 2012-09-10 06:23
ComboFix2.txt 2012-09-09 19:33
.
Pre-Run: 1,174,863,872 bytes free
Post-Run: 1,580,081,152 bytes free
.
- - End Of File - - 6C35EBA92BC3D069AE3F79F3BD18BFE0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 10 September 2012 - 07:47 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.1
Java™ 6 Update 31
Java™ 7 Update 5
JavaFX 2.1.1
?Torrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Kerius

Kerius
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 10 September 2012 - 10:22 AM

Hi here are the results:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.10.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Julia :: GRUNTY [administrator]

Protection: Disabled

10/9/2012 11:01:55 PM
mbam-log-2012-09-10 (23-01-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203132
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 22
C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\backup (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\download (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\media (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\screensave (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\serv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 561
C:\Windows\System32\funshion.ini (PUP.Funshion) -> No action taken.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> No action taken.
C:\Users\Julia\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\history.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\00E694D5_FC99_7902_5F54_691BB8D070F3.date1344048529.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\02D1B49A_7989_DFA4_4286_9A1F3F86DEF1.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\128FEA05_2192_982B_AF61_7D05E9098F53.date1344398803.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\136719.date1344743729.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\141633.date1344398803.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\145143.date1345469767.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\151461.date1344235994.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\162646.date1345469767.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\16C0BB73_D44F_2246_F085_4BEE5D17A4E1.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\17ED6ECE_875D_9C85_55F5_71BEC6B10999.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\243611.date1344235994.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\245F2C16_4494_50D6_6FA4_D6A406B3C87F.date1346295543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\28213489_8AC9_8DBD_7E5A_5809BA338F4D.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\29AA282A_33B7_5711_43A9_778E1FABF613.date1345469767.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\2BC67160_752A_883A_9160_A9E870AB50C4.date1345260051.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\2BED61B0_9528_99FB_905C_43CCD776717D.date1346037510.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\2E0E8807_12AF_D449_D3F0_770A4FEA6E1A.date1345469767.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\36E7539E_7532_C51B_6B83_462602B3CA09.date1344060571.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\39262C52_1F96_D2C5_B92C_1C69289C9C8A.date1346295543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\3A765DE3_BE4C_8036_4BE9_E4DD0371F918.date1345469767.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\3CED7691_AFC7_3E15_7B01_1B8BB7C52F3E.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\3E45230B_B2FE_7DFD_4C61_B3398943C754.date1346475111.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\43DD0034_D819_329B_4FFD_921073333B75.date1344235993.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\4580AC25_0D77_C315_0CDC_4FB17A112997.date1345469767.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\485A45BA_2E55_9471_177C_B65F143D80E3.date1344048528.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\49F1FFBC_048A_0FC7_2263_CC85E242E2CE.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\55684F9A_0EC1_3598_ABD8_CF32AF139670.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\55C20688_D127_B4F7_F8AC_59048551B747.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\59C18EE2_9402_113B_596C_5CE92186B03E.date1345469767.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\60BB5023_591F_5FCA_49B8_06D50AB91925.date1344743728.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\62D3AB5E_6555_C010_126A_BE1E5097610E.date1344441516.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\62DD5EFD_65BD_8FF1_9DAB_B374F2EAB300.date1345600142.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\6670E38D_92E5_06B5_2682_F9B76BF7DB1B.date1345525925.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\69920EA3_1E4C_CAB2_4782_C3B1BEB964DC.date1346475110.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\75039C35_3A4A_B7A9_BA43_97E28059D1BE.date1345687071.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\81A9FDA7_8238_D796_F295_FFC07BB36C58.date1345873905.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\820419B8_0036_B585_F9CF_A6457D9589E9.date1346295542.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\89232391_EBDC_0BB4_C386_7E582B559179.date1345525925.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\8A361886_1FFE_6F65_A18F_F3B608FA9E00.date1345086415.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\91981D1B_FCA0_D40C_E618_1CAECB9C3854.date1346295542.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\921CE3D5_35FD_363B_E18B_B9A92E00F668.date1345260049.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\99EC500C_544F_6605_7218_54C7AE1C5B13.date1345086686.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\A092EF10_CF19_2A3F_A05D_81CED2F00015.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\A7F2082F_C58F_54A6_84E7_2B4D07188029.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\A8C8F53B_2CC3_A970_ACF7_812732ECF770.date1345873905.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\AF5D80A7_1E47_7331_4C12_DA3750346501.date1346037507.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\B22AA373_ADCC_627D_F29B_D77EC4FDA125.date1346295542.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\B320545C_7655_5D45_D232_CAA8836D0A6C.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\BB702686_5C8D_6D03_347A_ACFE477136CA.date1346295542.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\C1FD7A0F_0683_C1BF_3B3E_B532BAEF09CF.date1345086686.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\C836CE7E_3981_3625_7005_EEEBA9820239.date1344048526.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\C8F791F7_3DBC_4CDF_B384_6D5B748CBAC1.date1344235993.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\D6C658B6_29F4_B2CB_F481_620EA4B65B7F.date1345216705.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\D706C4FF_2065_80EB_90D9_14B938FB4D68.date1344398802.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\D73CF68C_9BE0_3F7B_35F1_97600AA3FAB8.date1346037506.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\D8DC8FA0_4BCD_94BE_8474_F1E27C71191C.date1344743728.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\EAB06EBF_A558_A178_0975_7E780C74010E.