Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ad.directrev popup malware help please [Closed]


  • This topic is locked This topic is locked

#1
yangcliu

yangcliu

    New Member

  • Member
  • Pip
  • 5 posts
Recently installed an application by accident, didn't have system restore activated so couldnt do that. Every few times I click on my web browser (chrome) an ad popup comes up, most frequently -ad.directrev.com/RealMedia/ads/adstream_sx.ads/S0000481/1%5brandomNo%[email protected]

Ran a series of malware removal software (malwarebytes, etc) and other programs such as CCLeaner, but didnt resolve the issue.

Please help, thank you!


OTL here:

OTL logfile created on: 2/4/2013 1:29:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\Yang\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.99% Memory free
15.80 Gb Paging File | 13.21 Gb Available in Paging File | 83.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files(X86)
Drive C: | 55.80 Gb Total Space | 8.27 Gb Free Space | 14.82% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 237.98 Gb Free Space | 81.23% Space Free | Partition Type: NTFS
Drive E: | 1104.30 Gb Total Space | 498.62 Gb Free Space | 45.15% Space Free | Partition Type: NTFS

Computer Name: YANG-PC | User Name: Yang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/04 13:29:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\Yang\Downloads\OTL.exe
PRC - [2013/01/15 13:55:05 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Yang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/12/05 15:40:02 | 000,597,880 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2012/12/05 15:39:26 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/12/05 15:39:08 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2012/12/05 15:39:04 | 000,366,456 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2012/12/05 15:38:56 | 000,260,472 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2012/12/05 15:38:54 | 000,375,672 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2012/11/15 18:01:18 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Yang\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/06/10 16:21:59 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
PRC - [2012/05/23 17:14:44 | 000,819,056 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\server.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/19 09:57:32 | 001,020,416 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
PRC - [2011/10/17 14:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Yang\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/02 02:03:25 | 012,459,888 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/13 18:37:07 | 000,643,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\93a86e2f9e5a785454a51696aab41220\HD-Agent.ni.exe
MOD - [2013/01/13 18:37:06 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\bfe1111ccd8ba885611c06bfadb43908\JSON.ni.dll
MOD - [2013/01/10 04:16:48 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4fa75aed82f50d4a7831755a0c4f7b2\IAStorUtil.ni.dll
MOD - [2013/01/10 03:23:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/10 03:23:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:23:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:23:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:22:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:22:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:22:53 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:22:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/05/23 17:14:44 | 000,819,056 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\server.exe
MOD - [2012/04/30 02:55:48 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
MOD - [2012/04/30 02:55:45 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/04/30 02:55:45 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/04/30 02:55:45 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/04/30 02:55:45 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2012/03/19 09:57:32 | 001,020,416 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MOD - [2012/02/07 23:11:36 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\win32gui.pyd
MOD - [2012/02/07 23:11:32 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\win32api.pyd
MOD - [2012/02/07 23:09:54 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\pywintypes26.dll
MOD - [2010/08/24 17:48:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_ctypes.pyd
MOD - [2010/08/24 17:48:02 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_ssl.pyd
MOD - [2010/08/24 17:47:50 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_socket.pyd
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files(X86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/13 06:36:00 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\autopy.mouse.pyd
MOD - [2010/01/13 06:35:52 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\autopy.key.pyd
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Yang\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/16 15:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/05 15:39:26 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/12/05 15:39:08 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/11/15 18:01:16 | 002,461,104 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/13 15:20:57 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/09 04:02:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/10/17 14:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/08 14:17:00 | 004,865,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 19:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 19:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/08/18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/04 18:31:22 | 000,180,224 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/17 13:30:04 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/06/13 17:03:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/22 18:32:16 | 000,075,552 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/09 09:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/10/17 13:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/14 16:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 16:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/06/29 04:18:16 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/12/05 15:39:18 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/09/04 18:26:38 | 000,039,968 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...000f46d044299c8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 1A 51 9C 49 47 CD 01 [binary data]
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000f46d044299c8
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyFNIINe5&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: mytube%40ashishmishra.in:0.973
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~4\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~4\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Yang\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Yang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\duowan.com/Checker: C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll (广州多玩信息技术有限公司)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Users\Yang\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 22:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/18 22:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yang\AppData\Roaming\Mozilla\Extensions
[2013/02/04 13:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\extensions
[2013/01/18 22:22:47 | 000,099,554 | ---- | M] () (No name found) -- C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\extensions\[email protected]
