Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupted User Profile - Maybe A Virus?


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jason9394

Jason9394

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 18 September 2013 - 04:57 AM

Hello,

 

I been having problem connecting to my user profile.  In fact I no longer can login to my existing account.  It gave me an error message and created a temporary profile.  My computer was noticeably running slower loading up programs or even going online surfing web.  Sometimes I had to reboot just to get it to respond.  I use AVG Antivirus 2013 and I recall updating it, when asked to reboot, I followed and then this is when I was unable to get into my user profile.  I searched online for answer or fixing the user profile.  Followed their advise to go into the regedit and make sure two strings were reset to "0" value.  Reboot and it did not work.  Same error.  I created a new profile and I am using this profile.  I went to safe mode and ran my antivirus and malware-bytes program but no threats detected.  I am scratching my head.  I was planning on backing up my files and deleting that profile and start new.  With worse case scenario is a complete reformat and reload of operating system.  I am on Windows 7.  Any help will be greatly appreciated.  

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Jason Lee at 23:04:34 on 2013-09-17
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.3999.2326 [GMT -10:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
TCP: NameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{4F631B1D-DDFA-4ECC-A870-AA6EDF3AB009} : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{4F631B1D-DDFA-4ECC-A870-AA6EDF3AB009}\05343475 : DHCPNameServer = 119.237.226.2
TCP: Interfaces\{4F631B1D-DDFA-4ECC-A870-AA6EDF3AB009}\37471627265736B637 : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{4F631B1D-DDFA-4ECC-A870-AA6EDF3AB009}\86A68623031313 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4F631B1D-DDFA-4ECC-A870-AA6EDF3AB009}\960586F6E6560275966496 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4F631B1D-DDFA-4ECC-A870-AA6EDF3AB009}\C696E6B6379737 : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jason Lee\AppData\Roaming\Mozilla\Firefox\Profiles\1j4ozp63.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-09 20:31; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4
FF - ExtSQL: 2013-09-15 21:39; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-8-22 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-8-22 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-8-1 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-8-1 147768]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-8-22 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-8-22 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-8-27 3534896]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-8-20 300640]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-8-30 120592]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-11 292864]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-6-29 126976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-17 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-17 138576]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-13 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-13 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Jason\Desktop\RealTemp_370\WinRing0x64.sys [2012-5-19 14544]
.
=============== Created Last 30 ================
.
2013-09-17 11:23:25 -------- d-----w- C:\Users\Jason Lee\AppData\Roaming\SUPERAntiSpyware.com
2013-09-17 06:42:48 -------- d-----w- C:\Users\Jason Lee\AppData\Local\Apple
2013-09-16 14:19:24 -------- d-----w- C:\Users\Jason Lee\AppData\Roaming\Malwarebytes
2013-09-16 11:53:03 -------- d-----w- C:\Users\Jason Lee\AppData\Roaming\AVG2014
2013-09-16 11:17:11 -------- d-----w- C:\ProgramData\AVG2014
2013-09-16 11:05:59 -------- d-----w- C:\Users\Jason Lee\AppData\Local\MFAData
2013-09-16 11:05:59 -------- d-----w- C:\Users\Jason Lee\AppData\Local\Avg2014
2013-09-16 10:14:03 -------- d-----w- C:\Users\Jason Lee\AppData\Local\Macromedia
2013-09-16 10:13:15 -------- d-----w- C:\Users\Jason Lee\AppData\Local\Google
2013-09-16 10:10:56 -------- d-----w- C:\Users\Jason Lee\AppData\Local\Mozilla
2013-09-16 10:09:53 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24838CF9-5ED1-4543-8D92-8BC0E36E39E7}\mpengine.dll
2013-09-15 16:09:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-15 16:09:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-10 06:31:52 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2013-09-04 08:20:08 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2013-08-31 06:10:57 -------- d-----w- C:\AdwCleaner
2013-08-30 17:43:23 -------- d-----w- C:\Windows\rescache
2013-08-23 09:25:44 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-08-23 09:08:14 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-08-23 08:55:04 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-23 08:54:54 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-08-21 08:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-08-19 12:11:10 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-19 12:11:08 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-19 12:11:07 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-19 12:11:06 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-19 12:11:02 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-19 12:11:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-19 12:11:02 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-19 12:11:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-19 12:10:47 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-19 12:10:46 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-19 12:10:43 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-19 12:10:42 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-19 12:10:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-19 12:10:17 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-19 12:06:44 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-19 12:05:16 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-09-13 10:41:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 10:41:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 14:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 02:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-08-02 02:06:28 147768 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-08-02 02:04:56 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-30 12:23:10 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-30 12:23:09 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-30 12:23:09 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:06:31.87 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 22 September 2013 - 09:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

User profile do get corrupted sometime.

You DDS log does not report any virus or bad malware.

If you want to check further execute the following.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 September 2013 - 12:25 AM

# AdwCleaner v3.005 - Report created 23/09/2013 at 19:02:54
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jason Lee - JASON-LAPTOP
# Running from : C:\Users\Jason Lee\Downloads\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Users\Jason\AppData\LocalLow\Fast Free Converter
File Deleted : C:\Users\JASONL~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\46g2tim7.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
[ File : C:\Users\Jason Lee\AppData\Roaming\Mozilla\Firefox\Profiles\1j4ozp63.default\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Jason Lee\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10312 octets] - [30/08/2013 20:11:02]
AdwCleaner[R1].txt - [9813 octets] - [30/08/2013 20:29:07]
AdwCleaner[R2].txt - [9873 octets] - [30/08/2013 20:34:11]
AdwCleaner[R3].txt - [2669 octets] - [23/09/2013 18:15:31]
AdwCleaner[R4].txt - [2729 octets] - [23/09/2013 19:02:02]
AdwCleaner[S0].txt - [9797 octets] - [30/08/2013 20:35:02]
AdwCleaner[S1].txt - [2558 octets] - [23/09/2013 19:02:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2618 octets] ##########


#4 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 September 2013 - 12:37 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jason Lee on 09/23/2013 Mon at 19:28:20.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322322254}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322322254}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/23/2013 Mon at 19:36:57.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 September 2013 - 01:14 AM

