This topic is locked
I downloaded a file executed it and infected a PC.
I have now tried a few things to see if I can find how to remove it. No luck MAlwarebytes detected it and was going to clean up, however it was unsuccessful.
I ran OTL according to this post at Trend micro, however was unsure of proceeding beyond RogueKiller so stopped before executing that.
I Then ran OTM accoording to the Google redirct page and got to TDSkiller and it was unable to clean the services file infected
So I am posting the OTL logs from that original scan along with the TDS killer log. As I am not familiar with the syntax of Combofix I need to ask for help
OTL.Txt
OTL logfile created on: 1/5/2013 11:12:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.96 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 47.60% Memory free
7.92 Gb Paging File | 5.63 Gb Available in Paging File | 71.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 536.45 Gb Free Space | 57.60% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 72.87 Gb Free Space | 31.29% Space Free | Partition Type: NTFS
Drive E: | 63.47 Gb Total Space | 8.71 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive F: | 274.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 279.46 Gb Total Space | 85.35 Gb Free Space | 30.54% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 153.09 Gb Free Space | 51.36% Space Free | Partition Type: NTFS
Drive I: | 14.92 Gb Total Space | 14.74 Gb Free Space | 98.79% Space Free | Partition Type: FAT32
Computer Name: TURAGITTECH-PC | User Name: Deeturagit | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/05 23:10:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2012/12/26 22:50:24 | 006,859,264 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2012/12/17 07:33:08 | 001,654,784 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2012/12/05 11:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/09 15:10:52 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/26 08:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2012/12/05 11:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/05 11:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/05 11:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/05 11:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/05 11:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2011/09/22 06:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/19 07:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/21 13:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/21 13:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/08/30 21:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 23:09:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 15:10:52 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/23 08:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/08/31 05:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/30 21:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/08/30 21:05:06 | 000,045,488 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2012/08/24 00:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/04 01:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/14 11:57:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 06:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/01/09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/01/09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/01/09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/09/29 19:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/09/16 17:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT)
DRV:64bit: - [2011/06/15 23:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2011/06/15 23:11:20 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 13:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 13:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/24 22:59:04 | 000,045,624 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp50.sys -- (PcaSp50)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 68 FF CC B0 A7 CD 01 [binary data]
IE - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/10/12 19:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/10/12 19:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/14 08:46:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/12 23:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/12 23:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/12/02 14:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/14 08:46:23 | 000,000,000 | ---D | M]
[2012/10/12 05:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deeturagit\AppData\Roaming\Mozilla\Extensions
[2013/01/03 20:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deeturagit\AppData\Roaming\Mozilla\Firefox\Profiles\veyfvcbw.default\extensions
[2013/01/03 20:51:59 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Deeturagit\AppData\Roaming\Mozilla\Firefox\Profiles\veyfvcbw.default\extensions\[email protected]
[2012/10/12 19:39:37 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Deeturagit\AppData\Roaming\Mozilla\Firefox\Profiles\veyfvcbw.default\extensions\[email protected]
[2012/12/12 23:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/12 23:09:02 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/10/11 11:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 11:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.bigpond.com.au/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bigpond.com.au/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Tumblr Notifier = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipcoofachkljjkjhmfbcnmdkhnnffp\1.0_0\
CHR - Extension: Google Translate = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: TooManyTabs for Chrome = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.5_0\
CHR - Extension: Google Drive = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Ecquire = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhkmpdhinjbdjgenhpkcnnbeaajcnkf\2.3.2.5_0\
CHR - Extension: YouTube = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Google Search = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\
CHR - Extension: Contactually = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikpagkhomokimcjcemgbjpelimlhpej\1.1.0_0\
CHR - Extension: Related Content by Zemanta = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge\2.2.1_0\
CHR - Extension: Rapportive = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: Xero Accounting Software = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikembjdgdkgobgiejjfpmhoeebmabnkm\0.0.0.1_0\
CHR - Extension: Bayonetta = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodndeanggehkmjpcojknjghdninnhfm\3_0\
CHR - Extension: Shoeboxed = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfijibebmmflodkeohjdphfbjlegnepj\1.2_0\
CHR - Extension: Lego Builder = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh\0.0.0.4_0\
CHR - Extension: Gmail = C:\Users\Deeturagit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HipServ Agent] C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\HipServAgent\HipServAgent.exe (Axentra Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3016723310-243591590-2261539899-1000..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Deeturagit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Deeturagit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Deeturagit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3016723310-243591590-2261539899-1000\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EADE066-CDEE-4E87-9518-8EFB0AA15B84}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 23:19:50 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 13:48:16 | 000,000,040 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2013/01/04 23:42:22 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Roaming\Notepad++
[2013/01/04 23:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/04 23:12:12 | 000,000,000 | ---D | C] -- C:\bda1679ec4aca0e79ed425121698
[2013/01/03 22:37:18 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/01/03 21:12:55 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Roaming\Malwarebytes
[2013/01/03 20:22:43 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Local\Macromedia
[2013/01/03 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Roaming\Box Desktop
[2013/01/03 20:21:07 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Roaming\Box Sync
[2013/01/03 20:21:04 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Roaming\ICAClient
[2013/01/03 20:21:02 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Roaming\Apple Computer
[2013/01/03 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Local\Citrix
[2013/01/03 20:20:51 | 000,000,000 | ---D | C] -- C:\Users\Deeturagit\AppData\Local\Box Sync
[2013/01/03 06:50:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/01/02 23:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/01/02 20:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigil
[2013/01/01 22:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/01 22:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/01 22:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/01 22:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/01 22:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/01/01 22:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/01 22:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/01/01 22:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/01 22:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/01 22:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/01/01 22:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/01/01 22:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/12/31 12:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2012/12/31 12:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2012/12/31 12:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2012/12/28 18:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/12/28 18:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/12/24 16:21:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/12/23 23:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Agilix
[2012/12/23 23:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Agilix
[2012/12/23 23:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/12/23 23:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/12/23 15:50:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/21 23:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
[2012/12/20 19:58:25 | 000,000,000 | ---D | C] -- C:\MobaXterm
[2012/12/18 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artisteer 4 (2)
[2012/12/16 23:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/12/16 23:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/12/15 23:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/12/15 23:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/12/15 00:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PROJECT in a box Planner
[2012/12/15 00:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\PROJECT in a box Planner
[2012/12/15 00:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PROJECT in a box Community Edition 2
[2012/12/15 00:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\PROJECT in a box Community Edition 2
[2012/12/15 00:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Box Sync
[2012/12/15 00:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sparx Systems
[2012/12/15 00:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enterprise Architect 10
[2012/12/15 00:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 23:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/12 06:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweet Adder 3
[2012/12/08 21:25:46 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
========== Files - Modified Within 30 Days ==========
[2013/01/05 23:09:28 | 000,739,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/05 23:09:28 | 000,636,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/05 23:09:28 | 000,114,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/05 22:59:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/05 22:59:45 | 3189,366,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/05 09:18:04 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 09:09:42 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/05 09:09:42 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/05 09:07:53 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/04 23:57:05 | 000,836,095 | ---- | M] () -- C:\Users\Deeturagit\AppData\Local\census.cache
[2013/01/04 23:56:37 | 000,118,210 | ---- | M] () -- C:\Users\Deeturagit\AppData\Local\ars.cache
[2013/01/04 23:37:34 | 000,000,036 | ---- | M] () -- C:\Users\Deeturagit\AppData\Local\housecall.guid.cache
[2013/01/03 20:28:59 | 000,001,060 | ---- | M] () -- C:\Users\Deeturagit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/03 20:22:08 | 000,001,067 | ---- | M] () -- C:\Users\Deeturagit\Desktop\Free Download Manager.lnk
[2013/01/01 22:54:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/01 12:39:21 | 376,429,876 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/24 17:03:43 | 000,220,615 | ---- | M] () -- C:\Windows\hpoins35.dat
[2012/12/23 23:27:01 | 000,747,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/22 03:19:27 | 002,129,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/21 23:37:06 | 000,001,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
[2012/12/15 00:55:19 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\PROJECT in a box Planner.lnk
[2012/12/15 00:55:16 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\PROJECT in a Box Community Edition 2.lnk
[2012/12/15 00:06:03 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Enterprise Architect.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/12 06:50:17 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\TweetAdder3.lnk
[2012/12/08 21:28:29 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/12/08 21:28:29 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
========== Files Created - No Company Name ==========
[2013/01/04 23:57:05 | 000,836,095 | ---- | C] () -- C:\Users\Deeturagit\AppData\Local\census.cache
[2013/01/04 23:56:37 | 000,118,210 | ---- | C] () -- C:\Users\Deeturagit\AppData\Local\ars.cache
[2013/01/04 23:37:34 | 000,000,036 | ---- | C] () -- C:\Users\Deeturagit\AppData\Local\housecall.guid.cache
[2013/01/03 20:22:08 | 000,001,067 | ---- | C] () -- C:\Users\Deeturagit\Desktop\Free Download Manager.lnk
[2013/01/01 22:54:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/01 22:48:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/12/24 16:54:58 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2012/12/23 23:24:52 | 000,747,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/23 15:50:08 | 376,429,876 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/21 23:37:06 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
[2012/12/15 00:55:19 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\PROJECT in a box Planner.lnk
[2012/12/15 00:55:16 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\PROJECT in a Box Community Edition 2.lnk
[2012/12/15 00:06:03 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Enterprise Architect.lnk
[2012/12/08 21:25:32 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/12/08 21:25:32 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/10/14 08:38:15 | 000,220,615 | ---- | C] () -- C:\Windows\hpoins35.dat
[2012/10/14 08:38:15 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2012/10/12 19:39:15 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2012/10/12 19:39:15 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2012/10/12 19:39:15 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2012/06/14 11:57:26 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
========== ZeroAccess Check ==========
[2011/11/17 16:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\@
[2013/01/03 21:07:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\L
[2013/01/05 09:08:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U
[2013/01/05 22:59:53 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\L\00000004.@
[2013/01/02 23:01:27 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\00000004.@
[2013/01/05 09:08:43 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\00000008.@
[2013/01/05 09:08:41 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\000000cb.@
[2013/01/02 23:01:31 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000000.@
[2013/01/05 09:08:43 | 000,096,256 | ---- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000032.@
[2013/01/05 09:08:43 | 000,083,456 | ---- | M] () -- C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000064.@
[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Thunderbird\Profiles\qzi1un0b.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/01/05 22:59:50 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013/01/05 22:59:50 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/10/13 08:38:01 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\Audacity