File not found (No name found) -- C:\USERS\YANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SWXG1LG.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~4\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~4\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: \u6B6A\u6B6A (Enabled) = C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files(X86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Yang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Yang\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: live player = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcnoocjdgpaeliplnkbhbpccighjkeef\3.2_0\
CHR - Extension: YousableTubeFix for Chrome = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchfimlohbodnpamghfgfgabbnfajpbe\2012.12.15_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\
CHR - Extension: Gmail = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\jccatch.dll (www.flashget.com)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [autoauto] C:\Windows\SysWow64\c.bat ()
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Yang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Yang\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Yang\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Yang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\JC_LINK.HTM ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCB237-AE51-4198-B85B-1A1FED4AEC0F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF992A4-C976-4834-9962-90036267E42D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (c:\windows\syswow64\appinit_dll.dll) - c:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72f140a6-b353-11e1-98ac-9178d5067f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{72f140a6-b353-11e1-98ac-9178d5067f6f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{944d28cb-d09e-11e1-a1dc-f46d044299c8}\Shell - "" = AutoRun
O33 - MountPoints2\{944d28cb-d09e-11e1-a1dc-f46d044299c8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\drivers\setup.exe
O33 - MountPoints2\{ad259ebb-b34b-11e1-8a7c-f4d8e7f77a10}\Shell - "" = AutoRun
O33 - MountPoints2\{ad259ebb-b34b-11e1-8a7c-f4d8e7f77a10}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O33 - MountPoints2\{fdf088d6-b56c-11e1-9577-f46d044299c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fdf088d6-b56c-11e1-9577-f46d044299c8}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 13:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/02/04 13:23:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/04 13:17:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/04 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/04 13:14:16 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\RK_Quarantine
[2013/02/04 12:27:05 | 000,000,000 | ---D | C] -- C:\a
[2013/02/02 20:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/02/01 21:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2013/02/01 19:24:31 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\New folder (3)
[2013/01/30 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\207_0131
[2013/01/25 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\203_0126
[2013/01/18 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Local\Macromedia
[2013/01/18 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Roaming\Mozilla
[2013/01/18 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Local\Mozilla
[2013/01/18 22:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/16 08:44:13 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\Bernanke
[2013/01/15 13:55:10 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Local\Spotify
[2013/01/15 13:54:56 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Roaming\Spotify
[2013/01/15 02:40:00 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\200_0115
[2013/01/13 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013/01/13 18:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013/01/13 18:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/01/10 03:00:13 | 000,000,000 | ---D | C] -- C:\Program Files(X86)\Reference Assemblies
[2013/01/09 04:18:02 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 04:18:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 04:17:57 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 04:17:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 04:17:55 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 04:17:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 04:17:55 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 04:17:55 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 04:17:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 04:17:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 04:17:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 04:17:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 04:17:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 04:17:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 04:17:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 04:17:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 04:17:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 04:17:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 04:17:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 04:17:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 04:17:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 04:17:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 04:17:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 04:17:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 04:17:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 04:17:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 04:17:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 04:17:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 04:17:54 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 04:17:54 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 04:17:54 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 04:17:54 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 04:17:54 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 04:17:54 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 04:17:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 04:17:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 04:17:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 04:17:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 04:17:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 04:17:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 04:17:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 04:17:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 04:17:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 04:17:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 04:17:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 04:17:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 04:17:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 04:17:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 04:17:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 04:17:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 04:17:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 04:17:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 04:17:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 04:17:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 04:17:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 04:17:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 04:17:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 04:17:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 04:17:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 04:17:41 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/08 19:35:19 | 000,076,800 | ---- | C] (Pokemonium) -- C:\Users\Yang\Desktop\PokeBot.exe
[2013/01/08 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\roms
[2013/01/08 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\data
[2013/01/07 18:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/01/07 18:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/01/06 17:30:05 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\Pokemon