ComboFix 13-09-23.02 - Jason Lee 3/2013 Mon  19:46:17.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.3999.2752 [GMT -10:00]
执行位置: c:\users\Jason Lee\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jason Lee\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences
d:\favoritevideo\InvisibleFolder
d:\favoritevideo\InvisibleFolder\20120525134329_budongchan120525zhu15s.mp4
d:\favoritevideo\InvisibleFolder\20120531182857_naaisi120601weiCzhu15s.mp4
d:\favoritevideo\InvisibleFolder\20120531183139_naaisilvcha120601zhu15s.mp4
d:\favoritevideo\InvisibleFolder\20120831182237_jieling120901zhuhuanchong15sbaoduan.mp4
d:\favoritevideo\InvisibleFolder\20120912115022_yinyueyazhou120912zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20121130105337_heirenyagao121130zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20121130163742_olay121201zhuhuanchong15ste.mp4
d:\favoritevideo\InvisibleFolder\20121201021127_olay121201zhuhuanchong15snw.mp4
d:\favoritevideo\InvisibleFolder\20121203105546_yingchao121203zhuhuanchong30s.mp4
d:\favoritevideo\InvisibleFolder\20121214172653_dongfengrichan121214zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20121225165038_37wan121225zhuhc15sD.mp4
d:\favoritevideo\InvisibleFolder\20121228144350_qiapai121228zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20121228160556_olay121228zhuhuanchong15srg.mp4
d:\favoritevideo\InvisibleFolder\20121228164734_olay121228zhuhuanchong15sflora.mp4
d:\favoritevideo\InvisibleFolder\20121228165949_37wan121228zhuhc15sA1229.mp4
d:\favoritevideo\InvisibleFolder\20121228174657_olay121228zhuhuanchong15sprox.mp4
d:\favoritevideo\InvisibleFolder\20121228184847_oppo121228zhuhuanchong15s1.mp4
d:\favoritevideo\InvisibleFolder\20121228184929_oppo121228zhuhuanchong15s3.mp4
d:\favoritevideo\InvisibleFolder\20121231101537_olay121231zhuhuanchong15saq.mp4
d:\favoritevideo\InvisibleFolder\20121231113222_zhongguoyidong121231zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20121231113236_zhongguoyidong121231zhuhc30s.mp4
d:\favoritevideo\InvisibleFolder\20121231130243_dongnanyishen121231zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20121231175613_kfcyingbi121231zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20121231180838_kfcxiamihua121231zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20121231182019_kfcjvhui121231zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20121231182037_kfcwanmei121231zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130104115740_37wan130104zhuhc15sC.mp4
d:\favoritevideo\InvisibleFolder\20130106163109_dongfengrichan130106zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130106173924_makeboluo130106zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130107100928_sanling130107zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130107144841_guangqi130107zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130108095548_dazhong130108zhuhuanchong30s.mp4
d:\favoritevideo\InvisibleFolder\20130108135312_niubeisite130108zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130109102724_oushudan130110zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130110130223_guangqifeiyate130110zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130110174436_37wan130110zhuhuanchong15s2bl.mp4
d:\favoritevideo\InvisibleFolder\20130111163736_37wan130111zhuhc15sAbuliang.mp4
d:\favoritevideo\InvisibleFolder\20130111170122_suzuki130111zhuhc30s.mp4
d:\favoritevideo\InvisibleFolder\20130114104920_lining130114zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130114154550_quyou130114zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130114171657_37wan130114zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130114171713_37wan130114zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130114171839_37wan130114zhuhc15sE.mp4
d:\favoritevideo\InvisibleFolder\20130114182534_panpan130114zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130114191006_480400.mp4
d:\favoritevideo\InvisibleFolder\20130115093451_fukesi130115zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130115140519_37wan130115zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130115142050_xiuzhenshijie130115zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130115162403_37wan130115zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130115162414_37wan130115zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130116114810_yayu130116zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130116114907_yayu130116zhuhc30s.mp4
d:\favoritevideo\InvisibleFolder\20130116162840_bishengke130116zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130116170519_37wan130116zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130116181321_haizeiwang130116zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130117105310_kongzhongwang130117zhuhc14s.mp4
d:\favoritevideo\InvisibleFolder\20130117173709_37wan130117zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130117173918_37wan130117zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130118134016_kongzhongwang130118zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130118135224_xieruilin130118zhuhuanchong15s2.mp4
d:\favoritevideo\InvisibleFolder\20130118155419_olay130118zhuhuanchong15srg.mp4
d:\favoritevideo\InvisibleFolder\20130118161015_xiuzhenshijie130118zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130118165958_kfcdelivery130118zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130118170532_37wan130118zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130118232732_huiyuan.mp4
d:\favoritevideo\InvisibleFolder\20130121104345_kfcbucket130121zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130121110318_quyou130121zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130121174002_37wan130121zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130121174014_37wan130121zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130121182610_jilieyingchao130121zhuhuanchong30s.mp4
d:\favoritevideo\InvisibleFolder\20130122160818_yichuanmei130122zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130122170219_focusfinal130201dingshizhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130123103017_zhoushengsheng130123zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130123160408_198pingtai130123zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130123161900_37wan130123zhuhc15sE.mp4
d:\favoritevideo\InvisibleFolder\20130124105023_quyou130124zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130124112216_198pingtai130124zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130124172207_37wan130125zhu15sb.mp4
d:\favoritevideo\InvisibleFolder\20130124173323_37wan130128zhu15sb.mp4
d:\favoritevideo\InvisibleFolder\20130125093750_baishi130125zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130125101438_sanling130125zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130125105237_kfc130125zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130125110200_qingdaodianxin130125zhuhc30s.mp4
d:\favoritevideo\InvisibleFolder\20130125131735_malaixiyaxiyoukehuduanqt130125.mp4
d:\favoritevideo\InvisibleFolder\20130128131740_naaisi130128zhu15s.mp4
d:\favoritevideo\InvisibleFolder\20130128182449_37wan130129zhu15sb.mp4
d:\favoritevideo\InvisibleFolder\20130129153713_37wan130130zhu15sb.mp4
d:\favoritevideo\InvisibleFolder\20130130163022_37wan130130zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130131172215_37wan130131zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130131172326_37wan130131zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130201110634_olaymen130201zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130201120043_olayflora130201zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130201140238_198wan130201zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130201144538_baolai130201zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130201154217_beiyingmei130201zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130201163430_37wan130201zhuhc15sC.mp4
d:\favoritevideo\InvisibleFolder\20130201163643_37wan130201zhuhc15sE.mp4
d:\favoritevideo\InvisibleFolder\20130201175809_37wan130204zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130201175916_37wan130204zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130204103307_198wan130204zhuhclunbo1.mp4
d:\favoritevideo\InvisibleFolder\20130204103506_198wan130204zhuhclunbo2.mp4
d:\favoritevideo\InvisibleFolder\20130204114225_xieruilin130204zhuhuanchong15s1.mp4
d:\favoritevideo\InvisibleFolder\20130204155315_niancian130204zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130204165754_37wan130204zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130204165806_37wan130204zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130204180346_xiuzhenshijie130204zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130205093911_beiyingmei130205zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130205111731_1huoying130205zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130205111906_2laoye130205zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130205112114_3taijiong130205zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130205112135_dongfengrichan130205zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130205115631_panpan130205zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130205170811_ribenzairiwuyou130215kehuduanqt.mp4
d:\favoritevideo\InvisibleFolder\20130205175921_ribenzairiwuyou130208kehuduanqt.mp4
d:\favoritevideo\InvisibleFolder\20130205181206_37wan130205zhuhc15sC.mp4
d:\favoritevideo\InvisibleFolder\20130206115207_37wan130208zhuhc15sD.mp4
d:\favoritevideo\InvisibleFolder\20130206115216_37wan130208zhuhc15sAbuliang.mp4
d:\favoritevideo\InvisibleFolder\20130206143630_37wan130216zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130206143806_37wan130216zhuhc15sAbuliang.mp4
d:\favoritevideo\InvisibleFolder\20130206145003_kfcbucket130206zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130206145407_kfctengjiao130206zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130206182423_198wan130206zhuhc15s1.mp4
d:\favoritevideo\InvisibleFolder\20130206182437_198wan130206zhuhc15s2.mp4
d:\favoritevideo\InvisibleFolder\20130206182452_198wan130206zhuhc15s3.mp4
d:\favoritevideo\InvisibleFolder\20130207101628_beiyingmei130207zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130207174322_198wan130207zhuhc1.mp4
d:\favoritevideo\InvisibleFolder\20130218162000_37wan130218zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130218162002_37wan130218zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130219161848_37wan130219zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130219162017_37wan130219zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130220154656_37wan130220zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130221145031_qingliugan130221minibofangqi.flv
d:\favoritevideo\InvisibleFolder\20130221155540_37wan130221zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130221155548_37wan130221zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130222150259_quanchengrelian130222zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130222155035_xiuzheng130222zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130222174058_37wan130225zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130222180713_kaiyue130225zhuhc15s1.mp4
d:\favoritevideo\InvisibleFolder\20130225112419_design130225kaidilakezhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130225152359_quanguokfc130225zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130225154020_KFChongdou130225zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130225164841_37wan130225zhu15sa.mp4
d:\favoritevideo\InvisibleFolder\20130225165438_37wan130225zhu15sbub.mp4
d:\favoritevideo\InvisibleFolder\20130225183403_cue130225newzhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130226104233_1377wan130226zhuhc15s2.mp4
d:\favoritevideo\InvisibleFolder\20130226165652_tuomei130226zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130227103518_richantianlai130227zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130227160955_meiguodoubleclick130227kehuduanqt.mp4
d:\favoritevideo\InvisibleFolder\20130227164043_37wan130227zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130227165950_guirenniao130227zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130227175201_198wan130227zhuhc15s3.mp4
d:\favoritevideo\InvisibleFolder\20130228121002_37wan130228zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130228121012_37wan130228zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130228155006_37wan130228zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130228155024_37wan130228zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130228155035_37wan130228zhuhc15sC.mp4
d:\favoritevideo\InvisibleFolder\20130228155055_37wan130228zhuhc15sD.mp4
d:\favoritevideo\InvisibleFolder\20130228155107_37wan130228zhuhc15sE.mp4
d:\favoritevideo\InvisibleFolder\20130228155119_37wan130228zuhc15sF.mp4
d:\favoritevideo\InvisibleFolder\20130228155126_37wan130228zhuhc15sAbuliang.mp4
d:\favoritevideo\InvisibleFolder\20130228155143_37wan130228zhuhc15sBbuliang.mp4
d:\favoritevideo\InvisibleFolder\20130228162510_jilief1130228zhuhuanchong15sfengying.mp4
d:\favoritevideo\InvisibleFolder\20130228162712_jilief1130228zhuhuanchong15sfengsu.mp4
d:\favoritevideo\InvisibleFolder\20130228162959_jilief1130228zhuhuanchong30sfengsu.mp4
d:\favoritevideo\InvisibleFolder\20130228175858_olay130228zhuhuanchong15sprox1.mp4
d:\favoritevideo\InvisibleFolder\20130228180412_olay130228zhuhuanchong15sprox2.mp4
d:\favoritevideo\InvisibleFolder\20130228182055_olay130228zhuhuanchong15swr.mp4
d:\favoritevideo\InvisibleFolder\20130228184525_olay130228zhuhuanchong15saq.mp4
d:\favoritevideo\InvisibleFolder\20130228190214_olay130228zhuhuanchong15ste.mp4
d:\favoritevideo\InvisibleFolder\20130228190912_olay130228zhuhuanchong15snw.mp4
d:\favoritevideo\InvisibleFolder\20130228191526_olay130228zhuhuanchong15sflora.mp4
d:\favoritevideo\InvisibleFolder\20130301131351_198wan130301zhuhc1.mp4
d:\favoritevideo\InvisibleFolder\20130301131405_198wan130301zhuhc2.mp4
d:\favoritevideo\InvisibleFolder\20130301131417_198wan130301zhuhc3.mp4
d:\favoritevideo\InvisibleFolder\20130301131928_37wan130301zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130301162130_37wan130302zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130301162236_37wan130302zhuhc15sC.mp4
d:\favoritevideo\InvisibleFolder\20130301162612_37wan130303zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130301162752_37wan130303zhuhc15sC.mp4
d:\favoritevideo\InvisibleFolder\20130301162922_37wan130304zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130301184216_kfcbreakfast130301zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130301185101_kfclunch130301zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130304104659_198wan130304zhuhc1.mp4
d:\favoritevideo\InvisibleFolder\20130304104838_198wan130304zhuhc2.mp4
d:\favoritevideo\InvisibleFolder\20130304104929_198wan130304zhuhc3.mp4
d:\favoritevideo\InvisibleFolder\20130304114634_37wan130304zhuhc15sD.mp4
d:\favoritevideo\InvisibleFolder\20130304180025_37wan130304zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130304180039_37wan130304zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130304180051_37wan130304zhuhc15sF.mp4
d:\favoritevideo\InvisibleFolder\20130305163145_37wan130305zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130305163200_37wan130305zhuhc15sC.mp4