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\EFFCF80B_E3DE_42F0_AB5C_FDA6D21EA80B.date1346295541.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\F42A0128_CB7F_140B_D03C_ABFA65AD8266.date1345086413.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashNew\FB82F256_196F_CE1B_AF2C_FB5189F7A41D.date1344743728.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\flashStamp\BEF6FC6F_547E_92EC_5B03_5F3FF763365F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\0319B98F_0C20_218A_010F_69A3B3CFABC9.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\06476AE0_F4D7_7749_AA04_0215A72E900F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\0C57DDB4_5D56_064F_C1C7_536175EEEE3D.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\14743A56_CAD4_69A5_FE1E_A1EB3BBE9C14.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\153F2AD7_CC81_52F5_7D8E_3716E5529B18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\17F52520_18C2_BBAD_1503_8F1B288A520F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\1B84DA97_CF5A_AFE2_A124_C0E08B281E60.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\1F1479D1_3BFE_18C6_647B_9FE2EC029905.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\24C2862D_B658_B449_A6A4_3B5E1981AE7B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\283526E7_A375_342F_FA2B_18519DF19C79.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\295D2872_4A7F_3234_5EDF_8C679C064389.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\31C8614B_2E59_6AAC_ED56_40D76B88213A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\334096E9_6F8F_9C61_E3EB_8120C92ABCDF.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\3ACA25D7_28ED_2186_A883_6A82A9DE7DE9.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\3BE7316C_D72F_04E9_8FD6_B96924FCE9C7.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\497D81FF_BC18_BFBF_C13C_D9149599A765.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\5237560E_5618_ED93_AC52_E0CD5C008A43.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\589B57D6_44EA_607A_4411_0D73492F2D58.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\58EDE856_88FE_33C8_DFDD_1C6F49EA5A43.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\5F0DFBCF_2943_3AE1_F7C3_4201D47E6340.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\5F4E2EFA_C8DD_7B2B_CFFB_5A79663DDA90.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\5F90B1A7_3071_B9C7_6456_16C83744EE09.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\5FAB4387_F077_B366_AF94_E4CD8A8DE3D2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\5FF7DD88_5641_E112_0AAA_B6B2331C9DCB.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\689EAFF2_38CD_436B_ACD1_40E8F5BE9627.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\7105F1E4_86AF_43E4_FD17_9E3CEA70C4C8.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\735AA035_FE02_9726_D189_70E85532D2CC.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\73690769_6584_39DA_11B5_B72F161E425B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\7CF49450_7222_A3D6_AEB7_F71C9200340A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\80670026_BAF5_C482_25DF_FD24BAC54DB3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\81CB9AA7_C215_FE29_5647_DE377BF9A56F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\821EC720_BCB5_D246_80EC_62BA80D4F336.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\828E04DD_2B63_80D7_5D68_1B249391C503.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\84CD8266_F58A_DCD6_07F2_420D423FCEE6.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\8882F8B1_AD0E_C024_D34D_6FB8A541A7CA.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\8A966624_6E11_8323_8FD9_373662B82D60.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\8F78BFAB_3EC5_3103_5E2A_767891577619.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\91CA4724_56BF_B1AC_D82A_C8253BC98752.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\92A698C1_F100_4580_1E16_A5CB86B8FACE.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\9E3160CE_C36D_6EB3_4DA9_153C466E2405.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\A5751CF9_E98E_788C_B2D0_D5E359C2C356.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\A834E263_ABA3_0BEF_D8F1_2C84D3193C1E.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\A9D3B0F5_530C_5F37_490D_28D510874534.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\ADE8AFE3_3CDC_41F3_414E_25C2CA16D33F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\B0B329EA_C56F_A5F4_F8D5_6B6ADE1EAC69.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\B1A428A3_A8E4_B8D0_9021_5C426B4635B6.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\BA415C71_48CA_2F29_0038_3EDBE4C5C4CD.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\C3BBE08D_9752_3560_07ED_B81096475526.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\C4BF5951_9DE1_1F04_5F66_ED7752D92887.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\C4E8DF5D_07FC_3680_1BF0_0A5848ED3647.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\CB8C65AE_6DF4_7521_7F1C_F0115D685573.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\CC524A7C_9A72_4B33_F73C_A2CEE30C97DF.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\CCA3BA2E_0BA8_1BE9_EABB_BDFBCD326A56.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\D8C4599D_DB8A_7B06_BDAA_08F34474E518.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\DCE650AC_12B3_BFA4_5896_D394AF69802E.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\DD98B7ED_112E_D967_7C2F_F6BCAAC57352.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\E5390A4C_5197_E15B_D2AA_95D672131EE6.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\cache\popwind\F370973A_9F9D_1B89_2028_449B814FDEB5.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1308462172_6634280_1301563382_980.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1308462172_6634280_1301563382_980.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1313772378_6634280_1292911678_428.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1313772378_6634280_1292911678_428.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1313783228_23811438_1306290032_643.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1313783228_23811438_1306290032_643.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1317659184_24726995_1317369744_315.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1317659184_24726995_1317369744_315.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1321939442_24570037_1319783332_282.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1321939442_24570037_1319783332_282.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325391408_18524595_1309846936_131.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325391408_18524595_1309846936_131.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325425080_6634280_1302506389_345.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325425080_6634280_1302506389_345.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325437327_6634280_1290995964_939.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325437327_6634280_1290995964_939.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325491960_6634280_1280986841_311.