Jump to content

Trojan Dropper BCMiner


Recommended Posts

Hi there. MBAM found a trojan in Windows installer yesterday and deleted it. Restarted and everything. 8 minutes later I was infected again. Chrome has been hijacked (not sure about other browsers) and when I tried to get my email reg from this site my email account had been used to send spam. Um, plaese help!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Sami at 12:33:12 on 2012-05-30

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1062 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Overwolf\Overwolf.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=17

uSearch Bar = Preserve

uInternet Settings,ProxyServer = http=127.0.0.1:53899

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

uRun: [Google Update] "C:\Users\Sami\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D8B6452D-0957-4D34-885D-54B39BF6B603} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D8B6452D-0957-4D34-885D-54B39BF6B603}\3596D62616 : DhcpNameServer = 10.0.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO-X64: uTorrentBar - No File

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-11 654408]

R2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-5 1153368]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-5-14 18360]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-05-29 18:19:22 16200 ----a-w- C:\Windows\stinger.sys

2012-05-29 18:18:37 -------- d-----w- C:\Program Files (x86)\stinger

2012-05-29 03:31:56 -------- d-----w- C:\Users\Sami\AppData\Roaming\Orneon

2012-05-28 21:38:14 -------- d-----w- C:\Windows\System32\SPReview

2012-05-28 05:34:27 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-05-28 05:27:07 -------- d-----w- C:\Users\Sami\AppData\Roaming\Dark Dimensions - Wax Beauty Strategy Guide

2012-05-28 05:22:29 -------- d-----w- C:\Users\Sami\AppData\Roaming\Eipix

2012-05-27 23:34:31 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA148176-3F26-4739-9F0D-BD3B9430579F}\mpengine.dll

2012-05-26 19:33:14 -------- d-----w- C:\Users\Sami\AppData\Roaming\Octoshape

2012-05-26 18:09:34 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-24 04:08:36 -------- d-----w- C:\Users\Sami\AppData\Roaming\Friday's games

2012-05-24 04:03:12 -------- d-----w- C:\Program Files (x86)\Tiger Games

2012-05-23 01:12:06 -------- d-----w- C:\Windows\SysWow64\2080

2012-05-22 03:47:31 -------- d-----w- C:\Users\Sami\AppData\Roaming\SkyGoblin

2012-05-22 03:43:14 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-22 03:43:14 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-22 03:43:14 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-22 03:43:14 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-05-22 03:43:14 -------- d-----w- C:\Program Files (x86)\OpenAL

2012-05-22 03:41:26 -------- d-----w- C:\ProgramData\JustAdventure

2012-05-22 03:26:59 -------- d-----w- C:\Program Files (x86)\directx

2012-05-16 01:12:05 -------- d-----w- C:\Windows\SysWow64\1080

2012-05-15 05:37:53 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf

2012-05-15 05:37:52 -------- d-----w- C:\Program Files (x86)\Overwolf

2012-05-15 05:36:17 -------- d-----w- C:\Users\Sami\AppData\Local\Overwolf

2012-05-15 05:14:44 -------- d-----w- C:\Program Files (x86)\Runes of Magic

2012-05-15 03:11:30 -------- d-----w- C:\Users\Sami\AppData\Roaming\FOG Downloader

2012-05-11 23:46:05 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-11 23:46:04 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-05-11 23:46:04 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-05-11 23:46:04 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-05-11 23:46:04 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-05-11 23:46:04 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-11 23:46:03 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-05-11 23:46:03 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-05-11 23:46:03 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-05-11 23:46:03 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-05-11 23:45:20 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-11 23:45:17 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-11 23:45:16 3143680 ----a-w- C:\Windows\System32\win32k.sys

2012-05-11 23:45:15 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-11 23:45:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-11 23:45:11 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-11 23:45:07 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 23:45:06 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:47:54 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2012-05-10 02:47:50 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2012-05-09 01:12:08 -------- d-----w- C:\Windows\SysWow64\3013

2012-05-06 04:18:12 -------- d-----w- C:\Users\Sami\AppData\Roaming\LegacyGames

2012-05-05 15:49:21 -------- d-----w- C:\Users\Sami\AppData\Roaming\Black Sea Studios

2012-05-05 14:10:54 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-05-05 14:10:51 -------- d-----w- C:\Program Files (x86)\Steam

2012-05-02 01:12:05 -------- d-----w- C:\Windows\SysWow64\2046

2012-05-01 06:15:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

.

==================== Find3M ====================

.

2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-03-07 05:39:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-06 04:21:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 12:35:06.35 ===============

Do you want Attach.txt as well?

This thing has me ripping my hair out. I looked at the properties of the file and found a previous version tucked into a restore point, too. Any help is greatly appreciated, thank you

Link to post
Share on other sites

Ahem. :blush:

13:50:44.0138 2636 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

13:50:44.0697 2636 ============================================================

13:50:44.0697 2636 Current date / time: 2012/05/30 13:50:44.0697

13:50:44.0697 2636 SystemInfo:

13:50:44.0697 2636

13:50:44.0697 2636 OS Version: 6.1.7600 ServicePack: 0.0

13:50:44.0697 2636 Product type: Workstation

13:50:44.0697 2636 ComputerName: SAMI-HP

13:50:44.0697 2636 UserName: Sami

13:50:44.0697 2636 Windows directory: C:\Windows

13:50:44.0697 2636 System windows directory: C:\Windows

13:50:44.0697 2636 Running under WOW64

13:50:44.0697 2636 Processor architecture: Intel x64

13:50:44.0697 2636 Number of processors: 2

13:50:44.0697 2636 Page size: 0x1000

13:50:44.0697 2636 Boot type: Normal boot

13:50:44.0697 2636 ============================================================

13:50:45.0923 2636 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:50:45.0927 2636 ============================================================

13:50:45.0927 2636 \Device\Harddisk0\DR0:

13:50:45.0927 2636 MBR partitions:

13:50:45.0928 2636 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

13:50:45.0928 2636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x230E5800

13:50:45.0928 2636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23149800, BlocksNum 0x22B1000

13:50:45.0928 2636 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

13:50:45.0928 2636 ============================================================

13:50:45.0962 2636 C: <-> \Device\Harddisk0\DR0\Partition1

13:50:45.0999 2636 D: <-> \Device\Harddisk0\DR0\Partition2

13:50:45.0999 2636 ============================================================

13:50:45.0999 2636 Initialize success

13:50:45.0999 2636 ============================================================

13:51:02.0788 4492 ============================================================

13:51:02.0788 4492 Scan started

13:51:02.0788 4492 Mode: Manual; SigCheck; TDLFS;

13:51:02.0788 4492 ============================================================

13:51:04.0404 4492 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

13:51:04.0591 4492 1394ohci - ok

13:51:04.0638 4492 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

13:51:04.0654 4492 ACPI - ok

13:51:04.0700 4492 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

13:51:04.0778 4492 AcpiPmi - ok

13:51:04.0864 4492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:51:04.0882 4492 adp94xx - ok

13:51:04.0943 4492 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:51:04.0959 4492 adpahci - ok

13:51:04.0976 4492 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:51:04.0990 4492 adpu320 - ok

13:51:05.0026 4492 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:51:05.0154 4492 AeLookupSvc - ok

13:51:05.0221 4492 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

13:51:05.0241 4492 AERTFilters - ok

13:51:05.0307 4492 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

13:51:05.0383 4492 AFD - ok

13:51:05.0432 4492 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

13:51:05.0447 4492 agp440 - ok

13:51:05.0480 4492 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:51:05.0530 4492 ALG - ok

13:51:05.0546 4492 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

13:51:05.0558 4492 aliide - ok

13:51:05.0618 4492 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe

13:51:05.0690 4492 AMD External Events Utility - ok

13:51:05.0709 4492 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

13:51:05.0719 4492 amdide - ok

13:51:05.0737 4492 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:51:05.0780 4492 AmdK8 - ok

13:51:06.0277 4492 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys

13:51:06.0420 4492 amdkmdag - ok

13:51:06.0603 4492 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys

13:51:06.0633 4492 amdkmdap - ok

13:51:06.0669 4492 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:51:06.0713 4492 AmdPPM - ok

13:51:06.0746 4492 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

13:51:06.0770 4492 amdsata - ok

13:51:06.0813 4492 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:51:06.0832 4492 amdsbs - ok

13:51:06.0843 4492 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

13:51:06.0852 4492 amdxata - ok

13:51:06.0884 4492 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

13:51:06.0962 4492 AppID - ok

13:51:06.0991 4492 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:51:07.0039 4492 AppIDSvc - ok

13:51:07.0083 4492 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

13:51:07.0131 4492 Appinfo - ok

13:51:07.0169 4492 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:51:07.0180 4492 arc - ok

13:51:07.0193 4492 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:51:07.0205 4492 arcsas - ok

13:51:07.0315 4492 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:51:07.0325 4492 aspnet_state - ok

13:51:07.0345 4492 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:51:07.0391 4492 AsyncMac - ok

13:51:07.0422 4492 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

13:51:07.0437 4492 atapi - ok

13:51:07.0609 4492 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

13:51:07.0656 4492 athr - ok

13:51:07.0812 4492 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

13:51:07.0843 4492 AtiHdmiService - ok

13:51:07.0874 4492 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

13:51:07.0890 4492 AtiPcie - ok

13:51:07.0956 4492 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:51:08.0018 4492 AudioEndpointBuilder - ok

13:51:08.0026 4492 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:51:08.0070 4492 AudioSrv - ok

13:51:08.0117 4492 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

13:51:08.0190 4492 AxInstSV - ok

13:51:08.0251 4492 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:51:08.0296 4492 b06bdrv - ok

13:51:08.0327 4492 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:51:08.0370 4492 b57nd60a - ok

13:51:08.0417 4492 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:51:08.0483 4492 BDESVC - ok

13:51:08.0516 4492 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:51:08.0582 4492 Beep - ok

13:51:08.0652 4492 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

13:51:08.0727 4492 BITS - ok

13:51:08.0761 4492 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:51:08.0772 4492 blbdrive - ok

13:51:08.0810 4492 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

13:51:08.0844 4492 bowser - ok

13:51:08.0888 4492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:51:08.0918 4492 BrFiltLo - ok

13:51:08.0919 4492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:51:08.0935 4492 BrFiltUp - ok

13:51:08.0981 4492 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

13:51:09.0028 4492 Browser - ok

13:51:09.0059 4492 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:51:09.0091 4492 Brserid - ok

13:51:09.0106 4492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:51:09.0137 4492 BrSerWdm - ok

13:51:09.0153 4492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:51:09.0200 4492 BrUsbMdm - ok

13:51:09.0215 4492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:51:09.0247 4492 BrUsbSer - ok

13:51:09.0262 4492 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:51:09.0293 4492 BTHMODEM - ok

13:51:09.0356 4492 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:51:09.0418 4492 bthserv - ok

13:51:09.0474 4492 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:51:09.0541 4492 cdfs - ok

13:51:09.0593 4492 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

13:51:09.0635 4492 cdrom - ok

13:51:09.0691 4492 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

13:51:09.0773 4492 CertPropSvc - ok

13:51:09.0866 4492 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

13:51:09.0894 4492 CinemaNow Service - ok

13:51:09.0943 4492 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:51:10.0014 4492 circlass - ok

13:51:10.0079 4492 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:51:10.0104 4492 CLFS - ok

13:51:10.0176 4492 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:51:10.0187 4492 clr_optimization_v2.0.50727_32 - ok

13:51:10.0241 4492 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:51:10.0266 4492 clr_optimization_v2.0.50727_64 - ok

13:51:10.0334 4492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:51:10.0346 4492 clr_optimization_v4.0.30319_32 - ok

13:51:10.0377 4492 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:51:10.0388 4492 clr_optimization_v4.0.30319_64 - ok

13:51:10.0426 4492 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:51:10.0445 4492 CmBatt - ok

13:51:10.0465 4492 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

13:51:10.0475 4492 cmdide - ok

13:51:10.0535 4492 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

13:51:10.0605 4492 CNG - ok

13:51:10.0645 4492 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:51:10.0655 4492 Compbatt - ok

13:51:10.0665 4492 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:51:10.0705 4492 CompositeBus - ok

13:51:10.0715 4492 COMSysApp - ok

13:51:10.0735 4492 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:51:10.0745 4492 crcdisk - ok

13:51:10.0785 4492 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

13:51:10.0845 4492 CryptSvc - ok

13:51:10.0895 4492 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

13:51:10.0955 4492 DcomLaunch - ok

13:51:11.0026 4492 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:51:11.0084 4492 defragsvc - ok

13:51:11.0116 4492 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

13:51:11.0156 4492 DfsC - ok

13:51:11.0211 4492 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

13:51:11.0281 4492 Dhcp - ok

13:51:11.0298 4492 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:51:11.0359 4492 discache - ok

13:51:11.0393 4492 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:51:11.0406 4492 Disk - ok

13:51:11.0453 4492 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

13:51:11.0491 4492 Dnscache - ok

13:51:11.0532 4492 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

13:51:11.0591 4492 dot3svc - ok

13:51:11.0617 4492 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

13:51:11.0664 4492 DPS - ok

13:51:11.0704 4492 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:51:11.0719 4492 drmkaud - ok

13:51:11.0777 4492 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:51:11.0793 4492 dtsoftbus01 - ok

13:51:11.0857 4492 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

13:51:11.0889 4492 DXGKrnl - ok

13:51:11.0927 4492 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:51:11.0986 4492 EapHost - ok

13:51:12.0197 4492 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:51:12.0277 4492 ebdrv - ok

13:51:12.0407 4492 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

13:51:12.0497 4492 EFS - ok

13:51:12.0599 4492 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

13:51:12.0675 4492 ehRecvr - ok

13:51:12.0722 4492 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:51:12.0763 4492 ehSched - ok

13:51:12.0838 4492 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:51:12.0861 4492 elxstor - ok

13:51:12.0866 4492 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

13:51:12.0905 4492 ErrDev - ok

13:51:12.0957 4492 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:51:13.0035 4492 EventSystem - ok

13:51:13.0066 4492 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:51:13.0113 4492 exfat - ok

13:51:13.0148 4492 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:51:13.0189 4492 fastfat - ok

13:51:13.0250 4492 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

13:51:13.0296 4492 Fax - ok

13:51:13.0335 4492 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:51:13.0357 4492 fdc - ok

13:51:13.0387 4492 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:51:13.0425 4492 fdPHost - ok

13:51:13.0444 4492 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:51:13.0504 4492 FDResPub - ok

13:51:13.0544 4492 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:51:13.0564 4492 FileInfo - ok

13:51:13.0574 4492 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:51:13.0634 4492 Filetrace - ok

13:51:13.0754 4492 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:51:13.0784 4492 FLEXnet Licensing Service - ok

13:51:13.0824 4492 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:51:13.0854 4492 flpydisk - ok

13:51:13.0884 4492 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

13:51:13.0904 4492 FltMgr - ok

13:51:14.0162 4492 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

13:51:14.0249 4492 FontCache - ok

13:51:14.0324 4492 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:51:14.0348 4492 FontCache3.0.0.0 - ok

13:51:14.0398 4492 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:51:14.0415 4492 FsDepends - ok

13:51:14.0453 4492 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

13:51:14.0465 4492 Fs_Rec - ok

13:51:14.0508 4492 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:51:14.0527 4492 fvevol - ok

13:51:14.0548 4492 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:51:14.0561 4492 gagp30kx - ok

13:51:14.0661 4492 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

13:51:14.0675 4492 GameConsoleService - ok

13:51:14.0733 4492 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

13:51:14.0778 4492 gpsvc - ok

13:51:14.0865 4492 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:51:14.0875 4492 gupdate - ok

13:51:14.0896 4492 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:51:14.0907 4492 gupdatem - ok

13:51:14.0924 4492 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:51:14.0976 4492 hcw85cir - ok

13:51:14.0999 4492 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

13:51:15.0041 4492 HdAudAddService - ok

13:51:15.0071 4492 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:51:15.0101 4492 HDAudBus - ok

13:51:15.0111 4492 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:51:15.0131 4492 HidBatt - ok

13:51:15.0151 4492 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:51:15.0181 4492 HidBth - ok

13:51:15.0191 4492 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:51:15.0231 4492 HidIr - ok

13:51:15.0261 4492 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:51:15.0321 4492 hidserv - ok

13:51:15.0361 4492 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

13:51:15.0401 4492 HidUsb - ok

13:51:15.0431 4492 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

13:51:15.0471 4492 hkmsvc - ok

13:51:15.0521 4492 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

13:51:15.0595 4492 HomeGroupListener - ok

13:51:15.0645 4492 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

13:51:15.0685 4492 HomeGroupProvider - ok

13:51:15.0781 4492 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

13:51:15.0806 4492 HP Wireless Assistant Service - ok

13:51:15.0988 4492 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

13:51:16.0016 4492 hpqwmiex - ok

13:51:16.0106 4492 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

13:51:16.0136 4492 HpSAMD - ok

13:51:16.0243 4492 HPWMISVC (5aa89e152634954e15e9db265c6a8557) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

13:51:16.0265 4492 HPWMISVC - ok

13:51:16.0340 4492 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

13:51:16.0394 4492 HTTP - ok

13:51:16.0416 4492 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

13:51:16.0428 4492 hwpolicy - ok

13:51:16.0457 4492 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:51:16.0470 4492 i8042prt - ok

13:51:16.0525 4492 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

13:51:16.0544 4492 iaStorV - ok

13:51:16.0666 4492 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:51:16.0696 4492 idsvc - ok

13:51:17.0026 4492 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

13:51:17.0224 4492 igfx - ok

13:51:17.0358 4492 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:51:17.0370 4492 iirsp - ok

13:51:17.0432 4492 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

13:51:17.0496 4492 IKEEXT - ok

13:51:17.0681 4492 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys

13:51:17.0737 4492 IntcAzAudAddService - ok

13:51:17.0914 4492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

13:51:17.0941 4492 intelide - ok

13:51:17.0996 4492 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:51:18.0022 4492 intelppm - ok

13:51:18.0062 4492 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:51:18.0123 4492 IPBusEnum - ok

13:51:18.0133 4492 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:51:18.0173 4492 IpFilterDriver - ok

13:51:18.0183 4492 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:51:18.0203 4492 IPMIDRV - ok

13:51:18.0233 4492 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:51:18.0293 4492 IPNAT - ok

13:51:18.0333 4492 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:51:18.0353 4492 IRENUM - ok

13:51:18.0383 4492 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

13:51:18.0393 4492 isapnp - ok

13:51:18.0413 4492 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

13:51:18.0433 4492 iScsiPrt - ok

13:51:18.0443 4492 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:51:18.0463 4492 kbdclass - ok

13:51:18.0483 4492 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

13:51:18.0513 4492 kbdhid - ok

13:51:18.0553 4492 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:51:18.0563 4492 KeyIso - ok

13:51:18.0583 4492 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

13:51:18.0593 4492 KSecDD - ok

13:51:18.0613 4492 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

13:51:18.0645 4492 KSecPkg - ok

13:51:18.0672 4492 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:51:18.0723 4492 ksthunk - ok