d:\favoritevideo\InvisibleFolder\20130305163204_37wan130305zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130305171312_xiuzhenshijie130305zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130305181401_adidasfb130305zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130306144737_yili130306zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130306164401_zhongguoyidong130306zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130307100846_ck130307zhuhc30s.mp4
d:\favoritevideo\InvisibleFolder\20130307164600_37wan130307zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130307164604_37wan130307zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130308104807_jinweimaipian130308zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130308111134_huadi130308zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130308122146_kaidilake130308zhuhc30s.mp4
d:\favoritevideo\InvisibleFolder\20130308122701_aishi130308zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130311134750_bishengke130311zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130311181511_198youxi130311zhu15s.mp4
d:\favoritevideo\InvisibleFolder\20130312140137_xiuzhenshijie130312zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130313144547_nike130313zhuhc30s.mp4
d:\favoritevideo\InvisibleFolder\20130314182319_zhengtu130314zhuhc15s.mp4
d:\favoritevideo\InvisibleFolder\20130315174827_zhengtu130315zhuhc17hao.mp4
d:\favoritevideo\InvisibleFolder\20130318155831_37wan130318zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130318160141_37wan130318zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130318175031_tianlai130318zhuhuanchong15s1.mp4
d:\favoritevideo\InvisibleFolder\20130318175210_tianlai130318zhuhuanchong15s2.mp4
d:\favoritevideo\InvisibleFolder\20130319155511_37wan130319zhuhc15sA.mp4
d:\favoritevideo\InvisibleFolder\20130319155632_37wan130319zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130320170320_37wan130320zhuhuanchong15s1.mp4
d:\favoritevideo\InvisibleFolder\20130320170554_37wan130320zhuhuanchong15s2.mp4
d:\favoritevideo\InvisibleFolder\20130321161659_37wan130321zhuhc15sB.mp4
d:\favoritevideo\InvisibleFolder\20130321164904_zhengtu130321zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130321174909_wangyiwuhun130321zhuhc10s.mp4
d:\favoritevideo\InvisibleFolder\20130322104831_198pingtai130322.mp4
d:\favoritevideo\InvisibleFolder\20130322173012_37wan130322zhuhc15sA23hao.mp4
d:\favoritevideo\InvisibleFolder\20130322173214_37wan130322zhuhc15sAbuliang23hao.mp4
d:\favoritevideo\InvisibleFolder\20130322183350_zhongguoyidong130322zhuhuanchong15s.mp4
d:\favoritevideo\InvisibleFolder\20130322202443_rbzrwy130322khdqt.mp4
d:\favoritevideo\InvisibleFolder\20130325104116_198wan130325zhuhc1.mp4
d:\favoritevideo\InvisibleFolder\20130325104710_198wan130325zhuhc3.mp4
d:\favoritevideo\InvisibleFolder\20130412152225_tulongchuanshuo130412qipao2.swf
d:\favoritevideo\InvisibleFolder\20130427102308_radio130427zhu_zt_400-300.jpg
d:\favoritevideo\InvisibleFolder\20130427102425_radio130427zhu_fuceng_505-60.jpg
d:\favoritevideo\InvisibleFolder\20130607115914_RADIORoll_III130607zhuhc.mp4
d:\favoritevideo\InvisibleFolder\20130614155446_jhfy130615_qipao1.swf
d:\favoritevideo\InvisibleFolder\20130614163356_lieyan130617qipao1.swf
d:\favoritevideo\InvisibleFolder\20130614163436_lieyan130617qipao2.swf
d:\favoritevideo\InvisibleFolder\20130620093132_gjqixia130624_qipao1.swf
d:\favoritevideo\InvisibleFolder\20130620093511_gjqixia130624_qipao2.swf
d:\favoritevideo\InvisibleFolder\20130620093547_gjqixia130624_qipao3.swf
d:\favoritevideo\InvisibleFolder\20130620104646_txj130620_qibao1.swf
d:\favoritevideo\InvisibleFolder\20130620104703_txj130620_qibao2.swf
d:\favoritevideo\InvisibleFolder\20130621164425_tulong130622qipao1.swf
d:\favoritevideo\InvisibleFolder\20130621164511_tulong130622qipao3.swf
d:\favoritevideo\InvisibleFolder\20130625114507_pptvlogo.jpg
d:\favoritevideo\InvisibleFolder\20130625163108_longjiang2130626qipao_1.swf
d:\favoritevideo\InvisibleFolder\20130626181155_mxqy130627qipao1.swf
d:\favoritevideo\InvisibleFolder\20130626181304_mxqy130627qipao2.swf
d:\favoritevideo\InvisibleFolder\20130628192120_lieyan130701qipao3.swf
d:\favoritevideo\InvisibleFolder\20130701132852_kasadi130701zhuhc.flv
d:\favoritevideo\InvisibleFolder\20130703111340_sjsanguo130704qipao1.swf
d:\favoritevideo\InvisibleFolder\20130710173416_jjsguo130711qipao1.swf
d:\favoritevideo\InvisibleFolder\20130710173536_jjsguo130711qipao2.swf
d:\favoritevideo\InvisibleFolder\20130710173614_jjsguo130711qipao3.swf
d:\favoritevideo\InvisibleFolder\20130711154950_dpqk130712qipao1.swf
d:\favoritevideo\InvisibleFolder\20130711155121_dpqk130712qipao2.swf
d:\favoritevideo\InvisibleFolder\20130711155222_dpqk130712qipao3.swf
d:\favoritevideo\InvisibleFolder\20130711180607_jiangshen1307131qipao1.swf
d:\favoritevideo\InvisibleFolder\20130715150127_ds130716qipao1.swf
d:\favoritevideo\InvisibleFolder\20130715150220_ds130716qipao2.swf
d:\favoritevideo\InvisibleFolder\20130716122703_sjsanguo130717qipao2.swf
d:\favoritevideo\InvisibleFolder\20130716144328_shenwujiutian130717qipao1.swf
d:\favoritevideo\InvisibleFolder\20130716144502_shenwujiutian130717qipao2.swf
d:\favoritevideo\InvisibleFolder\20130716144551_shenwujiutian130717qipao3.swf
d:\favoritevideo\InvisibleFolder\20130719120647_jiulongcao130720qipao1.swf
d:\favoritevideo\InvisibleFolder\20130719121036_jiulongcao130720qipao2.swf
d:\favoritevideo\InvisibleFolder\20130719130634_lhzs130721qipao1.swf
d:\favoritevideo\InvisibleFolder\20130719174620_gongchengld1307022_qipao1.swf
d:\favoritevideo\InvisibleFolder\20130719174745_gongchengld1307022_qipao2.swf
d:\favoritevideo\InvisibleFolder\20130719174850_gongchengld1307022_qipao3.swf
d:\favoritevideo\InvisibleFolder\20130719184529_tmst130722_qipao1.swf
d:\favoritevideo\InvisibleFolder\20130719184609_tmst130722_qipao2.swf
d:\favoritevideo\InvisibleFolder\20130724141023_tj130725qipao1.swf
d:\favoritevideo\InvisibleFolder\20130724141136_tj130725qipao2.swf
d:\favoritevideo\InvisibleFolder\20130724141304_tj130725qipao3.swf
d:\favoritevideo\InvisibleFolder\20130724144114_zt2_130725_qipao1.swf
d:\favoritevideo\InvisibleFolder\20130724144208_zt2_130725_qipao2.swf
d:\favoritevideo\InvisibleFolder\20130724151926_Oguma_480_360zhuhc.flv
d:\favoritevideo\InvisibleFolder\20130725145506_dpqk130726qipao2.swf
d:\favoritevideo\InvisibleFolder\20130725154203_jhfy130726_qipao2.swf
d:\favoritevideo\InvisibleFolder\20130725172253_mxqy130727qipao3.swf
d:\favoritevideo\InvisibleFolder\20130725181305_lwzy130727_qipao1.swf
d:\favoritevideo\InvisibleFolder\20130725181356_lwzy130727_qipao2.swf
d:\favoritevideo\InvisibleFolder\20130726130050_gongchengld130729qipao2.swf
d:\favoritevideo\InvisibleFolder\20130726142430_wdqk130724qipao1.swf
d:\favoritevideo\InvisibleFolder\20130726142505_wdqk130724qipao2.swf
d:\favoritevideo\InvisibleFolder\20130726142539_wdqk130724qipao3.swf
d:\favoritevideo\InvisibleFolder\20130729133514_shenwujiutian130730qipao2.swf
d:\favoritevideo\InvisibleFolder\20130729133617_shenwujiutian130730qipao3.swf
d:\favoritevideo\InvisibleFolder\20130729140016_sjsanguo130730qipao2.swf
d:\favoritevideo\InvisibleFolder\20130731142550_dpqk130731qipao1.swf
d:\favoritevideo\InvisibleFolder\20130802140834_jiulongcao130803qipao3.swf
d:\favoritevideo\InvisibleFolder\20130802162320_jjsguo130805qipao3.swf
d:\favoritevideo\InvisibleFolder\peer_2.4.0.7116.dll
d:\favoritevideo\InvisibleFolder\peer_2.4.0.7145.dll
d:\favoritevideo\InvisibleFolder\peer_2.4.0.7213.dll
d:\favoritevideo\InvisibleFolder\peer_2.4.0.7249.dll
d:\favoritevideo\InvisibleFolder\pptv_dacaijue_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_dousheng130606.exe
d:\favoritevideo\InvisibleFolder\pptv_dpqk.exe
d:\favoritevideo\InvisibleFolder\pptv_gongchengluedi_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_gujianqixia_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_jhfy.exe
d:\favoritevideo\InvisibleFolder\pptv_jiejisanguo_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_jiulongchao_130306.exe
d:\favoritevideo\InvisibleFolder\pptv_liehuozhanshen_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_longjiang2_130131.exe
d:\favoritevideo\InvisibleFolder\pptv_longwenzhanyu_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_mxqy.exe
d:\favoritevideo\InvisibleFolder\pptv_shenjiangsanguo_130524.exe
d:\favoritevideo\InvisibleFolder\pptv_shenqu_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_shenwujiutian_130130.exe
d:\favoritevideo\InvisibleFolder\pptv_tianxingjian_130524.exe
d:\favoritevideo\InvisibleFolder\pptv_tj.exe
d:\favoritevideo\InvisibleFolder\pptv_tmst130606.exe
d:\favoritevideo\InvisibleFolder\pptv_wudouqiankun.exe
d:\favoritevideo\InvisibleFolder\pptv_xianxiaaoshi_3103.exe
d:\favoritevideo\InvisibleFolder\tipsbubble_1.1.1.4.dll
d:\favoritevideo\InvisibleFolder\tipsbubble_1.1.1.6.dll
d:\favoritevideo\InvisibleFolder\tipsclient_1.0.4.7.dll
d:\favoritevideo\InvisibleFolder\tipsclient_1.0.4.8.dll
d:\favoritevideo\InvisibleFolder\tipsclient_1.0.4.9.dll
d:\favoritevideo\InvisibleFolder\tipsclient_1.0.5.1.dll
d:\favoritevideo\InvisibleFolder\tipsdone(1.0.0.8).dll
d:\favoritevideo\InvisibleFolder\tipsflash_1.0.0.1.dll
F:\Autorun.inf
.
---- 早前运行的结果 -------
.
c:\program files (x86)\Coupon Companion Plugin\CoUPon companion plugin.dll
c:\programdata\Games.exe
c:\users\Jason\104.jpg
c:\users\Jason\105.jpg
c:\users\Jason\106.jpg
c:\users\Jason\107.jpg
c:\users\Jason\108.jpg
c:\users\Jason\109.jpg
c:\users\Jason\110.jpg
c:\users\Jason\111.jpg
c:\users\Jason\137.jpg
c:\users\Jason\138.jpg
c:\users\Jason\139.jpg
c:\users\Jason\140.jpg
c:\users\Jason\141.jpg
c:\users\Jason\142.jpg
c:\users\Jason\143.jpg
c:\users\Jason\144.jpg
c:\users\Jason\88.jpg
c:\users\Jason\89.jpg
c:\users\Jason\90.jpg
c:\users\Jason\91.jpg
c:\users\Jason\92.jpg
c:\users\Jason\93.jpg
c:\users\Jason\94.jpg
c:\users\Jason\95.jpg
c:\users\Jason\AppData\Roaming\360SE
.
.
(((((((((((((((((((((((((  2013-08-24 至 2013-09-24 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-09-24 06:07 . 2013-09-24 06:07 -------- d-----w- c:\users\Jason\AppData\Local\temp
2013-09-24 06:07 . 2013-09-24 06:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-24 05:28 . 2013-09-24 05:28 -------- d-----w- c:\windows\ERUNT
2013-09-24 03:53 . 2013-09-24 03:53 -------- d-----w- c:\program files\iPod
2013-09-24 03:53 . 2013-09-24 03:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 03:53 . 2013-09-24 03:54 -------- d-----w- c:\program files\iTunes
2013-09-24 03:53 . 2013-09-24 03:54 -------- d-----w- c:\program files (x86)\iTunes
2013-09-17 11:43 . 2013-09-17 12:02 -------- d-----w- c:\users\TEMP
2013-09-16 11:17 . 2013-09-16 11:29 -------- d-----w- c:\programdata\AVG2014
2013-09-16 10:09 . 2013-08-20 10:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24838CF9-5ED1-4543-8D92-8BC0E36E39E7}\mpengine.dll
2013-09-16 04:40 . 2013-09-24 05:03 -------- d-----w- c:\users\Jason Lee
2013-09-15 16:09 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-15 16:09 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-15 15:36 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-04 08:20 . 2013-09-04 08:20 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-08-31 06:10 . 2013-09-24 05:03 -------- d-----w- C:\AdwCleaner
2013-08-30 17:43 . 2013-09-18 05:59 -------- d-----w- c:\windows\rescache
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 11:41 . 2012-04-07 01:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-21 11:41 . 2011-05-20 22:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-15 15:50 . 2010-04-25 12:05 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 09:25 . 2013-08-23 09:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-23 09:08 . 2013-08-23 09:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-23 08:55 . 2013-08-23 08:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-23 08:54 . 2013-08-23 08:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-21 08:53 . 2013-08-21 08:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-07 14:22 . 2009-10-02 17:59 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 02:07 . 2013-08-02 02:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-02 02:06 . 2013-08-02 02:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-02 02:04 . 2013-08-02 02:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-02 01:48 . 2013-09-15 15:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-30 12:23 . 2013-07-30 12:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-30 12:23 . 2012-11-08 10:36 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-30 12:23 . 2010-06-01 10:32 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-25 09:25 . 2013-08-19 12:10 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-19 12:10 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-19 12:10 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-19 12:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-19 12:11 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-19 12:10 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-19 12:11 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-19 12:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-19 12:11 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-19 12:10 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-19 12:11 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-19 12:11 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-19 12:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-19 12:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-19 12:05 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-09 54576]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-03-11 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-03 274608]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [BU]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-27 4851248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 cpuz135;cpuz135;c:\users\Jason\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Jason\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jason\Desktop\RealTemp_370\WinRing0x64.sys;c:\users\Jason\Desktop\RealTemp_370\WinRing0x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe;c:\program files (x86)\SMINST\BLService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 11:15 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
 ‘计划任务’ 文件夹 里的内容
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:41]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16 07:43]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16 07:43]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725055034-1292167094-1678818747-1000Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 03:28]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725055034-1292167094-1678818747-1000UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 03:28]
.
2013-09-24 c:\windows\Tasks\HPCeeScheduleForJason Lee.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
2013-09-24 c:\windows\Tasks\HPCeeScheduleForJason.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Jason Lee\AppData\Roaming\Mozilla\Firefox\Profiles\1j4ozp63.default\
FF - ExtSQL: 2013-09-09 20:31; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4
FF - ExtSQL: 2013-09-15 21:39; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-LivingPlay - c:\program files (x86)\LivingPlay Games\lplayun.exe
AddRemove-QQMusic - c:\program files (x86)\Tencent\QQMusic\QQMusicUninst.exe
AddRemove-QQToolbar - c:\program files\Tencent\QQToolbar\SOSOToolbarUninst.exe
AddRemove-sl-dlc - c:\program files (x86)\OApps\sl-dlc_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2013-09-23  20:13:18
ComboFix-quarantined-files.txt  2013-09-24 06:13
.
Pre-Run: 46,646,202,368 bytes free
Post-Run: 46,034,685,952 bytes free
.
- - End Of File - - 2B1B9BF21400D23057AD637F5CF1373C
A36C5E4F47E84449FF07ED3517B43A31