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325491960_6634280_1280986841_311.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325527256_24272712_1315365499_478.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325527256_24272712_1315365499_478.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325574142_24272712_1314085435_941.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325574142_24272712_1314085435_941.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325581500_24570037_1317276486_464.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325581500_24570037_1317276486_464.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325581598_24272712_1314760373_59.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325581598_24272712_1314760373_59.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325593476_24570037_1319161261_209.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325593476_24570037_1319161261_209.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325599155_6634280_1292829447_442.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1325599155_6634280_1292829447_442.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326088559_2111662_1195782757_673.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326088559_2111662_1195782757_673.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326106873_23811351_1305185866_713.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326106873_23811351_1305185866_713.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326465390_24727249_1320638897_78.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326465390_24727249_1320638897_78.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326465390_4a0208d77fda059.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326468213_24727249_1320638897_841.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326468213_24727249_1320638897_841.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326470262_24727249_1320638898_684.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326470262_24727249_1320638898_684.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326472535_24727249_1320638899_623.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326472535_24727249_1320638899_623.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326474235_24727249_1320638899_338.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326474235_24727249_1320638899_338.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326475884_24727249_1320638899_498.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326475884_24727249_1320638899_498.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326478950_24727249_1320638900_332.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326478950_24727249_1320638900_332.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326480564_24727249_1320638900_387.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326480564_24727249_1320638900_387.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326482108_24727249_1320638900_367.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326482108_24727249_1320638900_367.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326483378_24727249_1320638901_837.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326483378_24727249_1320638901_837.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326731101_24727249_1320638901_836.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326731101_24727249_1320638901_836.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326734135_24727249_1320638901_832.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326734135_24727249_1320638901_832.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326735884_24727249_1320638902_335.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326735884_24727249_1320638902_335.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326738308_24727249_1320638902_798.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326738308_24727249_1320638902_798.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326739359_24727249_1320638903_591.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326739359_24727249_1320638903_591.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326741108_24727249_1320638906_659.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326741108_24727249_1320638906_659.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326742216_24727249_1320638907_457.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326742216_24727249_1320638907_457.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326795304_24727249_1320638907_718.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326795304_24727249_1320638907_718.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326797837_24727249_1320638908_179.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326797837_24727249_1320638908_179.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326799297_24727249_1320638909_687.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326799297_24727249_1320638909_687.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326800365_24727249_1320638909_212.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326800365_24727249_1320638909_212.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326802848_24727249_1320638909_595.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326802848_24727249_1320638909_595.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326807696_24727249_1320638910_507.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326807696_24727249_1320638910_507.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326808844_24727249_1320638910_816.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326808844_24727249_1320638910_816.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326813068_24727249_1320638911_231.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326813068_24727249_1320638911_231.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326818353_24727249_1320638897_1.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326818353_24727249_1320638897_1.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326827071_24272712_1325992910_603.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326827071_24272712_1325992910_603.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326903453_24272712_1326703593_33.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326903453_24272712_1326703593_33.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326946816_18277256_1293071139_296.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326946816_18277256_1293071139_296.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326954994_24570037_1326426608_533.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326954994_24570037_1326426608_533.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326960283_yuehoujifen.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326960283_yuehoujifen.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326967972_24570037_1325750290_586.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326967972_24570037_1325750290_586.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326983424_24570037_1320288188_955.