13:51:18.0785 4492 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:51:18.0837 4492 KtmRm - ok

13:51:18.0892 4492 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

13:51:18.0931 4492 LanmanServer - ok

13:51:18.0967 4492 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

13:51:19.0024 4492 LanmanWorkstation - ok

13:51:19.0415 4492 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

13:51:19.0615 4492 LeapFrog Connect Device Service - ok

13:51:19.0853 4492 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys

13:51:19.0943 4492 Leapfrog-USBLAN - ok

13:51:20.0043 4492 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

13:51:20.0093 4492 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

13:51:20.0093 4492 LightScribeService - detected UnsignedFile.Multi.Generic (1)

13:51:20.0143 4492 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:51:20.0218 4492 lltdio - ok

13:51:20.0272 4492 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:51:20.0318 4492 lltdsvc - ok

13:51:20.0353 4492 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:51:20.0394 4492 lmhosts - ok

13:51:20.0421 4492 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:51:20.0435 4492 LSI_FC - ok

13:51:20.0445 4492 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:51:20.0458 4492 LSI_SAS - ok

13:51:20.0465 4492 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:51:20.0478 4492 LSI_SAS2 - ok

13:51:20.0489 4492 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:51:20.0502 4492 LSI_SCSI - ok

13:51:20.0519 4492 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:51:20.0570 4492 luafv - ok

13:51:20.0625 4492 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

13:51:20.0637 4492 MBAMProtector - ok

13:51:20.0719 4492 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:51:20.0738 4492 MBAMService - ok

13:51:20.0775 4492 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

13:51:20.0790 4492 Mcx2Svc - ok

13:51:20.0819 4492 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:51:20.0832 4492 megasas - ok

13:51:20.0853 4492 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:51:20.0870 4492 MegaSR - ok

13:51:20.0899 4492 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:51:20.0955 4492 MMCSS - ok

13:51:20.0967 4492 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:51:21.0012 4492 Modem - ok

13:51:21.0049 4492 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:51:21.0080 4492 monitor - ok

13:51:21.0107 4492 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:51:21.0121 4492 mouclass - ok

13:51:21.0160 4492 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:51:21.0180 4492 mouhid - ok

13:51:21.0200 4492 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

13:51:21.0220 4492 mountmgr - ok

13:51:21.0280 4492 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

13:51:21.0300 4492 MpFilter - ok

13:51:21.0330 4492 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

13:51:21.0340 4492 mpio - ok

13:51:21.0360 4492 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:51:21.0400 4492 mpsdrv - ok

13:51:21.0410 4492 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

13:51:21.0440 4492 MRxDAV - ok

13:51:21.0490 4492 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:51:21.0530 4492 mrxsmb - ok

13:51:21.0570 4492 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:51:21.0610 4492 mrxsmb10 - ok

13:51:21.0650 4492 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:51:21.0705 4492 mrxsmb20 - ok

13:51:21.0745 4492 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys

13:51:21.0761 4492 msahci - ok

13:51:21.0822 4492 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

13:51:21.0837 4492 msdsm - ok

13:51:21.0885 4492 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:51:21.0946 4492 MSDTC - ok

13:51:21.0986 4492 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:51:22.0036 4492 Msfs - ok

13:51:22.0046 4492 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:51:22.0094 4492 mshidkmdf - ok

13:51:22.0105 4492 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

13:51:22.0117 4492 msisadrv - ok

13:51:22.0166 4492 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:51:22.0225 4492 MSiSCSI - ok

13:51:22.0230 4492 msiserver - ok

13:51:22.0259 4492 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:51:22.0314 4492 MSKSSRV - ok

13:51:22.0336 4492 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:51:22.0388 4492 MSPCLOCK - ok

13:51:22.0405 4492 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:51:22.0461 4492 MSPQM - ok

13:51:22.0505 4492 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

13:51:22.0523 4492 MsRPC - ok

13:51:22.0540 4492 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

13:51:22.0552 4492 mssmbios - ok

13:51:22.0570 4492 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:51:22.0636 4492 MSTEE - ok

13:51:22.0644 4492 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:51:22.0665 4492 MTConfig - ok

13:51:22.0677 4492 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:51:22.0697 4492 Mup - ok

13:51:22.0737 4492 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

13:51:22.0797 4492 napagent - ok

13:51:22.0857 4492 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:51:22.0887 4492 NativeWifiP - ok

13:51:22.0957 4492 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

13:51:22.0997 4492 NDIS - ok

13:51:23.0037 4492 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:51:23.0077 4492 NdisCap - ok

13:51:23.0087 4492 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:51:23.0137 4492 NdisTapi - ok

13:51:23.0167 4492 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

13:51:23.0220 4492 Ndisuio - ok

13:51:23.0243 4492 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:51:23.0283 4492 NdisWan - ok

13:51:23.0290 4492 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

13:51:23.0344 4492 NDProxy - ok

13:51:23.0350 4492 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:51:23.0397 4492 NetBIOS - ok

13:51:23.0423 4492 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

13:51:23.0496 4492 NetBT - ok

13:51:23.0533 4492 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:51:23.0546 4492 Netlogon - ok

13:51:23.0600 4492 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:51:23.0652 4492 Netman - ok

13:51:23.0759 4492 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:51:23.0771 4492 NetMsmqActivator - ok

13:51:23.0801 4492 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:51:23.0812 4492 NetPipeActivator - ok

13:51:23.0847 4492 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:51:23.0902 4492 netprofm - ok

13:51:23.0907 4492 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:51:23.0919 4492 NetTcpActivator - ok

13:51:23.0923 4492 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:51:23.0935 4492 NetTcpPortSharing - ok

13:51:24.0264 4492 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

13:51:24.0374 4492 netw5v64 - ok

13:51:24.0534 4492 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:51:24.0554 4492 nfrd960 - ok

13:51:24.0614 4492 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:51:24.0634 4492 NisDrv - ok

13:51:24.0724 4492 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

13:51:24.0754 4492 NisSrv - ok

13:51:24.0801 4492 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

13:51:24.0859 4492 NlaSvc - ok

13:51:24.0879 4492 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:51:24.0931 4492 Npfs - ok

13:51:24.0948 4492 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:51:25.0008 4492 nsi - ok

13:51:25.0029 4492 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:51:25.0068 4492 nsiproxy - ok

13:51:25.0174 4492 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

13:51:25.0218 4492 Ntfs - ok

13:51:25.0339 4492 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:51:25.0390 4492 Null - ok

13:51:25.0425 4492 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

13:51:25.0462 4492 nvraid - ok

13:51:25.0491 4492 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

13:51:25.0505 4492 nvstor - ok

13:51:25.0540 4492 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

13:51:25.0553 4492 nv_agp - ok

13:51:25.0578 4492 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

13:51:25.0633 4492 ohci1394 - ok

13:51:25.0761 4492 OverwolfUpdaterService (813c8045395da92ac8a7e0c7a78da8e7) C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe

13:51:25.0771 4492 OverwolfUpdaterService - ok

13:51:25.0811 4492 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:51:25.0881 4492 p2pimsvc - ok

13:51:25.0941 4492 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:51:25.0981 4492 p2psvc - ok

13:51:26.0041 4492 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:51:26.0051 4492 Parport - ok

13:51:26.0131 4492 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

13:51:26.0161 4492 partmgr - ok

13:51:26.0211 4492 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:51:26.0251 4492 PcaSvc - ok

13:51:26.0282 4492 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

13:51:26.0298 4492 pci - ok

13:51:26.0303 4492 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

13:51:26.0316 4492 pciide - ok

13:51:26.0332 4492 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:51:26.0347 4492 pcmcia - ok

13:51:26.0362 4492 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:51:26.0375 4492 pcw - ok

13:51:26.0402 4492 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:51:26.0463 4492 PEAUTH - ok

13:51:26.0541 4492 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:51:26.0573 4492 PerfHost - ok

13:51:26.0660 4492 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

13:51:26.0741 4492 pla - ok

13:51:26.0805 4492 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

13:51:26.0853 4492 PlugPlay - ok

13:51:26.0881 4492 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:51:26.0915 4492 PNRPAutoReg - ok

13:51:26.0950 4492 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:51:26.0966 4492 PNRPsvc - ok

13:51:27.0020 4492 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

13:51:27.0076 4492 PolicyAgent - ok

13:51:27.0107 4492 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:51:27.0156 4492 Power - ok

13:51:27.0242 4492 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

13:51:27.0298 4492 PptpMiniport - ok

13:51:27.0318 4492 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:51:27.0348 4492 Processor - ok

13:51:27.0388 4492 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

13:51:27.0438 4492 ProfSvc - ok

13:51:27.0488 4492 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:51:27.0498 4492 ProtectedStorage - ok

13:51:27.0538 4492 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

13:51:27.0588 4492 Psched - ok

13:51:27.0688 4492 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:51:27.0738 4492 ql2300 - ok

13:51:27.0873 4492 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:51:27.0899 4492 ql40xx - ok

13:51:27.0928 4492 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:51:27.0958 4492 QWAVE - ok

13:51:27.0980 4492 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:51:28.0013 4492 QWAVEdrv - ok

13:51:28.0065 4492 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:51:28.0199 4492 RasAcd - ok

13:51:28.0326 4492 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:51:28.0364 4492 RasAgileVpn - ok

13:51:28.0383 4492 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:51:28.0438 4492 RasAuto - ok

13:51:28.0451 4492 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:51:28.0513 4492 Rasl2tp - ok

13:51:28.0569 4492 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

13:51:28.0637 4492 RasMan - ok

13:51:28.0662 4492 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:51:28.0711 4492 RasPppoe - ok

13:51:28.0733 4492 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:51:28.0788 4492 RasSstp - ok

13:51:28.0815 4492 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

13:51:28.0865 4492 rdbss - ok

13:51:28.0885 4492 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:51:28.0915 4492 rdpbus - ok

13:51:28.0925 4492 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:51:28.0965 4492 RDPCDD - ok

13:51:28.0985 4492 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:51:29.0025 4492 RDPENCDD - ok

13:51:29.0035 4492 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:51:29.0075 4492 RDPREFMP - ok

13:51:29.0125 4492 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

13:51:29.0175 4492 RDPWD - ok

13:51:29.0205 4492 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

13:51:29.0215 4492 rdyboost - ok

13:51:29.0265 4492 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:51:29.0315 4492 RemoteAccess - ok

13:51:29.0359 4492 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:51:29.0412 4492 RemoteRegistry - ok

13:51:29.0667 4492 RosettaStoneLtdController (7f7ebf43f4789ddc044098d696149391) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe

13:51:29.0737 4492 RosettaStoneLtdController ( UnsignedFile.Multi.Generic ) - warning

13:51:29.0737 4492 RosettaStoneLtdController - detected UnsignedFile.Multi.Generic (1)

13:51:29.0773 4492 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:51:29.0863 4492 RpcEptMapper - ok

13:51:29.0904 4492 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:51:29.0946 4492 RpcLocator - ok

13:51:30.0003 4492 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

13:51:30.0047 4492 RpcSs - ok

13:51:30.0138 4492 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:51:30.0216 4492 rspndr - ok

13:51:30.0285 4492 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

13:51:30.0303 4492 RSUSBSTOR - ok

13:51:30.0389 4492 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:51:30.0439 4492 RTL8167 - ok

13:51:30.0519 4492 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

13:51:30.0539 4492 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

13:51:30.0539 4492 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

13:51:30.0589 4492 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:51:30.0599 4492 SamSs - ok

13:51:30.0649 4492 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

13:51:30.0659 4492 sbp2port - ok

13:51:30.0948 4492 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

13:51:30.0984 4492 SBSDWSCService - ok

13:51:31.0027 4492 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:51:31.0079 4492 SCardSvr - ok

13:51:31.0127 4492 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

13:51:31.0182 4492 scfilter - ok

13:51:31.0276 4492 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

13:51:31.0326 4492 Schedule - ok

13:51:31.0348 4492 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

13:51:31.0387 4492 SCPolicySvc - ok

13:51:31.0423 4492 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

13:51:31.0466 4492 sdbus - ok

13:51:31.0553 4492 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

13:51:31.0613 4492 SDRSVC - ok

13:51:31.0682 4492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:51:31.0733 4492 secdrv - ok

13:51:31.0756 4492 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

13:51:31.0807 4492 seclogon - ok

13:51:31.0833 4492 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:51:31.0896 4492 SENS - ok

13:51:31.0946 4492 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:51:31.0976 4492 SensrSvc - ok

13:51:32.0006 4492 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:51:32.0036 4492 Serenum - ok

13:51:32.0066 4492 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:51:32.0076 4492 Serial - ok

13:51:32.0086 4492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:51:32.0116 4492 sermouse - ok

13:51:32.0146 4492 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

13:51:32.0186 4492 SessionEnv - ok

13:51:32.0186 4492 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

13:51:32.0246 4492 sffdisk - ok

13:51:32.0256 4492 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:51:32.0286 4492 sffp_mmc - ok

13:51:32.0316 4492 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:51:32.0326 4492 sffp_sd - ok

13:51:32.0356 4492 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:51:32.0366 4492 sfloppy - ok

13:51:32.0418 4492 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

13:51:32.0450 4492 ShellHWDetection - ok

13:51:32.0472 4492 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:51:32.0484 4492 SiSRaid2 - ok

13:51:32.0502 4492 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:51:32.0520 4492 SiSRaid4 - ok

13:51:32.0535 4492 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:51:32.0583 4492 Smb - ok

13:51:32.0618 4492 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:51:32.0651 4492 SNMPTRAP - ok

13:51:32.0671 4492 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:51:32.0684 4492 spldr - ok

13:51:32.0736 4492 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

13:51:32.0778 4492 Spooler - ok

13:51:33.0003 4492 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

13:51:33.0094 4492 sppsvc - ok

13:51:33.0220 4492 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:51:33.0259 4492 sppuinotify - ok

13:51:33.0613 4492 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

13:51:33.0663 4492 srv - ok

13:51:33.0693 4492 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

13:51:33.0733 4492 srv2 - ok

13:51:33.0773 4492 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

13:51:33.0783 4492 SrvHsfHDA - ok

13:51:33.0863 4492 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

13:51:33.0913 4492 SrvHsfV92 - ok

13:51:34.0062 4492 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

13:51:34.0087 4492 SrvHsfWinac - ok

13:51:34.0124 4492 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

13:51:34.0148 4492 srvnet - ok

13:51:34.0199 4492 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:51:34.0251 4492 SSDPSRV - ok

13:51:34.0262 4492 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:51:34.0306 4492 SstpSvc - ok

13:51:34.0383 4492 Steam Client Service - ok

13:51:34.0425 4492 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:51:34.0437 4492 stexstor - ok

13:51:34.0489 4492 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

13:51:34.0535 4492 stisvc - ok

13:51:34.0562 4492 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

13:51:34.0575 4492 swenum - ok

13:51:34.0630 4492 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:51:34.0690 4492 swprv - ok

13:51:34.0779 4492 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys

13:51:34.0796 4492 SynTP - ok

13:51:34.0909 4492 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

13:51:34.0961 4492 SysMain - ok

13:51:35.0091 4492 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

13:51:35.0131 4492 TabletInputService - ok

13:51:35.0151 4492 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

13:51:35.0211 4492 TapiSrv - ok

13:51:35.0211 4492 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:51:35.0251 4492 TBS - ok

13:51:35.0411 4492 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

13:51:35.0486 4492 Tcpip - ok

13:51:35.0881 4492 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

13:51:35.0921 4492 TCPIP6 - ok

13:51:36.0094 4492 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

13:51:36.0131 4492 tcpipreg - ok

13:51:36.0156 4492 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:51:36.0190 4492 TDPIPE - ok

13:51:36.0224 4492 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

13:51:36.0235 4492 TDTCP - ok

13:51:36.0250 4492 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

13:51:36.0303 4492 tdx - ok

13:51:36.0317 4492 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

13:51:36.0330 4492 TermDD - ok

13:51:36.0395 4492 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

13:51:36.0444 4492 TermService - ok

13:51:36.0462 4492 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:51:36.0488 4492 Themes - ok

13:51:36.0518 4492 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:51:36.0558 4492 THREADORDER - ok

13:51:36.0568 4492 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:51:36.0618 4492 TrkWks - ok

13:51:36.0678 4492 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

13:51:36.0698 4492 TrustedInstaller - ok

13:51:36.0718 4492 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:51:36.0768 4492 tssecsrv - ok

13:51:36.0808 4492 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

13:51:36.0868 4492 tunnel - ok

13:51:36.0888 4492 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:51:36.0898 4492 uagp35 - ok

13:51:36.0928 4492 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys

13:51:36.0958 4492 udfs - ok

13:51:36.0988 4492 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:51:36.0998 4492 UI0Detect - ok

13:51:37.0033 4492 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

13:51:37.0046 4492 uliagpkx - ok

13:51:37.0079 4492 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

13:51:37.0108 4492 umbus - ok

13:51:37.0140 4492 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:51:37.0168 4492 UmPass - ok

13:51:37.0208 4492 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:51:37.0262 4492 upnphost - ok

13:51:37.0335 4492 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

13:51:37.0364 4492 usbaudio - ok

13:51:37.0404 4492 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

13:51:37.0450 4492 usbccgp - ok

13:51:37.0503 4492 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

13:51:37.0537 4492 usbcir - ok

13:51:37.0563 4492 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

13:51:37.0591 4492 usbehci - ok

13:51:37.0656 4492 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

13:51:37.0666 4492 usbfilter - ok

13:51:37.0731 4492 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

13:51:37.0748 4492 usbhub - ok

13:51:37.0762 4492 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys

13:51:37.0789 4492 usbohci - ok

13:51:37.0817 4492 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:51:37.0840 4492 usbprint - ok

13:51:37.0887 4492 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

13:51:37.0929 4492 USBSTOR - ok

13:51:37.0951 4492 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

13:51:37.0975 4492 usbuhci - ok

13:51:38.0017 4492 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

13:51:38.0057 4492 usbvideo - ok

13:51:38.0097 4492 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:51:38.0147 4492 UxSms - ok

13:51:38.0197 4492 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:51:38.0207 4492 VaultSvc - ok

13:51:38.0247 4492 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

13:51:38.0257 4492 vdrvroot - ok

13:51:38.0297 4492 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

13:51:38.0337 4492 vds - ok

13:51:38.0367 4492 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:51:38.0377 4492 vga - ok

13:51:38.0387 4492 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:51:38.0447 4492 VgaSave - ok

13:51:38.0467 4492 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

13:51:38.0477 4492 vhdmp - ok

13:51:38.0487 4492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

13:51:38.0497 4492 viaide - ok

13:51:38.0507 4492 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

13:51:38.0517 4492 volmgr - ok

13:51:38.0557 4492 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

13:51:38.0576 4492 volmgrx - ok

13:51:38.0598 4492 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

13:51:38.0616 4492 volsnap - ok

13:51:38.0640 4492 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:51:38.0655 4492 vsmraid - ok