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 24 September 2013 - 08:05 AM

Looking better.

Please run this security check for my review.

Let me know what problem remains.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#7 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 September 2013 - 12:47 PM

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Trojan Remover 6.8.2   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1) 
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 


#8 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 September 2013 - 12:49 PM

I notice i have this gui crash everytime i reboot and reload the computer profile.  Which makes the computer run slow at first until the gui crash and i shut it down then it runs more normal.  I will have to try and catch that crash next time I reboot and write it down.  



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 24 September 2013 - 01:06 PM

Delete the Mcafee...lnk from the Startup folder.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
===

Quoted from the Extra.txt file from the DDS run.

9/17/2013 7:09:57 PM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\tquery.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147753986). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary.

Run the SFC.EXE as suggested.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===

If the problem persists please run these tools.


Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#10 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 25 September 2013 - 08:33 AM

01:20:47.0710 6068  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:20:48.0504 6068  ============================================================
01:20:48.0505 6068  Current date / time: 2013/09/25 01:20:48.0504
01:20:48.0505 6068  SystemInfo:
01:20:48.0505 6068  
01:20:48.0505 6068  OS Version: 6.1.7601 ServicePack: 1.0
01:20:48.0505 6068  Product type: Workstation
01:20:48.0505 6068  ComputerName: JASON-LAPTOP
01:20:48.0506 6068  UserName: Jason Lee
01:20:48.0506 6068  Windows directory: C:\Windows
01:20:48.0506 6068  System windows directory: C:\Windows
01:20:48.0506 6068  Running under WOW64
01:20:48.0506 6068  Processor architecture: Intel x64
01:20:48.0506 6068  Number of processors: 2
01:20:48.0506 6068  Page size: 0x1000
01:20:48.0506 6068  Boot type: Normal boot
01:20:48.0506 6068  ============================================================
01:20:51.0014 6068  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:20:51.0020 6068  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:20:51.0022 6068  Drive \Device\Harddisk2\DR2 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x200, Cylinders: 0xE40, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:20:52.0936 6068  ============================================================
01:20:52.0936 6068  \Device\Harddisk0\DR0:
01:20:52.0940 6068  MBR partitions:
01:20:52.0940 6068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B9C800
01:20:52.0940 6068  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23B9D000, BlocksNum 0x1890000
01:20:52.0940 6068  \Device\Harddisk1\DR1:
01:20:52.0940 6068  MBR partitions:
01:20:52.0940 6068  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
01:20:52.0940 6068  \Device\Harddisk2\DR2:
01:20:52.0942 6068  MBR partitions:
01:20:52.0942 6068  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2738A, BlocksNum 0x37BCAB5
01:20:52.0942 6068  ============================================================
01:20:52.0967 6068  C: <-> \Device\Harddisk0\DR0\Partition1
01:20:53.0017 6068  D: <-> \Device\Harddisk0\DR0\Partition2
01:20:53.0031 6068  F: <-> \Device\Harddisk1\DR1\Partition1
01:20:53.0031 6068  ============================================================
01:20:53.0031 6068  Initialize success
01:20:53.0031 6068  ============================================================
01:21:02.0123 5248  ============================================================
01:21:02.0123 5248  Scan started
01:21:02.0123 5248  Mode: Manual; SigCheck; TDLFS; 
01:21:02.0123 5248  ============================================================
01:21:06.0930 5248  ================ Scan system memory ========================
01:21:06.0930 5248  System memory - ok
01:21:06.0930 5248  ================ Scan services =============================
01:21:07.0065 5248  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:21:07.0215 5248  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
01:21:07.0215 5248  !SASCORE - detected UnsignedFile.Multi.Generic (1)
01:21:07.0449 5248  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:21:07.0471 5248  1394ohci - ok
01:21:07.0505 5248  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:21:07.0526 5248  ACPI - ok
01:21:07.0559 5248  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:21:07.0601 5248  AcpiPmi - ok
01:21:08.0014 5248  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:21:08.0032 5248  AdobeARMservice - ok
01:21:08.0248 5248  [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:21:08.0268 5248  AdobeFlashPlayerUpdateSvc - ok
01:21:08.0343 5248  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:21:08.0371 5248  adp94xx - ok
01:21:08.0421 5248  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:21:08.0444 5248  adpahci - ok
01:21:08.0476 5248  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:21:08.0496 5248  adpu320 - ok
01:21:08.0553 5248  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:21:08.0695 5248  AeLookupSvc - ok
01:21:08.0777 5248  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:21:08.0882 5248  AFD - ok
01:21:08.0940 5248  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:21:08.0958 5248  agp440 - ok
01:21:09.0033 5248  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:21:09.0099 5248  ALG - ok
01:21:09.0142 5248  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:21:09.0159 5248  aliide - ok
01:21:09.0192 5248  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:21:09.0210 5248  amdide - ok
01:21:09.0280 5248  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:21:09.0319 5248  AmdK8 - ok
01:21:09.0335 5248  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:21:09.0383 5248  AmdPPM - ok
01:21:09.0437 5248  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:21:09.0456 5248  amdsata - ok
01:21:09.0478 5248  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:21:09.0500 5248  amdsbs - ok
01:21:09.0526 5248  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:21:09.0543 5248  amdxata - ok
01:21:09.0653 5248  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:21:09.0750 5248  AppID - ok
01:21:09.0788 5248  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:21:09.0869 5248  AppIDSvc - ok
01:21:09.0930 5248  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
01:21:10.0020 5248  Appinfo - ok
01:21:10.0129 5248  [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:21:10.0146 5248  Apple Mobile Device - ok
01:21:10.0234 5248  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:21:10.0252 5248  arc - ok
01:21:10.0272 5248  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:21:10.0291 5248  arcsas - ok
01:21:10.0331 5248  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:21:10.0395 5248  AsyncMac - ok
01:21:10.0442 5248  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:21:10.0457 5248  atapi - ok
01:21:10.0554 5248  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
01:21:10.0717 5248  athr - ok
01:21:10.0811 5248  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:21:10.0919 5248  AudioEndpointBuilder - ok
01:21:10.0954 5248  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:21:11.0001 5248  AudioSrv - ok
01:21:11.0076 5248  [ 877FC6E4E22218C1C1B1F41E63AC825A ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
01:21:11.0105 5248  Avgdiska - ok
01:21:11.0250 5248  [ F0EFB3F533DF6C153033211889023905 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
01:21:11.0377 5248  AVGIDSAgent - ok
01:21:11.0462 5248  [ 829A14AFA90D2CA821BAF49FF280CCC4 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
01:21:11.0481 5248  AVGIDSDriver - ok
01:21:11.0556 5248  [ BB49C8C604F1A1771ED25E7B9A1B6F43 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
01:21:11.0575 5248  AVGIDSHA - ok
01:21:11.0659 5248  [ 07F3EADE36F17AB8C1AF1BB4688C8242 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
01:21:11.0678 5248  Avgldx64 - ok
01:21:11.0766 5248  [ F9139BF79B4D64E84479942F9E3DAF99 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
01:21:11.0788 5248  Avgloga - ok
01:21:11.0871 5248  [ 4B459C2FCF22ECE548766B2FCF46F62C ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
01:21:11.0888 5248  Avgmfx64 - ok
01:21:12.0011 5248  [ B97B24A97F2DF22C459E87F4BED2E015 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
01:21:12.0026 5248  Avgrkx64 - ok
01:21:12.0123 5248  [ 4E364FABBD147F59E5D524C9EA86D772 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
01:21:12.0143 5248  Avgtdia - ok
01:21:12.0209 5248  [ 19781AE826FD0A14BE5B583408C6185F ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
01:21:12.0231 5248  avgwd - ok
01:21:12.0282 5248  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:21:12.0379 5248  AxInstSV - ok
01:21:12.0450 5248  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:21:12.0550 5248  b06bdrv - ok
01:21:12.0588 5248  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:21:12.0641 5248  b57nd60a - ok
01:21:12.0732 5248  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:21:12.0802 5248  BDESVC - ok
01:21:12.0820 5248  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:21:12.0878 5248  Beep - ok
01:21:13.0073 5248  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:21:13.0222 5248  BFE - ok
01:21:13.0261 5248  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
01:21:13.0505 5248  BITS - ok
01:21:13.0556 5248  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:21:13.0598 5248  blbdrive - ok
01:21:13.0660 5248  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:21:13.0684 5248  Bonjour Service - ok
01:21:13.0765 5248  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:21:13.0882 5248  bowser - ok
01:21:13.0955 5248  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:21:14.0017 5248  BrFiltLo - ok
01:21:14.0040 5248  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:21:14.0092 5248  BrFiltUp - ok
01:21:14.0155 5248  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
01:21:14.0222 5248  BridgeMP - ok
01:21:14.0305 5248  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:21:14.0363 5248  Browser - ok
01:21:14.0395 5248  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:21:14.0474 5248  Brserid - ok
01:21:14.0533 5248  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:21:14.0581 5248  BrSerWdm - ok
01:21:14.0644 5248  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:21:14.0690 5248  BrUsbMdm - ok
01:21:14.0715 5248  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:21:14.0763 5248  BrUsbSer - ok
01:21:14.0803 5248  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:21:14.0882 5248  BTHMODEM - ok
01:21:14.0989 5248  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:21:15.0072 5248  bthserv - ok
01:21:15.0133 5248  catchme - ok
01:21:15.0173 5248  [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL        C:\Windows\system32\DRIVERS\CAXHWAZL.sys
01:21:15.0232 5248  CAXHWAZL - ok
01:21:15.0263 5248  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:21:15.0327 5248  cdfs - ok
01:21:15.0381 5248  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:21:15.0403 5248  cdrom - ok
01:21:15.0472 5248  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:21:15.0537 5248  CertPropSvc - ok
01:21:15.0615 5248  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:21:15.0653 5248  circlass - ok
01:21:15.0707 5248  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:21:15.0731 5248  CLFS - ok
01:21:15.0878 5248  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:21:15.0894 5248  clr_optimization_v2.0.50727_32 - ok
01:21:16.0054 5248  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:21:16.0071 5248  clr_optimization_v2.0.50727_64 - ok
01:21:16.0132 5248  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:21:16.0165 5248  clr_optimization_v4.0.30319_32 - ok
01:21:16.0200 5248  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:21:16.0222 5248  clr_optimization_v4.0.30319_64 - ok
01:21:16.0287 5248  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:21:16.0305 5248  CmBatt - ok
01:21:16.0329 5248  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:21:16.0350 5248  cmdide - ok
01:21:16.0391 5248  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
01:21:16.0462 5248  CNG - ok
01:21:16.0533 5248  [ D760753A9B2489A317D722133CE67EFC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
01:21:16.0625 5248  CnxtHdAudService - ok
01:21:16.0777 5248  [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
01:21:16.0806 5248  Com4QLBEx - ok
01:21:16.0874 5248  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:21:16.0892 5248  Compbatt - ok
01:21:16.0930 5248  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:21:16.0953 5248  CompositeBus - ok
01:21:16.0969 5248  COMSysApp - ok