[2013/01/03 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\Box Desktop
[2013/01/03 20:21:17 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\Box Sync
[2012/10/12 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\CheckPoint
[2013/01/04 23:05:18 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\Dropbox
[2012/10/13 08:41:39 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\FastGlacier
[2013/01/05 23:12:59 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\Free Download Manager
[2013/01/03 20:51:59 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\ICAClient
[2012/10/16 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\ImgBurn
[2012/10/13 22:33:14 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\KeePass
[2012/11/13 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\MailFrontier
[2013/01/04 23:42:46 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\Notepad++
[2012/10/12 05:47:46 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\Thunderbird
[2012/10/25 06:07:59 | 000,000,000 | ---D | M] -- C:\Users\Deeturagit\AppData\Roaming\ZipGenius
[2012/10/22 14:52:02 | 000,000,000 | ---D | M] -- C:\Users\Lily Pond\AppData\Roaming\.minecraft
[2012/12/18 08:40:02 | 000,000,000 | ---D | M] -- C:\Users\Lily Pond\AppData\Roaming\Box Desktop
[2012/12/18 08:40:05 | 000,000,000 | ---D | M] -- C:\Users\Lily Pond\AppData\Roaming\Box Sync
[2012/10/19 17:52:05 | 000,000,000 | ---D | M] -- C:\Users\Lily Pond\AppData\Roaming\CheckPoint
[2012/12/10 08:19:24 | 000,000,000 | ---D | M] -- C:\Users\Lily Pond\AppData\Roaming\ICAClient
[2012/11/03 21:10:46 | 000,000,000 | ---D | M] -- C:\Users\Lily Pond\AppData\Roaming\KeePass
[2012/10/19 17:53:13 | 000,000,000 | ---D | M] -- C:\Users\Lily Pond\AppData\Roaming\MailFrontier
[2012/12/23 23:31:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Agilix
[2012/11/25 10:38:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Artisteer
[2013/01/02 23:17:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Babylon
[2012/12/15 01:08:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Box Desktop
[2013/01/03 20:41:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Box Sync
[2012/10/13 07:22:48 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\CheckPoint
[2012/11/02 23:19:07 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/01/03 20:40:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2012/10/31 05:45:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Foxit Software
[2013/01/03 20:19:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Free Download Manager
[2012/11/27 07:29:40 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ICAClient
[2012/10/16 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ImgBurn
[2012/11/25 17:39:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\inkscape
[2013/01/02 00:54:54 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\KeePass
[2012/10/15 23:11:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\MailFrontier
[2012/12/28 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Notepad++
[2012/11/08 20:46:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PDAppFlex
[2012/12/15 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sparx Systems
[2013/01/05 09:08:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Spotify
[2012/11/10 15:00:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TechSmith
[2012/10/13 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Thunderbird
[2012/12/21 23:36:23 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TweetAdder3
[2012/10/20 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Windows Live Writer
[2012/12/11 21:51:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ZipGenius
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 13:24:46 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 13:24:35 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2008/04/30 01:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
[2008/04/30 01:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Windows.old\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
< MD5 for: QMGR.DLL >
[2010/11/21 13:24:18 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows.old\Windows\System32\qmgr.dll
[2010/11/21 13:24:18 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2010/11/21 13:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 13:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
< MD5 for: SERVICES >
[2009/06/11 07:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/11 07:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2009/06/11 07:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.CFG >
[2012/07/28 06:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Windows.old\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows.old\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/14 11:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Windows\SysNative\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 17:33:46 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2011/04/12 17:33:46 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2011/04/12 18:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 18:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.GIF >
[2009/09/21 21:34:57 | 000,000,570 | ---- | M] () MD5=71B9F3C0C51D0731B8B978B8727F5E42 -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\zdj4cs7z.default\zotero\storage\UTR9VZ65\services.gif
< MD5 for: SERVICES.HTM >
[2008/11/17 12:27:54 | 000,035,603 | ---- | M] () MD5=3B3E8D4E1D4C4D10C0BD658A799E80FF -- C:\FujiDynadisk\Documentation\Oracle\EnterpriseManager10.2.0.5.B16240\doc\user.102\b28678\services.htm
[2008/06/17 11:54:42 | 000,009,646 | ---- | M] () MD5=984DBFE30570022EEFD601DFE2DBFC35 -- C:\Users\Peter\Documents\NetObjects Fusion 11.0\User Sites\pdbmsdownload\Import\www.pacificdbms.com.au\services.htm
[2008/06/21 17:40:33 | 000,015,325 | ---- | M] () MD5=EB0AD7FCDFD969FB0A7BE3DF423B4CC4 -- C:\Users\Peter\Documents\NetObjects Fusion 11.0\User Sites\pdbmsdownload\Preview\services.htm
< MD5 for: SERVICES.HTML >
[2004/02/18 01:00:42 | 000,007,356 | ---- | M] () MD5=4D52E36AB294BFEC703C5EAC0458345A -- C:\Users\Peter\Documents\work\websites\GLCS\GLCS\Preview\services.html
[2005/05/18 17:28:22 | 000,014,873 | ---- | M] () MD5=AE3596E388160A1324AE3F72FA841B95 -- C:\Users\Peter\Documents\work\websites\User Sites\PAMEACS2\Preview\services.html
< MD5 for: SERVICES.LNK >
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:59:14 | 000,001,288 | ---- | M] () MD5=C42118077122E0E466B73023B261C4BE -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/01/03 23:23:28 | 000,000,351 | ---- | M] () MD5=3793D8D2E8DC75EFD85E8DEC19BA0C84 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\652YZ4X2\mochiads.com\services.mochiads.com.sol
< MD5 for: SERVICES.MOF >
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2011/04/12 17:33:44 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2011/04/12 17:33:46 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2011/04/12 17:33:44 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 17:33:46 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2011/04/12 18:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 18:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 18:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 18:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Windows.old\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Windows.old\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Windows.old\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
< MD5 for: SERVICES.VRF >
[1999/10/07 16:44:38 | 000,004,564 | ---- | M] () MD5=6CF0B64E504805784AE09C7CFA9422FC -- C:\temp\ADI32BIT\FORWIN95\services.vrf
[1999/10/07 16:44:38 | 000,004,564 | ---- | M] () MD5=6CF0B64E504805784AE09C7CFA9422FC -- C:\temp\ADI32BIT\FORWINNT\services.vrf
< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2008/07/01 23:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe
[2008/07/01 23:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Windows.old\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/21 13:24:20 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2010/11/21 13:24:20 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 13:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 13:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 13:24:50 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old\Windows\System32\userinit.exe
[2010/11/21 13:24:50 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/21 13:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 13:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 13:24:50 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\System32\winlogon.exe
[2010/11/21 13:24:50 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/07/01 23:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
[2008/07/01 23:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Windows.old\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum /s >
< End of report >
Extras.txt
OTL Extras logfile created on: 1/5/2013 11:12:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.96 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 47.60% Memory free
7.92 Gb Paging File | 5.63 Gb Available in Paging File | 71.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 536.45 Gb Free Space | 57.60% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 72.87 Gb Free Space | 31.29% Space Free | Partition Type: NTFS
Drive E: | 63.47 Gb Total Space | 8.71 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive F: | 274.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 279.46 Gb Total Space | 85.35 Gb Free Space | 30.54% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 153.09 Gb Free Space | 51.36% Space Free | Partition Type: NTFS
Drive I: | 14.92 Gb Total Space | 14.74 Gb Free Space | 98.79% Space Free | Partition Type: FAT32
Computer Name: TURAGITTECH-PC | User Name: Deeturagit | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3016723310-243591590-2261539899-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java™ 6 Update 35 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIOR_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{95140000-0081-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C9756801-C8EF-44FC-BD97-F2AE6728A432}" = Box Sync (64 bit)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"FastGlacier_is1" = FastGlacier version 1.4.5
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PROJECT in a box Community Edtion 2" = PROJECT in a box Community Edition 2
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004F7024-21BB-4886-B3F6-C4233429BB78}" = Tweet Adder 3
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{075A7877-02CA-4B15-8534-1211712A8E79}" = ZoneAlarm Firewall
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BD9E24B-DB16-491C-8092-F158664BB9F6}" = ZoneAlarm Security
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3150D831-80C8-4185-A805-E24A4C7A4D66}" = ZoneAlarm DataLock
"{3279597A-F266-4005-B1B1-E02CC338321C}" = Monosnap
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43ECF1A5-CF21-4C71-935F-A3945ECDD6A8}" = iMindMap 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{53DF5B5A-9B29-474A-A738-868FD1CAC1D3}" = Enterprise Architect 10 LITE Edition
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68723B04-57EC-11E1-A6A8-9E2D4824019B}" = Snagit 11
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a3717ca4-b44e-422d-8268-ee4dabb332fd}" = Windows Software Development Kit
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{B1F8F5EB-75E2-40C3-9A50-7907F1C910F1}" = Camtasia Studio 8
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3212276-DE91-4573-97FA-8C536E449752}" = Serif Premium Font Collection 2
"{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}" = Stora Desktop Applications
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E63A3353-003C-E4C2-230B-F155212D1479}" = SDK Debuggers
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.22beta
"90_Second_Website_Builder" = 90 Second Website Builder 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Artisteer 4" = Artisteer 4
"Audacity_is1" = Audacity 2.0.2
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Foxit Reader_is1" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.2
"InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0 (x86 en-US)" = Mozilla Thunderbird 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 6.01
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PuTTY_is1" = PuTTY version 0.62
"Scrivener 1250" = Scrivener
"Sigil_is1" = Sigil 0.6.2
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3016723310-243591590-2261539899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/3/2013 7:06:06 AM | Computer Name = turagittech-PC | Source = System Restore | ID = 8210
Description =
Error - 1/3/2013 7:06:43 AM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/3/2013 7:24:44 AM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/3/2013 9:46:59 AM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2013 8:36:20 AM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2013 9:04:22 AM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2013 9:36:14 AM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2013 7:05:34 PM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2013 7:12:37 PM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/5/2013 9:01:25 AM | Computer Name = turagittech-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 1/5/2013 9:21:32 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:21:32 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:21:32 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:21:32 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:26:24 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:26:24 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:26:24 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:26:24 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:26:24 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error - 1/5/2013 9:26:25 AM | Computer Name = turagittech-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.
< End of report >
RKReport
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Deeturagit [Admin rights]
Mode : Scan -- Date : 01/05/2013 23:47:08
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Documents and Settings\Administrator\NTUSER.DAT
-> E:\Documents and Settings\All Users\NTUSER.DAT
-> E:\Documents and Settings\Amanda\NTUSER.DAT
-> E:\Documents and Settings\Deeturagit\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Jayden\NTUSER.DAT
-> E:\Documents and Settings\Lily\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT
-> E:\Documents and Settings\Peter\NTUSER.DAT
-> E:\Documents and Settings\Technician\NTUSER.DAT
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010DLE630 ATA Device +++++
--- User ---
[MBR] 36fbfa5eb978e2f94a9e96c22986e0e3
[BSP] 6e444dd8b48345f73844254e421dd2da : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SAMSUNG HD080HJ ATA Device +++++
--- User ---
[MBR] 6ffe496c20296a167f5bed37b675f1e5
[BSP] 1899a34e288e1b3d91b5a890384f4d36 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 64997 Mo
1 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 133114590 | Size: 101 Mo
2 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 133323435 | Size: 1027 Mo
3 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 135427950 | Size: 10189 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD2500JS-60MHB1 ATA Device +++++
--- User ---
[MBR] f405605fc5173408878c9632da485a93
[BSP] 79acf96c37272dda821611d0f27c8bcb : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: ST330082 2A USB Device +++++
--- User ---
[MBR] 66ea833ee39b3f9368f9c1b8496850ce
[BSP] c6064b88f1d907436cb52ca7e9dac639 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Seagate FreeAgentDesktop USB Device +++++
--- User ---
[MBR] ef40fda18eb16b861f28d6e536039bd1
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_01052013_02d2347.txt >>
RKreport[1]_S_01052013_02d2347.txt
TDSKiller
00:35:45.0843 2528 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:35:46.0599 2528 ============================================================
00:35:46.0599 2528 Current date / time: 2013/01/06 00:35:46.0599
00:35:46.0599 2528 SystemInfo:
00:35:46.0599 2528
00:35:46.0599 2528 OS Version: 6.1.7601 ServicePack: 1.0
00:35:46.0599 2528 Product type: Workstation
00:35:46.0599 2528 ComputerName: TURAGITTECH-PC
00:35:46.0600 2528 UserName: Deeturagit
00:35:46.0600 2528 Windows directory: C:\Windows
00:35:46.0600 2528 System windows directory: C:\Windows
00:35:46.0600 2528 Running under WOW64
00:35:46.0600 2528 Processor architecture: Intel x64
00:35:46.0600 2528 Number of processors: 4
00:35:46.0600 2528 Page size: 0x1000
00:35:46.0600 2528 Boot type: Safe boot with network
00:35:46.0600 2528 ============================================================