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 E:\Users\Yang\Documents\*.tmp files -> E:\Users\Yang\Documents\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Yang\Desktop\*.tmp files -> C:\Users\Yang\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/04 13:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 13:25:51 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/04 13:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 13:00:04 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 13:00:04 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 12:58:59 | 001,542,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 12:58:59 | 000,419,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 12:58:59 | 000,006,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 12:36:09 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000UA.job
[2013/02/04 12:36:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/04 10:42:20 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000UA.job
[2013/02/04 01:40:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000Core.job
[2013/02/03 22:43:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000Core.job
[2013/02/03 04:42:07 | 000,052,711 | ---- | M] () -- C:\Users\Yang\Desktop\00copy.png
[2013/02/03 04:42:00 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/03 04:40:23 | 000,033,143 | ---- | M] () -- C:\Users\Yang\Desktop\000Capture.JPG
[2013/02/03 04:21:56 | 000,078,849 | ---- | M] () -- C:\Users\Yang\Desktop\000123.JPG
[2013/02/03 04:20:47 | 000,063,806 | ---- | M] () -- C:\Users\Yang\Desktop\111111c.JPG
[2013/02/03 04:18:58 | 000,050,044 | ---- | M] () -- C:\Users\Yang\Desktop\000000Capture.JPG
[2013/02/01 21:17:00 | 000,001,445 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2013/02/01 20:22:15 | 000,097,937 | ---- | M] () -- E:\Users\Yang\Documents\MCORRP_Yangcheng_Liu.pdf
[2013/02/01 20:20:45 | 000,097,893 | ---- | M] () -- E:\Users\Yang\Documents\MCORRP_YangchengLiu.pdf
[2013/01/31 12:06:30 | 002,454,435 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2606.JPG
[2013/01/30 19:06:17 | 002,807,405 | ---- | M] () -- C:\Users\Yang\Desktop\sue.psd
[2013/01/30 18:52:16 | 009,599,979 | ---- | M] () -- C:\Users\Yang\Desktop\taub.psd
[2013/01/30 18:52:10 | 001,191,096 | ---- | M] () -- C:\Users\Yang\Desktop\TAUBMAN2.jpg
[2013/01/30 17:43:38 | 004,015,745 | ---- | M] () -- C:\Users\Yang\Desktop\taunb.psd
[2013/01/29 20:02:51 | 002,685,045 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2592.JPG
[2013/01/28 23:02:39 | 029,573,234 | ---- | M] () -- C:\Users\Yang\Desktop\MVI_2590.AVI
[2013/01/28 21:56:32 | 002,811,270 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2586.JPG
[2013/01/28 15:46:38 | 001,268,108 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2581.JPG
[2013/01/28 15:43:07 | 001,117,036 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2584.JPG
[2013/01/24 21:45:13 | 005,035,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/22 10:12:08 | 000,055,466 | ---- | M] () -- C:\Users\Yang\Desktop\eurusd321.PNG
[2013/01/22 01:19:14 | 002,295,032 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2537.JPG
[2013/01/21 11:43:40 | 000,761,662 | ---- | M] () -- C:\Users\Yang\Desktop\kellz.png
[2013/01/19 20:18:19 | 000,680,440 | ---- | M] () -- C:\Users\Yang\Desktop\Capture897890.PNG
[2013/01/19 17:21:52 | 000,099,037 | ---- | M] () -- C:\Users\Yang\Desktop\What the...-argo.dvdscr.xvid.srt
[2013/01/18 14:03:29 | 000,032,683 | ---- | M] () -- C:\Users\Yang\Desktop\day2.png
[2013/01/18 13:50:10 | 000,109,217 | ---- | M] () -- C:\Users\Yang\Desktop\day1.png
[2013/01/18 11:46:09 | 001,044,591 | ---- | M] () -- C:\Users\Yang\Desktop\IMG00353-20120904-1629.jpg
[2013/01/18 11:25:50 | 000,816,999 | ---- | M] () -- C:\Users\Yang\Desktop\ap.PNG
[2013/01/18 11:20:33 | 000,101,425 | ---- | M] () -- C:\Users\Yang\Desktop\DSC06668_zpse4caf3e5.jpg
[2013/01/17 22:57:48 | 000,052,922 | ---- | M] () -- C:\Users\Yang\Desktop\TBT.jpg
[2013/01/17 18:27:03 | 001,684,273 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2535.JPG
[2013/01/17 18:27:00 | 001,821,190 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2534.JPG
[2013/01/17 18:26:58 | 001,761,600 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2533.JPG
[2013/01/17 18:26:56 | 001,618,609 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2532.JPG
[2013/01/17 18:26:50 | 001,902,356 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2530.JPG
[2013/01/17 18:26:50 | 001,491,434 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2531.JPG
[2013/01/17 18:26:49 | 001,926,995 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2529.JPG
[2013/01/17 17:57:35 | 002,250,904 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2520.JPG
[2013/01/17 16:58:24 | 000,080,392 | ---- | M] () -- C:\Users\Yang\Desktop\602403_389597677784500_645655030_n.jpg
[2013/01/17 16:28:42 | 000,157,272 | ---- | M] () -- C:\Users\Yang\Desktop\3333.jpg
[2013/01/17 16:23:00 | 000,000,043 | ---- | M] () -- C:\Users\Yang\Desktop\qm.gif
[2013/01/16 20:58:52 | 000,011,687 | ---- | M] () -- C:\Users\Yang\Desktop\bestchuck.PNG
[2013/01/16 13:01:34 | 000,045,008 | ---- | M] () -- C:\Users\Yang\Desktop\capture222.png
[2013/01/16 09:20:06 | 000,044,167 | ---- | M] () -- C:\Users\Yang\Desktop\mross3.PNG
[2013/01/16 09:17:41 | 000,050,137 | ---- | M] () -- C:\Users\Yang\Desktop\mross2.PNG
[2013/01/16 09:15:24 | 000,064,881 | ---- | M] () -- C:\Users\Yang\Desktop\mross.PNG
[2013/01/16 06:27:28 | 000,013,032 | ---- | M] () -- C:\Users\Yang\Desktop\50pips.PNG
[2013/01/15 14:54:08 | 000,016,432 | ---- | M] () -- C:\Users\Yang\Desktop\lolz.PNG
[2013/01/15 13:55:10 | 000,001,762 | ---- | M] () -- C:\Users\Yang\Desktop\Spotify.lnk
[2013/01/15 03:37:42 | 000,198,243 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m1mf1neEgX1rscs64o1_1280.jpg
[2013/01/14 11:45:55 | 000,055,069 | ---- | M] () -- C:\Users\Yang\Desktop\BAMMKVrCEAEbdtd.jpg-large
[2013/01/13 22:36:55 | 000,012,851 | ---- | M] () -- C:\Users\Yang\Desktop\1024.jpg
[2013/01/13 22:33:01 | 000,008,198 | ---- | M] () -- C:\Users\Yang\Desktop\123321123.jpeg
[2013/01/13 22:24:51 | 000,014,383 | ---- | M] () -- C:\Users\Yang\Desktop\me1.jpg
[2013/01/12 22:37:05 | 000,688,122 | ---- | M] () -- C:\Users\Yang\Desktop\yanggg1.PNG
[2013/01/12 18:30:13 | 003,422,298 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2488.JPG
[2013/01/12 16:29:13 | 001,260,608 | ---- | M] () -- C:\Users\Yang\Desktop\twitter.jpg
[2013/01/12 16:18:55 | 000,237,201 | ---- | M] () -- C:\Users\Yang\Desktop\maryyyyyyyyy.jpg
[2013/01/12 16:18:21 | 000,013,966 | ---- | M] () -- C:\Users\Yang\Desktop\pp1.jpg
[2013/01/12 16:14:59 | 000,688,091 | ---- | M] () -- C:\Users\Yang\Desktop\yanggg.PNG
[2013/01/12 13:53:26 | 000,077,946 | ---- | M] () -- C:\Users\Yang\Desktop\Skyfall.ENG.srt
[2013/01/11 14:37:43 | 000,000,259 | ---- | M] () -- C:\Users\Yang\Desktop\230_F12_L22_acid_base1 2 (2).url
[2013/01/11 03:51:54 | 000,833,302 | ---- | M] () -- C:\Users\Yang\Desktop\em.png
[2013/01/11 02:27:45 | 000,876,242 | ---- | M] () -- C:\Users\Yang\Desktop\charleys.PNG
[2013/01/11 02:18:17 | 000,090,996 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m53dilRAsz1rscs64o1_1280.jpg
[2013/01/11 02:18:06 | 000,223,988 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m53l08suR81rscs64o1_1280.jpg
[2013/01/11 02:16:57 | 000,143,399 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m571ku1VfR1rscs64o1_1280.jpg
[2013/01/10 13:15:05 | 000,053,951 | ---- | M] () -- C:\Users\Yang\Desktop\wow.PNG
[2013/01/08 05:17:17 | 000,000,532 | ---- | M] () -- C:\Users\Yang\Desktop\PokeMMO - Shortcut.lnk
[2013/01/07 21:19:30 | 000,468,538 | ---- | M] () -- C:\Users\Yang\Desktop\aj.jpg
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 E:\Users\Yang\Documents\*.tmp files -> E:\Users\Yang\Documents\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Yang\Desktop\*.tmp files -> C:\Users\Yang\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/04 13:25:51 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/03 04:41:17 | 000,052,711 | ---- | C] () -- C:\Users\Yang\Desktop\00copy.png