01:21:17.0179 5248  cpuz135 - ok
01:21:17.0245 5248  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:21:17.0263 5248  crcdisk - ok
01:21:17.0348 5248  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:21:17.0384 5248  CryptSvc - ok
01:21:17.0475 5248  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:21:17.0546 5248  DcomLaunch - ok
01:21:17.0698 5248  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:21:17.0786 5248  defragsvc - ok
01:21:17.0878 5248  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:21:17.0920 5248  DfsC - ok
01:21:18.0007 5248  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:21:18.0085 5248  Dhcp - ok
01:21:18.0157 5248  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:21:18.0214 5248  discache - ok
01:21:18.0253 5248  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:21:18.0270 5248  Disk - ok
01:21:18.0305 5248  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:21:18.0333 5248  Dnscache - ok
01:21:18.0418 5248  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:21:18.0464 5248  dot3svc - ok
01:21:18.0533 5248  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:21:18.0601 5248  DPS - ok
01:21:18.0677 5248  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:21:18.0697 5248  drmkaud - ok
01:21:18.0773 5248  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:21:18.0830 5248  DXGKrnl - ok
01:21:18.0894 5248  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:21:18.0938 5248  EapHost - ok
01:21:19.0062 5248  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:21:19.0249 5248  ebdrv - ok
01:21:19.0332 5248  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:21:19.0397 5248  EFS - ok
01:21:19.0536 5248  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:21:19.0624 5248  ehRecvr - ok
01:21:19.0689 5248  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:21:19.0766 5248  ehSched - ok
01:21:19.0836 5248  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:21:19.0865 5248  elxstor - ok
01:21:19.0909 5248  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:21:19.0927 5248  ErrDev - ok
01:21:20.0016 5248  [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard       C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
01:21:20.0031 5248  esgiguard - ok
01:21:20.0106 5248  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:21:20.0161 5248  EventSystem - ok
01:21:20.0286 5248  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:21:20.0336 5248  exfat - ok
01:21:20.0356 5248  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:21:20.0419 5248  fastfat - ok
01:21:20.0516 5248  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:21:20.0615 5248  Fax - ok
01:21:20.0681 5248  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:21:20.0726 5248  fdc - ok
01:21:20.0794 5248  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:21:20.0856 5248  fdPHost - ok
01:21:20.0883 5248  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:21:20.0948 5248  FDResPub - ok
01:21:20.0973 5248  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:21:20.0991 5248  FileInfo - ok
01:21:21.0010 5248  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:21:21.0053 5248  Filetrace - ok
01:21:21.0123 5248  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:21:21.0164 5248  flpydisk - ok
01:21:21.0228 5248  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:21:21.0250 5248  FltMgr - ok
01:21:21.0320 5248  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
01:21:21.0415 5248  FontCache - ok
01:21:21.0541 5248  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:21:21.0558 5248  FontCache3.0.0.0 - ok
01:21:21.0608 5248  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:21:21.0625 5248  FsDepends - ok
01:21:21.0689 5248  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:21:21.0707 5248  Fs_Rec - ok
01:21:21.0793 5248  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:21:21.0816 5248  fvevol - ok
01:21:21.0840 5248  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:21:21.0857 5248  gagp30kx - ok
01:21:22.0042 5248  [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
01:21:22.0060 5248  GameConsoleService - ok
01:21:22.0128 5248  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:21:22.0141 5248  GEARAspiWDM - ok
01:21:22.0216 5248  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:21:22.0313 5248  gpsvc - ok
01:21:22.0483 5248  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:21:22.0498 5248  gupdate - ok
01:21:22.0512 5248  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:21:22.0526 5248  gupdatem - ok
01:21:22.0588 5248  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:21:22.0698 5248  hcw85cir - ok
01:21:22.0733 5248  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:21:22.0754 5248  HDAudBus - ok
01:21:22.0776 5248  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:21:22.0807 5248  HidBatt - ok
01:21:22.0832 5248  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:21:22.0866 5248  HidBth - ok
01:21:22.0894 5248  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:21:22.0940 5248  HidIr - ok
01:21:22.0998 5248  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
01:21:23.0041 5248  hidserv - ok
01:21:23.0084 5248  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:21:23.0103 5248  HidUsb - ok
01:21:23.0168 5248  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:21:23.0234 5248  hkmsvc - ok
01:21:23.0288 5248  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:21:23.0510 5248  HomeGroupListener - ok
01:21:23.0684 5248  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:21:23.0830 5248  HomeGroupProvider - ok
01:21:23.0910 5248  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
01:21:23.0937 5248  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
01:21:23.0937 5248  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
01:21:24.0024 5248  [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
01:21:24.0110 5248  HpqKbFiltr - ok
01:21:24.0209 5248  [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
01:21:24.0227 5248  hpqwmiex - ok
01:21:24.0278 5248  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:21:24.0295 5248  HpSAMD - ok
01:21:24.0424 5248  [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
01:21:24.0478 5248  HsfXAudioService - ok
01:21:24.0540 5248  [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
01:21:24.0648 5248  HSF_DPV - ok
01:21:24.0744 5248  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:21:24.0816 5248  HTTP - ok
01:21:24.0865 5248  hwdatacard - ok
01:21:24.0939 5248  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:21:24.0956 5248  hwpolicy - ok
01:21:24.0974 5248  hwusbdev - ok
01:21:25.0002 5248  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:21:25.0021 5248  i8042prt - ok
01:21:25.0104 5248  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:21:25.0128 5248  iaStorV - ok
01:21:25.0240 5248  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:21:25.0419 5248  IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:21:25.0419 5248  IDriverT - detected UnsignedFile.Multi.Generic (1)
01:21:25.0556 5248  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:21:25.0600 5248  idsvc - ok
01:21:25.0883 5248  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
01:21:26.0223 5248  igfx - ok
01:21:26.0305 5248  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:21:26.0322 5248  iirsp - ok
01:21:26.0413 5248  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:21:26.0500 5248  IKEEXT - ok
01:21:26.0533 5248  [ BD37227C07179B1040A8896B9C0C146B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
01:21:26.0604 5248  IntcHdmiAddService - ok
01:21:26.0635 5248  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:21:26.0652 5248  intelide - ok
01:21:26.0724 5248  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:21:26.0742 5248  intelppm - ok
01:21:26.0811 5248  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:21:26.0855 5248  IPBusEnum - ok
01:21:26.0920 5248  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:21:26.0981 5248  IpFilterDriver - ok
01:21:27.0069 5248  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:21:27.0136 5248  iphlpsvc - ok
01:21:27.0167 5248  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:21:27.0205 5248  IPMIDRV - ok
01:21:27.0259 5248  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:21:27.0318 5248  IPNAT - ok
01:21:27.0408 5248  [ 71F993192EB04B2C4C80F2DEE9119229 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:21:27.0436 5248  iPod Service - ok
01:21:27.0510 5248  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:21:27.0609 5248  IRENUM - ok
01:21:27.0652 5248  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:21:27.0667 5248  isapnp - ok
01:21:27.0692 5248  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:21:27.0712 5248  iScsiPrt - ok
01:21:27.0792 5248  [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
01:21:27.0807 5248  ivusb - ok
01:21:27.0850 5248  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
01:21:27.0865 5248  kbdclass - ok
01:21:27.0885 5248  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:21:27.0903 5248  kbdhid - ok
01:21:27.0927 5248  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:21:27.0947 5248  KeyIso - ok
01:21:28.0017 5248  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:21:28.0036 5248  KSecDD - ok
01:21:28.0061 5248  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:21:28.0081 5248  KSecPkg - ok
01:21:28.0149 5248  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:21:28.0192 5248  ksthunk - ok
01:21:28.0246 5248  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:21:28.0322 5248  KtmRm - ok
01:21:28.0423 5248  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
01:21:28.0492 5248  LanmanServer - ok
01:21:28.0561 5248  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:21:28.0624 5248  LanmanWorkstation - ok
01:21:28.0704 5248  [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:21:28.0733 5248  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
01:21:28.0733 5248  LightScribeService - detected UnsignedFile.Multi.Generic (1)
01:21:28.0829 5248  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:21:28.0949 5248  lltdio - ok
01:21:29.0010 5248  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:21:29.0071 5248  lltdsvc - ok
01:21:29.0105 5248  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:21:29.0148 5248  lmhosts - ok
01:21:29.0180 5248  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:21:29.0199 5248  LSI_FC - ok
01:21:29.0251 5248  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:21:29.0273 5248  LSI_SAS - ok
01:21:29.0296 5248  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:21:29.0314 5248  LSI_SAS2 - ok
01:21:29.0334 5248  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:21:29.0353 5248  LSI_SCSI - ok
01:21:29.0373 5248  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:21:29.0419 5248  luafv - ok
01:21:29.0487 5248  [ 0F8FE97E6B8F4566518469A1A9738C6D ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
01:21:29.0503 5248  McAfee SiteAdvisor Service - ok
01:21:29.0749 5248  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
01:21:29.0816 5248  McComponentHostService - ok
01:21:29.0957 5248  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:21:29.0996 5248  Mcx2Svc - ok
01:21:30.0062 5248  [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
01:21:30.0127 5248  mdmxsdk - ok
01:21:30.0164 5248  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:21:30.0182 5248  megasas - ok
01:21:30.0212 5248  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:21:30.0235 5248  MegaSR - ok
01:21:30.0301 5248  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:21:30.0371 5248  MMCSS - ok
01:21:30.0405 5248  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:21:30.0449 5248  Modem - ok
01:21:30.0465 5248  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:21:30.0486 5248  monitor - ok
01:21:30.0509 5248  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:21:30.0525 5248  mouclass - ok
01:21:30.0543 5248  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:21:30.0562 5248  mouhid - ok
01:21:30.0628 5248  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:21:30.0646 5248  mountmgr - ok
01:21:30.0712 5248  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:21:30.0730 5248  MozillaMaintenance - ok
01:21:30.0765 5248  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:21:30.0782 5248  mpio - ok
01:21:30.0837 5248  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:21:30.0880 5248  mpsdrv - ok
01:21:30.0961 5248  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:21:31.0049 5248  MpsSvc - ok
01:21:31.0106 5248  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:21:31.0133 5248  MRxDAV - ok
01:21:31.0175 5248  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:21:31.0228 5248  mrxsmb - ok
01:21:31.0325 5248  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:21:31.0367 5248  mrxsmb10 - ok
01:21:31.0402 5248  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:21:31.0426 5248  mrxsmb20 - ok
01:21:31.0443 5248  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:21:31.0461 5248  msahci - ok