00:35:48.0822 2528 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
00:35:48.0831 2528 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:35:48.0832 2528 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:35:48.0836 2528 Drive \Device\Harddisk3\DR3 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:35:48.0849 2528 Drive \Device\Harddisk4\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:35:48.0879 2528 Drive \Device\Harddisk5\DR5 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:35:48.0881 2528 ============================================================
00:35:48.0881 2528 \Device\Harddisk0\DR0:
00:35:48.0881 2528 MBR partitions:
00:35:48.0881 2528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:35:48.0881 2528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
00:35:48.0881 2528 \Device\Harddisk1\DR1:
00:35:48.0881 2528 MBR partitions:
00:35:48.0881 2528 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7EF2A9F
00:35:48.0881 2528 \Device\Harddisk2\DR2:
00:35:48.0882 2528 MBR partitions:
00:35:48.0882 2528 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
00:35:48.0882 2528 \Device\Harddisk3\DR3:
00:35:48.0882 2528 MBR partitions:
00:35:48.0882 2528 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
00:35:48.0882 2528 \Device\Harddisk4\DR4:
00:35:48.0883 2528 MBR partitions:
00:35:48.0883 2528 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
00:35:48.0883 2528 \Device\Harddisk5\DR5:
00:35:48.0883 2528 MBR partitions:
00:35:48.0883 2528 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
00:35:48.0883 2528 ============================================================
00:35:48.0898 2528 C: <-> \Device\Harddisk0\DR0\Partition2
00:35:48.0899 2528 D: <-> \Device\Harddisk2\DR2\Partition1
00:35:48.0909 2528 E: <-> \Device\Harddisk1\DR1\Partition1
00:35:48.0940 2528 G: <-> \Device\Harddisk3\DR3\Partition1
00:35:48.0963 2528 H: <-> \Device\Harddisk4\DR4\Partition1
00:35:48.0963 2528 ============================================================
00:35:48.0964 2528 Initialize success
00:35:48.0964 2528 ============================================================
00:35:53.0666 1568 ============================================================
00:35:53.0666 1568 Scan started
00:35:53.0666 1568 Mode: Manual;
00:35:53.0666 1568 ============================================================
00:35:54.0769 1568 ================ Scan system memory ========================
00:35:54.0769 1568 System memory - ok
00:35:54.0770 1568 ================ Scan services =============================
00:35:54.0913 1568 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:35:54.0916 1568 1394ohci - ok
00:35:54.0941 1568 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:35:54.0945 1568 ACPI - ok
00:35:54.0976 1568 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:35:54.0977 1568 AcpiPmi - ok
00:35:55.0095 1568 [ 835CE0647E4E9F01BEB26201DA6705B4 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
00:35:55.0098 1568 AdobeActiveFileMonitor11.0 - ok
00:35:55.0176 1568 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:35:55.0178 1568 AdobeARMservice - ok
00:35:55.0293 1568 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:35:55.0312 1568 adp94xx - ok
00:35:55.0352 1568 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:35:55.0357 1568 adpahci - ok
00:35:55.0370 1568 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:35:55.0373 1568 adpu320 - ok
00:35:55.0428 1568 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:35:55.0435 1568 AeLookupSvc - ok
00:35:55.0492 1568 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:35:55.0499 1568 AFD - ok
00:35:55.0529 1568 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:35:55.0531 1568 agp440 - ok
00:35:55.0550 1568 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:35:55.0551 1568 ALG - ok
00:35:55.0563 1568 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:35:55.0564 1568 aliide - ok
00:35:55.0591 1568 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:35:55.0592 1568 amdide - ok
00:35:55.0605 1568 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:35:55.0607 1568 AmdK8 - ok
00:35:55.0612 1568 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
00:35:55.0613 1568 AmdPPM - ok
00:35:55.0645 1568 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:35:55.0647 1568 amdsata - ok
00:35:55.0673 1568 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:35:55.0676 1568 amdsbs - ok
00:35:55.0687 1568 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:35:55.0688 1568 amdxata - ok
00:35:55.0753 1568 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:35:55.0755 1568 AppID - ok
00:35:55.0804 1568 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:35:55.0806 1568 AppIDSvc - ok
00:35:55.0814 1568 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:35:55.0816 1568 Appinfo - ok
00:35:55.0883 1568 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:35:55.0886 1568 Apple Mobile Device - ok
00:35:55.0938 1568 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:35:55.0941 1568 AppMgmt - ok
00:35:55.0982 1568 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
00:35:55.0983 1568 arc - ok
00:35:56.0014 1568 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:35:56.0016 1568 arcsas - ok
00:35:56.0080 1568 aspnet_state - ok
00:35:56.0103 1568 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:35:56.0104 1568 AsyncMac - ok
00:35:56.0120 1568 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:35:56.0121 1568 atapi - ok
00:35:56.0176 1568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:35:56.0191 1568 AudioEndpointBuilder - ok
00:35:56.0223 1568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:35:56.0223 1568 AudioSrv - ok
00:35:56.0244 1568 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:35:56.0246 1568 AxInstSV - ok
00:35:56.0284 1568 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
00:35:56.0290 1568 b06bdrv - ok
00:35:56.0299 1568 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:35:56.0303 1568 b57nd60a - ok
00:35:56.0326 1568 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:35:56.0328 1568 BDESVC - ok
00:35:56.0346 1568 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:35:56.0347 1568 Beep - ok
00:35:56.0393 1568 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:35:56.0394 1568 blbdrive - ok
00:35:56.0469 1568 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:35:56.0475 1568 Bonjour Service - ok
00:35:56.0518 1568 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:35:56.0520 1568 bowser - ok
00:35:56.0558 1568 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
00:35:56.0559 1568 BrFiltLo - ok
00:35:56.0572 1568 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
00:35:56.0573 1568 BrFiltUp - ok
00:35:56.0601 1568 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:35:56.0603 1568 Browser - ok
00:35:56.0619 1568 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:35:56.0624 1568 Brserid - ok
00:35:56.0652 1568 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:35:56.0653 1568 BrSerWdm - ok
00:35:56.0658 1568 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:35:56.0659 1568 BrUsbMdm - ok
00:35:56.0663 1568 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:35:56.0664 1568 BrUsbSer - ok
00:35:56.0678 1568 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:35:56.0680 1568 BTHMODEM - ok
00:35:56.0718 1568 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:35:56.0719 1568 bthserv - ok
00:35:56.0740 1568 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:35:56.0741 1568 cdfs - ok
00:35:56.0797 1568 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:35:56.0800 1568 cdrom - ok
00:35:56.0814 1568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:35:56.0816 1568 CertPropSvc - ok
00:35:56.0851 1568 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
00:35:56.0852 1568 circlass - ok
00:35:56.0870 1568 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:35:56.0875 1568 CLFS - ok
00:35:56.0932 1568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:35:56.0980 1568 clr_optimization_v2.0.50727_32 - ok
00:35:57.0015 1568 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:35:57.0018 1568 clr_optimization_v2.0.50727_64 - ok
00:35:57.0100 1568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:35:57.0148 1568 clr_optimization_v4.0.30319_32 - ok
00:35:57.0199 1568 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:35:57.0202 1568 clr_optimization_v4.0.30319_64 - ok
00:35:57.0249 1568 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
00:35:57.0250 1568 CmBatt - ok
00:35:57.0285 1568 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:35:57.0286 1568 cmdide - ok
00:35:57.0321 1568 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
00:35:57.0328 1568 CNG - ok
00:35:57.0335 1568 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
00:35:57.0336 1568 Compbatt - ok
00:35:57.0428 1568 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
00:35:57.0428 1568 CompFilter64 - ok
00:35:57.0466 1568 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:35:57.0467 1568 CompositeBus - ok
00:35:57.0475 1568 COMSysApp - ok
00:35:57.0507 1568 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:35:57.0507 1568 crcdisk - ok
00:35:57.0575 1568 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:35:57.0578 1568 CryptSvc - ok
00:35:57.0622 1568 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:35:57.0629 1568 CSC - ok
00:35:57.0661 1568 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:35:57.0670 1568 CscService - ok
00:35:57.0744 1568 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
00:35:57.0745 1568 ctxusbm - ok
00:35:57.0807 1568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:35:57.0840 1568 DcomLaunch - ok
00:35:57.0906 1568 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:35:57.0911 1568 defragsvc - ok
00:35:57.0926 1568 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:35:57.0928 1568 DfsC - ok
00:35:57.0963 1568 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:35:57.0968 1568 Dhcp - ok
00:35:57.0996 1568 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:35:57.0997 1568 discache - ok
00:35:58.0027 1568 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
00:35:58.0028 1568 Disk - ok
00:35:58.0063 1568 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
00:35:58.0064 1568 dmvsc - ok
00:35:58.0122 1568 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:35:58.0126 1568 Dnscache - ok
00:35:58.0172 1568 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:35:58.0176 1568 dot3svc - ok
00:35:58.0193 1568 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:35:58.0196 1568 DPS - ok
00:35:58.0243 1568 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:35:58.0244 1568 drmkaud - ok
00:35:58.0289 1568 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:35:58.0302 1568 DXGKrnl - ok
00:35:58.0312 1568 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:35:58.0315 1568 EapHost - ok
00:35:58.0391 1568 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
00:35:58.0443 1568 ebdrv - ok
00:35:58.0472 1568 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:35:58.0474 1568 EFS - ok
00:35:58.0545 1568 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:35:58.0554 1568 ehRecvr - ok
00:35:58.0567 1568 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:35:58.0569 1568 ehSched - ok
00:35:58.0650 1568 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:35:58.0657 1568 elxstor - ok
00:35:58.0667 1568 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:35:58.0668 1568 ErrDev - ok
00:35:58.0712 1568 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:35:58.0718 1568 EventSystem - ok
00:35:58.0739 1568 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:35:58.0742 1568 exfat - ok
00:35:58.0777 1568 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:35:58.0780 1568 fastfat - ok
00:35:58.0832 1568 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:35:58.0842 1568 Fax - ok
00:35:58.0874 1568 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
00:35:58.0875 1568 fdc - ok
00:35:58.0928 1568 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:35:58.0930 1568 fdPHost - ok
00:35:58.0959 1568 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:35:58.0961 1568 FDResPub - ok
00:35:58.0976 1568 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:35:58.0977 1568 FileInfo - ok
00:35:58.0987 1568 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:35:58.0988 1568 Filetrace - ok
00:35:59.0006 1568 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
00:35:59.0007 1568 flpydisk - ok
00:35:59.0052 1568 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:35:59.0056 1568 FltMgr - ok
00:35:59.0106 1568 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:35:59.0121 1568 FontCache - ok
00:35:59.0185 1568 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:35:59.0186 1568 FontCache3.0.0.0 - ok
00:35:59.0245 1568 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:35:59.0246 1568 FsDepends - ok
00:35:59.0323 1568 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:35:59.0324 1568 fssfltr - ok
00:35:59.0411 1568 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:35:59.0431 1568 fsssvc - ok
00:35:59.0479 1568 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:35:59.0480 1568 Fs_Rec - ok
00:35:59.0519 1568 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:35:59.0522 1568 fvevol - ok
00:35:59.0551 1568 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:35:59.0552 1568 gagp30kx - ok
00:35:59.0581 1568 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:35:59.0582 1568 GEARAspiWDM - ok
00:35:59.0625 1568 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:35:59.0636 1568 gpsvc - ok
00:35:59.0686 1568 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:35:59.0688 1568 gupdate - ok
00:35:59.0707 1568 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:35:59.0708 1568 gupdatem - ok
00:35:59.0724 1568 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:35:59.0736 1568 hcw85cir - ok
00:35:59.0801 1568 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:35:59.0806 1568 HdAudAddService - ok
00:35:59.0842 1568 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:35:59.0844 1568 HDAudBus - ok
00:35:59.0922 1568 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:35:59.0923 1568 HECIx64 - ok
00:35:59.0939 1568 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
00:35:59.0940 1568 HidBatt - ok
00:35:59.0982 1568 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:35:59.0984 1568 HidBth - ok
00:35:59.0999 1568 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
00:36:00.0000 1568 HidIr - ok
00:36:00.0046 1568 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:36:00.0048 1568 hidserv - ok
00:36:00.0068 1568 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:36:00.0069 1568 HidUsb - ok
00:36:00.0126 1568 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:36:00.0128 1568 hkmsvc - ok
00:36:00.0149 1568 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:36:00.0153 1568 HomeGroupListener - ok
00:36:00.0185 1568 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:36:00.0189 1568 HomeGroupProvider - ok
00:36:00.0303 1568 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:36:00.0307 1568 hpqcxs08 - ok
00:36:00.0322 1568 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:36:00.0324 1568 hpqddsvc - ok
00:36:00.0347 1568 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:36:00.0349 1568 HpSAMD - ok
00:36:00.0400 1568 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:36:00.0415 1568 HPSLPSVC - ok
00:36:00.0446 1568 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:36:00.0456 1568 HTTP - ok
00:36:00.0489 1568 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:36:00.0490 1568 hwpolicy - ok
00:36:00.0530 1568 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:36:00.0532 1568 i8042prt - ok
00:36:00.0571 1568 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:36:00.0576 1568 iaStorV - ok
00:36:00.0640 1568 [ 9A492CBA0014A5A0BB1467E484885C61 ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
00:36:00.0642 1568 icsak - ok
00:36:00.0689 1568 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:36:00.0691 1568 IDriverT - ok
00:36:00.0749 1568 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:36:00.0760 1568 idsvc - ok
00:36:00.0806 1568 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:36:00.0807 1568 iirsp - ok
00:36:00.0882 1568 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:36:00.0893 1568 IKEEXT - ok
00:36:00.0911 1568 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:36:00.0912 1568 intelide - ok
00:36:00.0932 1568 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:36:00.0934 1568 intelppm - ok
00:36:00.0959 1568 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:36:00.0962 1568 IPBusEnum - ok
00:36:00.0979 1568 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:36:00.0995 1568 IpFilterDriver - ok