[2013/02/03 04:40:22 | 000,033,143 | ---- | C] () -- C:\Users\Yang\Desktop\000Capture.JPG
[2013/02/03 04:21:56 | 000,078,849 | ---- | C] () -- C:\Users\Yang\Desktop\000123.JPG
[2013/02/03 04:20:47 | 000,063,806 | ---- | C] () -- C:\Users\Yang\Desktop\111111c.JPG
[2013/02/03 04:18:58 | 000,050,044 | ---- | C] () -- C:\Users\Yang\Desktop\000000Capture.JPG
[2013/02/01 21:17:00 | 000,001,445 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2013/02/01 20:22:15 | 000,097,937 | ---- | C] () -- E:\Users\Yang\Documents\MCORRP_Yangcheng_Liu.pdf
[2013/02/01 20:20:45 | 000,097,893 | ---- | C] () -- E:\Users\Yang\Documents\MCORRP_YangchengLiu.pdf
[2013/01/31 12:06:30 | 002,454,435 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2606.JPG
[2013/01/30 19:05:20 | 002,807,405 | ---- | C] () -- C:\Users\Yang\Desktop\sue.psd
[2013/01/30 18:52:08 | 001,191,096 | ---- | C] () -- C:\Users\Yang\Desktop\TAUBMAN2.jpg
[2013/01/30 18:33:52 | 009,599,979 | ---- | C] () -- C:\Users\Yang\Desktop\taub.psd
[2013/01/30 17:43:36 | 004,015,745 | ---- | C] () -- C:\Users\Yang\Desktop\taunb.psd
[2013/01/29 20:02:51 | 002,685,045 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2592.JPG
[2013/01/28 23:02:36 | 029,573,234 | ---- | C] () -- C:\Users\Yang\Desktop\MVI_2590.AVI
[2013/01/28 21:56:31 | 002,811,270 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2586.JPG
[2013/01/28 15:43:47 | 001,268,108 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2581.JPG
[2013/01/28 15:43:07 | 001,117,036 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2584.JPG
[2013/01/24 14:14:31 | 000,099,037 | ---- | C] () -- C:\Users\Yang\Desktop\What the...-argo.dvdscr.xvid.srt
[2013/01/22 10:12:08 | 000,055,466 | ---- | C] () -- C:\Users\Yang\Desktop\eurusd321.PNG
[2013/01/22 01:19:14 | 002,295,032 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2537.JPG
[2013/01/21 11:43:40 | 000,761,662 | ---- | C] () -- C:\Users\Yang\Desktop\kellz.png
[2013/01/20 18:06:26 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2013/01/20 18:06:14 | 000,000,696 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2013/01/20 18:05:59 | 000,000,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2013/01/20 18:05:52 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2013/01/20 18:05:30 | 000,000,790 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/01/20 18:05:28 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013/01/19 20:18:19 | 000,680,440 | ---- | C] () -- C:\Users\Yang\Desktop\Capture897890.PNG
[2013/01/18 22:19:14 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/18 22:19:14 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/18 14:03:29 | 000,032,683 | ---- | C] () -- C:\Users\Yang\Desktop\day2.png
[2013/01/18 13:49:14 | 000,109,217 | ---- | C] () -- C:\Users\Yang\Desktop\day1.png
[2013/01/18 11:25:50 | 000,816,999 | ---- | C] () -- C:\Users\Yang\Desktop\ap.PNG
[2013/01/18 11:20:32 | 000,101,425 | ---- | C] () -- C:\Users\Yang\Desktop\DSC06668_zpse4caf3e5.jpg
[2013/01/17 22:57:47 | 000,052,922 | ---- | C] () -- C:\Users\Yang\Desktop\TBT.jpg
[2013/01/17 18:26:50 | 001,491,434 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2531.JPG
[2013/01/17 18:26:49 | 001,926,995 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2529.JPG
[2013/01/17 18:26:49 | 001,902,356 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2530.JPG
[2013/01/17 18:26:49 | 001,684,273 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2535.JPG
[2013/01/17 18:26:48 | 001,821,190 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2534.JPG
[2013/01/17 18:26:48 | 001,761,600 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2533.JPG
[2013/01/17 18:26:48 | 001,618,609 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2532.JPG
[2013/01/17 17:57:04 | 002,250,904 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2520.JPG
[2013/01/17 16:58:24 | 000,080,392 | ---- | C] () -- C:\Users\Yang\Desktop\602403_389597677784500_645655030_n.jpg
[2013/01/17 16:28:42 | 000,157,272 | ---- | C] () -- C:\Users\Yang\Desktop\3333.jpg
[2013/01/17 16:22:59 | 000,000,043 | ---- | C] () -- C:\Users\Yang\Desktop\qm.gif
[2013/01/16 20:58:52 | 000,011,687 | ---- | C] () -- C:\Users\Yang\Desktop\bestchuck.PNG
[2013/01/16 13:01:34 | 000,045,008 | ---- | C] () -- C:\Users\Yang\Desktop\capture222.png
[2013/01/16 09:20:06 | 000,044,167 | ---- | C] () -- C:\Users\Yang\Desktop\mross3.PNG
[2013/01/16 09:17:41 | 000,050,137 | ---- | C] () -- C:\Users\Yang\Desktop\mross2.PNG
[2013/01/16 09:15:24 | 000,064,881 | ---- | C] () -- C:\Users\Yang\Desktop\mross.PNG
[2013/01/16 06:27:28 | 000,013,032 | ---- | C] () -- C:\Users\Yang\Desktop\50pips.PNG
[2013/01/15 14:54:08 | 000,016,432 | ---- | C] () -- C:\Users\Yang\Desktop\lolz.PNG
[2013/01/15 13:55:10 | 000,001,762 | ---- | C] () -- C:\Users\Yang\Desktop\Spotify.lnk
[2013/01/15 13:55:10 | 000,001,748 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/01/15 03:37:42 | 000,198,243 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m1mf1neEgX1rscs64o1_1280.jpg
[2013/01/14 11:45:55 | 000,055,069 | ---- | C] () -- C:\Users\Yang\Desktop\BAMMKVrCEAEbdtd.jpg-large
[2013/01/14 00:16:35 | 000,077,946 | ---- | C] () -- C:\Users\Yang\Desktop\Skyfall.ENG.srt
[2013/01/13 22:36:55 | 000,012,851 | ---- | C] () -- C:\Users\Yang\Desktop\1024.jpg
[2013/01/13 22:33:00 | 000,008,198 | ---- | C] () -- C:\Users\Yang\Desktop\123321123.jpeg
[2013/01/13 22:24:50 | 000,014,383 | ---- | C] () -- C:\Users\Yang\Desktop\me1.jpg
[2013/01/12 22:37:05 | 000,688,122 | ---- | C] () -- C:\Users\Yang\Desktop\yanggg1.PNG
[2013/01/12 18:30:12 | 003,422,298 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2488.JPG
[2013/01/12 16:29:13 | 001,260,608 | ---- | C] () -- C:\Users\Yang\Desktop\twitter.jpg
[2013/01/12 16:18:54 | 000,237,201 | ---- | C] () -- C:\Users\Yang\Desktop\maryyyyyyyyy.jpg
[2013/01/12 16:18:21 | 000,013,966 | ---- | C] () -- C:\Users\Yang\Desktop\pp1.jpg
[2013/01/12 16:14:59 | 000,688,091 | ---- | C] () -- C:\Users\Yang\Desktop\yanggg.PNG
[2013/01/11 14:37:43 | 000,000,259 | ---- | C] () -- C:\Users\Yang\Desktop\230_F12_L22_acid_base1 2 (2).url
[2013/01/11 03:51:54 | 000,833,302 | ---- | C] () -- C:\Users\Yang\Desktop\em.png
[2013/01/11 02:27:45 | 000,876,242 | ---- | C] () -- C:\Users\Yang\Desktop\charleys.PNG
[2013/01/11 02:18:17 | 000,090,996 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m53dilRAsz1rscs64o1_1280.jpg
[2013/01/11 02:18:06 | 000,223,988 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m53l08suR81rscs64o1_1280.jpg
[2013/01/11 02:16:57 | 000,143,399 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m571ku1VfR1rscs64o1_1280.jpg
[2013/01/10 13:15:05 | 000,053,951 | ---- | C] () -- C:\Users\Yang\Desktop\wow.PNG
[2013/01/08 05:17:17 | 000,000,532 | ---- | C] () -- C:\Users\Yang\Desktop\PokeMMO - Shortcut.lnk
[2013/01/07 21:19:30 | 000,468,538 | ---- | C] () -- C:\Users\Yang\Desktop\aj.jpg
[2012/11/16 15:26:27 | 000,000,647 | ---- | C] () -- C:\Users\Yang\Libraries - Shortcut.lnk
[2012/08/24 21:42:24 | 000,776,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 16:32:06 | 000,000,250 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/11 21:45:08 | 000,000,132 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/07/02 15:12:09 | 000,186,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/06/29 14:57:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/23 17:14:53 | 000,000,017 | ---- | C] () -- C:\Users\Yang\AppData\Local\resmon.resmoncfg
[2012/06/23 02:19:50 | 000,045,270 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\room_v3.dat
[2012/06/21 12:18:18 | 000,000,256 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\04F46D044299C8
[2012/06/10 20:10:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/05/02 21:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/06/25 11:01:39 | 000,000,000 | ---D | M](E:\Users\Yang\Documents\??YY) -- E:\Users\Yang\Documents\我的YY
[2012/06/25 11:01:39 | 000,000,000 | ---D | C](E:\Users\Yang\Documents\??YY) -- E:\Users\Yang\Documents\我的YY
(C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\多玩