01:21:31.0492 5248  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:21:31.0509 5248  msdsm - ok
01:21:31.0582 5248  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:21:31.0616 5248  MSDTC - ok
01:21:31.0710 5248  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:21:31.0754 5248  Msfs - ok
01:21:31.0776 5248  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:21:31.0833 5248  mshidkmdf - ok
01:21:31.0871 5248  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:21:31.0886 5248  msisadrv - ok
01:21:31.0961 5248  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:21:32.0024 5248  MSiSCSI - ok
01:21:32.0030 5248  msiserver - ok
01:21:32.0119 5248  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:21:32.0162 5248  MSKSSRV - ok
01:21:32.0198 5248  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:21:32.0255 5248  MSPCLOCK - ok
01:21:32.0280 5248  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:21:32.0344 5248  MSPQM - ok
01:21:32.0413 5248  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:21:32.0437 5248  MsRPC - ok
01:21:32.0471 5248  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:21:32.0487 5248  mssmbios - ok
01:21:32.0561 5248  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:21:32.0604 5248  MSTEE - ok
01:21:32.0624 5248  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:21:32.0657 5248  MTConfig - ok
01:21:32.0675 5248  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:21:32.0692 5248  Mup - ok
01:21:32.0764 5248  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:21:32.0833 5248  napagent - ok
01:21:32.0869 5248  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:21:32.0922 5248  NativeWifiP - ok
01:21:32.0994 5248  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:21:33.0042 5248  NDIS - ok
01:21:33.0072 5248  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:21:33.0127 5248  NdisCap - ok
01:21:33.0164 5248  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:21:33.0229 5248  NdisTapi - ok
01:21:33.0287 5248  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:21:33.0329 5248  Ndisuio - ok
01:21:33.0404 5248  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:21:33.0450 5248  NdisWan - ok
01:21:33.0538 5248  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:21:33.0630 5248  NDProxy - ok
01:21:33.0710 5248  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:21:33.0766 5248  NetBIOS - ok
01:21:33.0830 5248  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:21:33.0897 5248  NetBT - ok
01:21:33.0924 5248  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:21:33.0943 5248  Netlogon - ok
01:21:34.0026 5248  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:21:34.0096 5248  Netman - ok
01:21:34.0140 5248  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:21:34.0215 5248  netprofm - ok
01:21:34.0263 5248  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:21:34.0280 5248  NetTcpPortSharing - ok
01:21:34.0366 5248  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:21:34.0384 5248  nfrd960 - ok
01:21:34.0410 5248  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:21:34.0436 5248  NlaSvc - ok
01:21:34.0456 5248  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:21:34.0526 5248  Npfs - ok
01:21:34.0576 5248  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:21:34.0620 5248  nsi - ok
01:21:34.0636 5248  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:21:34.0701 5248  nsiproxy - ok
01:21:34.0798 5248  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:21:34.0875 5248  Ntfs - ok
01:21:34.0891 5248  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:21:34.0950 5248  Null - ok
01:21:35.0025 5248  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:21:35.0044 5248  nvraid - ok
01:21:35.0071 5248  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:21:35.0090 5248  nvstor - ok
01:21:35.0130 5248  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:21:35.0149 5248  nv_agp - ok
01:21:35.0292 5248  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:21:35.0316 5248  odserv - ok
01:21:35.0349 5248  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:21:35.0369 5248  ohci1394 - ok
01:21:35.0408 5248  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:21:35.0425 5248  ose - ok
01:21:35.0486 5248  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:21:35.0570 5248  p2pimsvc - ok
01:21:35.0592 5248  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:21:35.0635 5248  p2psvc - ok
01:21:35.0701 5248  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:21:35.0733 5248  Parport - ok
01:21:35.0800 5248  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:21:35.0817 5248  partmgr - ok
01:21:35.0831 5248  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:21:35.0859 5248  PcaSvc - ok
01:21:35.0880 5248  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:21:35.0899 5248  pci - ok
01:21:35.0929 5248  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:21:35.0945 5248  pciide - ok
01:21:35.0968 5248  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:21:35.0989 5248  pcmcia - ok
01:21:36.0008 5248  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:21:36.0026 5248  pcw - ok
01:21:36.0053 5248  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:21:36.0106 5248  PEAUTH - ok
01:21:36.0170 5248  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:21:36.0190 5248  PerfHost - ok
01:21:36.0287 5248  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:21:36.0391 5248  pla - ok
01:21:36.0456 5248  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:21:36.0519 5248  PlugPlay - ok
01:21:36.0583 5248  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:21:36.0622 5248  PNRPAutoReg - ok
01:21:36.0653 5248  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:21:36.0675 5248  PNRPsvc - ok
01:21:36.0749 5248  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:21:36.0811 5248  PolicyAgent - ok
01:21:36.0878 5248  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:21:36.0924 5248  Power - ok
01:21:37.0000 5248  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:21:37.0063 5248  PptpMiniport - ok
01:21:37.0112 5248  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:21:37.0199 5248  Processor - ok
01:21:37.0261 5248  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:21:37.0294 5248  ProfSvc - ok
01:21:37.0303 5248  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:21:37.0322 5248  ProtectedStorage - ok
01:21:37.0398 5248  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:21:37.0458 5248  Psched - ok
01:21:37.0522 5248  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:21:37.0598 5248  ql2300 - ok
01:21:37.0688 5248  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:21:37.0708 5248  ql40xx - ok
01:21:37.0771 5248  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:21:37.0800 5248  QWAVE - ok
01:21:37.0816 5248  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:21:37.0853 5248  QWAVEdrv - ok
01:21:37.0874 5248  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:21:37.0926 5248  RasAcd - ok
01:21:38.0001 5248  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:21:38.0065 5248  RasAgileVpn - ok
01:21:38.0093 5248  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:21:38.0161 5248  RasAuto - ok
01:21:38.0224 5248  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:21:38.0283 5248  Rasl2tp - ok
01:21:38.0366 5248  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:21:38.0414 5248  RasMan - ok
01:21:38.0479 5248  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:21:38.0524 5248  RasPppoe - ok
01:21:38.0543 5248  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:21:38.0606 5248  RasSstp - ok
01:21:38.0674 5248  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:21:38.0743 5248  rdbss - ok
01:21:38.0769 5248  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:21:38.0807 5248  rdpbus - ok
01:21:38.0844 5248  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:21:38.0902 5248  RDPCDD - ok
01:21:38.0928 5248  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:21:38.0990 5248  RDPENCDD - ok
01:21:39.0017 5248  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:21:39.0060 5248  RDPREFMP - ok
01:21:39.0118 5248  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:21:39.0145 5248  RdpVideoMiniport - ok
01:21:39.0210 5248  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:21:39.0284 5248  RDPWD - ok
01:21:39.0367 5248  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:21:39.0387 5248  rdyboost - ok
01:21:39.0481 5248  [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
01:21:39.0502 5248  Recovery Service for Windows - ok
01:21:39.0573 5248  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:21:39.0650 5248  RemoteAccess - ok
01:21:39.0735 5248  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:21:39.0842 5248  RemoteRegistry - ok
01:21:40.0007 5248  [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
01:21:40.0018 5248  RichVideo ( UnsignedFile.Multi.Generic ) - warning
01:21:40.0019 5248  RichVideo - detected UnsignedFile.Multi.Generic (1)
01:21:40.0033 5248  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:21:40.0095 5248  RpcEptMapper - ok
01:21:40.0153 5248  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:21:40.0199 5248  RpcLocator - ok
01:21:40.0254 5248  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:21:40.0305 5248  RpcSs - ok
01:21:40.0386 5248  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:21:40.0475 5248  rspndr - ok
01:21:40.0534 5248  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
01:21:40.0611 5248  RTL8167 - ok
01:21:40.0678 5248  [ 170A66DFAAA22358E08D6F4B38C8F3DF ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
01:21:40.0751 5248  RTL8169 - ok
01:21:40.0762 5248  [ 6E19E2FCDBA52C53EA2727B767DE4175 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
01:21:40.0854 5248  RTSTOR - ok
01:21:40.0880 5248  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:21:40.0898 5248  SamSs - ok
01:21:40.0967 5248  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:21:40.0981 5248  SASDIFSV - ok
01:21:40.0999 5248  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:21:41.0013 5248  SASKUTIL - ok
01:21:41.0041 5248  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:21:41.0060 5248  sbp2port - ok
01:21:41.0130 5248  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:21:41.0198 5248  SCardSvr - ok
01:21:41.0253 5248  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:21:41.0311 5248  scfilter - ok
01:21:41.0414 5248  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:21:41.0520 5248  Schedule - ok
01:21:41.0576 5248  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:21:41.0617 5248  SCPolicySvc - ok
01:21:41.0680 5248  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:21:41.0711 5248  SDRSVC - ok
01:21:41.0787 5248  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:21:41.0863 5248  secdrv - ok
01:21:41.0925 5248  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:21:41.0979 5248  seclogon - ok
01:21:42.0036 5248  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
01:21:42.0081 5248  SENS - ok
01:21:42.0091 5248  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:21:42.0160 5248  SensrSvc - ok
01:21:42.0184 5248  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:21:42.0228 5248  Serenum - ok
01:21:42.0321 5248  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:21:42.0363 5248  Serial - ok
01:21:42.0402 5248  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:21:42.0420 5248  sermouse - ok
01:21:42.0494 5248  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:21:42.0558 5248  SessionEnv - ok
01:21:42.0593 5248  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:21:42.0611 5248  sffdisk - ok
01:21:42.0626 5248  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:21:42.0644 5248  sffp_mmc - ok
01:21:42.0663 5248  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:21:42.0684 5248  sffp_sd - ok
01:21:42.0733 5248  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:21:42.0779 5248  sfloppy - ok
01:21:42.0873 5248  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:21:42.0922 5248  SharedAccess - ok
01:21:42.0995 5248  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:21:43.0062 5248  ShellHWDetection - ok
01:21:43.0149 5248  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:21:43.0167 5248  SiSRaid2 - ok
01:21:43.0192 5248  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:21:43.0210 5248  SiSRaid4 - ok
01:21:43.0238 5248  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:21:43.0305 5248  Smb - ok
01:21:43.0395 5248  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:21:43.0416 5248  SNMPTRAP - ok
01:21:43.0501 5248  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
01:21:43.0518 5248  speedfan - ok
01:21:43.0573 5248  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:21:43.0590 5248  spldr - ok
01:21:43.0667 5248  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:21:43.0710 5248  Spooler - ok
01:21:43.0836 5248  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:21:43.0998 5248  sppsvc - ok
01:21:44.0026 5248  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:21:44.0102 5248  sppuinotify - ok