13:51:38.0759 4492 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

13:51:38.0813 4492 VSS - ok

13:51:38.0958 4492 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:51:38.0998 4492 vwifibus - ok

13:51:39.0029 4492 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:51:39.0057 4492 vwififlt - ok

13:51:39.0104 4492 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:51:39.0148 4492 W32Time - ok

13:51:39.0171 4492 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:51:39.0203 4492 WacomPen - ok

13:51:39.0250 4492 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:51:39.0305 4492 WANARP - ok

13:51:39.0315 4492 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:51:39.0354 4492 Wanarpv6 - ok

13:51:39.0706 4492 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:51:39.0753 4492 WatAdminSvc - ok

13:51:40.0065 4492 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

13:51:40.0147 4492 wbengine - ok

13:51:40.0262 4492 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:51:40.0283 4492 WbioSrvc - ok

13:51:40.0365 4492 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

13:51:40.0409 4492 wcncsvc - ok

13:51:40.0419 4492 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:51:40.0446 4492 WcsPlugInService - ok

13:51:40.0497 4492 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:51:40.0508 4492 Wd - ok

13:51:40.0551 4492 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:51:40.0577 4492 Wdf01000 - ok

13:51:40.0608 4492 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:51:40.0644 4492 WdiServiceHost - ok

13:51:40.0654 4492 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:51:40.0673 4492 WdiSystemHost - ok

13:51:40.0719 4492 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

13:51:40.0783 4492 WebClient - ok

13:51:40.0827 4492 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:51:40.0893 4492 Wecsvc - ok

13:51:40.0910 4492 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:51:40.0956 4492 wercplsupport - ok

13:51:40.0990 4492 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:51:41.0038 4492 WerSvc - ok

13:51:41.0092 4492 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:51:41.0123 4492 WfpLwf - ok

13:51:41.0155 4492 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:51:41.0170 4492 WIMMount - ok

13:51:41.0170 4492 WinHttpAutoProxySvc - ok

13:51:41.0248 4492 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:51:41.0326 4492 Winmgmt - ok

13:51:41.0482 4492 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

13:51:41.0576 4492 WinRM - ok

13:51:41.0864 4492 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:51:41.0944 4492 Wlansvc - ok

13:51:42.0162 4492 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:51:42.0216 4492 wlidsvc - ok

13:51:42.0355 4492 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:51:42.0382 4492 WmiAcpi - ok

13:51:42.0451 4492 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:51:42.0475 4492 wmiApSrv - ok

13:51:42.0539 4492 WMPNetworkSvc - ok

13:51:42.0571 4492 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:51:42.0607 4492 WPCSvc - ok

13:51:42.0639 4492 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

13:51:42.0677 4492 WPDBusEnum - ok

13:51:42.0708 4492 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:51:42.0771 4492 ws2ifsl - ok

13:51:42.0771 4492 WSearch - ok

13:51:42.0927 4492 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

13:51:43.0005 4492 wuauserv - ok

13:51:43.0161 4492 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

13:51:43.0240 4492 WudfPf - ok

13:51:43.0275 4492 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:51:43.0351 4492 WUDFRd - ok

13:51:43.0374 4492 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

13:51:43.0431 4492 wudfsvc - ok

13:51:43.0473 4492 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:51:43.0531 4492 WwanSvc - ok

13:51:43.0651 4492 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

13:51:43.0698 4492 yukonw7 - ok

13:51:43.0782 4492 MBR (0x1B8) (5cc30a452671cf244989190fee7b1a69) \Device\Harddisk0\DR0

13:51:44.0032 4492 \Device\Harddisk0\DR0 - ok

13:51:44.0040 4492 Boot (0x1200) (5cc07449fbfba80aca7195f68bd76696) \Device\Harddisk0\DR0\Partition0

13:51:44.0041 4492 \Device\Harddisk0\DR0\Partition0 - ok

13:51:44.0085 4492 Boot (0x1200) (7980b16832ee6b02a1ac57114adceedc) \Device\Harddisk0\DR0\Partition1

13:51:44.0086 4492 \Device\Harddisk0\DR0\Partition1 - ok

13:51:44.0130 4492 Boot (0x1200) (b4f420bb3f8cf09c3e78fa1d7be10aaa) \Device\Harddisk0\DR0\Partition2

13:51:44.0132 4492 \Device\Harddisk0\DR0\Partition2 - ok

13:51:44.0156 4492 Boot (0x1200) (ca0d70aed4f92e2b2f9b2b1553ab3344) \Device\Harddisk0\DR0\Partition3

13:51:44.0157 4492 \Device\Harddisk0\DR0\Partition3 - ok

13:51:44.0157 4492 ============================================================

13:51:44.0157 4492 Scan finished

13:51:44.0157 4492 ============================================================

13:51:44.0217 5020 Detected object count: 3

13:51:44.0217 5020 Actual detected object count: 3

13:54:18.0456 5020 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:18.0456 5020 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:18.0456 5020 RosettaStoneLtdController ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:18.0456 5020 RosettaStoneLtdController ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:18.0459 5020 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:18.0460 5020 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:25.0259 1760 ============================================================

13:54:25.0259 1760 Scan started

13:54:25.0259 1760 Mode: Manual;

Link to post
Share on other sites

13:54:25.0259 1760 ============================================================

13:54:27.0126 1760 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

13:54:27.0128 1760 1394ohci - ok

13:54:27.0158 1760 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

13:54:27.0160 1760 ACPI - ok

13:54:27.0173 1760 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

13:54:27.0174 1760 AcpiPmi - ok

13:54:27.0203 1760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:54:27.0206 1760 adp94xx - ok

13:54:27.0238 1760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:54:27.0241 1760 adpahci - ok

13:54:27.0254 1760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:54:27.0255 1760 adpu320 - ok

13:54:27.0288 1760 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:54:27.0289 1760 AeLookupSvc - ok

13:54:27.0348 1760 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

13:54:27.0349 1760 AERTFilters - ok

13:54:27.0403 1760 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

13:54:27.0406 1760 AFD - ok

13:54:27.0438 1760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

13:54:27.0439 1760 agp440 - ok

13:54:27.0453 1760 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:54:27.0454 1760 ALG - ok

13:54:27.0459 1760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

13:54:27.0460 1760 aliide - ok

13:54:27.0527 1760 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe

13:54:27.0531 1760 AMD External Events Utility - ok

13:54:27.0540 1760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

13:54:27.0541 1760 amdide - ok

13:54:27.0559 1760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:54:27.0561 1760 AmdK8 - ok

13:54:27.0967 1760 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys

13:54:28.0016 1760 amdkmdag - ok

13:54:28.0186 1760 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys

13:54:28.0191 1760 amdkmdap - ok

13:54:28.0221 1760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:54:28.0223 1760 AmdPPM - ok

13:54:28.0253 1760 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

13:54:28.0255 1760 amdsata - ok

13:54:28.0277 1760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:54:28.0281 1760 amdsbs - ok

13:54:28.0294 1760 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

13:54:28.0295 1760 amdxata - ok

13:54:28.0307 1760 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

13:54:28.0308 1760 AppID - ok

13:54:28.0330 1760 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:54:28.0331 1760 AppIDSvc - ok

13:54:28.0342 1760 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

13:54:28.0342 1760 Appinfo - ok

13:54:28.0374 1760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:54:28.0374 1760 arc - ok

13:54:28.0374 1760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:54:28.0374 1760 arcsas - ok

13:54:28.0498 1760 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:54:28.0498 1760 aspnet_state - ok

13:54:28.0498 1760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:54:28.0498 1760 AsyncMac - ok

13:54:28.0545 1760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

13:54:28.0545 1760 atapi - ok

13:54:28.0654 1760 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

13:54:28.0670 1760 athr - ok

13:54:28.0810 1760 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

13:54:28.0810 1760 AtiHdmiService - ok

13:54:28.0842 1760 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

13:54:28.0842 1760 AtiPcie - ok

13:54:28.0915 1760 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:54:28.0925 1760 AudioEndpointBuilder - ok

13:54:28.0938 1760 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:54:28.0944 1760 AudioSrv - ok

13:54:28.0967 1760 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

13:54:28.0970 1760 AxInstSV - ok

13:54:29.0022 1760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:54:29.0028 1760 b06bdrv - ok

13:54:29.0051 1760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:54:29.0055 1760 b57nd60a - ok

13:54:29.0090 1760 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:54:29.0092 1760 BDESVC - ok

13:54:29.0100 1760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:54:29.0102 1760 Beep - ok

13:54:29.0171 1760 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

13:54:29.0182 1760 BITS - ok

13:54:29.0200 1760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:54:29.0202 1760 blbdrive - ok

13:54:29.0227 1760 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

13:54:29.0229 1760 bowser - ok

13:54:29.0249 1760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:54:29.0250 1760 BrFiltLo - ok

13:54:29.0256 1760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:54:29.0257 1760 BrFiltUp - ok

13:54:29.0291 1760 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

13:54:29.0293 1760 Browser - ok

13:54:29.0322 1760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:54:29.0325 1760 Brserid - ok

13:54:29.0331 1760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:54:29.0333 1760 BrSerWdm - ok

13:54:29.0339 1760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:54:29.0340 1760 BrUsbMdm - ok

13:54:29.0346 1760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:54:29.0347 1760 BrUsbSer - ok

13:54:29.0357 1760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:54:29.0359 1760 BTHMODEM - ok

13:54:29.0379 1760 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:54:29.0381 1760 bthserv - ok

13:54:29.0390 1760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:54:29.0392 1760 cdfs - ok

13:54:29.0403 1760 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

13:54:29.0405 1760 cdrom - ok

13:54:29.0420 1760 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

13:54:29.0422 1760 CertPropSvc - ok

13:54:29.0483 1760 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

13:54:29.0487 1760 CinemaNow Service - ok

13:54:29.0550 1760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:54:29.0552 1760 circlass - ok

13:54:29.0630 1760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:54:29.0639 1760 CLFS - ok

13:54:29.0727 1760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:54:29.0729 1760 clr_optimization_v2.0.50727_32 - ok

13:54:29.0768 1760 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:54:29.0771 1760 clr_optimization_v2.0.50727_64 - ok

13:54:29.0845 1760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:54:29.0849 1760 clr_optimization_v4.0.30319_32 - ok

13:54:29.0896 1760 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:54:29.0897 1760 clr_optimization_v4.0.30319_64 - ok

13:54:29.0928 1760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:54:29.0928 1760 CmBatt - ok

13:54:29.0959 1760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

13:54:29.0959 1760 cmdide - ok

13:54:30.0037 1760 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

13:54:30.0053 1760 CNG - ok

13:54:30.0053 1760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:54:30.0053 1760 Compbatt - ok

13:54:30.0069 1760 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:54:30.0069 1760 CompositeBus - ok

13:54:30.0069 1760 COMSysApp - ok

13:54:30.0100 1760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:54:30.0100 1760 crcdisk - ok

13:54:30.0131 1760 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

13:54:30.0131 1760 CryptSvc - ok

13:54:30.0178 1760 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

13:54:30.0193 1760 DcomLaunch - ok

13:54:30.0225 1760 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:54:30.0225 1760 defragsvc - ok

13:54:30.0256 1760 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

13:54:30.0256 1760 DfsC - ok

13:54:30.0287 1760 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

13:54:30.0303 1760 Dhcp - ok

13:54:30.0334 1760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:54:30.0334 1760 discache - ok

13:54:30.0349 1760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:54:30.0349 1760 Disk - ok

13:54:30.0381 1760 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

13:54:30.0381 1760 Dnscache - ok

13:54:30.0396 1760 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

13:54:30.0396 1760 dot3svc - ok

13:54:30.0427 1760 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

13:54:30.0427 1760 DPS - ok

13:54:30.0443 1760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:54:30.0443 1760 drmkaud - ok

13:54:30.0495 1760 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:54:30.0498 1760 dtsoftbus01 - ok

13:54:30.0565 1760 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

13:54:30.0576 1760 DXGKrnl - ok

13:54:30.0600 1760 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:54:30.0602 1760 EapHost - ok

13:54:30.0771 1760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:54:30.0810 1760 ebdrv - ok

13:54:30.0929 1760 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

13:54:30.0931 1760 EFS - ok

13:54:31.0021 1760 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

13:54:31.0037 1760 ehRecvr - ok

13:54:31.0070 1760 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:54:31.0076 1760 ehSched - ok

13:54:31.0138 1760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:54:31.0145 1760 elxstor - ok

13:54:31.0150 1760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

13:54:31.0151 1760 ErrDev - ok

13:54:31.0198 1760 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:54:31.0204 1760 EventSystem - ok

13:54:31.0228 1760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:54:31.0231 1760 exfat - ok

13:54:31.0254 1760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:54:31.0258 1760 fastfat - ok

13:54:31.0303 1760 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

13:54:31.0313 1760 Fax - ok

13:54:31.0330 1760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:54:31.0331 1760 fdc - ok

13:54:31.0348 1760 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:54:31.0349 1760 fdPHost - ok

13:54:31.0361 1760 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:54:31.0362 1760 FDResPub - ok

13:54:31.0393 1760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:54:31.0394 1760 FileInfo - ok

13:54:31.0406 1760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:54:31.0407 1760 Filetrace - ok

13:54:31.0529 1760 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:54:31.0544 1760 FLEXnet Licensing Service - ok

13:54:31.0576 1760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:54:31.0576 1760 flpydisk - ok

13:54:31.0654 1760 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

13:54:31.0654 1760 FltMgr - ok

13:54:31.0919 1760 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

13:54:31.0950 1760 FontCache - ok

13:54:32.0018 1760 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:54:32.0020 1760 FontCache3.0.0.0 - ok

13:54:32.0071 1760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:54:32.0074 1760 FsDepends - ok

13:54:32.0116 1760 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

13:54:32.0119 1760 Fs_Rec - ok

13:54:32.0159 1760 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:54:32.0163 1760 fvevol - ok

13:54:32.0176 1760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:54:32.0178 1760 gagp30kx - ok

13:54:32.0268 1760 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

13:54:32.0274 1760 GameConsoleService - ok

13:54:32.0354 1760 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

13:54:32.0368 1760 gpsvc - ok

13:54:32.0403 1760 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:54:32.0405 1760 gupdate - ok

13:54:32.0415 1760 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:54:32.0417 1760 gupdatem - ok

13:54:32.0441 1760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:54:32.0442 1760 hcw85cir - ok

13:54:32.0475 1760 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

13:54:32.0480 1760 HdAudAddService - ok

13:54:32.0504 1760 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:54:32.0506 1760 HDAudBus - ok

13:54:32.0514 1760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:54:32.0515 1760 HidBatt - ok

13:54:32.0530 1760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:54:32.0532 1760 HidBth - ok

13:54:32.0550 1760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:54:32.0551 1760 HidIr - ok

13:54:32.0578 1760 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:54:32.0579 1760 hidserv - ok

13:54:32.0595 1760 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

13:54:32.0596 1760 HidUsb - ok

13:54:32.0615 1760 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

13:54:32.0617 1760 hkmsvc - ok

13:54:32.0641 1760 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

13:54:32.0645 1760 HomeGroupListener - ok

13:54:32.0671 1760 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

13:54:32.0674 1760 HomeGroupProvider - ok

13:54:32.0732 1760 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

13:54:32.0736 1760 HP Wireless Assistant Service - ok

13:54:32.0866 1760 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

13:54:32.0876 1760 hpqwmiex - ok

13:54:32.0922 1760 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

13:54:32.0924 1760 HpSAMD - ok

13:54:32.0970 1760 HPWMISVC (5aa89e152634954e15e9db265c6a8557) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

13:54:32.0971 1760 HPWMISVC - ok

13:54:33.0020 1760 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

13:54:33.0020 1760 HTTP - ok

13:54:33.0051 1760 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

13:54:33.0051 1760 hwpolicy - ok

13:54:33.0067 1760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:54:33.0067 1760 i8042prt - ok

13:54:33.0114 1760 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

13:54:33.0129 1760 iaStorV - ok

13:54:33.0270 1760 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:54:33.0285 1760 idsvc - ok

13:54:33.0761 1760 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

13:54:33.0903 1760 igfx - ok

13:54:34.0041 1760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:54:34.0044 1760 iirsp - ok

13:54:34.0114 1760 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

13:54:34.0126 1760 IKEEXT - ok

13:54:34.0264 1760 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys

13:54:34.0291 1760 IntcAzAudAddService - ok

13:54:34.0901 1760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

13:54:34.0901 1760 intelide - ok

13:54:34.0917 1760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:54:34.0917 1760 intelppm - ok

13:54:34.0979 1760 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:54:34.0979 1760 IPBusEnum - ok

13:54:34.0995 1760 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:54:34.0995 1760 IpFilterDriver - ok

13:54:35.0088 1760 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:54:35.0104 1760 IPMIDRV - ok

13:54:35.0126 1760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:54:35.0128 1760 IPNAT - ok

13:54:35.0167 1760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:54:35.0168 1760 IRENUM - ok

13:54:35.0202 1760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

13:54:35.0216 1760 isapnp - ok

13:54:35.0315 1760 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

13:54:35.0324 1760 iScsiPrt - ok

13:54:35.0371 1760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:54:35.0380 1760 kbdclass - ok

13:54:35.0410 1760 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

13:54:35.0412 1760 kbdhid - ok

13:54:35.0462 1760 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:54:35.0464 1760 KeyIso - ok

13:54:35.0552 1760 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

13:54:35.0561 1760 KSecDD - ok

13:54:35.0639 1760 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

13:54:35.0647 1760 KSecPkg - ok

13:54:35.0695 1760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:54:35.0696 1760 ksthunk - ok

13:54:35.0880 1760 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:54:35.0920 1760 KtmRm - ok

13:54:36.0035 1760 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

13:54:36.0044 1760 LanmanServer - ok

13:54:36.0127 1760 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

13:54:36.0143 1760 LanmanWorkstation - ok

13:54:38.0892 1760 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

13:54:39.0047 1760 LeapFrog Connect Device Service - ok

13:54:39.0219 1760 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys

13:54:39.0235 1760 Leapfrog-USBLAN - ok

13:54:39.0375 1760 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

13:54:39.0375 1760 LightScribeService - ok

13:54:39.0422 1760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:54:39.0886 1760 lltdio - ok

13:54:39.0988 1760 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:54:39.0996 1760 lltdsvc - ok

13:54:40.0045 1760 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:54:40.0047 1760 lmhosts - ok

13:54:40.0094 1760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:54:40.0097 1760 LSI_FC - ok

13:54:40.0163 1760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:54:40.0171 1760 LSI_SAS - ok

13:54:40.0183 1760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:54:40.0186 1760 LSI_SAS2 - ok

13:54:40.0256 1760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:54:40.0262 1760 LSI_SCSI - ok

13:54:40.0357 1760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:54:40.0373 1760 luafv - ok

13:54:40.0421 1760 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

13:54:40.0435 1760 MBAMProtector - ok

13:54:40.0678 1760 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:54:40.0689 1760 MBAMService - ok