========== Alternate Data Streams ==========

@Alternate Data Stream - 1206 bytes -> C:\ProgramData\Microsoft:hnGc0KNF8ez6vN0ahpQ1Cvkmqf
@Alternate Data Stream - 1135 bytes -> C:\ProgramData\Microsoft:QFZIIfyXsHBfJmbB3aV1

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can clear it for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...000f46d044299c8
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000f46d044299c8
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyFNIINe5&i=26
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4 - HKLM..\Run: [autoauto] C:\Windows\SysWow64\c.bat ()
[2013/02/02 20:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
@Alternate Data Stream - 1206 bytes -> C:\ProgramData\Microsoft:hnGc0KNF8ez6vN0ahpQ1Cvkmqf
@Alternate Data Stream - 1135 bytes -> C:\ProgramData\Microsoft:QFZIIfyXsHBfJmbB3aV1

:Files
C:\PROGRAM FILES\WEB ASSISTANT:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
yangcliu

yangcliu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Still same problem with the popups. I'm 100% sure its the application i installed yesterday from firstrowsports by accident. Not sure how to even find the directory it installed in...if at all

OTL logfile created on: 2/4/2013 3:10:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\Yang\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.95% Memory free
15.80 Gb Paging File | 13.37 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files(X86)
Drive C: | 55.80 Gb Total Space | 7.09 Gb Free Space | 12.70% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 237.98 Gb Free Space | 81.23% Space Free | Partition Type: NTFS
Drive E: | 1104.30 Gb Total Space | 524.90 Gb Free Space | 47.53% Space Free | Partition Type: NTFS