01:21:44.0148 5248  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:21:44.0234 5248  srv - ok
01:21:44.0261 5248  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:21:44.0287 5248  srv2 - ok
01:21:44.0305 5248  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:21:44.0353 5248  srvnet - ok
01:21:44.0448 5248  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:21:44.0513 5248  SSDPSRV - ok
01:21:44.0541 5248  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:21:44.0587 5248  SstpSvc - ok
01:21:44.0651 5248  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:21:44.0668 5248  stexstor - ok
01:21:44.0753 5248  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:21:44.0805 5248  stisvc - ok
01:21:44.0840 5248  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:21:44.0857 5248  swenum - ok
01:21:44.0947 5248  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:21:45.0018 5248  swprv - ok
01:21:45.0112 5248  [ E33B57C4AA60288E9971277D88CE9B67 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:21:45.0135 5248  SynTP - ok
01:21:45.0238 5248  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:21:45.0317 5248  SysMain - ok
01:21:45.0397 5248  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:21:45.0447 5248  TabletInputService - ok
01:21:45.0533 5248  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:21:45.0603 5248  TapiSrv - ok
01:21:45.0684 5248  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:21:45.0731 5248  TBS - ok
01:21:45.0850 5248  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:21:45.0973 5248  Tcpip - ok
01:21:46.0070 5248  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:21:46.0118 5248  TCPIP6 - ok
01:21:46.0203 5248  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:21:46.0284 5248  tcpipreg - ok
01:21:46.0374 5248  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:21:46.0474 5248  TDPIPE - ok
01:21:46.0545 5248  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:21:46.0612 5248  TDTCP - ok
01:21:46.0676 5248  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:21:46.0741 5248  tdx - ok
01:21:46.0800 5248  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:21:46.0816 5248  TermDD - ok
01:21:46.0899 5248  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:21:46.0964 5248  TermService - ok
01:21:47.0032 5248  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:21:47.0079 5248  Themes - ok
01:21:47.0105 5248  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:21:47.0148 5248  THREADORDER - ok
01:21:47.0166 5248  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:21:47.0230 5248  TrkWks - ok
01:21:47.0339 5248  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:21:47.0383 5248  TrustedInstaller - ok
01:21:47.0454 5248  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:21:47.0521 5248  tssecsrv - ok
01:21:47.0558 5248  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:21:47.0626 5248  TsUsbFlt - ok
01:21:47.0708 5248  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:21:47.0780 5248  tunnel - ok
01:21:47.0837 5248  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:21:47.0857 5248  uagp35 - ok
01:21:47.0920 5248  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:21:47.0983 5248  udfs - ok
01:21:48.0052 5248  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:21:48.0073 5248  UI0Detect - ok
01:21:48.0106 5248  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:21:48.0125 5248  uliagpkx - ok
01:21:48.0169 5248  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:21:48.0188 5248  umbus - ok
01:21:48.0250 5248  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:21:48.0283 5248  UmPass - ok
01:21:48.0359 5248  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:21:48.0410 5248  upnphost - ok
01:21:48.0470 5248  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
01:21:48.0590 5248  USBAAPL64 - ok
01:21:48.0658 5248  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:21:48.0676 5248  usbccgp - ok
01:21:48.0708 5248  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:21:48.0744 5248  usbcir - ok
01:21:48.0759 5248  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:21:48.0776 5248  usbehci - ok
01:21:48.0814 5248  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:21:48.0835 5248  usbhub - ok
01:21:48.0853 5248  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:21:48.0870 5248  usbohci - ok
01:21:48.0932 5248  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:21:48.0982 5248  usbprint - ok
01:21:49.0008 5248  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:21:49.0026 5248  USBSTOR - ok
01:21:49.0045 5248  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:21:49.0081 5248  usbuhci - ok
01:21:49.0116 5248  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
01:21:49.0139 5248  usbvideo - ok
01:21:49.0201 5248  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:21:49.0265 5248  UxSms - ok
01:21:49.0287 5248  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:21:49.0305 5248  VaultSvc - ok
01:21:49.0343 5248  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:21:49.0361 5248  vdrvroot - ok
01:21:49.0443 5248  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:21:49.0509 5248  vds - ok
01:21:49.0561 5248  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:21:49.0593 5248  vga - ok
01:21:49.0613 5248  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:21:49.0673 5248  VgaSave - ok
01:21:49.0724 5248  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:21:49.0742 5248  vhdmp - ok
01:21:49.0774 5248  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:21:49.0791 5248  viaide - ok
01:21:49.0818 5248  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:21:49.0835 5248  volmgr - ok
01:21:49.0909 5248  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:21:49.0932 5248  volmgrx - ok
01:21:49.0956 5248  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:21:49.0977 5248  volsnap - ok
01:21:50.0047 5248  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:21:50.0067 5248  vsmraid - ok
01:21:50.0165 5248  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:21:50.0281 5248  VSS - ok
01:21:50.0324 5248  vToolbarUpdater15.5.0 - ok
01:21:50.0342 5248  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:21:50.0382 5248  vwifibus - ok
01:21:50.0406 5248  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:21:50.0452 5248  vwififlt - ok
01:21:50.0514 5248  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:21:50.0564 5248  W32Time - ok
01:21:50.0633 5248  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:21:50.0684 5248  WacomPen - ok
01:21:50.0772 5248  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:21:50.0830 5248  WANARP - ok
01:21:50.0860 5248  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:21:50.0902 5248  Wanarpv6 - ok
01:21:50.0976 5248  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
01:21:51.0038 5248  WatAdminSvc - ok
01:21:51.0126 5248  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:21:51.0228 5248  wbengine - ok
01:21:51.0302 5248  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:21:51.0330 5248  WbioSrvc - ok
01:21:51.0399 5248  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:21:51.0430 5248  wcncsvc - ok
01:21:51.0444 5248  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:21:51.0477 5248  WcsPlugInService - ok
01:21:51.0548 5248  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:21:51.0565 5248  Wd - ok
01:21:51.0632 5248  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
01:21:51.0659 5248  WDC_SAM - ok
01:21:51.0749 5248  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:21:51.0795 5248  Wdf01000 - ok
01:21:51.0869 5248  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:21:51.0946 5248  WdiServiceHost - ok
01:21:51.0952 5248  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:21:51.0977 5248  WdiSystemHost - ok
01:21:52.0051 5248  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:21:52.0099 5248  WebClient - ok
01:21:52.0124 5248  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:21:52.0196 5248  Wecsvc - ok
01:21:52.0229 5248  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:21:52.0275 5248  wercplsupport - ok
01:21:52.0299 5248  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:21:52.0370 5248  WerSvc - ok
01:21:52.0457 5248  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:21:52.0501 5248  WfpLwf - ok
01:21:52.0521 5248  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:21:52.0538 5248  WIMMount - ok
01:21:52.0580 5248  [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
01:21:52.0659 5248  winachsf - ok
01:21:52.0719 5248  WinDefend - ok
01:21:52.0727 5248  WinHttpAutoProxySvc - ok
01:21:52.0862 5248  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:21:52.0926 5248  Winmgmt - ok
01:21:53.0100 5248  WinRing0_1_2_0 - ok
01:21:53.0199 5248  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:21:53.0298 5248  WinRM - ok
01:21:53.0351 5248  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:21:53.0371 5248  WinUsb - ok
01:21:53.0458 5248  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:21:53.0511 5248  Wlansvc - ok
01:21:53.0627 5248  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:21:53.0735 5248  wlidsvc - ok
01:21:53.0769 5248  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:21:53.0803 5248  WmiAcpi - ok
01:21:53.0959 5248  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:21:54.0002 5248  wmiApSrv - ok
01:21:54.0089 5248  WMPNetworkSvc - ok
01:21:54.0153 5248  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:21:54.0248 5248  WPCSvc - ok
01:21:54.0320 5248  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:21:54.0354 5248  WPDBusEnum - ok
01:21:54.0418 5248  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:21:54.0460 5248  ws2ifsl - ok
01:21:54.0478 5248  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
01:21:54.0524 5248  wscsvc - ok
01:21:54.0530 5248  WSearch - ok
01:21:54.0645 5248  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:21:54.0739 5248  wuauserv - ok
01:21:54.0807 5248  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:21:54.0874 5248  WudfPf - ok
01:21:54.0956 5248  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:21:55.0007 5248  WUDFRd - ok
01:21:55.0054 5248  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:21:55.0110 5248  wudfsvc - ok
01:21:55.0167 5248  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:21:55.0237 5248  WwanSvc - ok
01:21:55.0258 5248  [ E8F3FA126A06F8E7088F63757112A186 ] XAudio          C:\Windows\system32\DRIVERS\xaudio64.sys
01:21:55.0274 5248  XAudio - ok
01:21:55.0307 5248  ================ Scan global ===============================
01:21:55.0375 5248  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:21:55.0449 5248  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
01:21:55.0460 5248  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
01:21:55.0529 5248  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:21:55.0607 5248  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:21:55.0613 5248  [Global] - ok
01:21:55.0614 5248  ================ Scan MBR ==================================
01:21:55.0627 5248  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:21:55.0955 5248  \Device\Harddisk0\DR0 - ok
01:21:56.0194 5248  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
01:21:57.0373 5248  \Device\Harddisk1\DR1 - ok
01:21:59.0286 5248  [ 05404C716E13F5B794CD701E1B582078 ] \Device\Harddisk2\DR2
01:22:08.0526 5248  \Device\Harddisk2\DR2 - ok
01:22:08.0527 5248  ================ Scan VBR ==================================
01:22:08.0531 5248  [ FB3B9ABAEB569FBBDF9830A65A137F04 ] \Device\Harddisk0\DR0\Partition1
01:22:08.0532 5248  \Device\Harddisk0\DR0\Partition1 - ok
01:22:08.0897 5248  [ 0157E6582DD1734FFFDE6726E55C2EDD ] \Device\Harddisk0\DR0\Partition2
01:22:08.0942 5248  \Device\Harddisk0\DR0\Partition2 - ok
01:22:08.0947 5248  [ 8D74919D83BF133981F693120EB526E4 ] \Device\Harddisk1\DR1\Partition1
01:22:08.0974 5248  \Device\Harddisk1\DR1\Partition1 - ok
01:22:08.0989 5248  [ EF79F58EF3E5DBF99EF25130624E5558 ] \Device\Harddisk2\DR2\Partition1
01:22:08.0991 5248  \Device\Harddisk2\DR2\Partition1 - ok
01:22:08.0992 5248  ============================================================
01:22:08.0992 5248  Scan finished
01:22:08.0992 5248  ============================================================
01:22:09.0143 1092  Detected object count: 5
01:22:09.0143 1092  Actual detected object count: 5
03:32:12.0158 1092  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:12.0158 1092  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:32:12.0163 1092  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:12.0163 1092  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:32:12.0165 1092  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:12.0165 1092  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:32:12.0168 1092  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:12.0168 1092  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:32:12.0171 1092  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:12.0171 1092  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:32:22.0623 0216  Deinitialize success