13:54:40.0763 1760 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

13:54:40.0773 1760 Mcx2Svc - ok

13:54:40.0821 1760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:54:40.0821 1760 megasas - ok

13:54:40.0899 1760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:54:40.0899 1760 MegaSR - ok

13:54:40.0962 1760 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:54:40.0962 1760 MMCSS - ok

13:54:40.0962 1760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:54:40.0977 1760 Modem - ok

13:54:41.0024 1760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:54:41.0024 1760 monitor - ok

13:54:41.0055 1760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:54:41.0071 1760 mouclass - ok

13:54:41.0071 1760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:54:41.0087 1760 mouhid - ok

13:54:41.0149 1760 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

13:54:41.0149 1760 mountmgr - ok

13:54:41.0227 1760 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

13:54:41.0227 1760 MpFilter - ok

13:54:41.0243 1760 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

13:54:41.0258 1760 mpio - ok

13:54:41.0274 1760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:54:41.0274 1760 mpsdrv - ok

13:54:41.0274 1760 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

13:54:41.0274 1760 MRxDAV - ok

13:54:41.0321 1760 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:54:41.0321 1760 mrxsmb - ok

13:54:41.0357 1760 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:54:41.0361 1760 mrxsmb10 - ok

13:54:41.0393 1760 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:54:41.0395 1760 mrxsmb20 - ok

13:54:41.0417 1760 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys

13:54:41.0418 1760 msahci - ok

13:54:41.0939 1760 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

13:54:41.0943 1760 msdsm - ok

13:54:41.0988 1760 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:54:41.0992 1760 MSDTC - ok

13:54:42.0037 1760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:54:42.0038 1760 Msfs - ok

13:54:42.0104 1760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:54:42.0105 1760 mshidkmdf - ok

13:54:42.0133 1760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

13:54:42.0135 1760 msisadrv - ok

13:54:42.0207 1760 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:54:42.0210 1760 MSiSCSI - ok

13:54:42.0214 1760 msiserver - ok

13:54:42.0243 1760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:54:42.0244 1760 MSKSSRV - ok

13:54:42.0264 1760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:54:42.0265 1760 MSPCLOCK - ok

13:54:42.0278 1760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:54:42.0279 1760 MSPQM - ok

13:54:42.0319 1760 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

13:54:42.0325 1760 MsRPC - ok

13:54:42.0334 1760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

13:54:42.0336 1760 mssmbios - ok

13:54:42.0348 1760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:54:42.0348 1760 MSTEE - ok

13:54:42.0364 1760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:54:42.0364 1760 MTConfig - ok

13:54:42.0364 1760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:54:42.0364 1760 Mup - ok

13:54:42.0411 1760 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

13:54:42.0426 1760 napagent - ok

13:54:42.0442 1760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:54:42.0442 1760 NativeWifiP - ok

13:54:42.0489 1760 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

13:54:42.0489 1760 NDIS - ok

13:54:42.0536 1760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:54:42.0536 1760 NdisCap - ok

13:54:42.0536 1760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:54:42.0536 1760 NdisTapi - ok

13:54:42.0551 1760 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

13:54:42.0551 1760 Ndisuio - ok

13:54:42.0551 1760 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:54:42.0551 1760 NdisWan - ok

13:54:42.0567 1760 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

13:54:42.0567 1760 NDProxy - ok

13:54:42.0567 1760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:54:42.0567 1760 NetBIOS - ok

13:54:42.0582 1760 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

13:54:42.0582 1760 NetBT - ok

13:54:42.0629 1760 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:54:42.0629 1760 Netlogon - ok

13:54:42.0676 1760 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:54:42.0692 1760 Netman - ok

13:54:42.0785 1760 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:54:42.0801 1760 NetMsmqActivator - ok

13:54:42.0801 1760 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:54:42.0801 1760 NetPipeActivator - ok

13:54:42.0848 1760 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:54:42.0848 1760 netprofm - ok

13:54:42.0863 1760 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:54:42.0863 1760 NetTcpActivator - ok

13:54:42.0863 1760 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:54:42.0863 1760 NetTcpPortSharing - ok

13:54:43.0156 1760 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

13:54:43.0251 1760 netw5v64 - ok

13:54:43.0369 1760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:54:43.0371 1760 nfrd960 - ok

13:54:43.0406 1760 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:54:43.0408 1760 NisDrv - ok

13:54:44.0932 1760 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

13:54:44.0934 1760 NisSrv - ok

13:54:44.0970 1760 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

13:54:44.0974 1760 NlaSvc - ok

13:54:44.0985 1760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:54:44.0987 1760 Npfs - ok

13:54:44.0998 1760 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:54:45.0000 1760 nsi - ok

13:54:45.0014 1760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:54:45.0015 1760 nsiproxy - ok

13:54:45.0226 1760 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

13:54:45.0245 1760 Ntfs - ok

13:54:45.0412 1760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:54:45.0414 1760 Null - ok

13:54:45.0454 1760 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

13:54:45.0457 1760 nvraid - ok

13:54:45.0494 1760 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

13:54:45.0494 1760 nvstor - ok

13:54:45.0556 1760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

13:54:45.0556 1760 nv_agp - ok

13:54:45.0587 1760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

13:54:45.0587 1760 ohci1394 - ok

13:54:45.0712 1760 OverwolfUpdaterService (813c8045395da92ac8a7e0c7a78da8e7) C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe

13:54:45.0712 1760 OverwolfUpdaterService - ok

13:54:45.0759 1760 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:54:45.0759 1760 p2pimsvc - ok

13:54:45.0790 1760 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:54:45.0806 1760 p2psvc - ok

13:54:45.0821 1760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:54:45.0837 1760 Parport - ok

13:54:45.0868 1760 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

13:54:45.0868 1760 partmgr - ok

13:54:45.0899 1760 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:54:45.0899 1760 PcaSvc - ok

13:54:45.0931 1760 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

13:54:45.0931 1760 pci - ok

13:54:45.0931 1760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

13:54:45.0931 1760 pciide - ok

13:54:45.0962 1760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:54:45.0962 1760 pcmcia - ok

13:54:45.0962 1760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:54:45.0962 1760 pcw - ok

13:54:46.0009 1760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:54:46.0026 1760 PEAUTH - ok

13:54:46.0102 1760 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:54:46.0105 1760 PerfHost - ok

13:54:46.0217 1760 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

13:54:46.0234 1760 pla - ok

13:54:46.0278 1760 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

13:54:46.0284 1760 PlugPlay - ok

13:54:46.0310 1760 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:54:46.0312 1760 PNRPAutoReg - ok

13:54:46.0346 1760 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:54:46.0349 1760 PNRPsvc - ok

13:54:46.0404 1760 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

13:54:46.0411 1760 PolicyAgent - ok

13:54:46.0458 1760 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:54:46.0460 1760 Power - ok

13:54:46.0516 1760 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

13:54:46.0520 1760 PptpMiniport - ok

13:54:46.0545 1760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:54:46.0547 1760 Processor - ok

13:54:46.0592 1760 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

13:54:46.0596 1760 ProfSvc - ok

13:54:46.0639 1760 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:54:46.0641 1760 ProtectedStorage - ok

13:54:46.0660 1760 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

13:54:46.0662 1760 Psched - ok

13:54:46.0752 1760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:54:46.0767 1760 ql2300 - ok

13:54:46.0897 1760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:54:46.0900 1760 ql40xx - ok

13:54:46.0936 1760 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:54:46.0944 1760 QWAVE - ok

13:54:46.0965 1760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:54:46.0968 1760 QWAVEdrv - ok

13:54:46.0985 1760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:54:46.0987 1760 RasAcd - ok

13:54:47.0009 1760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:54:47.0011 1760 RasAgileVpn - ok

13:54:47.0016 1760 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:54:47.0016 1760 RasAuto - ok

13:54:47.0032 1760 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:54:47.0032 1760 Rasl2tp - ok

13:54:47.0063 1760 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

13:54:47.0063 1760 RasMan - ok

13:54:47.0079 1760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:54:47.0094 1760 RasPppoe - ok

13:54:47.0094 1760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:54:47.0094 1760 RasSstp - ok

13:54:47.0126 1760 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

13:54:47.0141 1760 rdbss - ok

13:54:47.0172 1760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:54:47.0172 1760 rdpbus - ok

13:54:47.0188 1760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:54:47.0188 1760 RDPCDD - ok

13:54:47.0204 1760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:54:47.0204 1760 RDPENCDD - ok

13:54:47.0219 1760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:54:47.0219 1760 RDPREFMP - ok

13:54:47.0266 1760 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

13:54:47.0282 1760 RDPWD - ok

13:54:47.0282 1760 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

13:54:47.0297 1760 rdyboost - ok

13:54:47.0328 1760 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:54:47.0328 1760 RemoteAccess - ok

13:54:47.0360 1760 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:54:47.0360 1760 RemoteRegistry - ok

13:54:47.0484 1760 RosettaStoneLtdController (7f7ebf43f4789ddc044098d696149391) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe

13:54:47.0484 1760 RosettaStoneLtdController - ok

13:54:47.0500 1760 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:54:47.0516 1760 RpcEptMapper - ok

13:54:47.0547 1760 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:54:47.0547 1760 RpcLocator - ok

13:54:47.0623 1760 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

13:54:47.0628 1760 RpcSs - ok

13:54:47.0712 1760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:54:47.0713 1760 rspndr - ok

13:54:47.0746 1760 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

13:54:47.0749 1760 RSUSBSTOR - ok

13:54:47.0860 1760 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:54:47.0907 1760 RTL8167 - ok

13:54:48.0078 1760 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

13:54:48.0085 1760 RtVOsdService - ok

13:54:48.0129 1760 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:54:48.0131 1760 SamSs - ok

13:54:48.0156 1760 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

13:54:48.0159 1760 sbp2port - ok

13:54:48.0260 1760 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

13:54:48.0269 1760 SBSDWSCService - ok

13:54:48.0300 1760 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:54:48.0304 1760 SCardSvr - ok

13:54:48.0355 1760 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

13:54:48.0356 1760 scfilter - ok

13:54:48.0441 1760 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

13:54:48.0459 1760 Schedule - ok

13:54:48.0488 1760 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

13:54:48.0489 1760 SCPolicySvc - ok

13:54:48.0518 1760 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

13:54:48.0521 1760 sdbus - ok

13:54:48.0550 1760 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

13:54:48.0554 1760 SDRSVC - ok

13:54:48.0566 1760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:54:48.0568 1760 secdrv - ok

13:54:48.0570 1760 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

13:54:48.0586 1760 seclogon - ok

13:54:48.0601 1760 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:54:48.0601 1760 SENS - ok

13:54:48.0617 1760 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:54:48.0617 1760 SensrSvc - ok

13:54:48.0617 1760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:54:48.0617 1760 Serenum - ok

13:54:48.0632 1760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:54:48.0632 1760 Serial - ok

13:54:48.0632 1760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:54:48.0648 1760 sermouse - ok

13:54:48.0664 1760 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

13:54:48.0664 1760 SessionEnv - ok

13:54:48.0679 1760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

13:54:48.0679 1760 sffdisk - ok

13:54:48.0679 1760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:54:48.0679 1760 sffp_mmc - ok

13:54:48.0726 1760 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:54:48.0726 1760 sffp_sd - ok

13:54:48.0742 1760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:54:48.0757 1760 sfloppy - ok

13:54:48.0804 1760 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

13:54:48.0804 1760 ShellHWDetection - ok

13:54:48.0820 1760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:54:48.0820 1760 SiSRaid2 - ok

13:54:48.0835 1760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:54:48.0835 1760 SiSRaid4 - ok

13:54:48.0851 1760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:54:48.0851 1760 Smb - ok

13:54:48.0866 1760 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:54:48.0882 1760 SNMPTRAP - ok

13:54:48.0898 1760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:54:48.0898 1760 spldr - ok

13:54:48.0944 1760 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

13:54:48.0960 1760 Spooler - ok

13:54:49.0165 1760 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

13:54:49.0204 1760 sppsvc - ok

13:54:49.0309 1760 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:54:49.0311 1760 sppuinotify - ok

13:54:49.0372 1760 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

13:54:49.0378 1760 srv - ok

13:54:49.0406 1760 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

13:54:49.0411 1760 srv2 - ok

13:54:49.0446 1760 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

13:54:49.0450 1760 SrvHsfHDA - ok

13:54:49.0660 1760 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

13:54:49.0682 1760 SrvHsfV92 - ok

13:54:49.0854 1760 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

13:54:49.0865 1760 SrvHsfWinac - ok

13:54:49.0900 1760 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

13:54:49.0904 1760 srvnet - ok

13:54:49.0943 1760 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:54:49.0948 1760 SSDPSRV - ok

13:54:49.0961 1760 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:54:49.0965 1760 SstpSvc - ok

13:54:50.0020 1760 Steam Client Service - ok

13:54:50.0054 1760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:54:50.0057 1760 stexstor - ok

13:54:50.0105 1760 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

13:54:50.0113 1760 stisvc - ok

13:54:50.0125 1760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

13:54:50.0125 1760 swenum - ok

13:54:50.0156 1760 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:54:50.0171 1760 swprv - ok

13:54:50.0218 1760 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys

13:54:50.0234 1760 SynTP - ok

13:54:50.0327 1760 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

13:54:50.0343 1760 SysMain - ok

13:54:50.0452 1760 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

13:54:50.0468 1760 TabletInputService - ok

13:54:50.0483 1760 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

13:54:50.0499 1760 TapiSrv - ok

13:54:50.0499 1760 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:54:50.0499 1760 TBS - ok

13:54:50.0655 1760 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

13:54:50.0671 1760 Tcpip - ok

13:54:50.0923 1760 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

13:54:50.0935 1760 TCPIP6 - ok

13:54:50.0990 1760 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

13:54:50.0990 1760 tcpipreg - ok

13:54:51.0007 1760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:54:51.0007 1760 TDPIPE - ok

13:54:51.0042 1760 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

13:54:51.0043 1760 TDTCP - ok

13:54:51.0049 1760 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

13:54:51.0051 1760 tdx - ok

13:54:51.0056 1760 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

13:54:51.0057 1760 TermDD - ok

13:54:51.0116 1760 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

13:54:51.0122 1760 TermService - ok

13:54:51.0134 1760 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:54:51.0136 1760 Themes - ok

13:54:51.0162 1760 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:54:51.0163 1760 THREADORDER - ok

13:54:51.0179 1760 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:54:51.0181 1760 TrkWks - ok

13:54:51.0240 1760 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

13:54:51.0244 1760 TrustedInstaller - ok

13:54:51.0271 1760 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:54:51.0272 1760 tssecsrv - ok

13:54:51.0298 1760 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

13:54:51.0300 1760 tunnel - ok

13:54:51.0317 1760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:54:51.0318 1760 uagp35 - ok

13:54:51.0360 1760 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys

13:54:51.0363 1760 udfs - ok

13:54:51.0399 1760 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:54:51.0401 1760 UI0Detect - ok

13:54:51.0410 1760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

13:54:51.0411 1760 uliagpkx - ok

13:54:51.0418 1760 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

13:54:51.0419 1760 umbus - ok

13:54:51.0458 1760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:54:51.0459 1760 UmPass - ok

13:54:51.0491 1760 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:54:51.0495 1760 upnphost - ok

13:54:51.0553 1760 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

13:54:51.0556 1760 usbaudio - ok

13:54:51.0602 1760 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

13:54:51.0604 1760 usbccgp - ok

13:54:51.0632 1760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

13:54:51.0634 1760 usbcir - ok

13:54:51.0678 1760 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

13:54:51.0678 1760 usbehci - ok

13:54:51.0709 1760 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

13:54:51.0709 1760 usbfilter - ok

13:54:51.0756 1760 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

13:54:51.0756 1760 usbhub - ok

13:54:51.0787 1760 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys

13:54:51.0787 1760 usbohci - ok

13:54:51.0834 1760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:54:51.0834 1760 usbprint - ok

13:54:51.0881 1760 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

13:54:51.0881 1760 USBSTOR - ok

13:54:51.0897 1760 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

13:54:51.0912 1760 usbuhci - ok

13:54:51.0943 1760 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

13:54:51.0959 1760 usbvideo - ok

13:54:51.0990 1760 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:54:52.0006 1760 UxSms - ok

13:54:52.0053 1760 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:54:52.0053 1760 VaultSvc - ok

13:54:52.0115 1760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

13:54:52.0115 1760 vdrvroot - ok

13:54:52.0224 1760 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

13:54:52.0224 1760 vds - ok

13:54:52.0273 1760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:54:52.0274 1760 vga - ok

13:54:52.0281 1760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:54:52.0282 1760 VgaSave - ok

13:54:52.0297 1760 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

13:54:52.0299 1760 vhdmp - ok

13:54:52.0304 1760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

13:54:52.0305 1760 viaide - ok

13:54:52.0315 1760 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

13:54:52.0316 1760 volmgr - ok

13:54:52.0362 1760 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

13:54:52.0365 1760 volmgrx - ok

13:54:52.0383 1760 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

13:54:52.0385 1760 volsnap - ok

13:54:52.0401 1760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:54:52.0402 1760 vsmraid - ok

13:54:52.0509 1760 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

13:54:52.0521 1760 VSS - ok

13:54:52.0653 1760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:54:52.0653 1760 vwifibus - ok

13:54:52.0661 1760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:54:52.0661 1760 vwififlt - ok

13:54:52.0696 1760 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:54:52.0700 1760 W32Time - ok

13:54:52.0721 1760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:54:52.0722 1760 WacomPen - ok

13:54:52.0732 1760 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:54:52.0733 1760 WANARP - ok

13:54:52.0738 1760 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:54:52.0739 1760 Wanarpv6 - ok

13:54:52.0910 1760 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:54:52.0921 1760 WatAdminSvc - ok

13:54:53.0027 1760 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

13:54:53.0039 1760 wbengine - ok

13:54:53.0193 1760 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:54:53.0200 1760 WbioSrvc - ok

13:54:53.0233 1760 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

13:54:53.0249 1760 wcncsvc - ok

13:54:53.0249 1760 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:54:53.0249 1760 WcsPlugInService - ok

13:54:53.0311 1760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:54:53.0311 1760 Wd - ok

13:54:53.0358 1760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:54:53.0358 1760 Wdf01000 - ok

13:54:53.0373 1760 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:54:53.0373 1760 WdiServiceHost - ok

13:54:53.0389 1760 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:54:53.0389 1760 WdiSystemHost - ok

13:54:53.0436 1760 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

13:54:53.0436 1760 WebClient - ok

13:54:53.0514 1760 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:54:53.0514 1760 Wecsvc - ok

13:54:53.0561 1760 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:54:53.0561 1760 wercplsupport - ok

13:54:53.0607 1760 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:54:53.0607 1760 WerSvc - ok

13:54:53.0670 1760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:54:53.0670 1760 WfpLwf - ok

13:54:53.0701 1760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:54:53.0701 1760 WIMMount - ok

13:54:53.0732 1760 WinHttpAutoProxySvc - ok

13:54:53.0816 1760 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:54:53.0818 1760 Winmgmt - ok