Computer Name: YANG-PC | User Name: Yang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/04 13:29:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\Yang\Downloads\OTL.exe
PRC - [2013/01/15 13:55:05 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Yang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/12/05 15:40:02 | 000,597,880 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2012/12/05 15:39:26 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/12/05 15:39:08 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2012/12/05 15:39:04 | 000,366,456 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2012/12/05 15:38:56 | 000,260,472 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2012/12/05 15:38:54 | 000,375,672 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2012/11/15 18:01:18 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Yang\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/06/10 16:21:59 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
PRC - [2012/05/23 17:14:44 | 000,819,056 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\server.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/19 09:57:32 | 001,020,416 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
PRC - [2011/10/17 14:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Yang\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/13 18:37:07 | 000,643,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\93a86e2f9e5a785454a51696aab41220\HD-Agent.ni.exe
MOD - [2013/01/13 18:37:06 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\bfe1111ccd8ba885611c06bfadb43908\JSON.ni.dll
MOD - [2013/01/10 04:16:48 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4fa75aed82f50d4a7831755a0c4f7b2\IAStorUtil.ni.dll
MOD - [2013/01/10 03:23:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/10 03:23:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:23:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:23:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:22:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:22:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:22:53 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:22:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/05/23 17:14:44 | 000,819,056 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\server.exe
MOD - [2012/04/30 02:55:48 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
MOD - [2012/04/30 02:55:45 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/04/30 02:55:45 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/04/30 02:55:45 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/04/30 02:55:45 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2012/03/19 09:57:32 | 001,020,416 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MOD - [2012/02/07 23:11:36 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\win32gui.pyd
MOD - [2012/02/07 23:11:32 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\win32api.pyd
MOD - [2012/02/07 23:09:54 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\pywintypes26.dll
MOD - [2010/08/24 17:48:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_ctypes.pyd
MOD - [2010/08/24 17:48:02 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_ssl.pyd
MOD - [2010/08/24 17:47:50 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_socket.pyd
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files(X86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/13 06:36:00 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\autopy.mouse.pyd
MOD - [2010/01/13 06:35:52 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\autopy.key.pyd
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Yang\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/16 15:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/05 15:39:26 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/12/05 15:39:08 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/11/15 18:01:16 | 002,461,104 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/13 15:20:57 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/09 04:02:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/10/17 14:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/08 14:17:00 | 004,865,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 19:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 19:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/08/18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/04 18:31:22 | 000,180,224 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/17 13:30:04 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/06/13 17:03:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/22 18:32:16 | 000,075,552 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/09 09:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/10/17 13:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/14 16:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 16:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/06/29 04:18:16 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/12/05 15:39:18 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/09/04 18:26:38 | 000,039,968 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 1A 51 9C 49 47 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: mytube%40ashishmishra.in:0.973
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~4\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~4\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Yang\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Yang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\duowan.com/Checker: C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll (广州多玩信息技术有限公司)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Users\Yang\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 22:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/18 22:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yang\AppData\Roaming\Mozilla\Extensions
[2013/02/04 13:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\extensions
[2013/01/18 22:22:47 | 000,099,554 | ---- | M] () (No name found) -- C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\extensions\[email protected]
File not found (No name found) -- C:\USERS\YANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SWXG1LG.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Yang\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~4\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~4\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: \u6B6A\u6B6A (Enabled) = C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files(X86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Yang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Yang\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: live player = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcnoocjdgpaeliplnkbhbpccighjkeef\3.2_0\
CHR - Extension: YousableTubeFix for Chrome = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchfimlohbodnpamghfgfgabbnfajpbe\2012.12.15_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\
CHR - Extension: Gmail = C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\jccatch.dll (www.flashget.com)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\getflash.dll (www.flashget.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Yang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Yang\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Yang\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Yang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\JC_LINK.HTM ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCB237-AE51-4198-B85B-1A1FED4AEC0F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF992A4-C976-4834-9962-90036267E42D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (c:\windows\syswow64\appinit_dll.dll) - c:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72f140a6-b353-11e1-98ac-9178d5067f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{72f140a6-b353-11e1-98ac-9178d5067f6f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{944d28cb-d09e-11e1-a1dc-f46d044299c8}\Shell - "" = AutoRun