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326983424_24570037_1320288188_955.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326991565_6634280_1292829365_623.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1326991565_6634280_1292829365_623.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327050571_18524595_1279710244_507.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327050571_18524595_1279710244_507.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327164151_18524595_1309500556_202.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327164151_18524595_1309500556_202.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327169951_18277256_1290131501_143.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327169951_18277256_1290131501_143.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327340155_6634280_1292912053_746.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327340155_6634280_1292912053_746.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327340260_6634280_1292844849_971.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327340260_6634280_1292844849_971.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327817649_18277256_1327119483_940.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327817649_18277256_1327119483_940.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327844110_18277256_1327820110_204.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327844110_18277256_1327820110_204.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327855229_18524595_1290832123_788.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1327855229_18524595_1290832123_788.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1328718645_6634280_1292910776_32.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1328718645_6634280_1292910776_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329581259_24570037_1329375087_927.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329581259_24570037_1329375087_927.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329590210_24570037_1323140237_897.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329590210_24570037_1323140237_897.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329807234_109d7fb23dedd2e.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329807234_18524595_1288348493_532.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329807234_18524595_1288348493_532.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329807308_109d7fb23dedd2e.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329807308_18524595_1288324049_17.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329807308_18524595_1288324049_17.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329810072_18524595_1288422732_427.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1329810072_18524595_1288422732_427.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330408412_18524595_1288324089_247.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330408412_18524595_1288324089_247.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330408412_ae7a70e484134ba.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330408600_18524595_1288324326_572.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330408600_18524595_1288324326_572.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330408600_ae7a70e484134ba.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330411115_18524595_1288422667_410.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330411115_18524595_1288422667_410.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330414024_18524595_1288663538_672.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330414024_18524595_1288663538_672.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330416698_18524595_1288763247_288.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330416698_18524595_1288763247_288.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330419915_18524595_1288841745_28.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330419915_18524595_1288841745_28.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330426718_18524595_1288924828_996.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330426718_18524595_1288924828_996.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330429244_18524595_1289031521_319.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330429244_18524595_1289031521_319.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330429836_18524595_1289270367_477.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330429836_18524595_1289270367_477.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330435309_18524595_1289369398_635.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330435309_18524595_1289369398_635.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330438616_18524595_1289441991_913.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330438616_18524595_1289441991_913.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330443550_18524595_1289531376_956.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330443550_18524595_1289531376_956.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330446773_18524595_1289629277_441.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330446773_18524595_1289629277_441.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330449698_18524595_1289876067_754.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330449698_18524595_1289876067_754.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330454433_18524595_1289872613_497.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330454433_18524595_1289872613_497.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330490855_18524595_1289963598_338.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330490855_18524595_1289963598_338.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330493842_18524595_1290068540_185.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330493842_18524595_1290068540_185.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330499828_18524595_1290135815_996.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330499828_18524595_1290135815_996.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330503009_18524595_1290578399_590.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330503009_18524595_1290578399_590.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330505609_18524595_1290585373_197.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330505609_18524595_1290585373_197.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330585632_18524595_1290656262_777.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330585632_18524595_1290656262_777.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330588704_18524595_1290752058_973.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330588704_18524595_1290752058_973.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330591616_18524595_1290840163_727.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330591616_18524595_1290840163_727.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330594524_18277256_1290924785_479.