13:54:53.0941 1760 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

13:54:53.0955 1760 WinRM - ok

13:54:54.0115 1760 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:54:54.0125 1760 Wlansvc - ok

13:54:54.0276 1760 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:54:54.0291 1760 wlidsvc - ok

13:54:54.0428 1760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:54:54.0430 1760 WmiAcpi - ok

13:54:54.0503 1760 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:54:54.0507 1760 wmiApSrv - ok

13:54:54.0557 1760 WMPNetworkSvc - ok

13:54:54.0588 1760 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:54:54.0593 1760 WPCSvc - ok

13:54:54.0613 1760 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

13:54:54.0619 1760 WPDBusEnum - ok

13:54:54.0654 1760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:54:54.0656 1760 ws2ifsl - ok

13:54:54.0662 1760 WSearch - ok

13:54:54.0802 1760 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

13:54:54.0818 1760 wuauserv - ok

13:54:54.0958 1760 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

13:54:54.0958 1760 WudfPf - ok

13:54:54.0989 1760 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:54:54.0989 1760 WUDFRd - ok

13:54:55.0021 1760 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

13:54:55.0021 1760 wudfsvc - ok

13:54:55.0052 1760 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:54:55.0052 1760 WwanSvc - ok

13:54:55.0099 1760 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

13:54:55.0099 1760 yukonw7 - ok

13:54:55.0130 1760 MBR (0x1B8) (5cc30a452671cf244989190fee7b1a69) \Device\Harddisk0\DR0

13:54:55.0333 1760 \Device\Harddisk0\DR0 - ok

13:54:55.0333 1760 Boot (0x1200) (5cc07449fbfba80aca7195f68bd76696) \Device\Harddisk0\DR0\Partition0

13:54:55.0333 1760 \Device\Harddisk0\DR0\Partition0 - ok

13:54:55.0357 1760 Boot (0x1200) (7980b16832ee6b02a1ac57114adceedc) \Device\Harddisk0\DR0\Partition1

13:54:55.0359 1760 \Device\Harddisk0\DR0\Partition1 - ok

13:54:55.0391 1760 Boot (0x1200) (b4f420bb3f8cf09c3e78fa1d7be10aaa) \Device\Harddisk0\DR0\Partition2

13:54:55.0392 1760 \Device\Harddisk0\DR0\Partition2 - ok

13:54:55.0417 1760 Boot (0x1200) (ca0d70aed4f92e2b2f9b2b1553ab3344) \Device\Harddisk0\DR0\Partition3

13:54:55.0417 1760 \Device\Harddisk0\DR0\Partition3 - ok

13:54:55.0418 1760 ============================================================

13:54:55.0418 1760 Scan finished

13:54:55.0418 1760 ============================================================

13:54:55.0435 4596 Detected object count: 0

13:54:55.0436 4596 Actual detected object count: 0

13:56:14.0247 4816 Deinitialize success

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/31/2011 6:10:09 PM

System Uptime: 5/30/2012 11:51:54 AM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 1444

Processor: AMD Athlon II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 280 GiB total, 50.422 GiB free.

D: is FIXED (NTFS) - 17 GiB total, 2.509 GiB free.

E: is CDROM (UDF)

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP270: 5/28/2012 9:10:16 PM - Installed Dracula - Love Kills Collectors Edition

.

==== Installed Programs ======================

.

µTorrent

3DVIA player 5.0

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1 MUI

Adobe Shockwave Player 11.5

All My Gods

AMD USB Filter Driver

Atheros Driver Installation Program

Bejeweled 2 Deluxe

Bejeweled 3

Betrayal Pack

Blackhawk Striker 2

Blood Bowl: Legendary Edition

Build-a-lot 2

calibre

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

CinemaNow Media Manager

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 9

CyberLink YouCam

D-Fend Reloaded 1.2.1 (deinstall)

DAEMON Tools Lite

Diner Dash 2 Restaurant Rescue

DivX Setup

Dora's Carnival Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

FATE

FATE The Cursed King

Final Drive Nitro

Free Download Manager 2.5

Google Chrome

Google Earth

Google Update Helper

Heroes of Hellas 2 - Olympia

HP Advisor

HP Customer Experience Enhancements

HP Documentation

HP Game Console

HP Games

HP MediaSmart CinemaNow 2.0

HP Photo Creations

HP Power Manager

HP Quick Launch

HP Setup

HP Software Framework

Island Tribe 3 1.00

Java Auto Updater

Java 6 Update 31

Jewel Quest 3

Jewel Quest Solitaire 2

Junk Mail filter update

Knights of Honor

LabelPrint

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

LeapFrog Leapster2 Plugin

Life Quest 2 - Metropoville

LightScribe System Software

M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Ogg Codecs 0.81.15562

OpenAL

Overwolf

Penguins!

PhotoNow!

Plants vs. Zombies

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Recovery Manager

Rosetta Stone Ltd Services

Rosetta Stone Version 3

Roxio CinemaNow 2.0

Runes of Magic

Secrets of the Dark - Eclipse Mountain Collector's Edition

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sid Meier's Pirates!

Simon the Sorcerer

Skype Click to Call

Skype™ 5.5

Spybot - Search & Destroy

Steam

The Sims Medieval

The Sims Medieval Pirates and Nobles

Thomas New Line

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)

uTorrentBar Toolbar

VC80CRTRedist - 8.0.50727.6195

Virtual Families

Virtual Villagers - The Secret City

Wheel of Fortune 2

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Zip Motion Block Video codec (Remove Only)

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

5/30/2012 11:52:43 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

5/30/2012 11:52:43 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

5/30/2012 11:52:20 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

5/30/2012 11:52:20 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

5/30/2012 11:52:19 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

5/30/2012 11:52:17 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/28/2012 4:28:15 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

5/28/2012 3:16:44 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

5/28/2012 3:09:27 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

5/28/2012 2:39:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

5/27/2012 6:25:01 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

5/24/2012 10:59:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

.

==== End Of File ===========================

Link to post
Share on other sites

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Sami [Admin rights]

Mode: Scan -- Date: 05/31/2012 08:50:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[] HKLM\[...]\Wow6432Node\Windows : () -> ACCESS DENIED

[sUSP PATH] winupd.job @ : C:\Users\Sami\AppData\Local\Temp\winupd.exe -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:53899) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 SATA Disk Device +++++

--- User ---

[MBR] bab95170c4dd25bd78382f53bc178844

[bSP] 254dd57fc886b767657535bf210e1e23 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287179 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588552192 | Size: 17762 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Hello lampathy and welcome to Malwarebytes. :welcome:

I am D-FRED-BROWN and I will be helping you.

I'll go ahead and just start from where you left off as you've already ran a number of tools I ask for users to run first.

------------

Please visit ESET's website and follow their instructions for running their standalone removal tool. http://kb.eset.cz/esetkb/index?page=content&id=SOLN2895

After that (do not reboot unless prompted to), see if you can run ComboFix. Let me know how things go. :)

Link to post
Share on other sites

Let's try this.

Download RKill from one of the following locations:

rkill.exe

rkill.com

rkill.scr

Save it to your Desktop, along with ComboFix and the ESET cleaning utility. Don't run anything yet.

1. Boot into Safe Mode.

2. Run RKill,

3. Run the ESET utility I had you previously run,

4. Run ComboFix.

If ComboFix still refuses to run, let me know and we'll try something else.

Link to post
Share on other sites

My bad, I forgot to answer your question from earlier... You're not doing aything wrong- it's the malware that's preventing us from successfully running some of these tools. It becomes a cat and mouse game between the cybercriminals and the good guys to outsmart one another, and it appears they're one step ahead of you and I at this point. :lol::angry:

Let's give this a shot:

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/ .

  • Burn the Kaspersky Rescue Disk ISO image to CD.
  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
  • Select your language (or wait a few seconds for the default English to load).
  • Your screen may go blank for several minutes while the program loads.
  • After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
    • Click the Update tab to view the update progress.
    • When the update has completed, click the Scan tab.

    [*]Place a checkmark in all the available drives to scan the entire system.

    [*]Click the "Security level" option, and select options.

    • Make sure "All Files" is selected
    • Under "Scan of compound files" ensure all options are selected and click the OK button.

    [*]Click the "On threat detection" option

    • Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".

    [*]Click the "Start scan" button.

    [*]When the scan has completed, click the Reports button.

    • Click the Save button, and select your System drive (normally your C: drive)
    • In the "File name" box, name the file krd-log and click the Save button.
    • Click Close to close the Reports window.

    [*]Click the Exit button to close the Rescue Disk program and confirm.

    In the lower left of the screen, left-click the red K button, select Logout, and confirm.

    [*]The computer will shut down.

    [*]Restart the computer and reboot normally.

    [*]Please post the log (krd-log.txt) in your next reply.

Link to post
Share on other sites

I think we're on the right track. ;)

Please download BlitzBlank by Emisoft from here.

  • Save it to your Desktop.
  • Now, please close all web browsers and any other programs.
  • Run BlitzBlank.exe from your Desktop.
  • Select the Script button.
  • Copy and paste the following in the Script box:
    DeleteFolder:
    C:\Windows\Installer\{46aea556-3b27-4fe4-c5d6-735ab4da8640}
    C:\Users\Sami\AppData\{46aea556-3b27-4fe4-c5d6-735ab4da8640}


  • Then, click Execute Now.

Do not reboot unless specifically prompted to by BlitzBlank.

Next, try to run ComboFix. If successful, please post the newly-created C:\ComboFix.txt in your next reply.

Let me know how things go.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.31.03

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Sami :: SAMI-HP [administrator]

Protection: Enabled

6/1/2012 6:35:38 PM

mbam-log-2012-06-01 (18-45-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223105

Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{46aea556-3b27-4fe4-c5d6-735ab4da8640}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)

Link to post
Share on other sites

Since that didn't work, we'll go about it another way (please bear with me):

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 02-06-2012

Ran by SYSTEM at 01-06-2012 20:11:51

Running from D:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6245408 2010-05-25] (Realtek Semiconductor)

HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-06-17] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)

HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Sami\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Sami\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-05-19] (Hewlett-Packard Company)

HKU\Sami\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\Sami\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)

HKU\Sami\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)

HKU\Sami\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-05] (Valve Corporation)

HKU\Sami\...\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent [42424 2012-05-09] (Overwolf)

HKU\Sami\...\Run: [Google Update] "C:\Users\Sami\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-28] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) ======

2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [140272 2010-05-21] (CinemaNow, Inc.)

2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)

3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2012-05-09] (Overwolf Ltd)

2 RosettaStoneLtdController; "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe" [352312 2008-09-16] (Rosetta Stone Ltd.)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-11] (DT Soft Ltd)

3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-11-12] (Belcarra Technologies)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)

3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [245792 2010-05-07] (Realtek Semiconductor Corp.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-01 18:22 - 2012-06-01 18:22 - 1395275 ____A C:\Users\Sami\Downloads\FRST64.exe

2012-06-01 17:46 - 2012-06-01 17:46 - 0002040 ____A C:\Users\Sami\Desktop\mbam-log-2012-06-01 (18-45-54).txt

2012-06-01 15:11 - 2012-06-01 15:11 - 1153912 ____A (Emsi Software GmbH) C:\Users\Sami\Desktop\BlitzBlank.exe

2012-06-01 09:09 - 2012-06-01 09:12 - 0000000 ____D C:\Users\Sami\AppData\Roaming\ImgBurn

2012-06-01 09:02 - 2012-06-01 09:02 - 6118990 ____A (LIGHTNING UK!) C:\Users\Sami\Downloads\SetupImgBurn_2.5.7.0.exe

2012-06-01 09:02 - 2012-06-01 09:02 - 0001865 ____A C:\Users\Public\Desktop\ImgBurn.lnk

2012-06-01 09:02 - 2012-06-01 09:02 - 0000000 ____D C:\Program Files (x86)\ImgBurn

2012-06-01 08:52 - 2012-06-01 08:52 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com

2012-06-01 08:51 - 2012-06-01 08:51 - 1534144 ____A (W3i, LLC) C:\Users\Sami\Downloads\dvdburning_1289.exe

2012-06-01 08:49 - 2012-06-01 08:54 - 274565120 ____A C:\Users\Sami\Downloads\kav_rescue_10.iso

2012-06-01 02:20 - 2012-06-01 02:22 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0

2012-05-31 20:21 - 2012-05-31 20:21 - 0002292 ____A C:\Users\Sami\Desktop\Kingdom Chronicles - Collector's Edition.lnk

2012-05-31 20:20 - 2012-05-31 20:20 - 0000000 ____D C:\Program Files (x86)\Kingdom Chronicles - Collector's Edition

2012-05-31 19:58 - 2012-05-31 20:08 - 0000000 ____D C:\Users\Sami\Downloads\DarkHeritage-GuardiansofHopeCE

2012-05-31 19:34 - 2012-05-31 19:34 - 0017696 ____A C:\Users\Sami\Downloads\((Demonoid.me))-Dark_Heritage_Guardians_Of_Hope_Collector's_Edition_6780791.3766.torrent

2012-05-31 19:04 - 2012-05-31 19:04 - 4533668 ____R (Swearware) C:\Users\Sami\Desktop\ComboFix.exe

2012-05-31 19:03 - 2012-05-31 19:03 - 1012656 ____A C:\Users\Sami\Desktop\rkill (1).exe

2012-05-31 19:02 - 2012-05-31 19:02 - 0138120 ____A (ESET) C:\Users\Sami\Downloads\ESETSirefefRemover (1).exe

2012-05-31 19:02 - 2012-05-31 19:02 - 0138120 ____A (ESET) C:\Users\Sami\Desktop\ESETSirefefRemover (2).exe

2012-05-31 18:57 - 2012-05-31 18:58 - 1012656 ____A C:\Users\Sami\Downloads\rkill.exe

2012-05-31 18:20 - 2012-05-31 18:20 - 0138120 ____A (ESET) C:\Users\Sami\Downloads\ESETSirefefRemover.exe

2012-05-31 09:41 - 2012-05-31 09:41 - 0000000 ____D C:\Users\Sami\Documents\RK_Quarantine

2012-05-31 09:41 - 2012-05-31 09:32 - 0001560 ____A C:\Users\Sami\Documents\RKreport[6].txt

2012-05-31 09:41 - 2012-05-31 09:31 - 0001536 ____A C:\Users\Sami\Documents\RKreport[5].txt

2012-05-31 09:41 - 2012-05-31 08:08 - 0000650 ____A C:\Users\Sami\Documents\RKreport[4].txt

2012-05-31 09:41 - 2012-05-31 08:07 - 0001658 ____A C:\Users\Sami\Documents\RKreport[2].txt

2012-05-31 09:41 - 2012-05-31 08:07 - 0001387 ____A C:\Users\Sami\Documents\RKreport[3].txt

2012-05-31 09:41 - 2012-05-31 07:50 - 0001602 ____A C:\Users\Sami\Documents\RKreport[1].txt

2012-05-31 07:40 - 2012-05-31 07:40 - 1506304 ____A C:\Users\Sami\Downloads\RogueKiller.exe

2012-05-30 18:41 - 2012-05-30 18:41 - 0000000 ____D C:\Users\Sami\Downloads\Colin Cotterill; Jimm Juree 02; Grandad There's a Head on the Beach

2012-05-30 18:40 - 2012-05-30 18:40 - 0001180 ____A C:\Users\Sami\Downloads\Colin_Cotterill_Jimm_Juree_02_Grandad_There's_a_Head_on_the_Beach-[Demonoid.me]_6780791.3766.torrent

2012-05-30 12:58 - 2012-05-31 19:19 - 0000000 ___SD C:\32788R22FWJFW

2012-05-30 12:50 - 2012-05-30 12:56 - 0245960 ____A C:\TDSSKiller.2.7.36.0_30.05.2012_13.50.44_log.txt

2012-05-30 12:47 - 2012-05-30 12:50 - 0124142 ____A C:\TDSSKiller.2.7.36.0_30.05.2012_13.47.33_log.txt

2012-05-30 12:47 - 2012-05-30 12:47 - 0000000 ____D C:\Users\Sami\Downloads\tdsskiller (2)

2012-05-30 12:46 - 2012-05-30 12:47 - 2108959 ____A C:\Users\Sami\Downloads\tdsskiller (2).zip

2012-05-30 12:46 - 2012-05-30 12:46 - 0000348 ____A C:\TDSSKiller.2.6.23.0_30.05.2012_13.46.52_log.txt

2012-05-30 11:47 - 2012-05-30 11:47 - 0021168 ____A C:\Users\Sami\Documents\DDSlog1.txt

2012-05-30 11:46 - 2012-05-30 11:46 - 0008481 ____A C:\Users\Sami\Documents\Attach.txt

2012-05-30 11:33 - 2012-05-30 11:33 - 0607260 ____R (Swearware) C:\Users\Sami\Downloads\dds.com

2012-05-30 09:19 - 2012-05-30 09:19 - 0472064 ____A ( ) C:\Users\Sami\Downloads\RootRepeal.exe

2012-05-29 21:34 - 2012-05-29 21:34 - 0000048 ___RH C:\Users\Sami\Downloads\stinger.opt

2012-05-29 18:35 - 2012-05-29 18:35 - 0000000 ____D C:\Users\Sami\Downloads\Alexander the Great

2012-05-29 18:34 - 2012-05-29 18:34 - 0000000 ____D C:\Users\Sami\Downloads\Final Sail - Elaine Viets

2012-05-29 18:33 - 2012-05-29 18:33 - 0001025 ____A C:\Users\Sami\Downloads\Alexander_the_Great_Journey_to_the_End_of_the_Earth_epub_+-Demonoid.me-+_6780791.3766.torrent

2012-05-29 18:33 - 2012-05-29 18:33 - 0000000 ____D C:\Users\Sami\Downloads\Lora Roberts - Liz Sullivan Mysteries 1-6

2012-05-29 18:31 - 2012-05-29 18:31 - 0007792 ____A C:\Users\Sami\Downloads\[]Demonoid.me[]-Final_Sail_(Dead_End_Job_Series_11)_by_Elaine_Viets_6780791.3766.torrent

2012-05-29 18:31 - 2012-05-29 18:31 - 0006187 ____A C:\Users\Sami\Downloads\Lora_Roberts_Liz_Sullivan_Mysteries_1_6-[[Demonoid.me]]_6780791.3766.torrent

2012-05-29 18:30 - 2012-05-29 18:31 - 0000000 ____D C:\Users\Sami\Downloads\J.D. Robb

2012-05-29 18:29 - 2012-05-29 18:29 - 0018206 ____A C:\Users\Sami\Downloads\J_D_Robb_In_Death_Series_1_43_O-Demonoid.me-O_6780791.3766.torrent

2012-05-29 18:26 - 2012-05-29 18:26 - 0010981 ____A C:\Users\Sami\Downloads\[[Demonoid.me]]-Haunting_Mysteries_Island_Of_Lost_Souls_Collector's_Edition_6780791.3766.torrent

2012-05-29 18:24 - 2012-05-29 18:44 - 0000000 ____D C:\Users\Sami\Downloads\Vampire_Saga_3_Break_Out_Final