O33 - MountPoints2\{944d28cb-d09e-11e1-a1dc-f46d044299c8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\drivers\setup.exe
O33 - MountPoints2\{ad259ebb-b34b-11e1-8a7c-f4d8e7f77a10}\Shell - "" = AutoRun
O33 - MountPoints2\{ad259ebb-b34b-11e1-8a7c-f4d8e7f77a10}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O33 - MountPoints2\{fdf088d6-b56c-11e1-9577-f46d044299c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fdf088d6-b56c-11e1-9577-f46d044299c8}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 13:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/02/04 13:23:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/04 13:17:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/04 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/04 13:14:16 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\RK_Quarantine
[2013/02/04 12:27:05 | 000,000,000 | ---D | C] -- C:\a
[2013/02/01 21:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2013/02/01 19:24:31 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\New folder (3)
[2013/01/30 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\207_0131
[2013/01/25 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\203_0126
[2013/01/18 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Local\Macromedia
[2013/01/18 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Roaming\Mozilla
[2013/01/18 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Local\Mozilla
[2013/01/18 22:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/16 08:44:13 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\Bernanke
[2013/01/15 13:55:10 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Local\Spotify
[2013/01/15 13:54:56 | 000,000,000 | ---D | C] -- C:\Users\Yang\AppData\Roaming\Spotify
[2013/01/15 02:40:00 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\200_0115
[2013/01/13 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013/01/13 18:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013/01/13 18:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/01/10 03:00:13 | 000,000,000 | ---D | C] -- C:\Program Files(X86)\Reference Assemblies
[2013/01/08 19:35:19 | 000,076,800 | ---- | C] (Pokemonium) -- C:\Users\Yang\Desktop\PokeBot.exe
[2013/01/08 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\roms
[2013/01/08 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\data
[2013/01/07 18:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/01/07 18:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/01/06 17:30:05 | 000,000,000 | ---D | C] -- C:\Users\Yang\Desktop\Pokemon
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 E:\Users\Yang\Documents\*.tmp files -> E:\Users\Yang\Documents\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Yang\Desktop\*.tmp files -> C:\Users\Yang\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/04 15:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 15:09:25 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 15:09:25 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 15:08:31 | 001,591,834 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 15:08:31 | 000,436,002 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 15:08:31 | 000,006,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 15:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 14:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000UA.job
[2013/02/04 13:40:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000UA.job
[2013/02/04 13:25:51 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/04 12:36:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/04 01:40:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000Core.job
[2013/02/03 22:43:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000Core.job
[2013/02/03 04:42:07 | 000,052,711 | ---- | M] () -- C:\Users\Yang\Desktop\00copy.png
[2013/02/03 04:42:00 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/03 04:40:23 | 000,033,143 | ---- | M] () -- C:\Users\Yang\Desktop\000Capture.JPG
[2013/02/03 04:21:56 | 000,078,849 | ---- | M] () -- C:\Users\Yang\Desktop\000123.JPG
[2013/02/03 04:20:47 | 000,063,806 | ---- | M] () -- C:\Users\Yang\Desktop\111111c.JPG
[2013/02/03 04:18:58 | 000,050,044 | ---- | M] () -- C:\Users\Yang\Desktop\000000Capture.JPG
[2013/02/01 21:17:00 | 000,001,445 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2013/02/01 20:22:15 | 000,097,937 | ---- | M] () -- E:\Users\Yang\Documents\MCORRP_Yangcheng_Liu.pdf
[2013/02/01 20:20:45 | 000,097,893 | ---- | M] () -- E:\Users\Yang\Documents\MCORRP_YangchengLiu.pdf
[2013/01/31 12:06:30 | 002,454,435 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2606.JPG
[2013/01/30 19:06:17 | 002,807,405 | ---- | M] () -- C:\Users\Yang\Desktop\sue.psd
[2013/01/30 18:52:16 | 009,599,979 | ---- | M] () -- C:\Users\Yang\Desktop\taub.psd
[2013/01/30 18:52:10 | 001,191,096 | ---- | M] () -- C:\Users\Yang\Desktop\TAUBMAN2.jpg
[2013/01/30 17:43:38 | 004,015,745 | ---- | M] () -- C:\Users\Yang\Desktop\taunb.psd
[2013/01/29 20:02:51 | 002,685,045 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2592.JPG
[2013/01/28 23:02:39 | 029,573,234 | ---- | M] () -- C:\Users\Yang\Desktop\MVI_2590.AVI
[2013/01/28 21:56:32 | 002,811,270 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2586.JPG
[2013/01/28 15:46:38 | 001,268,108 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2581.JPG
[2013/01/28 15:43:07 | 001,117,036 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2584.JPG
[2013/01/24 21:45:13 | 005,035,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/22 10:12:08 | 000,055,466 | ---- | M] () -- C:\Users\Yang\Desktop\eurusd321.PNG
[2013/01/22 01:19:14 | 002,295,032 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2537.JPG
[2013/01/21 11:43:40 | 000,761,662 | ---- | M] () -- C:\Users\Yang\Desktop\kellz.png
[2013/01/19 20:18:19 | 000,680,440 | ---- | M] () -- C:\Users\Yang\Desktop\Capture897890.PNG
[2013/01/19 17:21:52 | 000,099,037 | ---- | M] () -- C:\Users\Yang\Desktop\What the...-argo.dvdscr.xvid.srt
[2013/01/18 14:03:29 | 000,032,683 | ---- | M] () -- C:\Users\Yang\Desktop\day2.png
[2013/01/18 13:50:10 | 000,109,217 | ---- | M] () -- C:\Users\Yang\Desktop\day1.png
[2013/01/18 11:46:09 | 001,044,591 | ---- | M] () -- C:\Users\Yang\Desktop\IMG00353-20120904-1629.jpg
[2013/01/18 11:25:50 | 000,816,999 | ---- | M] () -- C:\Users\Yang\Desktop\ap.PNG
[2013/01/18 11:20:33 | 000,101,425 | ---- | M] () -- C:\Users\Yang\Desktop\DSC06668_zpse4caf3e5.jpg
[2013/01/17 22:57:48 | 000,052,922 | ---- | M] () -- C:\Users\Yang\Desktop\TBT.jpg
[2013/01/17 18:27:03 | 001,684,273 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2535.JPG
[2013/01/17 18:27:00 | 001,821,190 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2534.JPG
[2013/01/17 18:26:58 | 001,761,600 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2533.JPG
[2013/01/17 18:26:56 | 001,618,609 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2532.JPG
[2013/01/17 18:26:50 | 001,902,356 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2530.JPG
[2013/01/17 18:26:50 | 001,491,434 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2531.JPG
[2013/01/17 18:26:49 | 001,926,995 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2529.JPG
[2013/01/17 17:57:35 | 002,250,904 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2520.JPG
[2013/01/17 16:58:24 | 000,080,392 | ---- | M] () -- C:\Users\Yang\Desktop\602403_389597677784500_645655030_n.jpg
[2013/01/17 16:28:42 | 000,157,272 | ---- | M] () -- C:\Users\Yang\Desktop\3333.jpg