00:36:01.0020 1568 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:36:01.0022 1568 IPMIDRV - ok
00:36:01.0027 1568 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:36:01.0029 1568 IPNAT - ok
00:36:01.0064 1568 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:36:01.0073 1568 iPod Service - ok
00:36:01.0088 1568 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:36:01.0089 1568 IRENUM - ok
00:36:01.0102 1568 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:36:01.0103 1568 isapnp - ok
00:36:01.0119 1568 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:36:01.0123 1568 iScsiPrt - ok
00:36:01.0174 1568 [ BA8C6135E6E632139DAC5B34861FCB03 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
00:36:01.0175 1568 ISWKL - ok
00:36:01.0197 1568 [ EEF0D7308C247294389B566A7830B211 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
00:36:01.0208 1568 IswSvc - ok
00:36:01.0268 1568 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:36:01.0269 1568 kbdclass - ok
00:36:01.0303 1568 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:36:01.0304 1568 kbdhid - ok
00:36:01.0331 1568 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:36:01.0332 1568 KeyIso - ok
00:36:01.0361 1568 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
00:36:01.0368 1568 KL1 - ok
00:36:01.0416 1568 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
00:36:01.0417 1568 kl2 - ok
00:36:01.0434 1568 [ 055790D38D7EC73AEF03E4AA7F67BA03 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
00:36:01.0441 1568 KLIF - ok
00:36:01.0478 1568 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:36:01.0478 1568 KSecDD - ok
00:36:01.0520 1568 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:36:01.0523 1568 KSecPkg - ok
00:36:01.0568 1568 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:36:01.0569 1568 ksthunk - ok
00:36:01.0615 1568 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:36:01.0621 1568 KtmRm - ok
00:36:01.0663 1568 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:36:01.0668 1568 LanmanServer - ok
00:36:01.0683 1568 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:36:01.0700 1568 LanmanWorkstation - ok
00:36:01.0732 1568 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:36:01.0733 1568 lltdio - ok
00:36:01.0753 1568 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:36:01.0758 1568 lltdsvc - ok
00:36:01.0774 1568 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:36:01.0775 1568 lmhosts - ok
00:36:01.0801 1568 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:36:01.0803 1568 LSI_FC - ok
00:36:01.0858 1568 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:36:01.0860 1568 LSI_SAS - ok
00:36:01.0865 1568 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:36:01.0866 1568 LSI_SAS2 - ok
00:36:01.0897 1568 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:36:01.0899 1568 LSI_SCSI - ok
00:36:01.0923 1568 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:36:01.0925 1568 luafv - ok
00:36:01.0959 1568 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
00:36:01.0964 1568 LVRS64 - ok
00:36:02.0071 1568 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
00:36:02.0133 1568 LVUVC64 - ok
00:36:02.0184 1568 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:36:02.0186 1568 MBAMProtector - ok
00:36:02.0270 1568 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:36:02.0275 1568 MBAMScheduler - ok
00:36:02.0314 1568 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:36:02.0323 1568 MBAMService - ok
00:36:02.0347 1568 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:36:02.0350 1568 Mcx2Svc - ok
00:36:02.0380 1568 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
00:36:02.0381 1568 megasas - ok
00:36:02.0403 1568 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
00:36:02.0407 1568 MegaSR - ok
00:36:02.0473 1568 Microsoft SharePoint Workspace Audit Service - ok
00:36:02.0496 1568 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:36:02.0498 1568 MMCSS - ok
00:36:02.0516 1568 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:36:02.0517 1568 Modem - ok
00:36:02.0534 1568 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:36:02.0535 1568 monitor - ok
00:36:02.0554 1568 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:36:02.0554 1568 mouclass - ok
00:36:02.0590 1568 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:36:02.0591 1568 mouhid - ok
00:36:02.0624 1568 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:36:02.0626 1568 mountmgr - ok
00:36:02.0691 1568 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:36:02.0693 1568 MozillaMaintenance - ok
00:36:02.0719 1568 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:36:02.0722 1568 mpio - ok
00:36:02.0736 1568 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:36:02.0738 1568 mpsdrv - ok
00:36:02.0776 1568 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:36:02.0779 1568 MRxDAV - ok
00:36:02.0818 1568 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:36:02.0821 1568 mrxsmb - ok
00:36:02.0836 1568 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:36:02.0840 1568 mrxsmb10 - ok
00:36:02.0854 1568 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:36:02.0856 1568 mrxsmb20 - ok
00:36:02.0887 1568 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:36:02.0888 1568 msahci - ok
00:36:02.0905 1568 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:36:02.0908 1568 msdsm - ok
00:36:02.0924 1568 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:36:02.0927 1568 MSDTC - ok
00:36:03.0033 1568 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:36:03.0033 1568 Msfs - ok
00:36:03.0046 1568 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:36:03.0047 1568 mshidkmdf - ok
00:36:03.0059 1568 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:36:03.0060 1568 msisadrv - ok
00:36:03.0121 1568 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:36:03.0124 1568 MSiSCSI - ok
00:36:03.0137 1568 msiserver - ok
00:36:03.0194 1568 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:36:03.0195 1568 MSKSSRV - ok
00:36:03.0211 1568 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:36:03.0212 1568 MSPCLOCK - ok
00:36:03.0224 1568 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:36:03.0225 1568 MSPQM - ok
00:36:03.0246 1568 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:36:03.0251 1568 MsRPC - ok
00:36:03.0289 1568 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:36:03.0290 1568 mssmbios - ok
00:36:03.0307 1568 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:36:03.0308 1568 MSTEE - ok
00:36:03.0371 1568 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
00:36:03.0372 1568 MTConfig - ok
00:36:03.0389 1568 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:36:03.0390 1568 Mup - ok
00:36:03.0429 1568 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:36:03.0437 1568 napagent - ok
00:36:03.0537 1568 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:36:03.0537 1568 NativeWifiP - ok
00:36:03.0615 1568 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:36:03.0627 1568 NDIS - ok
00:36:03.0652 1568 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:36:03.0653 1568 NdisCap - ok
00:36:03.0680 1568 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:36:03.0681 1568 NdisTapi - ok
00:36:03.0706 1568 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:36:03.0708 1568 Ndisuio - ok
00:36:03.0718 1568 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:36:03.0721 1568 NdisWan - ok
00:36:03.0753 1568 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:36:03.0754 1568 NDProxy - ok
00:36:03.0802 1568 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:36:03.0804 1568 Net Driver HPZ12 - ok
00:36:03.0818 1568 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:36:03.0819 1568 NetBIOS - ok
00:36:03.0832 1568 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:36:03.0836 1568 NetBT - ok
00:36:03.0847 1568 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:36:03.0849 1568 Netlogon - ok
00:36:03.0907 1568 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:36:03.0913 1568 Netman - ok
00:36:03.0929 1568 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:36:03.0936 1568 netprofm - ok
00:36:03.0978 1568 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:36:03.0980 1568 NetTcpPortSharing - ok
00:36:04.0042 1568 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:36:04.0044 1568 nfrd960 - ok
00:36:04.0103 1568 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:36:04.0109 1568 NlaSvc - ok
00:36:04.0172 1568 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys
00:36:04.0173 1568 npf - ok
00:36:04.0207 1568 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:36:04.0208 1568 Npfs - ok
00:36:04.0241 1568 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:36:04.0243 1568 nsi - ok
00:36:04.0283 1568 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:36:04.0284 1568 nsiproxy - ok
00:36:04.0348 1568 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:36:04.0370 1568 Ntfs - ok
00:36:04.0379 1568 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:36:04.0380 1568 Null - ok
00:36:04.0434 1568 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
00:36:04.0437 1568 NVHDA - ok
00:36:04.0666 1568 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:36:04.0856 1568 nvlddmkm - ok
00:36:04.0913 1568 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:36:04.0915 1568 nvraid - ok
00:36:04.0925 1568 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:36:04.0928 1568 nvstor - ok
00:36:04.0996 1568 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
00:36:05.0009 1568 nvsvc - ok
00:36:05.0069 1568 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:36:05.0086 1568 nvUpdatusService - ok
00:36:05.0109 1568 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:36:05.0111 1568 nv_agp - ok
00:36:05.0145 1568 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:36:05.0146 1568 ohci1394 - ok
00:36:05.0209 1568 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:36:05.0212 1568 ose64 - ok
00:36:05.0368 1568 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:36:05.0430 1568 osppsvc - ok
00:36:05.0482 1568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:36:05.0488 1568 p2pimsvc - ok
00:36:05.0526 1568 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:36:05.0533 1568 p2psvc - ok
00:36:05.0599 1568 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
00:36:05.0601 1568 Parport - ok
00:36:05.0627 1568 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:36:05.0629 1568 partmgr - ok
00:36:05.0679 1568 [ 54C6BD3C6C102396EB01A4877DF7B6E3 ] PcaSp50 C:\Windows\system32\Drivers\PcaSp50.sys
00:36:05.0680 1568 PcaSp50 - ok
00:36:05.0712 1568 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:36:05.0716 1568 PcaSvc - ok
00:36:05.0726 1568 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:36:05.0729 1568 pci - ok
00:36:05.0737 1568 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:36:05.0738 1568 pciide - ok
00:36:05.0770 1568 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:36:05.0788 1568 pcmcia - ok
00:36:05.0806 1568 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:36:05.0807 1568 pcw - ok
00:36:05.0834 1568 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:36:05.0843 1568 PEAUTH - ok
00:36:05.0902 1568 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:36:05.0921 1568 PeerDistSvc - ok
00:36:06.0023 1568 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:36:06.0052 1568 PerfHost - ok
00:36:06.0107 1568 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:36:06.0126 1568 pla - ok
00:36:06.0176 1568 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:36:06.0183 1568 PlugPlay - ok
00:36:06.0223 1568 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:36:06.0225 1568 Pml Driver HPZ12 - ok
00:36:06.0236 1568 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:36:06.0239 1568 PNRPAutoReg - ok
00:36:06.0265 1568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:36:06.0269 1568 PNRPsvc - ok
00:36:06.0312 1568 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:36:06.0320 1568 PolicyAgent - ok
00:36:06.0356 1568 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:36:06.0360 1568 Power - ok
00:36:06.0400 1568 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:36:06.0402 1568 PptpMiniport - ok
00:36:06.0424 1568 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
00:36:06.0426 1568 Processor - ok
00:36:06.0473 1568 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:36:06.0477 1568 ProfSvc - ok
00:36:06.0514 1568 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:36:06.0515 1568 ProtectedStorage - ok
00:36:06.0532 1568 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:36:06.0534 1568 Psched - ok
00:36:06.0575 1568 [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
00:36:06.0577 1568 PxHlpa64 - ok
00:36:06.0611 1568 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:36:06.0631 1568 ql2300 - ok
00:36:06.0667 1568 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:36:06.0669 1568 ql40xx - ok
00:36:06.0701 1568 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:36:06.0705 1568 QWAVE - ok
00:36:06.0717 1568 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:36:06.0718 1568 QWAVEdrv - ok
00:36:06.0736 1568 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:36:06.0737 1568 RasAcd - ok
00:36:06.0771 1568 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:36:06.0772 1568 RasAgileVpn - ok
00:36:06.0782 1568 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:36:06.0785 1568 RasAuto - ok
00:36:06.0795 1568 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:36:06.0797 1568 Rasl2tp - ok
00:36:06.0829 1568 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:36:06.0835 1568 RasMan - ok
00:36:06.0875 1568 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:36:06.0877 1568 RasPppoe - ok
00:36:06.0882 1568 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:36:06.0883 1568 RasSstp - ok
00:36:06.0923 1568 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:36:06.0928 1568 rdbss - ok
00:36:06.0951 1568 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:36:06.0952 1568 rdpbus - ok
00:36:06.0959 1568 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:36:06.0960 1568 RDPCDD - ok
00:36:06.0996 1568 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:36:06.0999 1568 RDPDR - ok
00:36:07.0023 1568 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:36:07.0024 1568 RDPENCDD - ok
00:36:07.0033 1568 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:36:07.0034 1568 RDPREFMP - ok
00:36:07.0067 1568 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:36:07.0068 1568 RdpVideoMiniport - ok
00:36:07.0106 1568 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:36:07.0109 1568 RDPWD - ok
00:36:07.0162 1568 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:36:07.0166 1568 rdyboost - ok
00:36:07.0266 1568 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:36:07.0269 1568 RemoteAccess - ok
00:36:07.0306 1568 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:36:07.0310 1568 RemoteRegistry - ok
00:36:07.0329 1568 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:36:07.0331 1568 RpcEptMapper - ok
00:36:07.0344 1568 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:36:07.0346 1568 RpcLocator - ok
00:36:07.0364 1568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:36:07.0370 1568 RpcSs - ok
00:36:07.0416 1568 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:36:07.0418 1568 rspndr - ok
00:36:07.0474 1568 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:36:07.0480 1568 RTL8167 - ok
00:36:07.0534 1568 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
00:36:07.0536 1568 RtNdPt60 - ok
00:36:07.0570 1568 [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
00:36:07.0571 1568 RTTEAMPT - ok
00:36:07.0584 1568 [ ED0624ED83121E1BC141F49B1316CAA0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys
00:36:07.0585 1568 RTVLANPT - ok
00:36:07.0614 1568 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:36:07.0615 1568 s3cap - ok
00:36:07.0647 1568 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:36:07.0648 1568 SamSs - ok
00:36:07.0670 1568 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:36:07.0672 1568 sbp2port - ok
00:36:07.0724 1568 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:36:07.0729 1568 SCardSvr - ok
00:36:07.0753 1568 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:36:07.0753 1568 scfilter - ok
00:36:07.0800 1568 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:36:07.0831 1568 Schedule - ok
00:36:07.0864 1568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:36:07.0865 1568 SCPolicySvc - ok
00:36:07.0891 1568 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:36:07.0895 1568 SDRSVC - ok
00:36:07.0920 1568 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:36:07.0921 1568 secdrv - ok
00:36:07.0968 1568 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:36:07.0970 1568 seclogon - ok
00:36:07.0997 1568 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:36:08.0000 1568 SENS - ok