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330594524_18277256_1290924785_479.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330596885_6634280_1291000328_19.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330596885_6634280_1291000328_19.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330599400_6634280_1291000329_255.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330599400_6634280_1291000329_255.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330608279_18277256_1305786759_676.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330608279_18277256_1305786759_676.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330608279_e44f289f781d839.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330613083_18277256_1305786762_744.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330613083_18277256_1305786762_744.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330616555_18277256_1305786764_649.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330616555_18277256_1305786764_649.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330620001_18277256_1305786767_470.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330620001_18277256_1305786767_470.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330625403_18277256_1305786769_436.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330625403_18277256_1305786769_436.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330628974_18277256_1305786771_940.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330628974_18277256_1305786771_940.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330660604_18277256_1305786773_527.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330660604_18277256_1305786773_527.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330663133_18277256_1305786775_201.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330663133_18277256_1305786775_201.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330666186_18277256_1305786777_786.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330666186_18277256_1305786777_786.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330668774_18277256_1305786778_535.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330668774_18277256_1305786778_535.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330671296_18277256_1305786783_130.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330671296_18277256_1305786783_130.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330673824_18277256_1305786785_586.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330673824_18277256_1305786785_586.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330675789_18277256_1305786788_544.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330675789_18277256_1305786788_544.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330678049_18277256_1305786790_741.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330678049_18277256_1305786790_741.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330679344_18277256_1305786790_931.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330679344_18277256_1305786790_931.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330681222_18277256_1305786792_186.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330681222_18277256_1305786792_186.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330954641_18277256_1305786794_698.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330954641_18277256_1305786794_698.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330957446_18277256_1305786795_21.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330957446_18277256_1305786795_21.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330959829_18277256_1305786795_998.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330959829_18277256_1305786795_998.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330962216_18277256_1305786801_494.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330962216_18277256_1305786801_494.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330964822_18277256_1305786803_808.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330964822_18277256_1305786803_808.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330967833_18277256_1305786808_475.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330967833_18277256_1305786808_475.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330970333_18277256_1305786811_787.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330970333_18277256_1305786811_787.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330973604_18277256_1305786813_494.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330973604_18277256_1305786813_494.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330976206_18277256_1305786758_343.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1330976206_18277256_1305786758_343.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331016179_18524595_1330680920_852.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331016179_18524595_1330680920_852.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331022432_31459691_1329813714_732.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331022432_31459691_1329813714_732.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331027479_6634280_1291000888_594.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331027479_6634280_1291000888_594.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331034051_2332025_1280454732_333.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331034051_2332025_1280454732_333.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331050743_31459691_1330582152_676.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331050743_31459691_1330582152_676.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331058926_6634280_1282283691_521.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331058926_6634280_1282283691_521.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331058926_f7bfdb1cbf177ba.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331061453_6634280_1282283691_559.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331061453_6634280_1282283691_559.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331064558_6634280_1282283692_852.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331064558_6634280_1282283692_852.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331097388_6634280_1282283692_70.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331097388_6634280_1282283692_70.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331100295_6634280_1282283693_326.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331100295_6634280_1282283693_326.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331102794_6634280_1282283693_307.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331102794_6634280_1282283693_307.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331105509_6634280_1282283694_108.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331105509_6634280_1282283694_108.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331108259_6634280_1282283695_987.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331108259_6634280_1282283695_987.