2012-05-29 18:23 - 2012-05-29 18:40 - 0000000 ____D C:\Users\Sami\Downloads\DarkDimensions2-WaxBeautyCE

2012-05-29 18:23 - 2012-05-29 18:35 - 0000000 ____D C:\Users\Sami\Downloads\FabledLegends-TheDarkPiperCE

2012-05-29 18:23 - 2012-05-29 18:23 - 0012272 ____A C:\Users\Sami\Downloads\Vampire_Saga_3_Break_Out_x-Demonoid.me-x_6780791.3766.torrent

2012-05-29 18:22 - 2012-05-29 18:22 - 0014611 ____A C:\Users\Sami\Downloads\_=Demonoid.me=_-Dark_Dimensions_2_Wax_Beauty_Collector's_Edition_6780791.3766.torrent

2012-05-29 18:22 - 2012-05-29 18:22 - 0011385 ____A C:\Users\Sami\Downloads\(Demonoid.me)-Fabled_Legends_The_Dark_Piper_Collector's_Edition_6780791.3766.torrent

2012-05-29 18:21 - 2012-05-29 18:35 - 0000000 ____D C:\Users\Sami\Downloads\FinalCut-DeathontheSilverScreenCE

2012-05-29 18:20 - 2012-05-29 18:20 - 0016824 ____A C:\Users\Sami\Downloads\Final_Cut_Death_On_The_Silver_Screen_Collector's_Edition_O-Demonoid.me-O_6780791.3766.torrent

2012-05-29 10:21 - 2012-05-29 10:21 - 0302592 ____A C:\Users\Sami\Downloads\e6940ydo.exe

2012-05-29 10:19 - 2012-05-29 10:19 - 0016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2012-05-29 10:18 - 2012-05-29 21:34 - 0000000 ____D C:\Program Files (x86)\stinger

2012-05-29 10:18 - 2012-05-29 10:18 - 9481320 ____A (McAfee Inc.) C:\Users\Sami\Downloads\stinger.exe

2012-05-29 10:16 - 2012-05-29 10:16 - 8656400 ____A (Trend Micro Inc.) C:\Users\Sami\Downloads\RootkitBuster_v5_1061 (1).exe

2012-05-29 10:16 - 2012-05-29 10:16 - 0000000 ____D C:\Users\Sami\Downloads\TMRBLog

2012-05-29 10:15 - 2012-05-29 10:15 - 8656400 ____A (Trend Micro Inc.) C:\Users\Sami\Downloads\RootkitBuster_v5_1061.exe

2012-05-28 20:15 - 2012-05-28 20:15 - 0007605 ____A C:\Users\Sami\AppData\Local\Resmon.ResmonCfg

2012-05-28 19:31 - 2012-05-28 19:31 - 0002660 ____A C:\Users\Public\Desktop\VELOCITY Secrets of the Dark Eclipse Mountain Collector's Edition.lnk

2012-05-28 19:31 - 2012-05-28 19:31 - 0002653 ____A C:\Users\Public\Desktop\Play Secrets of the Dark Eclipse Mountain Collector's Edition Tiger.lnk

2012-05-28 19:31 - 2012-05-28 19:31 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Orneon

2012-05-28 18:55 - 2012-05-28 18:56 - 0124142 ____A C:\TDSSKiller.2.7.38.0_28.05.2012_19.55.50_log.txt

2012-05-28 18:55 - 2012-05-28 18:55 - 0000000 ____D C:\Users\Sami\Downloads\tdsskiller (1)

2012-05-28 18:54 - 2012-05-28 18:55 - 2108825 ____A C:\Users\Sami\Downloads\tdsskiller (1).zip

2012-05-28 18:54 - 2012-05-28 18:54 - 0000348 ____A C:\TDSSKiller.2.6.23.0_28.05.2012_19.54.50_log.txt

2012-05-28 14:15 - 2012-06-01 18:20 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816964637-4104116600-144631762-1001UA.job

2012-05-28 14:15 - 2012-06-01 14:20 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816964637-4104116600-144631762-1001Core.job

2012-05-28 13:38 - 2012-05-28 13:38 - 0000000 ____D C:\Windows\System32\SPReview

2012-05-27 21:34 - 2012-05-27 21:34 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-05-27 21:27 - 2012-05-27 21:27 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Dark Dimensions - Wax Beauty Strategy Guide

2012-05-27 21:22 - 2012-05-27 21:22 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Eipix

2012-05-27 21:22 - 2012-05-27 21:22 - 0000000 ____A C:\Users\Sami\AppData\Roaming\BrgNm.txt

2012-05-27 19:18 - 2012-05-27 20:15 - 0000000 ____D C:\Users\Sami\Downloads\HOG Ultimate Collection

2012-05-27 19:17 - 2012-05-27 19:17 - 0544791 ____A C:\Users\Sami\Downloads\o-Demonoid.me-o_H_O_G_Ultimate_Collection_Pack_1_6780791.3766.torrent

2012-05-27 18:18 - 2012-05-27 18:18 - 0000000 ____D C:\Users\Sami\Downloads\TeslasTower-TheWardenclyffeMystery

2012-05-27 18:16 - 2012-05-27 18:18 - 0000000 ____D C:\Users\Sami\Downloads\Kingdom.Chronicles.Collectors.Edition.v1.0.0.4-TE

2012-05-27 18:12 - 2012-05-27 18:28 - 0000000 ____D C:\Users\Sami\Downloads\Ultimate Zombie Book Collection

2012-05-26 11:33 - 2012-05-28 13:44 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Octoshape

2012-05-26 11:33 - 2012-05-26 11:33 - 0867688 ____A (Octoshape ApS) C:\Users\Sami\Downloads\OctoSetup.exe

2012-05-26 11:33 - 2012-05-26 11:33 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Mozilla

2012-05-24 18:37 - 2012-05-24 18:37 - 0000000 ____D C:\Users\Sami\Downloads\Robert Van Gulik

2012-05-24 09:48 - 2012-05-24 09:48 - 0000000 ____D C:\Users\Sami\Downloads\Odyssey The Search for Ulysses

2012-05-23 20:08 - 2012-05-23 20:08 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Friday's games

2012-05-23 20:03 - 2012-05-28 19:30 - 0000000 ____D C:\Program Files (x86)\Tiger Games

2012-05-22 17:12 - 2012-05-22 17:12 - 0000000 ____D C:\Windows\SysWOW64\2080

2012-05-22 15:19 - 2012-05-22 15:43 - 0000000 ____D C:\Users\Sami\Downloads\Full Metal Panic! Ultimate Collection (Dual-Audio)

2012-05-21 19:47 - 2012-05-21 19:47 - 0000000 ____D C:\Users\Sami\AppData\Roaming\SkyGoblin

2012-05-21 19:43 - 2012-05-21 19:43 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0000000 ____D C:\Program Files (x86)\OpenAL

2012-05-21 19:26 - 2012-05-21 19:26 - 0000000 ____D C:\Program Files (x86)\directx

2012-05-21 19:22 - 2012-05-21 19:22 - 0000000 ____D C:\Users\Sami\Downloads\Bob Leman - The Tehama and others

2012-05-19 18:07 - 2012-05-27 18:31 - 0000000 ____D C:\Users\Sami\Downloads\The Journey Down Chapter 1-2012-EN-HI2U

2012-05-19 18:06 - 2012-05-27 21:31 - 0000000 ____D C:\Users\Sami\Downloads\HauntingMysteries-TheIslandofLostSoulsCE

2012-05-17 17:26 - 2012-05-17 17:28 - 0000000 ____D C:\Users\Sami\Downloads\torchlight

2012-05-17 17:24 - 2012-05-17 17:24 - 0000000 ____D C:\Users\Sami\Downloads\The Complete Stories of Truman Capote

2012-05-17 17:23 - 2012-05-17 17:23 - 0000000 ____D C:\Users\Sami\Downloads\Aliette de Bodard - [Obsidian and Blood 01-03] - Obsidian & Blood

2012-05-16 20:15 - 2012-05-16 20:44 - 0000000 ____D C:\Users\Sami\Downloads\Italian

2012-05-16 20:14 - 2012-05-16 20:15 - 0000000 ____D C:\Users\Sami\Downloads\Pimsleur Swedish Comprehensive

2012-05-15 18:56 - 2012-05-15 18:57 - 0000000 ____D C:\Users\Sami\Downloads\Bauer, Belinda

2012-05-15 18:42 - 2012-05-15 18:42 - 0000000 ___HD C:\Users\Sami\Documents\Runes of Magic

2012-05-15 17:12 - 2012-05-22 17:12 - 0000000 ____D C:\Windows\SysWOW64\1080

2012-05-14 21:37 - 2012-05-14 21:38 - 0000000 ____D C:\Program Files (x86)\Overwolf

2012-05-14 21:36 - 2012-06-01 19:07 - 0000000 ____D C:\Users\Sami\AppData\Local\Overwolf

2012-05-14 21:14 - 2012-05-20 19:56 - 0000000 ____D C:\Program Files (x86)\Runes of Magic

2012-05-14 19:11 - 2012-05-14 19:53 - 0000000 ____D C:\Users\Sami\Downloads\Runes_of_Magic_4_0_8_2506_full_us

2012-05-14 19:11 - 2012-05-14 19:11 - 1089192 ____A C:\Users\Sami\Downloads\Runes_of_Magic_4_0_8_2506_full_us.exe

2012-05-14 19:11 - 2012-05-14 19:11 - 0000000 ____D C:\Users\Sami\AppData\Roaming\FOG Downloader

2012-05-12 19:17 - 2012-05-12 19:17 - 0000000 ____D C:\Users\Sami\Downloads\Twisted Lands Insomniac + Strategy Guide - Tiger Games

2012-05-11 15:46 - 2012-03-02 22:29 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2012-05-11 15:46 - 2012-03-02 22:29 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-05-11 15:46 - 2012-03-02 22:29 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2012-05-11 15:46 - 2012-03-02 22:29 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2012-05-11 15:46 - 2012-03-02 22:29 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2012-05-11 15:46 - 2012-03-02 21:40 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2012-05-11 15:46 - 2012-03-02 21:40 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-05-11 15:46 - 2012-03-02 21:40 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2012-05-11 15:46 - 2012-03-02 21:40 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2012-05-11 15:46 - 2012-03-02 21:40 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2012-05-11 15:45 - 2012-04-01 21:34 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-11 15:45 - 2012-04-01 20:46 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-11 15:45 - 2012-04-01 20:46 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-11 15:45 - 2012-04-01 19:01 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-11 15:45 - 2012-03-30 03:09 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-05-11 15:45 - 2012-03-16 23:55 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-05-09 18:47 - 2012-05-09 18:47 - 0768848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2012-05-09 18:47 - 2012-05-09 18:47 - 0421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2012-05-08 17:12 - 2012-05-15 17:12 - 0000000 ____D C:\Windows\SysWOW64\3013

2012-05-08 11:33 - 2012-05-08 12:05 - 0000000 ____D C:\Users\Sami\Downloads\Côte d’Azur ePubs, 2012-May-03

2012-05-08 11:27 - 2012-05-08 12:51 - 0000000 ____D C:\Users\Sami\Downloads\Books on Ancient Greece

2012-05-08 11:26 - 2012-05-08 11:27 - 0000000 ____D C:\Users\Sami\Downloads\Know-it-All, Drop Dead Healthy - A. J. Jacobs

2012-05-08 09:29 - 2012-05-08 09:31 - 0000000 ____D C:\Users\Sami\Downloads\YRG

2012-05-07 19:17 - 2012-05-07 19:17 - 0000000 ____D C:\Users\Sami\Downloads\Whisky Galore (1947) - Compton MacKenzie

2012-05-06 17:35 - 2012-05-06 17:35 - 0000000 ____D C:\Users\Sami\Downloads\Beekeeping for Beginners (Mary Russell 10.5 SS) - Laurie R. King

2012-05-06 17:33 - 2012-05-06 17:36 - 0000000 ____D C:\Users\Sami\Downloads\Reginald Hill

2012-05-06 17:31 - 2012-05-06 17:32 - 0000000 ____D C:\Users\Sami\Downloads\Jeff Shelby

2012-05-06 17:31 - 2012-05-06 17:31 - 0000000 ____D C:\Users\Sami\Downloads\Barnaby_ Ross_(aka_Ellery_Queen)

2012-05-05 20:18 - 2012-05-05 20:18 - 0000000 ____D C:\Users\Sami\AppData\Roaming\LegacyGames

2012-05-05 20:14 - 2012-05-05 20:14 - 0000000 ____D C:\Users\Sami\Downloads\UpdLgndsfAtlntsExdsAB

2012-05-05 07:49 - 2012-05-05 07:49 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Black Sea Studios

2012-05-05 06:21 - 2012-05-05 06:21 - 0000221 ____A C:\Users\Sami\Desktop\Blood Bowl Legendary Edition.url

2012-05-05 06:20 - 2012-05-05 06:20 - 0000220 ____A C:\Users\Sami\Desktop\Sid Meier's Pirates!.url

2012-05-05 06:18 - 2012-05-05 06:18 - 0000221 ____A C:\Users\Sami\Desktop\Knights of Honor.url

2012-05-05 06:10 - 2012-06-01 19:06 - 0000000 ____D C:\Program Files (x86)\Steam

2012-05-05 06:10 - 2012-05-05 06:10 - 0000917 ____A C:\Users\Public\Desktop\Steam.lnk

2012-05-05 06:09 - 2012-05-05 06:09 - 1606656 ____A C:\Users\Sami\Downloads\SteamInstall.msi

2012-05-04 19:37 - 2012-05-04 19:37 - 0000120 ____A C:\Users\Sami\Documents\pwords.txt

2012-05-02 18:57 - 2012-05-02 18:57 - 0000000 ____D C:\Users\Sami\Downloads\Babson, Marian - 4 Books

2012-05-02 18:49 - 2012-05-02 18:49 - 0000000 ____D C:\Users\Sami\Downloads\Aberration - Bard Constantine

============ 3 Months Modified Files and Folders =============

2012-06-01 20:12 - 2012-06-01 20:11 - 0000000 ____D C:\FRST

2012-06-01 19:07 - 2012-05-14 21:36 - 0000000 ____D C:\Users\Sami\AppData\Local\Overwolf

2012-06-01 19:06 - 2012-05-05 06:10 - 0000000 ____D C:\Program Files (x86)\Steam

2012-06-01 19:06 - 2012-01-05 20:31 - 0000000 ____D C:\Users\Sami\Tracing

2012-06-01 19:05 - 2011-12-23 19:40 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-06-01 19:05 - 2011-10-31 16:43 - 2210582528 __ASH C:\hiberfil.sys

2012-06-01 19:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-06-01 19:05 - 2009-07-13 20:51 - 0065435 ____A C:\Windows\setupact.log

2012-06-01 18:43 - 2010-11-20 00:43 - 1618196 ____A C:\Windows\WindowsUpdate.log

2012-06-01 18:43 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-06-01 18:43 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-06-01 18:39 - 2011-12-23 19:40 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-06-01 18:38 - 2011-10-31 16:43 - 0226088 ____A C:\Windows\PFRO.log

2012-06-01 18:25 - 2009-07-13 21:13 - 0782702 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-01 18:22 - 2012-06-01 18:22 - 1395275 ____A C:\Users\Sami\Downloads\FRST64.exe

2012-06-01 18:20 - 2012-05-28 14:15 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816964637-4104116600-144631762-1001UA.job

2012-06-01 17:46 - 2012-06-01 17:46 - 0002040 ____A C:\Users\Sami\Desktop\mbam-log-2012-06-01 (18-45-54).txt

2012-06-01 15:11 - 2012-06-01 15:11 - 1153912 ____A (Emsi Software GmbH) C:\Users\Sami\Desktop\BlitzBlank.exe

2012-06-01 14:20 - 2012-05-28 14:15 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816964637-4104116600-144631762-1001Core.job

2012-06-01 09:12 - 2012-06-01 09:09 - 0000000 ____D C:\Users\Sami\AppData\Roaming\ImgBurn

2012-06-01 09:02 - 2012-06-01 09:02 - 6118990 ____A (LIGHTNING UK!) C:\Users\Sami\Downloads\SetupImgBurn_2.5.7.0.exe

2012-06-01 09:02 - 2012-06-01 09:02 - 0001865 ____A C:\Users\Public\Desktop\ImgBurn.lnk

2012-06-01 09:02 - 2012-06-01 09:02 - 0000000 ____D C:\Program Files (x86)\ImgBurn

2012-06-01 08:55 - 2011-10-31 17:10 - 0000000 ____D C:\Users\Sami\AppData\LocalLow

2012-06-01 08:54 - 2012-06-01 08:49 - 274565120 ____A C:\Users\Sami\Downloads\kav_rescue_10.iso

2012-06-01 08:52 - 2012-06-01 08:52 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com

2012-06-01 08:51 - 2012-06-01 08:51 - 1534144 ____A (W3i, LLC) C:\Users\Sami\Downloads\dvdburning_1289.exe

2012-06-01 02:22 - 2012-06-01 02:20 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0

2012-05-31 22:06 - 2011-10-31 17:37 - 0000000 ____D C:\Users\Sami\AppData\Roaming\uTorrent

2012-05-31 20:21 - 2012-05-31 20:21 - 0002292 ____A C:\Users\Sami\Desktop\Kingdom Chronicles - Collector's Edition.lnk

2012-05-31 20:21 - 2012-04-07 18:43 - 0000000 ____D C:\Users\Sami\AppData\Roaming\aliasworlds

2012-05-31 20:20 - 2012-05-31 20:20 - 0000000 ____D C:\Program Files (x86)\Kingdom Chronicles - Collector's Edition

2012-05-31 20:08 - 2012-05-31 19:58 - 0000000 ____D C:\Users\Sami\Downloads\DarkHeritage-GuardiansofHopeCE

2012-05-31 19:34 - 2012-05-31 19:34 - 0017696 ____A C:\Users\Sami\Downloads\((Demonoid.me))-Dark_Heritage_Guardians_Of_Hope_Collector's_Edition_6780791.3766.torrent

2012-05-31 19:19 - 2012-05-30 12:58 - 0000000 ___SD C:\32788R22FWJFW

2012-05-31 19:19 - 2011-11-04 13:10 - 0410198 ____A C:\Windows\ntbtlog.txt

2012-05-31 19:17 - 2011-12-13 22:48 - 0000361 ____A C:\rkill.log

2012-05-31 19:11 - 2009-07-13 21:08 - 0032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-05-31 19:04 - 2012-05-31 19:04 - 4533668 ____R (Swearware) C:\Users\Sami\Desktop\ComboFix.exe

2012-05-31 19:03 - 2012-05-31 19:03 - 1012656 ____A C:\Users\Sami\Desktop\rkill (1).exe

2012-05-31 19:02 - 2012-05-31 19:02 - 0138120 ____A (ESET) C:\Users\Sami\Downloads\ESETSirefefRemover (1).exe

2012-05-31 19:02 - 2012-05-31 19:02 - 0138120 ____A (ESET) C:\Users\Sami\Desktop\ESETSirefefRemover (2).exe