00:36:08.0011 1568 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:36:08.0014 1568 SensrSvc - ok
00:36:08.0034 1568 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:36:08.0036 1568 Serenum - ok
00:36:08.0051 1568 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:36:08.0053 1568 Serial - ok
00:36:08.0078 1568 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:36:08.0079 1568 sermouse - ok
00:36:08.0107 1568 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:36:08.0111 1568 SessionEnv - ok
00:36:08.0144 1568 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:36:08.0146 1568 sffdisk - ok
00:36:08.0150 1568 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:36:08.0151 1568 sffp_mmc - ok
00:36:08.0155 1568 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:36:08.0156 1568 sffp_sd - ok
00:36:08.0177 1568 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:36:08.0178 1568 sfloppy - ok
00:36:08.0233 1568 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:36:08.0240 1568 ShellHWDetection - ok
00:36:08.0272 1568 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:36:08.0273 1568 SiSRaid2 - ok
00:36:08.0311 1568 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:36:08.0313 1568 SiSRaid4 - ok
00:36:08.0345 1568 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:36:08.0347 1568 Smb - ok
00:36:08.0389 1568 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:36:08.0391 1568 SNMPTRAP - ok
00:36:08.0402 1568 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:36:08.0404 1568 spldr - ok
00:36:08.0441 1568 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:36:08.0450 1568 Spooler - ok
00:36:08.0532 1568 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:36:08.0578 1568 sppsvc - ok
00:36:08.0591 1568 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:36:08.0594 1568 sppuinotify - ok
00:36:08.0635 1568 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:36:08.0639 1568 srv - ok
00:36:08.0651 1568 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:36:08.0657 1568 srv2 - ok
00:36:08.0673 1568 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:36:08.0676 1568 srvnet - ok
00:36:08.0729 1568 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:36:08.0733 1568 SSDPSRV - ok
00:36:08.0759 1568 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:36:08.0762 1568 SstpSvc - ok
00:36:08.0853 1568 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:36:08.0858 1568 Stereo Service - ok
00:36:08.0909 1568 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:36:08.0910 1568 stexstor - ok
00:36:08.0970 1568 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
00:36:08.0971 1568 StillCam - ok
00:36:09.0017 1568 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:36:09.0027 1568 stisvc - ok
00:36:09.0064 1568 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:36:09.0065 1568 storflt - ok
00:36:09.0086 1568 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:36:09.0088 1568 storvsc - ok
00:36:09.0104 1568 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:36:09.0105 1568 swenum - ok
00:36:09.0172 1568 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:36:09.0181 1568 swprv - ok
00:36:09.0232 1568 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
00:36:09.0234 1568 Synth3dVsc - ok
00:36:09.0276 1568 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:36:09.0299 1568 SysMain - ok
00:36:09.0327 1568 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:36:09.0331 1568 TabletInputService - ok
00:36:09.0362 1568 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:36:09.0368 1568 TapiSrv - ok
00:36:09.0380 1568 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:36:09.0383 1568 TBS - ok
00:36:09.0443 1568 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:36:09.0468 1568 Tcpip - ok
00:36:09.0526 1568 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:36:09.0542 1568 TCPIP6 - ok
00:36:09.0572 1568 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:36:09.0574 1568 tcpipreg - ok
00:36:09.0608 1568 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:36:09.0609 1568 TDPIPE - ok
00:36:09.0653 1568 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:36:09.0654 1568 TDTCP - ok
00:36:09.0669 1568 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:36:09.0671 1568 tdx - ok
00:36:09.0696 1568 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:36:09.0697 1568 TermDD - ok
00:36:09.0731 1568 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys
00:36:09.0732 1568 terminpt - ok
00:36:09.0783 1568 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:36:09.0794 1568 TermService - ok
00:36:09.0819 1568 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:36:09.0822 1568 Themes - ok
00:36:09.0829 1568 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:36:09.0831 1568 THREADORDER - ok
00:36:09.0844 1568 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:36:09.0844 1568 TrkWks - ok
00:36:09.0908 1568 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:36:09.0911 1568 TrustedInstaller - ok
00:36:09.0956 1568 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:36:09.0957 1568 tssecsrv - ok
00:36:09.0999 1568 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:36:10.0001 1568 TsUsbFlt - ok
00:36:10.0038 1568 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
00:36:10.0040 1568 TsUsbGD - ok
00:36:10.0092 1568 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
00:36:10.0094 1568 tsusbhub - ok
00:36:10.0138 1568 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:36:10.0140 1568 tunnel - ok
00:36:10.0156 1568 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:36:10.0158 1568 uagp35 - ok
00:36:10.0181 1568 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:36:10.0186 1568 udfs - ok
00:36:10.0226 1568 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:36:10.0228 1568 UI0Detect - ok
00:36:10.0261 1568 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:36:10.0263 1568 uliagpkx - ok
00:36:10.0292 1568 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:36:10.0293 1568 umbus - ok
00:36:10.0329 1568 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
00:36:10.0330 1568 UmPass - ok
00:36:10.0361 1568 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:36:10.0366 1568 UmRdpService - ok
00:36:10.0420 1568 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
00:36:10.0426 1568 UMVPFSrv - ok
00:36:10.0456 1568 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:36:10.0463 1568 upnphost - ok
00:36:10.0499 1568 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:36:10.0501 1568 usbaudio - ok
00:36:10.0535 1568 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:36:10.0536 1568 usbccgp - ok
00:36:10.0581 1568 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:36:10.0583 1568 usbcir - ok
00:36:10.0604 1568 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:36:10.0605 1568 usbehci - ok
00:36:10.0642 1568 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:36:10.0647 1568 usbhub - ok
00:36:10.0664 1568 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:36:10.0666 1568 usbohci - ok
00:36:10.0699 1568 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
00:36:10.0700 1568 usbprint - ok
00:36:10.0734 1568 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:36:10.0736 1568 USBSTOR - ok
00:36:10.0752 1568 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:36:10.0753 1568 usbuhci - ok
00:36:10.0775 1568 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:36:10.0778 1568 usbvideo - ok
00:36:10.0815 1568 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:36:10.0817 1568 UxSms - ok
00:36:10.0830 1568 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:36:10.0831 1568 VaultSvc - ok
00:36:10.0893 1568 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:36:10.0896 1568 VBoxDrv - ok
00:36:10.0937 1568 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:36:10.0938 1568 VBoxNetAdp - ok
00:36:10.0949 1568 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:36:10.0951 1568 VBoxNetFlt - ok
00:36:10.0983 1568 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:36:10.0985 1568 VBoxUSBMon - ok
00:36:11.0042 1568 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:36:11.0043 1568 vdrvroot - ok
00:36:11.0088 1568 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:36:11.0097 1568 vds - ok
00:36:11.0118 1568 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:36:11.0119 1568 vga - ok
00:36:11.0160 1568 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:36:11.0160 1568 VgaSave - ok
00:36:11.0164 1568 VGPU - ok
00:36:11.0207 1568 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:36:11.0211 1568 vhdmp - ok
00:36:11.0223 1568 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:36:11.0225 1568 viaide - ok
00:36:11.0278 1568 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:36:11.0281 1568 vmbus - ok
00:36:11.0292 1568 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:36:11.0293 1568 VMBusHID - ok
00:36:11.0373 1568 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:36:11.0375 1568 volmgr - ok
00:36:11.0393 1568 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:36:11.0398 1568 volmgrx - ok
00:36:11.0409 1568 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:36:11.0414 1568 volsnap - ok
00:36:11.0496 1568 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
00:36:11.0500 1568 Vsdatant - ok
00:36:11.0531 1568 vsmon - ok
00:36:11.0588 1568 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:36:11.0591 1568 vsmraid - ok
00:36:11.0643 1568 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:36:11.0665 1568 VSS - ok
00:36:11.0680 1568 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:36:11.0682 1568 vwifibus - ok
00:36:11.0700 1568 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:36:11.0707 1568 W32Time - ok
00:36:11.0748 1568 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:36:11.0761 1568 WacomPen - ok
00:36:11.0793 1568 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:36:11.0795 1568 WANARP - ok
00:36:11.0812 1568 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:36:11.0813 1568 Wanarpv6 - ok
00:36:11.0868 1568 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:36:11.0885 1568 WatAdminSvc - ok
00:36:11.0941 1568 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:36:11.0961 1568 wbengine - ok
00:36:11.0977 1568 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:36:11.0977 1568 WbioSrvc - ok
00:36:12.0008 1568 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:36:12.0008 1568 wcncsvc - ok
00:36:12.0032 1568 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:36:12.0035 1568 WcsPlugInService - ok
00:36:12.0065 1568 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
00:36:12.0066 1568 Wd - ok
00:36:12.0107 1568 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:36:12.0118 1568 Wdf01000 - ok
00:36:12.0154 1568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:36:12.0157 1568 WdiServiceHost - ok
00:36:12.0161 1568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:36:12.0164 1568 WdiSystemHost - ok
00:36:12.0196 1568 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:36:12.0202 1568 WebClient - ok
00:36:12.0217 1568 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:36:12.0222 1568 Wecsvc - ok
00:36:12.0234 1568 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:36:12.0238 1568 wercplsupport - ok
00:36:12.0265 1568 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:36:12.0268 1568 WerSvc - ok
00:36:12.0325 1568 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:36:12.0326 1568 WfpLwf - ok
00:36:12.0340 1568 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:36:12.0341 1568 WIMMount - ok
00:36:12.0346 1568 WinHttpAutoProxySvc - ok
00:36:12.0435 1568 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:36:12.0439 1568 Winmgmt - ok
00:36:12.0500 1568 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:36:12.0528 1568 WinRM - ok
00:36:12.0580 1568 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:36:12.0593 1568 Wlansvc - ok
00:36:12.0685 1568 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:36:12.0714 1568 wlidsvc - ok
00:36:12.0748 1568 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:36:12.0749 1568 WmiAcpi - ok
00:36:12.0784 1568 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:36:12.0787 1568 wmiApSrv - ok
00:36:12.0845 1568 WMPNetworkSvc - ok
00:36:12.0889 1568 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:36:12.0891 1568 WPCSvc - ok
00:36:12.0900 1568 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:36:12.0904 1568 WPDBusEnum - ok
00:36:12.0910 1568 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:36:12.0912 1568 ws2ifsl - ok
00:36:12.0936 1568 WSearch - ok
00:36:12.0977 1568 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:36:12.0979 1568 WudfPf - ok
00:36:13.0016 1568 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:36:13.0020 1568 WUDFRd - ok
00:36:13.0050 1568 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:36:13.0053 1568 wudfsvc - ok
00:36:13.0067 1568 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:36:13.0072 1568 WwanSvc - ok
00:36:13.0087 1568 ================ Scan global ===============================
00:36:13.0137 1568 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:36:13.0169 1568 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:36:13.0181 1568 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:36:13.0227 1568 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:36:13.0284 1568 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
00:36:13.0289 1568 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
00:36:13.0289 1568 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
00:36:13.0305 1568 ================ Scan MBR ==================================
00:36:13.0346 1568 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:36:13.0491 1568 \Device\Harddisk0\DR0 - ok
00:36:13.0494 1568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
00:36:13.0634 1568 \Device\Harddisk1\DR1 - ok
00:36:13.0637 1568 [ 5C23CCC2F46143DF23EF90430AC1FFA6 ] \Device\Harddisk2\DR2
00:36:13.0641 1568 \Device\Harddisk2\DR2 - ok
00:36:13.0653 1568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
00:36:14.0053 1568 \Device\Harddisk3\DR3 - ok
00:36:14.0069 1568 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
00:36:14.0069 1568 \Device\Harddisk4\DR4 - ok
00:36:14.0084 1568 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
00:36:14.0142 1568 \Device\Harddisk5\DR5 - ok
00:36:14.0143 1568 ================ Scan VBR ==================================
00:36:14.0167 1568 [ 0EE97813B034404AC985EE401FD7CE2D ] \Device\Harddisk0\DR0\Partition1
00:36:14.0169 1568 \Device\Harddisk0\DR0\Partition1 - ok
00:36:14.0183 1568 [ DC41BDA80276AB7D97E4C15C98C7B9EF ] \Device\Harddisk0\DR0\Partition2
00:36:14.0185 1568 \Device\Harddisk0\DR0\Partition2 - ok
00:36:14.0188 1568 [ 26B486FE0A707F3FB1522DD66B28A283 ] \Device\Harddisk1\DR1\Partition1
00:36:14.0190 1568 \Device\Harddisk1\DR1\Partition1 - ok
00:36:14.0194 1568 [ 7204347E74F212AB2FFDA303BF0DF0C1 ] \Device\Harddisk2\DR2\Partition1
00:36:14.0195 1568 \Device\Harddisk2\DR2\Partition1 - ok
00:36:14.0200 1568 [ 696A39D5FA62AABBB99216F0A2D7946F ] \Device\Harddisk3\DR3\Partition1
00:36:14.0203 1568 \Device\Harddisk3\DR3\Partition1 - ok
00:36:14.0207 1568 [ 375CD1DE563D36B2E43419BE6476D75D ] \Device\Harddisk4\DR4\Partition1
00:36:14.0210 1568 \Device\Harddisk4\DR4\Partition1 - ok
00:36:14.0214 1568 [ B03E04C2C8540E0C1A6F96E7CB2301E7 ] \Device\Harddisk5\DR5\Partition1
00:36:14.0215 1568 \Device\Harddisk5\DR5\Partition1 - ok
00:36:14.0216 1568 ============================================================
00:36:14.0216 1568 Scan finished
00:36:14.0216 1568 ============================================================
00:36:14.0247 3028 Detected object count: 1
00:36:14.0247 3028 Actual detected object count: 1
00:36:41.0247 3028 C:\Windows\system32\services.exe - copied to quarantine
00:36:49.0259 3028 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
00:36:49.0275 3028 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
00:36:49.0778 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\@ - copied to quarantine
00:36:49.0853 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\L\00000004.@ - copied to quarantine
00:36:49.0855 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\L\201d3dde - copied to quarantine
00:36:49.0858 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\00000004.@ - copied to quarantine
00:36:49.0860 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\00000008.@ - copied to quarantine
00:36:49.0876 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\000000cb.@ - copied to quarantine
00:36:49.0896 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000000.@ - copied to quarantine
00:36:49.0913 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000032.@ - copied to quarantine
00:36:49.0916 3028 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000064.@ - copied to quarantine
00:37:33.0771 3028 Backup copy not found, trying to cure infected file..