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331110792_6634280_1282283696_516.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331110792_6634280_1282283696_516.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331114508_6634280_1282283696_910.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331114508_6634280_1282283696_910.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331117177_6634280_1282283696_607.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331117177_6634280_1282283696_607.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331123701_6634280_1282283697_745.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331123701_6634280_1282283697_745.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331126273_6634280_1282283697_551.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331126273_6634280_1282283697_551.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331132764_6634280_1282283698_884.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331132764_6634280_1282283698_884.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331135544_6634280_1282283698_460.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331135544_6634280_1282283698_460.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331141235_6634280_1282283699_610.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331141235_6634280_1282283699_610.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331141240_6634280_1282283699_619.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331141240_6634280_1282283699_619.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331199375_6634280_1282283700_736.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331199375_6634280_1282283700_736.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331202154_6634280_1282283700_227.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331202154_6634280_1282283700_227.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331205872_6634280_1282283690_186.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331205872_6634280_1282283690_186.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331208575_31459691_1329983098_450.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331208575_31459691_1329983098_450.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331209376_24570037_1330418917_545.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331209376_24570037_1330418917_545.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331395657_31459691_1331172162_215.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331395657_31459691_1331172162_215.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331547171_24570037_1330416650_832.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331547171_24570037_1330416650_832.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331623477_18277256_1293007051_785.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331623477_18277256_1293007051_785.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331625411_18277256_1291011582_162.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331625411_18277256_1291011582_162.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331631604_5372255_1227682427_294.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331631604_5372255_1227682427_294.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331645470_6634280_1292829986_202.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331645470_6634280_1292829986_202.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331709472_18277256_1331705296_823.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331709472_18277256_1331705296_823.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331972560_18277256_1290147842_569.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331972560_18277256_1290147842_569.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331979534_19716789_1294741921_360.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1331979534_19716789_1294741921_360.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1332095467_31459691_1331891286_764.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1332095467_31459691_1331891286_764.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1338995879_1338995878_9793381_19716789_1294652798_752.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1338995879_1338995878_9793381_19716789_1294652798_752.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339262582_1339262581_163936_18277256_1336617791_970.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339262582_1339262581_163936_18277256_1336617791_970.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339262686_1339262685_268587_macross_1338539250_814.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339262686_1339262685_268587_macross_1338539250_814.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339311902_1339311901_7605779_31459691_1337156843_522.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339311902_1339311901_7605779_31459691_1337156843_522.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339312089_1339312087_7792138_31459691_1337321486_267.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339312089_1339312087_7792138_31459691_1337321486_267.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339400520_1339400518_115223_macross_1338793052_776.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339400520_1339400518_115223_macross_1338793052_776.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339494127_1339494126_132966_18277256_1290132635_912.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339494127_1339494126_132966_18277256_1290132635_912.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339755860_1339755859_72026_6634280_1292811086_79.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339755860_1339755859_72026_6634280_1292811086_79.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339764449_1339764448_8660905_6634280_1281954377_390.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339764449_1339764448_8660905_6634280_1281954377_390.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339925780_1339925779_28246_macross_1339664049_468.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1339925780_1339925779_28246_macross_1339664049_468.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340010861_1340010860_1242340_macross_1339663923_173.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340010861_1340010860_1242340_macross_1339663923_173.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340446597_1340446596_4330242_18524595_1308125426_500.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340446597_1340446596_4330242_18524595_1308125426_500.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340459599_1340459597_56383_31459691_1336624901_111.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340459599_1340459597_56383_31459691_1336624901_111.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340523717_1340523716_77289_macross_1340259394_348.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340523717_1340523716_77289_macross_1340259394_348.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340532073_1340532072_141079_macross_1340182335_146.