2012-05-31 18:58 - 2012-05-31 18:57 - 1012656 ____A C:\Users\Sami\Downloads\rkill.exe

2012-05-31 18:20 - 2012-05-31 18:20 - 0138120 ____A (ESET) C:\Users\Sami\Downloads\ESETSirefefRemover.exe

2012-05-31 09:41 - 2012-05-31 09:41 - 0000000 ____D C:\Users\Sami\Documents\RK_Quarantine

2012-05-31 09:32 - 2012-05-31 09:41 - 0001560 ____A C:\Users\Sami\Documents\RKreport[6].txt

2012-05-31 09:31 - 2012-05-31 09:41 - 0001536 ____A C:\Users\Sami\Documents\RKreport[5].txt

2012-05-31 08:08 - 2012-05-31 09:41 - 0000650 ____A C:\Users\Sami\Documents\RKreport[4].txt

2012-05-31 08:07 - 2012-05-31 09:41 - 0001658 ____A C:\Users\Sami\Documents\RKreport[2].txt

2012-05-31 08:07 - 2012-05-31 09:41 - 0001387 ____A C:\Users\Sami\Documents\RKreport[3].txt

2012-05-31 07:50 - 2012-05-31 09:41 - 0001602 ____A C:\Users\Sami\Documents\RKreport[1].txt

2012-05-31 07:40 - 2012-05-31 07:40 - 1506304 ____A C:\Users\Sami\Downloads\RogueKiller.exe

2012-05-30 18:41 - 2012-05-30 18:41 - 0000000 ____D C:\Users\Sami\Downloads\Colin Cotterill; Jimm Juree 02; Grandad There's a Head on the Beach

2012-05-30 18:40 - 2012-05-30 18:40 - 0001180 ____A C:\Users\Sami\Downloads\Colin_Cotterill_Jimm_Juree_02_Grandad_There's_a_Head_on_the_Beach-[Demonoid.me]_6780791.3766.torrent

2012-05-30 12:56 - 2012-05-30 12:50 - 0245960 ____A C:\TDSSKiller.2.7.36.0_30.05.2012_13.50.44_log.txt

2012-05-30 12:50 - 2012-05-30 12:47 - 0124142 ____A C:\TDSSKiller.2.7.36.0_30.05.2012_13.47.33_log.txt

2012-05-30 12:47 - 2012-05-30 12:47 - 0000000 ____D C:\Users\Sami\Downloads\tdsskiller (2)

2012-05-30 12:47 - 2012-05-30 12:46 - 2108959 ____A C:\Users\Sami\Downloads\tdsskiller (2).zip

2012-05-30 12:46 - 2012-05-30 12:46 - 0000348 ____A C:\TDSSKiller.2.6.23.0_30.05.2012_13.46.52_log.txt

2012-05-30 11:47 - 2012-05-30 11:47 - 0021168 ____A C:\Users\Sami\Documents\DDSlog1.txt

2012-05-30 11:46 - 2012-05-30 11:46 - 0008481 ____A C:\Users\Sami\Documents\Attach.txt

2012-05-30 11:33 - 2012-05-30 11:33 - 0607260 ____R (Swearware) C:\Users\Sami\Downloads\dds.com

2012-05-30 11:14 - 2012-03-11 10:05 - 0000000 ____D C:\Users\Sami\Downloads\corrosion

2012-05-30 09:19 - 2012-05-30 09:19 - 0472064 ____A ( ) C:\Users\Sami\Downloads\RootRepeal.exe

2012-05-29 21:34 - 2012-05-29 21:34 - 0000048 ___RH C:\Users\Sami\Downloads\stinger.opt

2012-05-29 21:34 - 2012-05-29 10:18 - 0000000 ____D C:\Program Files (x86)\stinger

2012-05-29 18:44 - 2012-05-29 18:24 - 0000000 ____D C:\Users\Sami\Downloads\Vampire_Saga_3_Break_Out_Final

2012-05-29 18:40 - 2012-05-29 18:23 - 0000000 ____D C:\Users\Sami\Downloads\DarkDimensions2-WaxBeautyCE

2012-05-29 18:35 - 2012-05-29 18:35 - 0000000 ____D C:\Users\Sami\Downloads\Alexander the Great

2012-05-29 18:35 - 2012-05-29 18:23 - 0000000 ____D C:\Users\Sami\Downloads\FabledLegends-TheDarkPiperCE

2012-05-29 18:35 - 2012-05-29 18:21 - 0000000 ____D C:\Users\Sami\Downloads\FinalCut-DeathontheSilverScreenCE

2012-05-29 18:34 - 2012-05-29 18:34 - 0000000 ____D C:\Users\Sami\Downloads\Final Sail - Elaine Viets

2012-05-29 18:33 - 2012-05-29 18:33 - 0001025 ____A C:\Users\Sami\Downloads\Alexander_the_Great_Journey_to_the_End_of_the_Earth_epub_+-Demonoid.me-+_6780791.3766.torrent

2012-05-29 18:33 - 2012-05-29 18:33 - 0000000 ____D C:\Users\Sami\Downloads\Lora Roberts - Liz Sullivan Mysteries 1-6

2012-05-29 18:31 - 2012-05-29 18:31 - 0007792 ____A C:\Users\Sami\Downloads\[]Demonoid.me[]-Final_Sail_(Dead_End_Job_Series_11)_by_Elaine_Viets_6780791.3766.torrent

2012-05-29 18:31 - 2012-05-29 18:31 - 0006187 ____A C:\Users\Sami\Downloads\Lora_Roberts_Liz_Sullivan_Mysteries_1_6-[[Demonoid.me]]_6780791.3766.torrent

2012-05-29 18:31 - 2012-05-29 18:30 - 0000000 ____D C:\Users\Sami\Downloads\J.D. Robb

2012-05-29 18:29 - 2012-05-29 18:29 - 0018206 ____A C:\Users\Sami\Downloads\J_D_Robb_In_Death_Series_1_43_O-Demonoid.me-O_6780791.3766.torrent

2012-05-29 18:26 - 2012-05-29 18:26 - 0010981 ____A C:\Users\Sami\Downloads\[[Demonoid.me]]-Haunting_Mysteries_Island_Of_Lost_Souls_Collector's_Edition_6780791.3766.torrent

2012-05-29 18:23 - 2012-05-29 18:23 - 0012272 ____A C:\Users\Sami\Downloads\Vampire_Saga_3_Break_Out_x-Demonoid.me-x_6780791.3766.torrent

2012-05-29 18:22 - 2012-05-29 18:22 - 0014611 ____A C:\Users\Sami\Downloads\_=Demonoid.me=_-Dark_Dimensions_2_Wax_Beauty_Collector's_Edition_6780791.3766.torrent

2012-05-29 18:22 - 2012-05-29 18:22 - 0011385 ____A C:\Users\Sami\Downloads\(Demonoid.me)-Fabled_Legends_The_Dark_Piper_Collector's_Edition_6780791.3766.torrent

2012-05-29 18:20 - 2012-05-29 18:20 - 0016824 ____A C:\Users\Sami\Downloads\Final_Cut_Death_On_The_Silver_Screen_Collector's_Edition_O-Demonoid.me-O_6780791.3766.torrent

2012-05-29 18:12 - 2012-04-03 18:39 - 0000352 ____A C:\Windows\Tasks\At2.job

2012-05-29 10:21 - 2012-05-29 10:21 - 0302592 ____A C:\Users\Sami\Downloads\e6940ydo.exe

2012-05-29 10:19 - 2012-05-29 10:19 - 0016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2012-05-29 10:18 - 2012-05-29 10:18 - 9481320 ____A (McAfee Inc.) C:\Users\Sami\Downloads\stinger.exe

2012-05-29 10:16 - 2012-05-29 10:16 - 8656400 ____A (Trend Micro Inc.) C:\Users\Sami\Downloads\RootkitBuster_v5_1061 (1).exe

2012-05-29 10:16 - 2012-05-29 10:16 - 0000000 ____D C:\Users\Sami\Downloads\TMRBLog

2012-05-29 10:15 - 2012-05-29 10:15 - 8656400 ____A (Trend Micro Inc.) C:\Users\Sami\Downloads\RootkitBuster_v5_1061.exe

2012-05-28 20:15 - 2012-05-28 20:15 - 0007605 ____A C:\Users\Sami\AppData\Local\Resmon.ResmonCfg

2012-05-28 19:31 - 2012-05-28 19:31 - 0002660 ____A C:\Users\Public\Desktop\VELOCITY Secrets of the Dark Eclipse Mountain Collector's Edition.lnk

2012-05-28 19:31 - 2012-05-28 19:31 - 0002653 ____A C:\Users\Public\Desktop\Play Secrets of the Dark Eclipse Mountain Collector's Edition Tiger.lnk

2012-05-28 19:31 - 2012-05-28 19:31 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Orneon

2012-05-28 19:30 - 2012-05-23 20:03 - 0000000 ____D C:\Program Files (x86)\Tiger Games

2012-05-28 19:17 - 2011-12-05 19:38 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-05-28 18:56 - 2012-05-28 18:55 - 0124142 ____A C:\TDSSKiller.2.7.38.0_28.05.2012_19.55.50_log.txt

2012-05-28 18:55 - 2012-05-28 18:55 - 0000000 ____D C:\Users\Sami\Downloads\tdsskiller (1)

2012-05-28 18:55 - 2012-05-28 18:54 - 2108825 ____A C:\Users\Sami\Downloads\tdsskiller (1).zip

2012-05-28 18:54 - 2012-05-28 18:54 - 0000348 ____A C:\TDSSKiller.2.6.23.0_28.05.2012_19.54.50_log.txt

2012-05-28 14:15 - 2011-10-31 17:38 - 0000000 ____D C:\Users\Sami\AppData\Local\Google

2012-05-28 13:44 - 2012-05-26 11:33 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Octoshape

2012-05-28 13:38 - 2012-05-28 13:38 - 0000000 ____D C:\Windows\System32\SPReview

2012-05-28 05:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR

2012-05-27 21:34 - 2012-05-27 21:34 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-05-27 21:31 - 2012-05-19 18:06 - 0000000 ____D C:\Users\Sami\Downloads\HauntingMysteries-TheIslandofLostSoulsCE

2012-05-27 21:27 - 2012-05-27 21:27 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Dark Dimensions - Wax Beauty Strategy Guide

2012-05-27 21:22 - 2012-05-27 21:22 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Eipix

2012-05-27 21:22 - 2012-05-27 21:22 - 0000000 ____A C:\Users\Sami\AppData\Roaming\BrgNm.txt

2012-05-27 20:15 - 2012-05-27 19:18 - 0000000 ____D C:\Users\Sami\Downloads\HOG Ultimate Collection

2012-05-27 19:19 - 2011-12-16 19:57 - 0000000 ____D C:\Users\Sami\Calibre Library

2012-05-27 19:17 - 2012-05-27 19:17 - 0544791 ____A C:\Users\Sami\Downloads\o-Demonoid.me-o_H_O_G_Ultimate_Collection_Pack_1_6780791.3766.torrent

2012-05-27 18:38 - 2012-04-04 19:38 - 0000000 ____D C:\Users\Sami\Downloads\reflexive games

2012-05-27 18:31 - 2012-05-19 18:07 - 0000000 ____D C:\Users\Sami\Downloads\The Journey Down Chapter 1-2012-EN-HI2U

2012-05-27 18:28 - 2012-05-27 18:12 - 0000000 ____D C:\Users\Sami\Downloads\Ultimate Zombie Book Collection

2012-05-27 18:18 - 2012-05-27 18:18 - 0000000 ____D C:\Users\Sami\Downloads\TeslasTower-TheWardenclyffeMystery

2012-05-27 18:18 - 2012-05-27 18:16 - 0000000 ____D C:\Users\Sami\Downloads\Kingdom.Chronicles.Collectors.Edition.v1.0.0.4-TE

2012-05-27 17:01 - 2011-12-04 20:00 - 0000350 ____A C:\Windows\Tasks\At1.job

2012-05-26 11:33 - 2012-05-26 11:33 - 0867688 ____A (Octoshape ApS) C:\Users\Sami\Downloads\OctoSetup.exe

2012-05-26 11:33 - 2012-05-26 11:33 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Mozilla

2012-05-24 18:37 - 2012-05-24 18:37 - 0000000 ____D C:\Users\Sami\Downloads\Robert Van Gulik

2012-05-24 09:48 - 2012-05-24 09:48 - 0000000 ____D C:\Users\Sami\Downloads\Odyssey The Search for Ulysses

2012-05-23 20:08 - 2012-05-23 20:08 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Friday's games

2012-05-22 17:12 - 2012-05-22 17:12 - 0000000 ____D C:\Windows\SysWOW64\2080

2012-05-22 17:12 - 2012-05-15 17:12 - 0000000 ____D C:\Windows\SysWOW64\1080

2012-05-22 15:43 - 2012-05-22 15:19 - 0000000 ____D C:\Users\Sami\Downloads\Full Metal Panic! Ultimate Collection (Dual-Audio)

2012-05-21 19:47 - 2012-05-21 19:47 - 0000000 ____D C:\Users\Sami\AppData\Roaming\SkyGoblin

2012-05-21 19:43 - 2012-05-21 19:43 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2012-05-21 19:43 - 2012-05-21 19:43 - 0000000 ____D C:\Program Files (x86)\OpenAL

2012-05-21 19:27 - 2010-07-10 19:14 - 0092252 ____A C:\Windows\DirectX.log

2012-05-21 19:26 - 2012-05-21 19:26 - 0000000 ____D C:\Program Files (x86)\directx

2012-05-21 19:22 - 2012-05-21 19:22 - 0000000 ____D C:\Users\Sami\Downloads\Bob Leman - The Tehama and others

2012-05-21 18:11 - 2012-01-22 18:31 - 0000328 ____A C:\Windows\Tasks\HPCeeScheduleForSami.job

2012-05-21 10:05 - 2011-11-12 19:35 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Skype

2012-05-20 19:56 - 2012-05-14 21:14 - 0000000 ____D C:\Program Files (x86)\Runes of Magic

2012-05-17 17:28 - 2012-05-17 17:26 - 0000000 ____D C:\Users\Sami\Downloads\torchlight

2012-05-17 17:24 - 2012-05-17 17:24 - 0000000 ____D C:\Users\Sami\Downloads\The Complete Stories of Truman Capote

2012-05-17 17:23 - 2012-05-17 17:23 - 0000000 ____D C:\Users\Sami\Downloads\Aliette de Bodard - [Obsidian and Blood 01-03] - Obsidian & Blood

2012-05-16 20:44 - 2012-05-16 20:15 - 0000000 ____D C:\Users\Sami\Downloads\Italian

2012-05-16 20:15 - 2012-05-16 20:14 - 0000000 ____D C:\Users\Sami\Downloads\Pimsleur Swedish Comprehensive

2012-05-15 18:57 - 2012-05-15 18:56 - 0000000 ____D C:\Users\Sami\Downloads\Bauer, Belinda

2012-05-15 18:42 - 2012-05-15 18:42 - 0000000 ___HD C:\Users\Sami\Documents\Runes of Magic

2012-05-15 17:12 - 2012-05-08 17:12 - 0000000 ____D C:\Windows\SysWOW64\3013

2012-05-14 21:38 - 2012-05-14 21:37 - 0000000 ____D C:\Program Files (x86)\Overwolf

2012-05-14 19:53 - 2012-05-14 19:11 - 0000000 ____D C:\Users\Sami\Downloads\Runes_of_Magic_4_0_8_2506_full_us

2012-05-14 19:11 - 2012-05-14 19:11 - 1089192 ____A C:\Users\Sami\Downloads\Runes_of_Magic_4_0_8_2506_full_us.exe

2012-05-14 19:11 - 2012-05-14 19:11 - 0000000 ____D C:\Users\Sami\AppData\Roaming\FOG Downloader

2012-05-14 19:11 - 2011-10-31 17:10 - 0000000 ____D C:\users\Sami

2012-05-12 19:17 - 2012-05-12 19:17 - 0000000 ____D C:\Users\Sami\Downloads\Twisted Lands Insomniac + Strategy Guide - Tiger Games

2012-05-12 07:26 - 2009-07-13 20:45 - 0286208 ____A C:\Windows\System32\FNTCACHE.DAT

2012-05-11 22:43 - 2011-11-08 08:50 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-05-11 22:29 - 2010-07-10 21:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-05-10 15:11 - 2011-11-23 23:41 - 0000000 ____D C:\Users\Sami\AppData\Roaming\CE74B

2012-05-09 18:47 - 2012-05-09 18:47 - 0768848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2012-05-09 18:47 - 2012-05-09 18:47 - 0421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2012-05-08 17:12 - 2012-05-01 17:12 - 0000000 ____D C:\Windows\SysWOW64\2046

2012-05-08 12:51 - 2012-05-08 11:27 - 0000000 ____D C:\Users\Sami\Downloads\Books on Ancient Greece

2012-05-08 12:05 - 2012-05-08 11:33 - 0000000 ____D C:\Users\Sami\Downloads\Côte d’Azur ePubs, 2012-May-03

2012-05-08 11:27 - 2012-05-08 11:26 - 0000000 ____D C:\Users\Sami\Downloads\Know-it-All, Drop Dead Healthy - A. J. Jacobs

2012-05-08 09:31 - 2012-05-08 09:29 - 0000000 ____D C:\Users\Sami\Downloads\YRG

2012-05-07 19:17 - 2012-05-07 19:17 - 0000000 ____D C:\Users\Sami\Downloads\Whisky Galore (1947) - Compton MacKenzie

2012-05-06 17:36 - 2012-05-06 17:33 - 0000000 ____D C:\Users\Sami\Downloads\Reginald Hill

2012-05-06 17:35 - 2012-05-06 17:35 - 0000000 ____D C:\Users\Sami\Downloads\Beekeeping for Beginners (Mary Russell 10.5 SS) - Laurie R. King

2012-05-06 17:32 - 2012-05-06 17:31 - 0000000 ____D C:\Users\Sami\Downloads\Jeff Shelby

2012-05-06 17:31 - 2012-05-06 17:31 - 0000000 ____D C:\Users\Sami\Downloads\Barnaby_ Ross_(aka_Ellery_Queen)

2012-05-05 20:18 - 2012-05-05 20:18 - 0000000 ____D C:\Users\Sami\AppData\Roaming\LegacyGames

2012-05-05 20:14 - 2012-05-05 20:14 - 0000000 ____D C:\Users\Sami\Downloads\UpdLgndsfAtlntsExdsAB

2012-05-05 07:49 - 2012-05-05 07:49 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Black Sea Studios

2012-05-05 06:21 - 2012-05-05 06:21 - 0000221 ____A C:\Users\Sami\Desktop\Blood Bowl Legendary Edition.url

2012-05-05 06:20 - 2012-05-05 06:20 - 0000220 ____A C:\Users\Sami\Desktop\Sid Meier's Pirates!.url

2012-05-05 06:18 - 2012-05-05 06:18 - 0000221 ____A C:\Users\Sami\Desktop\Knights of Honor.url