00:37:33.0771 3028 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
00:37:33.0771 3028 C:\Windows\system32\services.exe - processing error
00:37:33.0771 3028 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
00:45:46.0685 3604 ============================================================
00:45:46.0685 3604 Scan started
00:45:46.0685 3604 Mode: Manual; TDLFS;
00:45:46.0685 3604 ============================================================
00:45:48.0601 3604 ================ Scan system memory ========================
00:45:48.0601 3604 System memory - ok
00:45:48.0601 3604 ================ Scan services =============================
00:45:48.0735 3604 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:45:48.0737 3604 1394ohci - ok
00:45:48.0754 3604 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:45:48.0757 3604 ACPI - ok
00:45:48.0798 3604 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:45:48.0798 3604 AcpiPmi - ok
00:45:48.0917 3604 [ 835CE0647E4E9F01BEB26201DA6705B4 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
00:45:48.0919 3604 AdobeActiveFileMonitor11.0 - ok
00:45:48.0940 3604 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:45:48.0941 3604 AdobeARMservice - ok
00:45:48.0963 3604 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:45:48.0968 3604 adp94xx - ok
00:45:48.0982 3604 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:45:48.0985 3604 adpahci - ok
00:45:49.0017 3604 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:45:49.0019 3604 adpu320 - ok
00:45:49.0100 3604 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:45:49.0101 3604 AeLookupSvc - ok
00:45:49.0139 3604 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:45:49.0144 3604 AFD - ok
00:45:49.0176 3604 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:45:49.0177 3604 agp440 - ok
00:45:49.0238 3604 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:45:49.0239 3604 ALG - ok
00:45:49.0269 3604 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:45:49.0269 3604 aliide - ok
00:45:49.0313 3604 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:45:49.0314 3604 amdide - ok
00:45:49.0327 3604 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:45:49.0328 3604 AmdK8 - ok
00:45:49.0351 3604 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
00:45:49.0352 3604 AmdPPM - ok
00:45:49.0384 3604 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:45:49.0385 3604 amdsata - ok
00:45:49.0420 3604 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:45:49.0422 3604 amdsbs - ok
00:45:49.0442 3604 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:45:49.0443 3604 amdxata - ok
00:45:49.0461 3604 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:45:49.0462 3604 AppID - ok
00:45:49.0493 3604 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:45:49.0494 3604 AppIDSvc - ok
00:45:49.0503 3604 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:45:49.0504 3604 Appinfo - ok
00:45:49.0572 3604 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:45:49.0573 3604 Apple Mobile Device - ok
00:45:49.0610 3604 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:45:49.0611 3604 AppMgmt - ok
00:45:49.0629 3604 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
00:45:49.0630 3604 arc - ok
00:45:49.0655 3604 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:45:49.0656 3604 arcsas - ok
00:45:49.0702 3604 aspnet_state - ok
00:45:49.0717 3604 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:45:49.0717 3604 AsyncMac - ok
00:45:49.0751 3604 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:45:49.0751 3604 atapi - ok
00:45:49.0771 3604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:45:49.0778 3604 AudioEndpointBuilder - ok
00:45:49.0790 3604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:45:49.0796 3604 AudioSrv - ok
00:45:49.0808 3604 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:45:49.0809 3604 AxInstSV - ok
00:45:49.0848 3604 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
00:45:49.0852 3604 b06bdrv - ok
00:45:49.0861 3604 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:45:49.0863 3604 b57nd60a - ok
00:45:49.0898 3604 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:45:49.0899 3604 BDESVC - ok
00:45:49.0910 3604 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:45:49.0911 3604 Beep - ok
00:45:49.0924 3604 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:45:49.0924 3604 blbdrive - ok
00:45:50.0016 3604 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:45:50.0020 3604 Bonjour Service - ok
00:45:50.0066 3604 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:45:50.0067 3604 bowser - ok
00:45:50.0122 3604 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
00:45:50.0122 3604 BrFiltLo - ok
00:45:50.0153 3604 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
00:45:50.0153 3604 BrFiltUp - ok
00:45:50.0192 3604 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:45:50.0194 3604 Browser - ok
00:45:50.0217 3604 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:45:50.0220 3604 Brserid - ok
00:45:50.0241 3604 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:45:50.0242 3604 BrSerWdm - ok
00:45:50.0289 3604 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:45:50.0289 3604 BrUsbMdm - ok
00:45:50.0295 3604 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:45:50.0295 3604 BrUsbSer - ok
00:45:50.0309 3604 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:45:50.0310 3604 BTHMODEM - ok
00:45:50.0348 3604 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:45:50.0350 3604 bthserv - ok
00:45:50.0362 3604 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:45:50.0363 3604 cdfs - ok
00:45:50.0378 3604 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:45:50.0380 3604 cdrom - ok
00:45:50.0403 3604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:45:50.0404 3604 CertPropSvc - ok
00:45:50.0441 3604 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
00:45:50.0441 3604 circlass - ok
00:45:50.0476 3604 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:45:50.0479 3604 CLFS - ok
00:45:50.0513 3604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:45:50.0514 3604 clr_optimization_v2.0.50727_32 - ok
00:45:50.0579 3604 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:45:50.0581 3604 clr_optimization_v2.0.50727_64 - ok
00:45:50.0648 3604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:45:50.0649 3604 clr_optimization_v4.0.30319_32 - ok
00:45:50.0688 3604 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:45:50.0689 3604 clr_optimization_v4.0.30319_64 - ok
00:45:50.0721 3604 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
00:45:50.0722 3604 CmBatt - ok
00:45:50.0765 3604 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:45:50.0766 3604 cmdide - ok
00:45:50.0802 3604 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
00:45:50.0806 3604 CNG - ok
00:45:50.0813 3604 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
00:45:50.0813 3604 Compbatt - ok
00:45:50.0867 3604 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
00:45:50.0868 3604 CompFilter64 - ok
00:45:50.0880 3604 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:45:50.0881 3604 CompositeBus - ok
00:45:50.0905 3604 COMSysApp - ok
00:45:50.0912 3604 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:45:50.0912 3604 crcdisk - ok
00:45:50.0989 3604 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:45:50.0991 3604 CryptSvc - ok
00:45:51.0036 3604 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:45:51.0041 3604 CSC - ok
00:45:51.0058 3604 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:45:51.0064 3604 CscService - ok
00:45:51.0124 3604 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
00:45:51.0125 3604 ctxusbm - ok
00:45:51.0196 3604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:45:51.0202 3604 DcomLaunch - ok
00:45:51.0245 3604 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:45:51.0249 3604 defragsvc - ok
00:45:51.0257 3604 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:45:51.0258 3604 DfsC - ok
00:45:51.0286 3604 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:45:51.0289 3604 Dhcp - ok
00:45:51.0318 3604 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:45:51.0319 3604 discache - ok
00:45:51.0338 3604 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
00:45:51.0339 3604 Disk - ok
00:45:51.0377 3604 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
00:45:51.0378 3604 dmvsc - ok
00:45:51.0412 3604 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:45:51.0414 3604 Dnscache - ok
00:45:51.0428 3604 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:45:51.0431 3604 dot3svc - ok
00:45:51.0482 3604 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:45:51.0484 3604 DPS - ok
00:45:51.0524 3604 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:45:51.0525 3604 drmkaud - ok
00:45:51.0561 3604 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:45:51.0570 3604 DXGKrnl - ok
00:45:51.0607 3604 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:45:51.0607 3604 EapHost - ok
00:45:51.0689 3604 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
00:45:51.0717 3604 ebdrv - ok
00:45:51.0745 3604 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:45:51.0746 3604 EFS - ok
00:45:51.0817 3604 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:45:51.0824 3604 ehRecvr - ok
00:45:51.0839 3604 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:45:51.0841 3604 ehSched - ok
00:45:51.0905 3604 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:45:51.0910 3604 elxstor - ok
00:45:51.0922 3604 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:45:51.0923 3604 ErrDev - ok
00:45:51.0959 3604 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:45:51.0964 3604 EventSystem - ok
00:45:51.0987 3604 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:45:51.0989 3604 exfat - ok
00:45:52.0008 3604 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:45:52.0010 3604 fastfat - ok
00:45:52.0047 3604 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:45:52.0053 3604 Fax - ok
00:45:52.0105 3604 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
00:45:52.0105 3604 fdc - ok
00:45:52.0126 3604 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:45:52.0127 3604 fdPHost - ok
00:45:52.0182 3604 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:45:52.0183 3604 FDResPub - ok
00:45:52.0190 3604 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:45:52.0191 3604 FileInfo - ok
00:45:52.0218 3604 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:45:52.0219 3604 Filetrace - ok
00:45:52.0237 3604 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
00:45:52.0237 3604 flpydisk - ok
00:45:52.0258 3604 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:45:52.0261 3604 FltMgr - ok
00:45:52.0320 3604 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:45:52.0330 3604 FontCache - ok
00:45:52.0391 3604 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:45:52.0391 3604 FontCache3.0.0.0 - ok
00:45:52.0434 3604 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:45:52.0435 3604 FsDepends - ok
00:45:52.0487 3604 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:45:52.0488 3604 fssfltr - ok
00:45:52.0550 3604 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:45:52.0563 3604 fsssvc - ok
00:45:52.0601 3604 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:45:52.0602 3604 Fs_Rec - ok
00:45:52.0616 3604 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:45:52.0618 3604 fvevol - ok
00:45:52.0639 3604 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:45:52.0640 3604 gagp30kx - ok
00:45:52.0678 3604 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:45:52.0679 3604 GEARAspiWDM - ok
00:45:52.0722 3604 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:45:52.0730 3604 gpsvc - ok
00:45:52.0776 3604 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:45:52.0777 3604 gupdate - ok
00:45:52.0782 3604 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:45:52.0783 3604 gupdatem - ok
00:45:52.0813 3604 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:45:52.0814 3604 hcw85cir - ok
00:45:52.0865 3604 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:45:52.0869 3604 HdAudAddService - ok
00:45:52.0882 3604 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:45:52.0883 3604 HDAudBus - ok
00:45:52.0936 3604 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:45:52.0937 3604 HECIx64 - ok
00:45:52.0971 3604 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
00:45:52.0971 3604 HidBatt - ok
00:45:52.0988 3604 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:45:52.0989 3604 HidBth - ok
00:45:52.0995 3604 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
00:45:52.0996 3604 HidIr - ok
00:45:53.0027 3604 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:45:53.0028 3604 hidserv - ok
00:45:53.0066 3604 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:45:53.0067 3604 HidUsb - ok
00:45:53.0099 3604 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:45:53.0101 3604 hkmsvc - ok
00:45:53.0147 3604 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:45:53.0150 3604 HomeGroupListener - ok
00:45:53.0191 3604 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:45:53.0194 3604 HomeGroupProvider - ok
00:45:53.0309 3604 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:45:53.0312 3604 hpqcxs08 - ok
00:45:53.0328 3604 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:45:53.0330 3604 hpqddsvc - ok
00:45:53.0345 3604 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:45:53.0346 3604 HpSAMD - ok
00:45:53.0399 3604 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:45:53.0408 3604 HPSLPSVC - ok
00:45:53.0444 3604 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:45:53.0451 3604 HTTP - ok
00:45:53.0487 3604 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:45:53.0488 3604 hwpolicy - ok
00:45:53.0528 3604 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:45:53.0529 3604 i8042prt - ok
00:45:53.0568 3604 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:45:53.0572 3604 iaStorV - ok
00:45:53.0630 3604 [ 9A492CBA0014A5A0BB1467E484885C61 ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
00:45:53.0630 3604 icsak - ok
00:45:53.0695 3604 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:45:53.0696 3604 IDriverT - ok
00:45:53.0748 3604 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:45:53.0762 3604 idsvc - ok
00:45:53.0804 3604 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:45:53.0805 3604 iirsp - ok
00:45:53.0846 3604 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:45:53.0854 3604 IKEEXT - ok
00:45:53.0875 3604 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:45:53.0876 3604 intelide - ok
00:45:53.0914 3604 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:45:53.0915 3604 intelppm - ok
00:45:53.0924 3604 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:45:53.0926 3604 IPBusEnum - ok
00:45:53.0943 3604 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:45:53.0945 3604 IpFilterDriver - ok
00:45:53.0962 3604 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:45:53.0963 3604 IPMIDRV - ok
00:45:54.0001 3604 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:45:54.0002 3604 IPNAT - ok
00:45:54.0062 3604 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:45:54.0068 3604 iPod Service - ok
00:45:54.0119 3604 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:45:54.0119 3604 IRENUM - ok
00:45:54.0133 3604 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:45:54.0134 3604 isapnp - ok
00:45:54.0159 3604 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:45:54.0161 3604 iScsiPrt - ok
00:45:54.0197 3604 [ BA8C6135E6E632139DAC5B34861FCB03 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
00:45:54.0197 3604 ISWKL - ok
00:45:54.0228 3604 [ EEF0D7308C247294389B566A7830B211 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
00:45:54.0235 3604 IswSvc - ok
00:45:54.0249 3604 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:45:54.0250 3604 kbdclass - ok
00:45:54.0276 3604 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:45:54.0277 3604 kbdhid - ok
00:45:54.0320 3604 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:45:54.0322 3604 KeyIso - ok
00:45:54.0350 3604 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
00:45:54.0355 3604 KL1 - ok
00:45:54.0389 3604 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
00:45:54.0390 3604 kl2 - ok
00:45:54.0416 3604 [ 055790D38D7EC73AEF03E4AA7F67BA03 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