Edited by Jason9394, 25 September 2013 - 09:59 AM.


#11 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 25 September 2013 - 10:02 AM

Finished scanning and attached file as txt because it did not allow to attach as rar file.   Not sure why.  Let me know if i have to redo it.  Thanks!

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 25 September 2013 - 10:29 AM

You previously had McAfee program installed on this computer.

Please download the uninstaller tool for the version you had.
Run it and let me know if the problem persists.

Download the your product removal tools from this site and run it.
List of anti-malware product removal tools

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/list-of-anti-malware-product-removal-tools/407bf6da-c05d-4546-8788-0aa4c25a1f91

#13 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 September 2013 - 06:41 AM

I uninstalled everything McAfee I can find.  Next boot up i had an error from my AVG Antivirus scan.  "Unspecified error occurred in the following AVG components: avgui.exe,  Would you like to send an error report to AVG?"  To which I said yes and then hit the "fix" button on AVG interface to restore the web browsing protect that probably did not load correctly.  I am still monitoring anything else that is abnormal.  



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 27 September 2013 - 08:45 AM

Keep me posted.

#15 Jason9394

Jason9394
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 29 September 2013 - 06:54 PM

I just got a popup window saying this "You may be a victim of software counterfeiting.  To use all microsoft windows features, such as all updates from windows update: get the latest updates; and receive product support, your copy of Microsoft Windows must be validated as genuine"  then there is a link to go online and resolve now.  I just hit the X on the upper right as this may be a popup virus.  Is this anything to be of concerned about?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users