2012-05-05 06:10 - 2012-05-05 06:10 - 0000917 ____A C:\Users\Public\Desktop\Steam.lnk

2012-05-05 06:09 - 2012-05-05 06:09 - 1606656 ____A C:\Users\Sami\Downloads\SteamInstall.msi

2012-05-04 19:37 - 2012-05-04 19:37 - 0000120 ____A C:\Users\Sami\Documents\pwords.txt

2012-05-04 19:29 - 2011-11-22 21:29 - 0000000 ____D C:\games

2012-05-02 19:29 - 2012-02-26 21:44 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Artogon

2012-05-02 18:57 - 2012-05-02 18:57 - 0000000 ____D C:\Users\Sami\Downloads\Babson, Marian - 4 Books

2012-05-02 18:49 - 2012-05-02 18:49 - 0000000 ____D C:\Users\Sami\Downloads\Aberration - Bard Constantine

2012-05-01 17:12 - 2012-04-24 17:12 - 0000000 ____D C:\Windows\SysWOW64\2079

2012-04-30 22:15 - 2012-04-30 22:15 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client

2012-04-30 22:15 - 2011-10-31 17:35 - 0001945 ____A C:\Windows\epplauncher.mif

2012-04-30 22:15 - 2011-10-31 17:34 - 0796852 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-04-30 22:15 - 2011-10-31 17:34 - 0000000 ____D C:\Program Files\Microsoft Security Client

2012-04-28 19:48 - 2012-04-28 19:48 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Jumb-O-Fun Games

2012-04-27 19:42 - 2012-04-27 19:41 - 0000000 ____D C:\Users\Sami\Downloads\Johan Theorin Swedish Author

2012-04-26 14:42 - 2012-04-26 14:42 - 0002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-04-25 11:45 - 2012-02-12 22:48 - 0000000 ____D C:\Users\Sami\Downloads\Time Management MNOP

2012-04-25 11:44 - 2012-02-12 22:53 - 0000000 ____D C:\Users\Sami\Downloads\Time Management HIJKL

2012-04-25 11:44 - 2012-01-21 22:24 - 0000000 ____D C:\Users\Sami\Downloads\Time Management Games

2012-04-24 17:12 - 2012-04-17 17:12 - 0000000 ____D C:\Windows\SysWOW64\1011

2012-04-23 19:13 - 2011-11-18 21:04 - 0000000 ____D C:\Users\Sami\AppData\Roaming\ERS Game Studios

2012-04-23 18:58 - 2011-12-09 00:08 - 0000000 ____D C:\Program Files (x86)\Games

2012-04-22 18:40 - 2012-04-22 18:40 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Silverback Productions

2012-04-21 17:37 - 2011-11-24 12:03 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Artifex Mundi

2012-04-20 18:41 - 2012-04-20 18:41 - 0000000 ____D C:\Users\Sami\AppData\Roaming\GameMill Entertainment

2012-04-18 20:47 - 2012-04-18 19:24 - 253804582 ____A C:\Users\Sami\Downloads\ScrtsofthTtnc19122012AB.zip

2012-04-18 11:21 - 2012-04-18 11:21 - 1391000 ____A C:\Users\Sami\Downloads\The Beach House.PDF

2012-04-17 21:59 - 2012-04-17 21:59 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Freeze Tag

2012-04-17 19:05 - 2011-11-01 19:00 - 0000000 ____D C:\Program Files (x86)\Foxy Games

2012-04-17 17:12 - 2012-04-10 17:20 - 0000000 ____D C:\Windows\SysWOW64\3089

2012-04-17 07:22 - 2012-04-17 07:22 - 0001879 ____A C:\Users\Sami\Downloads\Property.htmL

2012-04-14 20:03 - 2012-04-14 20:03 - 0007362 ____A C:\Windows\The City of Fools Uninstall Log.txt

2012-04-14 19:08 - 2012-04-14 19:08 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Meridian93

2012-04-12 21:26 - 2012-04-12 21:22 - 0000000 ____D C:\Users\Sami\AppData\Local\Murder on the Titanic

2012-04-12 16:43 - 2011-10-31 17:38 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-11 20:03 - 2012-02-20 09:13 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-04-10 20:09 - 2012-04-10 20:09 - 0000000 ____D C:\Users\Sami\AppData\Roaming\My Games

2012-04-10 19:01 - 2012-04-10 18:37 - 0000000 ____D C:\Users\Sami\Downloads\The Whispered World [GOG]

2012-04-10 17:20 - 2012-04-03 18:39 - 0000000 ____D C:\Windows\SysWOW64\1054

2012-04-08 20:16 - 2012-04-08 20:16 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Pogo

2012-04-08 19:33 - 2012-04-08 19:31 - 0000000 ____D C:\Users\Sami\Downloads\Check out my CamWow photo!

2012-04-08 19:30 - 2012-04-08 19:30 - 0189072 ____A C:\Users\Sami\Downloads\Check out my CamWow photo!.zip

2012-04-08 19:29 - 2012-04-08 19:29 - 0188841 ____A C:\Users\Sami\Downloads\image.png

2012-04-08 13:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF

2012-04-07 20:13 - 2010-07-10 19:10 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2012-04-06 21:38 - 2011-12-16 22:35 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Alawar

2012-04-05 21:28 - 2012-04-05 21:28 - 1308515 ____A C:\Users\Sami\Downloads\Nampara Close.pdf

2012-04-04 19:44 - 2012-04-04 19:44 - 0000000 ____D C:\Users\Sami\Downloads\Vue xStream R10

2012-04-04 19:11 - 2012-04-04 19:11 - 0000000 ____D C:\Program Files (x86)\Avanquest Software Publishing Ltd

2012-04-04 14:56 - 2011-10-31 17:38 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-04-03 20:19 - 2012-04-03 20:19 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Absolutist

2012-04-03 20:18 - 2012-04-03 20:16 - 0016943 ____A C:\Windows\The City of Fools Setup Log.txt

2012-04-03 20:16 - 2012-04-03 20:16 - 0000000 ____D C:\Windows\The City of Fools

2012-04-03 19:42 - 2012-04-03 19:42 - 0000000 ____D C:\Users\Sami\Downloads\48_the_city_of_fools_b6734

2012-04-03 18:39 - 2012-04-03 18:39 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Fool City

2012-04-03 13:09 - 2012-04-03 13:08 - 0000000 ____D C:\Users\Sami\Downloads\Scandinavia

2012-04-03 13:08 - 2012-04-03 13:07 - 0000000 ____D C:\Users\Sami\Downloads\Jo Nesbo

2012-04-01 21:34 - 2012-05-11 15:45 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-04-01 20:46 - 2012-05-11 15:45 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-04-01 20:46 - 2012-05-11 15:45 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-04-01 19:01 - 2012-05-11 15:45 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-03-31 22:32 - 2011-12-07 20:17 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Big Fish Games

2012-03-31 22:30 - 2012-03-31 22:30 - 0001150 ____A C:\Users\Sami\Desktop\Life Quest 2 - Metropoville.lnk

2012-03-31 22:30 - 2012-03-31 22:30 - 0000000 ____D C:\Program Files (x86)\Life Quest 2 - Metropoville

2012-03-31 22:28 - 2012-03-31 22:28 - 0000000 ____D C:\Users\Sami\Downloads\LfQuestTwoAB

2012-03-30 03:09 - 2012-05-11 15:45 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-03-28 18:53 - 2012-03-28 18:53 - 0002364 ____A C:\Users\Public\Desktop\Simon the Sorcerer.lnk

2012-03-28 18:53 - 2012-03-14 19:32 - 0000000 ____D C:\Program Files (x86)\GOG.com

2012-03-27 09:47 - 2012-03-27 09:47 - 0000000 ____D C:\Users\Sami\AppData\Local\3DVIA

2012-03-27 09:46 - 2012-03-27 09:46 - 0000000 ____D C:\Program Files (x86)\Virtools

2012-03-24 20:18 - 2012-03-24 20:18 - 0000000 ____D C:\Users\Sami\AppData\Roaming\AlawarEntertainment

2012-03-24 15:35 - 2012-03-24 11:48 - 0000000 ____D C:\Desktop Dungeons v2.0

2012-03-24 15:32 - 2012-03-24 15:32 - 0191119 ____A C:\Users\Sami\Downloads\deskdun-derek.zip

2012-03-23 08:41 - 2012-03-23 08:41 - 0000000 ____D C:\Users\Sami\Downloads\Desktop Dungeons

2012-03-22 11:14 - 2012-03-22 11:14 - 0000000 ____D C:\Users\Sami\AppData\Local\DDMSettings

2012-03-20 19:44 - 2011-04-27 14:25 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

2012-03-20 19:44 - 2011-04-18 12:18 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys

2012-03-19 15:06 - 2012-03-19 15:06 - 0010556 ____A C:\Users\Sami\Downloads\dp79844950.jpg

2012-03-19 15:01 - 2012-03-19 15:01 - 0009914 ____A C:\Users\Sami\Downloads\dp89844950.jpg

2012-03-17 21:25 - 2012-03-17 21:25 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Floodlight Games

2012-03-16 23:55 - 2012-05-11 15:45 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-03-14 19:35 - 2012-03-14 19:35 - 0002323 ____A C:\Users\Public\Desktop\Betrayal at Krondor.lnk

2012-03-14 19:35 - 2012-03-14 19:35 - 0002302 ____A C:\Users\Public\Desktop\Betrayal in Antara.lnk

2012-03-14 19:32 - 2012-03-14 19:32 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Sierra

2012-03-12 20:22 - 2012-03-12 20:22 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Colibri Games

2012-03-11 21:10 - 2011-12-11 20:28 - 0000000 ____D C:\Users\Sami\AppData\Roaming\DivX

2012-03-11 09:54 - 2012-03-11 09:54 - 0000000 ____D C:\Users\Sami\Downloads\Delicious Italian Dishes - Collection of 185 Italian recipes

2012-03-11 09:53 - 2012-03-11 09:53 - 0000000 ____D C:\Users\Sami\Downloads\Psycho by Robert Bloch

2012-03-11 09:53 - 2012-03-11 09:52 - 0000000 ____D C:\Users\Sami\Downloads\Cook The Perfect ... Marcus Wareing

2012-03-11 09:42 - 2012-03-11 09:42 - 0000000 ____D C:\Users\Sami\Downloads\Against the Grain 150 Good Carb Mediterranean Recipes

2012-03-09 18:28 - 2012-03-09 18:28 - 0377152 ____A (Dassault Systèmes) C:\Users\Sami\Downloads\3DVIA_player_installer.exe

2012-03-07 21:11 - 2012-03-07 21:11 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Big Finish

2012-03-06 21:39 - 2012-03-06 21:40 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-03-06 21:39 - 2012-03-06 21:40 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-03-06 21:39 - 2012-03-06 21:40 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-03-06 21:39 - 2012-03-06 21:39 - 0000000 ____D C:\Program Files (x86)\Java

2012-03-06 21:39 - 2010-07-10 21:29 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-03-06 21:36 - 2012-03-06 21:36 - 0910112 ____A (Sun Microsystems, Inc.) C:\Users\Sami\Downloads\chromeinstall-6u31.exe

2012-03-06 21:33 - 2012-03-06 21:33 - 0000000 ____D C:\Users\Sami\Downloads\The Myths and Legends of Ancient Greece and Rome

2012-03-05 20:38 - 2011-11-19 22:47 - 0000000 ____D C:\Users\Sami\AppData\Roaming\Elephant Games

2012-03-05 20:21 - 2011-11-08 08:44 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-03-05 20:20 - 2012-03-05 20:20 - 0000000 ____A C:\Users\Sami\AppData\Roaming\cYPzT.txt

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 22%

Total physical RAM: 2810.9 MB

Available physical RAM: 2182.66 MB

Total Pagefile: 2809.05 MB

Available Pagefile: 2167.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:280.45 GB) (Free:47.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: () (Removable) (Total:1.84 GB) (Free:1.22 GB) FAT

3 Drive f: (RECOVERY) (Fixed) (Total:17.35 GB) (Free:2.51 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 1888 MB 0 B

Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 280 GB 200 MB

Partition 3 Primary 17 GB 280 GB

Partition 4 Primary 103 MB 297 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 280 GB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F RECOVERY NTFS Partition 17 GB Healthy

======================================================================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1887 MB 67 KB

======================================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 D FAT Removable 1887 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-19 05:02

======================= End Of Log ==========================

Link to post
Share on other sites

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{46aea556-3b27-4fe4-c5d6-735ab4da8640}
C:\Users\Sami\AppData\{46aea556-3b27-4fe4-c5d6-735ab4da8640}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 02-06-2012

Ran by SYSTEM at 2012-06-02 17:53:26 Run:1

Running from D:\

==============================================

C:\Windows\Installer\{46aea556-3b27-4fe4-c5d6-735ab4da8640} moved successfully.

C:\Users\Sami\AppData\{46aea556-3b27-4fe4-c5d6-735ab4da8640} not found.

==== End of Fixlog ====

Sorry this took so long. 4 yr old hid the flash drive. It looks like a Sim plumbob, so he likes it. Um...yep.

Link to post
Share on other sites

ComboFix 12-06-03.05 - Sami 06/03/2012 19:39:20.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1689 [GMT -7:00]

Running from: c:\users\Sami\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\log.txt

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\PFRO.log

c:\windows\SysWow64\esentuutl.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

.

2012-06-04 02:50 . 2012-06-04 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-02 04:36 . 2012-06-02 04:36 -------- d-----w- c:\users\Sami\AppData\Roaming\World-LooM

2012-06-02 04:11 . 2012-06-02 04:12 -------- d-----w- C:\FRST

2012-06-01 17:09 . 2012-06-01 17:12 -------- d-----w- c:\users\Sami\AppData\Roaming\ImgBurn

2012-06-01 17:02 . 2012-06-01 17:02 -------- d-----w- c:\program files (x86)\ImgBurn

2012-06-01 16:52 . 2012-06-01 16:52 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com

2012-06-01 10:20 . 2012-06-01 10:22 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-06-01 04:20 . 2012-06-01 04:20 -------- d-----w- c:\program files (x86)\Kingdom Chronicles - Collector's Edition

2012-05-29 18:19 . 2012-05-29 18:19 16200 ----a-w- c:\windows\stinger.sys

2012-05-29 18:18 . 2012-05-30 05:34 -------- d-----w- c:\program files (x86)\stinger

2012-05-29 03:31 . 2012-05-29 03:31 -------- d-----w- c:\users\Sami\AppData\Roaming\Orneon

2012-05-28 21:38 . 2012-05-28 21:38 -------- d-----w- c:\windows\system32\SPReview

2012-05-28 05:34 . 2012-05-28 05:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-28 05:27 . 2012-05-28 05:27 -------- d-----w- c:\users\Sami\AppData\Roaming\Dark Dimensions - Wax Beauty Strategy Guide

2012-05-28 05:22 . 2012-05-28 05:22 -------- d-----w- c:\users\Sami\AppData\Roaming\Eipix

2012-05-27 23:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA148176-3F26-4739-9F0D-BD3B9430579F}\mpengine.dll

2012-05-26 19:33 . 2012-05-28 21:44 -------- d-----w- c:\users\Sami\AppData\Roaming\Octoshape

2012-05-26 18:09 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-24 04:08 . 2012-05-24 04:08 -------- d-----w- c:\users\Sami\AppData\Roaming\Friday's games

2012-05-24 04:03 . 2012-05-29 03:30 -------- d-----w- c:\program files (x86)\Tiger Games

2012-05-23 01:12 . 2012-05-23 01:12 -------- d-----w- c:\windows\SysWow64\2080

2012-05-22 03:47 . 2012-05-22 03:47 -------- d-----w- c:\users\Sami\AppData\Roaming\SkyGoblin

2012-05-22 03:43 . 2012-05-22 03:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-05-22 03:43 . 2012-05-22 03:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-05-22 03:43 . 2012-05-22 03:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-05-22 03:43 . 2012-05-22 03:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-05-22 03:43 . 2012-05-22 03:43 -------- d-----w- c:\program files (x86)\OpenAL

2012-05-22 03:41 . 2012-05-22 03:41 -------- d-----w- c:\programdata\JustAdventure

2012-05-22 03:26 . 2012-05-22 03:26 -------- d-----w- c:\program files (x86)\directx

2012-05-16 01:12 . 2012-05-23 01:12 -------- d-----w- c:\windows\SysWow64\1080

2012-05-15 05:37 . 2012-05-15 05:37 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-05-15 05:37 . 2012-05-15 05:38 -------- d-----w- c:\program files (x86)\Common Files\Overwolf

2012-05-15 05:37 . 2012-05-15 05:38 -------- d-----w- c:\program files (x86)\Overwolf

2012-05-15 05:36 . 2012-06-03 20:25 -------- d-----w- c:\users\Sami\AppData\Local\Overwolf

2012-05-15 03:11 . 2012-05-15 03:11 -------- d-----w- c:\users\Sami\AppData\Roaming\FOG Downloader

2012-05-11 23:46 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 23:46 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-11 23:46 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-11 23:46 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-11 23:46 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-05-11 23:46 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-05-11 23:46 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-11 23:46 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-05-11 23:46 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-05-11 23:46 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-05-11 23:45 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 23:45 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 23:45 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 23:45 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-11 23:45 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-11 23:45 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 23:45 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 23:45 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:47 . 2012-05-10 02:47 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-05-10 02:47 . 2012-05-10 02:47 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-05-09 01:12 . 2012-05-16 01:12 -------- d-----w- c:\windows\SysWow64\3013

2012-05-06 04:18 . 2012-05-06 04:18 -------- d-----w- c:\users\Sami\AppData\Roaming\LegacyGames

2012-05-05 15:49 . 2012-05-05 15:49 -------- d-----w- c:\users\Sami\AppData\Roaming\Black Sea Studios

2012-05-05 14:10 . 2012-05-20 15:39 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-05-05 14:10 . 2012-06-04 02:54 -------- d-----w- c:\program files (x86)\Steam

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 22:56 . 2011-11-01 01:38 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-07 05:39 . 2010-07-11 05:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-06 04:21 . 2011-11-08 16:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-05 1242448]

"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2012-05-10 42424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-05-10 18360]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 03:40]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 03:40]

.

2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816964637-4104116600-144631762-1001Core.job

- c:\users\Sami\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 22:15]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816964637-4104116600-144631762-1001UA.job

- c:\users\Sami\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 22:15]

.

2012-05-22 c:\windows\Tasks\HPCeeScheduleForSami.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?ilc=17

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

LSP: mswsock.dll

TCP: DhcpNameServer = 10.0.0.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll

SafeBoot-MsMpSvc

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

c:\program files (x86)\Common Files\Overwolf\OverwolfHelper.exe

.

**************************************************************************

.

Completion time: 2012-06-03 20:03:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-04 03:03

.

Pre-Run: 69,973,307,392 bytes free

Post-Run: 69,991,227,392 bytes free

.

- - End Of File - - 9CAD3F4F253DDCBAFF1D2905385CC57B

Yay!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.