00:45:54.0420 3604 KLIF - ok
00:45:54.0477 3604 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:45:54.0478 3604 KSecDD - ok
00:45:54.0510 3604 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:45:54.0511 3604 KSecPkg - ok
00:45:54.0549 3604 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:45:54.0550 3604 ksthunk - ok
00:45:54.0587 3604 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:45:54.0592 3604 KtmRm - ok
00:45:54.0627 3604 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:45:54.0631 3604 LanmanServer - ok
00:45:54.0655 3604 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:45:54.0659 3604 LanmanWorkstation - ok
00:45:54.0671 3604 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:45:54.0672 3604 lltdio - ok
00:45:54.0692 3604 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:45:54.0696 3604 lltdsvc - ok
00:45:54.0721 3604 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:45:54.0723 3604 lmhosts - ok
00:45:54.0740 3604 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:45:54.0741 3604 LSI_FC - ok
00:45:54.0772 3604 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:45:54.0773 3604 LSI_SAS - ok
00:45:54.0778 3604 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:45:54.0779 3604 LSI_SAS2 - ok
00:45:54.0786 3604 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:45:54.0787 3604 LSI_SCSI - ok
00:45:54.0804 3604 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:45:54.0805 3604 luafv - ok
00:45:54.0830 3604 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
00:45:54.0833 3604 LVRS64 - ok
00:45:54.0936 3604 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
00:45:54.0978 3604 LVUVC64 - ok
00:45:55.0007 3604 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:45:55.0008 3604 MBAMProtector - ok
00:45:55.0076 3604 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:45:55.0080 3604 MBAMScheduler - ok
00:45:55.0104 3604 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:45:55.0110 3604 MBAMService - ok
00:45:55.0136 3604 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:45:55.0138 3604 Mcx2Svc - ok
00:45:55.0169 3604 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
00:45:55.0170 3604 megasas - ok
00:45:55.0184 3604 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
00:45:55.0187 3604 MegaSR - ok
00:45:55.0254 3604 Microsoft SharePoint Workspace Audit Service - ok
00:45:55.0277 3604 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:45:55.0279 3604 MMCSS - ok
00:45:55.0284 3604 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:45:55.0285 3604 Modem - ok
00:45:55.0298 3604 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:45:55.0299 3604 monitor - ok
00:45:55.0310 3604 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:45:55.0311 3604 mouclass - ok
00:45:55.0346 3604 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:45:55.0347 3604 mouhid - ok
00:45:55.0364 3604 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:45:55.0365 3604 mountmgr - ok
00:45:55.0414 3604 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:45:55.0415 3604 MozillaMaintenance - ok
00:45:55.0434 3604 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:45:55.0435 3604 mpio - ok
00:45:55.0484 3604 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:45:55.0485 3604 mpsdrv - ok
00:45:55.0516 3604 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:45:55.0517 3604 MRxDAV - ok
00:45:55.0557 3604 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:45:55.0559 3604 mrxsmb - ok
00:45:55.0592 3604 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:45:55.0595 3604 mrxsmb10 - ok
00:45:55.0610 3604 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:45:55.0611 3604 mrxsmb20 - ok
00:45:55.0626 3604 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:45:55.0627 3604 msahci - ok
00:45:55.0653 3604 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:45:55.0654 3604 msdsm - ok
00:45:55.0663 3604 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:45:55.0665 3604 MSDTC - ok
00:45:55.0722 3604 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:45:55.0723 3604 Msfs - ok
00:45:55.0735 3604 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:45:55.0736 3604 mshidkmdf - ok
00:45:55.0748 3604 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:45:55.0749 3604 msisadrv - ok
00:45:55.0802 3604 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:45:55.0804 3604 MSiSCSI - ok
00:45:55.0809 3604 msiserver - ok
00:45:55.0851 3604 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:45:55.0851 3604 MSKSSRV - ok
00:45:55.0867 3604 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:45:55.0867 3604 MSPCLOCK - ok
00:45:55.0879 3604 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:45:55.0880 3604 MSPQM - ok
00:45:55.0918 3604 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:45:55.0922 3604 MsRPC - ok
00:45:55.0936 3604 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:45:55.0937 3604 mssmbios - ok
00:45:55.0971 3604 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:45:55.0972 3604 MSTEE - ok
00:45:55.0985 3604 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
00:45:55.0985 3604 MTConfig - ok
00:45:56.0002 3604 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:45:56.0003 3604 Mup - ok
00:45:56.0051 3604 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:45:56.0057 3604 napagent - ok
00:45:56.0098 3604 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:45:56.0101 3604 NativeWifiP - ok
00:45:56.0146 3604 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:45:56.0154 3604 NDIS - ok
00:45:56.0175 3604 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:45:56.0175 3604 NdisCap - ok
00:45:56.0194 3604 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:45:56.0195 3604 NdisTapi - ok
00:45:56.0225 3604 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:45:56.0226 3604 Ndisuio - ok
00:45:56.0249 3604 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:45:56.0251 3604 NdisWan - ok
00:45:56.0275 3604 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:45:56.0276 3604 NDProxy - ok
00:45:56.0316 3604 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:45:56.0318 3604 Net Driver HPZ12 - ok
00:45:56.0324 3604 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:45:56.0325 3604 NetBIOS - ok
00:45:56.0339 3604 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:45:56.0342 3604 NetBT - ok
00:45:56.0354 3604 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:45:56.0355 3604 Netlogon - ok
00:45:56.0389 3604 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:45:56.0393 3604 Netman - ok
00:45:56.0410 3604 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:45:56.0416 3604 netprofm - ok
00:45:56.0484 3604 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:45:56.0486 3604 NetTcpPortSharing - ok
00:45:56.0491 3604 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:45:56.0492 3604 nfrd960 - ok
00:45:56.0527 3604 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:45:56.0531 3604 NlaSvc - ok
00:45:56.0570 3604 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys
00:45:56.0571 3604 npf - ok
00:45:56.0588 3604 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:45:56.0589 3604 Npfs - ok
00:45:56.0631 3604 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:45:56.0633 3604 nsi - ok
00:45:56.0673 3604 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:45:56.0674 3604 nsiproxy - ok
00:45:56.0738 3604 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:45:56.0753 3604 Ntfs - ok
00:45:56.0761 3604 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:45:56.0761 3604 Null - ok
00:45:56.0799 3604 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
00:45:56.0800 3604 NVHDA - ok
00:45:57.0025 3604 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:45:57.0143 3604 nvlddmkm - ok
00:45:57.0186 3604 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:45:57.0188 3604 nvraid - ok
00:45:57.0223 3604 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:45:57.0225 3604 nvstor - ok
00:45:57.0270 3604 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
00:45:57.0279 3604 nvsvc - ok
00:45:57.0335 3604 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:45:57.0346 3604 nvUpdatusService - ok
00:45:57.0374 3604 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:45:57.0375 3604 nv_agp - ok
00:45:57.0410 3604 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:45:57.0411 3604 ohci1394 - ok
00:45:57.0466 3604 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:45:57.0467 3604 ose64 - ok
00:45:57.0599 3604 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:45:57.0642 3604 osppsvc - ok
00:45:57.0688 3604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:45:57.0693 3604 p2pimsvc - ok
00:45:57.0724 3604 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:45:57.0729 3604 p2psvc - ok
00:45:57.0764 3604 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
00:45:57.0765 3604 Parport - ok
00:45:57.0792 3604 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:45:57.0794 3604 partmgr - ok
00:45:57.0827 3604 [ 54C6BD3C6C102396EB01A4877DF7B6E3 ] PcaSp50 C:\Windows\system32\Drivers\PcaSp50.sys
00:45:57.0828 3604 PcaSp50 - ok
00:45:57.0844 3604 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:45:57.0847 3604 PcaSvc - ok
00:45:57.0858 3604 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:45:57.0859 3604 pci - ok
00:45:57.0868 3604 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:45:57.0869 3604 pciide - ok
00:45:57.0910 3604 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:45:57.0913 3604 pcmcia - ok
00:45:57.0921 3604 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:45:57.0921 3604 pcw - ok
00:45:57.0949 3604 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:45:57.0954 3604 PEAUTH - ok
00:45:58.0008 3604 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:45:58.0022 3604 PeerDistSvc - ok
00:45:58.0096 3604 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:45:58.0097 3604 PerfHost - ok
00:45:58.0154 3604 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:45:58.0168 3604 pla - ok
00:45:58.0207 3604 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:45:58.0212 3604 PlugPlay - ok
00:45:58.0246 3604 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:45:58.0247 3604 Pml Driver HPZ12 - ok
00:45:58.0268 3604 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:45:58.0269 3604 PNRPAutoReg - ok
00:45:58.0288 3604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:45:58.0292 3604 PNRPsvc - ok
00:45:58.0335 3604 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:45:58.0340 3604 PolicyAgent - ok
00:45:58.0379 3604 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:45:58.0382 3604 Power - ok
00:45:58.0423 3604 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:45:58.0424 3604 PptpMiniport - ok
00:45:58.0439 3604 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
00:45:58.0439 3604 Processor - ok
00:45:58.0488 3604 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:45:58.0491 3604 ProfSvc - ok
00:45:58.0520 3604 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:45:58.0521 3604 ProtectedStorage - ok
00:45:58.0580 3604 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:45:58.0581 3604 Psched - ok
00:45:58.0614 3604 [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
00:45:58.0615 3604 PxHlpa64 - ok
00:45:58.0667 3604 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:45:58.0681 3604 ql2300 - ok
00:45:58.0731 3604 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:45:58.0733 3604 ql40xx - ok
00:45:58.0765 3604 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:45:58.0769 3604 QWAVE - ok
00:45:58.0781 3604 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:45:58.0782 3604 QWAVEdrv - ok
00:45:58.0801 3604 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:45:58.0801 3604 RasAcd - ok
00:45:58.0818 3604 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:45:58.0819 3604 RasAgileVpn - ok
00:45:58.0838 3604 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:45:58.0841 3604 RasAuto - ok
00:45:58.0851 3604 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:45:58.0852 3604 Rasl2tp - ok
00:45:58.0868 3604 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:45:58.0873 3604 RasMan - ok
00:45:58.0898 3604 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:45:58.0899 3604 RasPppoe - ok
00:45:58.0932 3604 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:45:58.0933 3604 RasSstp - ok
00:45:58.0988 3604 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:45:58.0991 3604 rdbss - ok
00:45:59.0015 3604 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:45:59.0016 3604 rdpbus - ok
00:45:59.0024 3604 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:45:59.0024 3604 RDPCDD - ok
00:45:59.0061 3604 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:45:59.0063 3604 RDPDR - ok
00:45:59.0088 3604 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:45:59.0088 3604 RDPENCDD - ok
00:45:59.0098 3604 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:45:59.0098 3604 RDPREFMP - ok
00:45:59.0131 3604 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:45:59.0132 3604 RdpVideoMiniport - ok
00:45:59.0170 3604 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:45:59.0172 3604 RDPWD - ok
00:45:59.0202 3604 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:45:59.0204 3604 rdyboost - ok
00:45:59.0239 3604 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:45:59.0241 3604 RemoteAccess - ok
00:45:59.0279 3604 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:45:59.0282 3604 RemoteRegistry - ok
00:45:59.0310 3604 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:45:59.0312 3604 RpcEptMapper - ok
00:45:59.0359 3604 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:45:59.0360 3604 RpcLocator - ok
00:45:59.0404 3604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:45:59.0410 3604 RpcSs - ok
00:45:59.0439 3604 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:45:59.0440 3604 rspndr - ok
00:45:59.0480 3604 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:45:59.0486 3604 RTL8167 - ok
00:45:59.0515 3604 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
00:45:59.0516 3604 RtNdPt60 - ok
00:45:59.0551 3604 [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
00:45:59.0552 3604 RTTEAMPT - ok
00:45:59.0565 3604 [ ED0624ED83121E1BC141F49B1316CAA0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys
00:45:59.0566 3604 RTVLANPT - ok
00:45:59.0621 3604 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:45:59.0621 3604 s3cap - ok
00:45:59.0644 3604 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:45:59.0646 3604 SamSs - ok
00:45:59.0676 3604 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:45:59.0678 3604 sbp2port - ok
00:45:59.0722 3604 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:45:59.0725 3604 SCardSvr - ok
00:45:59.0732 3604 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:45:59.0733 3604 scfilter - ok
00:45:59.0787 3604 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:45:59.0798 3604 Schedule - ok
00:45:59.0828 3604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:45:59.0829 3604 SCPolicySvc - ok
00:45:59.0838 3604 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:45:59.0841 3604 SDRSVC - ok
00:45:59.0874 3604 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:45:59.0875 3604 secdrv - ok
00:45:59.0898 3604 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:45:59.0900 3604 seclogon - ok
00:45:59.0936 3604 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:45:59.0938 3604 SENS - ok
00:45:59.0943 3604 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:45:59.0944 3604 SensrSvc - ok
00:45:59.0952 3604 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:45:59.0953 3604 Serenum - ok
00:45:59.0965 3604 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:45:59.0967 3604 Serial - ok
00:45:59.0978 3604 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:45:59.0978 3604 sermouse - ok
00:46:00.0018 3604 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:46:00.0018 3604 SessionEnv - ok
00:46:00.0028 3604 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:46:00.0029 3604 sffdisk - ok
00:46:00.0034 3604 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:46:00.0034 3604 sffp_mmc - ok
00:46:00.0040 3604 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:46:00.0040 3604 sffp_sd - ok
00:46:00.0091 3604 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:46:00.0091 3604 sfloppy - ok