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340532073_1340532072_141079_macross_1340182335_146.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340532295_1340532294_362576_macross_1339983433_274.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\control\1340532295_1340532294_362576_macross_1339983433_274.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\109d7fb23dedd2e.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1290131501_143.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1290147842_569.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1291011582_162.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1293007051_785.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1293071139_296.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1327119483_940.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1327820110_204.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18277256_1331705296_823.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18524595_1279710244_507.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18524595_1289872613_497.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18524595_1290832123_788.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18524595_1307419795_766.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18524595_1309500556_202.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18524595_1309846936_131.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\18524595_1330680920_852.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\19716789_1294741921_360.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\2111662_1195782757_673.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\2332025_1280454732_333.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\23811351_1305185866_713.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\23811438_1306290032_643.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24272712_1314085435_941.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24272712_1314760373_59.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24272712_1315365499_478.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24272712_1325992910_603.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24272712_1326703593_33.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1312794384_997.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1317276486_464.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1319161261_209.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1319783332_282.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1320288188_955.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1323140237_897.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1325750290_586.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1326426608_533.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1329375087_927.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1330416650_832.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24570037_1330418917_545.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24726995_1317369744_315.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\24726995_1321524221_557.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\31459691_1329813714_732.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\31459691_1329983098_450.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\31459691_1330582152_676.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\31459691_1331172162_215.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\31459691_1331891286_764.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\4a0208d77fda059.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\5372255_1227682427_294.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1280986841_311.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1290995964_939.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1291000888_594.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1292829365_623.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1292829447_442.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1292829986_202.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1292844849_971.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1292910776_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1292911678_428.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1292912053_746.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1301563382_980.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\6634280_1302506389_345.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\ae7a70e484134ba.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\e44f289f781d839.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\f7bfdb1cbf177ba.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\macross_1325300143_684.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\Seed\yuehoujifen.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\flashnew.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\FunShortCut.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\localad.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\MiniAdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\热门游戏.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Julia\funshion\update\购物网站大全.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:31 PM, on 10/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julia\Desktop\HijackThis.exe

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files (x86)\Thunder Network\WebThunder\WebThunderBHO_Now.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sabreholdings.webex.com/client/T27L10NSP11EP5/nbr/ieatgpc1.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12630 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 10 September 2012 - 10:41 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Kerius

Kerius
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 10 September 2012 - 02:16 PM

Hi there were threats found from the scan. Result are pasted below:

C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application
C:\Users\Julia\Downloads\asc-antivirus-setup.exe probably unknown NewHeur_PE virus
C:\Users\Julia\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application
C:\Users\Julia\Downloads\PDFCreator-1_2_3_setup.exe multiple threats

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 10 September 2012 - 02:54 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
    del /f /s /q "C:\Users\Julia\Downloads\asc-antivirus-setup.exe"
    del /f /s /q "C:\Users\Julia\Downloads\InternationalPrimoPDF.exe"
    del /f /s /q "C:\Users\Julia\Downloads\PDFCreator-1_2_3_setup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Kerius

Kerius
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 11 September 2012 - 12:33 AM

Hi I have proceeded to carry out the steps as requested. However I still notice traces of the babylon toolbar and chatzum when i access the about:config in my Firefox browser although it does not redirect me to searchsafer anymore. Should I be concerned in removing them or just leave it as it is?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users