00:46:00.0113 3604 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:46:00.0118 3604 ShellHWDetection - ok
00:46:00.0144 3604 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:46:00.0145 3604 SiSRaid2 - ok
00:46:00.0175 3604 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:46:00.0176 3604 SiSRaid4 - ok
00:46:00.0201 3604 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:46:00.0202 3604 Smb - ok
00:46:00.0233 3604 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:46:00.0235 3604 SNMPTRAP - ok
00:46:00.0250 3604 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:46:00.0250 3604 spldr - ok
00:46:00.0329 3604 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:46:00.0336 3604 Spooler - ok
00:46:00.0396 3604 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:46:00.0427 3604 sppsvc - ok
00:46:00.0438 3604 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:46:00.0441 3604 sppuinotify - ok
00:46:00.0482 3604 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:46:00.0487 3604 srv - ok
00:46:00.0516 3604 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:46:00.0520 3604 srv2 - ok
00:46:00.0554 3604 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:46:00.0556 3604 srvnet - ok
00:46:00.0610 3604 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:46:00.0613 3604 SSDPSRV - ok
00:46:00.0664 3604 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:46:00.0667 3604 SstpSvc - ok
00:46:00.0733 3604 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:46:00.0737 3604 Stereo Service - ok
00:46:00.0773 3604 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:46:00.0773 3604 stexstor - ok
00:46:00.0809 3604 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
00:46:00.0809 3604 StillCam - ok
00:46:00.0831 3604 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:46:00.0838 3604 stisvc - ok
00:46:00.0886 3604 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:46:00.0887 3604 storflt - ok
00:46:00.0900 3604 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:46:00.0901 3604 storvsc - ok
00:46:00.0918 3604 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:46:00.0919 3604 swenum - ok
00:46:00.0953 3604 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:46:00.0959 3604 swprv - ok
00:46:00.0979 3604 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
00:46:00.0980 3604 Synth3dVsc - ok
00:46:01.0023 3604 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:46:01.0039 3604 SysMain - ok
00:46:01.0049 3604 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:46:01.0052 3604 TabletInputService - ok
00:46:01.0084 3604 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:46:01.0089 3604 TapiSrv - ok
00:46:01.0127 3604 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:46:01.0130 3604 TBS - ok
00:46:01.0191 3604 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:46:01.0207 3604 Tcpip - ok
00:46:01.0242 3604 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:46:01.0258 3604 TCPIP6 - ok
00:46:01.0270 3604 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:46:01.0270 3604 tcpipreg - ok
00:46:01.0306 3604 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:46:01.0306 3604 TDPIPE - ok
00:46:01.0350 3604 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:46:01.0351 3604 TDTCP - ok
00:46:01.0367 3604 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:46:01.0368 3604 tdx - ok
00:46:01.0393 3604 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:46:01.0394 3604 TermDD - ok
00:46:01.0428 3604 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys
00:46:01.0429 3604 terminpt - ok
00:46:01.0480 3604 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:46:01.0488 3604 TermService - ok
00:46:01.0516 3604 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:46:01.0518 3604 Themes - ok
00:46:01.0526 3604 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:46:01.0528 3604 THREADORDER - ok
00:46:01.0541 3604 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:46:01.0544 3604 TrkWks - ok
00:46:01.0598 3604 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:46:01.0600 3604 TrustedInstaller - ok
00:46:01.0607 3604 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:46:01.0607 3604 tssecsrv - ok
00:46:01.0638 3604 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:46:01.0639 3604 TsUsbFlt - ok
00:46:01.0703 3604 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
00:46:01.0703 3604 TsUsbGD - ok
00:46:01.0739 3604 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
00:46:01.0741 3604 tsusbhub - ok
00:46:01.0794 3604 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:46:01.0796 3604 tunnel - ok
00:46:01.0812 3604 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:46:01.0813 3604 uagp35 - ok
00:46:01.0837 3604 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:46:01.0840 3604 udfs - ok
00:46:01.0882 3604 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:46:01.0884 3604 UI0Detect - ok
00:46:01.0901 3604 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:46:01.0902 3604 uliagpkx - ok
00:46:01.0914 3604 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:46:01.0915 3604 umbus - ok
00:46:01.0935 3604 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
00:46:01.0936 3604 UmPass - ok
00:46:01.0992 3604 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:46:01.0996 3604 UmRdpService - ok
00:46:02.0059 3604 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
00:46:02.0063 3604 UMVPFSrv - ok
00:46:02.0075 3604 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:46:02.0091 3604 upnphost - ok
00:46:02.0122 3604 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:46:02.0122 3604 usbaudio - ok
00:46:02.0174 3604 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:46:02.0176 3604 usbccgp - ok
00:46:02.0212 3604 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:46:02.0214 3604 usbcir - ok
00:46:02.0227 3604 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:46:02.0228 3604 usbehci - ok
00:46:02.0240 3604 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:46:02.0244 3604 usbhub - ok
00:46:02.0271 3604 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:46:02.0272 3604 usbohci - ok
00:46:02.0305 3604 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
00:46:02.0306 3604 usbprint - ok
00:46:02.0332 3604 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:46:02.0334 3604 USBSTOR - ok
00:46:02.0342 3604 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:46:02.0342 3604 usbuhci - ok
00:46:02.0364 3604 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:46:02.0366 3604 usbvideo - ok
00:46:02.0421 3604 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:46:02.0423 3604 UxSms - ok
00:46:02.0436 3604 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:46:02.0438 3604 VaultSvc - ok
00:46:02.0474 3604 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:46:02.0477 3604 VBoxDrv - ok
00:46:02.0510 3604 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:46:02.0511 3604 VBoxNetAdp - ok
00:46:02.0522 3604 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:46:02.0524 3604 VBoxNetFlt - ok
00:46:02.0565 3604 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:46:02.0566 3604 VBoxUSBMon - ok
00:46:02.0582 3604 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:46:02.0583 3604 vdrvroot - ok
00:46:02.0603 3604 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:46:02.0610 3604 vds - ok
00:46:02.0649 3604 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:46:02.0650 3604 vga - ok
00:46:02.0666 3604 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:46:02.0667 3604 VgaSave - ok
00:46:02.0671 3604 VGPU - ok
00:46:02.0731 3604 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:46:02.0733 3604 vhdmp - ok
00:46:02.0755 3604 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:46:02.0756 3604 viaide - ok
00:46:02.0784 3604 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:46:02.0787 3604 vmbus - ok
00:46:02.0799 3604 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:46:02.0799 3604 VMBusHID - ok
00:46:02.0846 3604 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:46:02.0848 3604 volmgr - ok
00:46:02.0866 3604 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:46:02.0870 3604 volmgrx - ok
00:46:02.0891 3604 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:46:02.0893 3604 volsnap - ok
00:46:02.0936 3604 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
00:46:02.0940 3604 Vsdatant - ok
00:46:02.0979 3604 vsmon - ok
00:46:02.0994 3604 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:46:02.0996 3604 vsmraid - ok
00:46:03.0058 3604 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:46:03.0074 3604 VSS - ok
00:46:03.0087 3604 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:46:03.0088 3604 vwifibus - ok
00:46:03.0107 3604 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:46:03.0112 3604 W32Time - ok
00:46:03.0188 3604 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:46:03.0189 3604 WacomPen - ok
00:46:03.0208 3604 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:46:03.0209 3604 WANARP - ok
00:46:03.0213 3604 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:46:03.0215 3604 Wanarpv6 - ok
00:46:03.0267 3604 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:46:03.0278 3604 WatAdminSvc - ok
00:46:03.0340 3604 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:46:03.0354 3604 wbengine - ok
00:46:03.0385 3604 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:46:03.0388 3604 WbioSrvc - ok
00:46:03.0404 3604 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:46:03.0409 3604 wcncsvc - ok
00:46:03.0421 3604 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:46:03.0423 3604 WcsPlugInService - ok
00:46:03.0496 3604 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
00:46:03.0497 3604 Wd - ok
00:46:03.0572 3604 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:46:03.0579 3604 Wdf01000 - ok
00:46:03.0609 3604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:46:03.0612 3604 WdiServiceHost - ok
00:46:03.0631 3604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:46:03.0633 3604 WdiSystemHost - ok
00:46:03.0644 3604 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:46:03.0648 3604 WebClient - ok
00:46:03.0664 3604 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:46:03.0668 3604 Wecsvc - ok
00:46:03.0682 3604 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:46:03.0685 3604 wercplsupport - ok
00:46:03.0704 3604 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:46:03.0707 3604 WerSvc - ok
00:46:03.0740 3604 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:46:03.0740 3604 WfpLwf - ok
00:46:03.0771 3604 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:46:03.0772 3604 WIMMount - ok
00:46:03.0777 3604 WinHttpAutoProxySvc - ok
00:46:03.0849 3604 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:46:03.0852 3604 Winmgmt - ok
00:46:03.0914 3604 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:46:03.0934 3604 WinRM - ok
00:46:03.0969 3604 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:46:03.0979 3604 Wlansvc - ok
00:46:04.0041 3604 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:46:04.0061 3604 wlidsvc - ok
00:46:04.0096 3604 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:46:04.0096 3604 WmiAcpi - ok
00:46:04.0132 3604 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:46:04.0134 3604 wmiApSrv - ok
00:46:04.0167 3604 WMPNetworkSvc - ok
00:46:04.0222 3604 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:46:04.0238 3604 WPCSvc - ok
00:46:04.0264 3604 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:46:04.0267 3604 WPDBusEnum - ok
00:46:04.0274 3604 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:46:04.0275 3604 ws2ifsl - ok
00:46:04.0279 3604 WSearch - ok
00:46:04.0316 3604 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:46:04.0317 3604 WudfPf - ok
00:46:04.0338 3604 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:46:04.0340 3604 WUDFRd - ok
00:46:04.0356 3604 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:46:04.0358 3604 wudfsvc - ok
00:46:04.0389 3604 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:46:04.0393 3604 WwanSvc - ok
00:46:04.0410 3604 ================ Scan global ===============================
00:46:04.0460 3604 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:46:04.0491 3604 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:46:04.0506 3604 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:46:04.0541 3604 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:46:04.0598 3604 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
00:46:04.0603 3604 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
00:46:04.0603 3604 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
00:46:04.0603 3604 ================ Scan MBR ==================================
00:46:04.0626 3604 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:46:04.0823 3604 \Device\Harddisk0\DR0 - ok
00:46:04.0826 3604 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
00:46:05.0683 3604 \Device\Harddisk1\DR1 - ok
00:46:05.0691 3604 [ 5C23CCC2F46143DF23EF90430AC1FFA6 ] \Device\Harddisk2\DR2
00:46:05.0758 3604 \Device\Harddisk2\DR2 - ok
00:46:05.0768 3604 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
00:46:06.0285 3604 \Device\Harddisk3\DR3 - ok
00:46:07.0970 3604 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
00:46:08.0117 3604 \Device\Harddisk4\DR4 - ok
00:46:08.0123 3604 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
00:46:08.0292 3604 \Device\Harddisk5\DR5 - ok
00:46:08.0294 3604 ================ Scan VBR ==================================
00:46:08.0323 3604 [ 0EE97813B034404AC985EE401FD7CE2D ] \Device\Harddisk0\DR0\Partition1
00:46:08.0324 3604 \Device\Harddisk0\DR0\Partition1 - ok
00:46:08.0331 3604 [ DC41BDA80276AB7D97E4C15C98C7B9EF ] \Device\Harddisk0\DR0\Partition2
00:46:08.0333 3604 \Device\Harddisk0\DR0\Partition2 - ok
00:46:08.0353 3604 [ 26B486FE0A707F3FB1522DD66B28A283 ] \Device\Harddisk1\DR1\Partition1
00:46:08.0355 3604 \Device\Harddisk1\DR1\Partition1 - ok
00:46:08.0373 3604 [ 7204347E74F212AB2FFDA303BF0DF0C1 ] \Device\Harddisk2\DR2\Partition1
00:46:08.0375 3604 \Device\Harddisk2\DR2\Partition1 - ok
00:46:08.0379 3604 [ 696A39D5FA62AABBB99216F0A2D7946F ] \Device\Harddisk3\DR3\Partition1
00:46:08.0382 3604 \Device\Harddisk3\DR3\Partition1 - ok
00:46:08.0386 3604 [ 375CD1DE563D36B2E43419BE6476D75D ] \Device\Harddisk4\DR4\Partition1
00:46:08.0390 3604 \Device\Harddisk4\DR4\Partition1 - ok
00:46:08.0395 3604 [ B03E04C2C8540E0C1A6F96E7CB2301E7 ] \Device\Harddisk5\DR5\Partition1
00:46:08.0396 3604 \Device\Harddisk5\DR5\Partition1 - ok
00:46:08.0397 3604 ============================================================
00:46:08.0397 3604 Scan finished
00:46:08.0397 3604 ============================================================
00:46:08.0406 4052 Detected object count: 1
00:46:08.0406 4052 Actual detected object count: 1
00:46:20.0112 4052 C:\Windows\system32\services.exe - copied to quarantine
00:46:20.0172 4052 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
00:46:20.0174 4052 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
00:46:20.0181 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\@ - copied to quarantine
00:46:20.0183 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\L\00000004.@ - copied to quarantine
00:46:20.0184 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\L\201d3dde - copied to quarantine
00:46:20.0186 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\00000004.@ - copied to quarantine
00:46:20.0189 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\00000008.@ - copied to quarantine
00:46:20.0191 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\000000cb.@ - copied to quarantine
00:46:20.0193 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000000.@ - copied to quarantine
00:46:20.0195 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000032.@ - copied to quarantine
00:46:20.0197 4052 C:\Windows\installer\{e6561886-dabc-f47a-7baa-93cfeef2b07d}\U\80000064.@ - copied to quarantine
00:46:22.0590 4052 Backup copy not found, trying to cure infected file..
00:46:22.0590 4052 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
00:46:22.0590 4052 C:\Windows\system32\services.exe - processing error
00:46:22.0590 4052 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
I hope all that is of some use to all and someone is able to assist to id this menace
Peter
Sign In
Create Account