[2013/01/17 16:23:00 | 000,000,043 | ---- | M] () -- C:\Users\Yang\Desktop\qm.gif
[2013/01/16 20:58:52 | 000,011,687 | ---- | M] () -- C:\Users\Yang\Desktop\bestchuck.PNG
[2013/01/16 13:01:34 | 000,045,008 | ---- | M] () -- C:\Users\Yang\Desktop\capture222.png
[2013/01/16 09:20:06 | 000,044,167 | ---- | M] () -- C:\Users\Yang\Desktop\mross3.PNG
[2013/01/16 09:17:41 | 000,050,137 | ---- | M] () -- C:\Users\Yang\Desktop\mross2.PNG
[2013/01/16 09:15:24 | 000,064,881 | ---- | M] () -- C:\Users\Yang\Desktop\mross.PNG
[2013/01/16 06:27:28 | 000,013,032 | ---- | M] () -- C:\Users\Yang\Desktop\50pips.PNG
[2013/01/15 14:54:08 | 000,016,432 | ---- | M] () -- C:\Users\Yang\Desktop\lolz.PNG
[2013/01/15 13:55:10 | 000,001,762 | ---- | M] () -- C:\Users\Yang\Desktop\Spotify.lnk
[2013/01/15 03:37:42 | 000,198,243 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m1mf1neEgX1rscs64o1_1280.jpg
[2013/01/14 11:45:55 | 000,055,069 | ---- | M] () -- C:\Users\Yang\Desktop\BAMMKVrCEAEbdtd.jpg-large
[2013/01/13 22:36:55 | 000,012,851 | ---- | M] () -- C:\Users\Yang\Desktop\1024.jpg
[2013/01/13 22:33:01 | 000,008,198 | ---- | M] () -- C:\Users\Yang\Desktop\123321123.jpeg
[2013/01/13 22:24:51 | 000,014,383 | ---- | M] () -- C:\Users\Yang\Desktop\me1.jpg
[2013/01/12 22:37:05 | 000,688,122 | ---- | M] () -- C:\Users\Yang\Desktop\yanggg1.PNG
[2013/01/12 18:30:13 | 003,422,298 | ---- | M] () -- C:\Users\Yang\Desktop\IMG_2488.JPG
[2013/01/12 16:29:13 | 001,260,608 | ---- | M] () -- C:\Users\Yang\Desktop\twitter.jpg
[2013/01/12 16:18:55 | 000,237,201 | ---- | M] () -- C:\Users\Yang\Desktop\maryyyyyyyyy.jpg
[2013/01/12 16:18:21 | 000,013,966 | ---- | M] () -- C:\Users\Yang\Desktop\pp1.jpg
[2013/01/12 16:14:59 | 000,688,091 | ---- | M] () -- C:\Users\Yang\Desktop\yanggg.PNG
[2013/01/12 13:53:26 | 000,077,946 | ---- | M] () -- C:\Users\Yang\Desktop\Skyfall.ENG.srt
[2013/01/11 14:37:43 | 000,000,259 | ---- | M] () -- C:\Users\Yang\Desktop\230_F12_L22_acid_base1 2 (2).url
[2013/01/11 03:51:54 | 000,833,302 | ---- | M] () -- C:\Users\Yang\Desktop\em.png
[2013/01/11 02:27:45 | 000,876,242 | ---- | M] () -- C:\Users\Yang\Desktop\charleys.PNG
[2013/01/11 02:18:17 | 000,090,996 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m53dilRAsz1rscs64o1_1280.jpg
[2013/01/11 02:18:06 | 000,223,988 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m53l08suR81rscs64o1_1280.jpg
[2013/01/11 02:16:57 | 000,143,399 | ---- | M] () -- C:\Users\Yang\Desktop\tumblr_m571ku1VfR1rscs64o1_1280.jpg
[2013/01/10 13:15:05 | 000,053,951 | ---- | M] () -- C:\Users\Yang\Desktop\wow.PNG
[2013/01/08 05:17:17 | 000,000,532 | ---- | M] () -- C:\Users\Yang\Desktop\PokeMMO - Shortcut.lnk
[2013/01/07 21:19:30 | 000,468,538 | ---- | M] () -- C:\Users\Yang\Desktop\aj.jpg
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 E:\Users\Yang\Documents\*.tmp files -> E:\Users\Yang\Documents\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Yang\Desktop\*.tmp files -> C:\Users\Yang\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/04 13:25:51 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/03 04:41:17 | 000,052,711 | ---- | C] () -- C:\Users\Yang\Desktop\00copy.png
[2013/02/03 04:40:22 | 000,033,143 | ---- | C] () -- C:\Users\Yang\Desktop\000Capture.JPG
[2013/02/03 04:21:56 | 000,078,849 | ---- | C] () -- C:\Users\Yang\Desktop\000123.JPG
[2013/02/03 04:20:47 | 000,063,806 | ---- | C] () -- C:\Users\Yang\Desktop\111111c.JPG
[2013/02/03 04:18:58 | 000,050,044 | ---- | C] () -- C:\Users\Yang\Desktop\000000Capture.JPG
[2013/02/01 21:17:00 | 000,001,445 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2013/02/01 20:22:15 | 000,097,937 | ---- | C] () -- E:\Users\Yang\Documents\MCORRP_Yangcheng_Liu.pdf
[2013/02/01 20:20:45 | 000,097,893 | ---- | C] () -- E:\Users\Yang\Documents\MCORRP_YangchengLiu.pdf
[2013/01/31 12:06:30 | 002,454,435 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2606.JPG
[2013/01/30 19:05:20 | 002,807,405 | ---- | C] () -- C:\Users\Yang\Desktop\sue.psd
[2013/01/30 18:52:08 | 001,191,096 | ---- | C] () -- C:\Users\Yang\Desktop\TAUBMAN2.jpg
[2013/01/30 18:33:52 | 009,599,979 | ---- | C] () -- C:\Users\Yang\Desktop\taub.psd
[2013/01/30 17:43:36 | 004,015,745 | ---- | C] () -- C:\Users\Yang\Desktop\taunb.psd
[2013/01/29 20:02:51 | 002,685,045 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2592.JPG
[2013/01/28 23:02:36 | 029,573,234 | ---- | C] () -- C:\Users\Yang\Desktop\MVI_2590.AVI
[2013/01/28 21:56:31 | 002,811,270 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2586.JPG
[2013/01/28 15:43:47 | 001,268,108 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2581.JPG
[2013/01/28 15:43:07 | 001,117,036 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2584.JPG
[2013/01/24 14:14:31 | 000,099,037 | ---- | C] () -- C:\Users\Yang\Desktop\What the...-argo.dvdscr.xvid.srt
[2013/01/22 10:12:08 | 000,055,466 | ---- | C] () -- C:\Users\Yang\Desktop\eurusd321.PNG
[2013/01/22 01:19:14 | 002,295,032 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2537.JPG
[2013/01/21 11:43:40 | 000,761,662 | ---- | C] () -- C:\Users\Yang\Desktop\kellz.png
[2013/01/20 18:06:26 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2013/01/20 18:06:14 | 000,000,696 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2013/01/20 18:05:59 | 000,000,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2013/01/20 18:05:52 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2013/01/20 18:05:30 | 000,000,790 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/01/20 18:05:28 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013/01/19 20:18:19 | 000,680,440 | ---- | C] () -- C:\Users\Yang\Desktop\Capture897890.PNG
[2013/01/18 22:19:14 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/18 22:19:14 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/18 14:03:29 | 000,032,683 | ---- | C] () -- C:\Users\Yang\Desktop\day2.png
[2013/01/18 13:49:14 | 000,109,217 | ---- | C] () -- C:\Users\Yang\Desktop\day1.png
[2013/01/18 11:25:50 | 000,816,999 | ---- | C] () -- C:\Users\Yang\Desktop\ap.PNG
[2013/01/18 11:20:32 | 000,101,425 | ---- | C] () -- C:\Users\Yang\Desktop\DSC06668_zpse4caf3e5.jpg
[2013/01/17 22:57:47 | 000,052,922 | ---- | C] () -- C:\Users\Yang\Desktop\TBT.jpg
[2013/01/17 18:26:50 | 001,491,434 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2531.JPG
[2013/01/17 18:26:49 | 001,926,995 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2529.JPG
[2013/01/17 18:26:49 | 001,902,356 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2530.JPG
[2013/01/17 18:26:49 | 001,684,273 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2535.JPG
[2013/01/17 18:26:48 | 001,821,190 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2534.JPG
[2013/01/17 18:26:48 | 001,761,600 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2533.JPG
[2013/01/17 18:26:48 | 001,618,609 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2532.JPG
[2013/01/17 17:57:04 | 002,250,904 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2520.JPG
[2013/01/17 16:58:24 | 000,080,392 | ---- | C] () -- C:\Users\Yang\Desktop\602403_389597677784500_645655030_n.jpg
[2013/01/17 16:28:42 | 000,157,272 | ---- | C] () -- C:\Users\Yang\Desktop\3333.jpg
[2013/01/17 16:22:59 | 000,000,043 | ---- | C] () -- C:\Users\Yang\Desktop\qm.gif
[2013/01/16 20:58:52 | 000,011,687 | ---- | C] () -- C:\Users\Yang\Desktop\bestchuck.PNG
[2013/01/16 13:01:34 | 000,045,008 | ---- | C] () -- C:\Users\Yang\Desktop\capture222.png
[2013/01/16 09:20:06 | 000,044,167 | ---- | C] () -- C:\Users\Yang\Desktop\mross3.PNG
[2013/01/16 09:17:41 | 000,050,137 | ---- | C] () -- C:\Users\Yang\Desktop\mross2.PNG
[2013/01/16 09:15:24 | 000,064,881 | ---- | C] () -- C:\Users\Yang\Desktop\mross.PNG
[2013/01/16 06:27:28 | 000,013,032 | ---- | C] () -- C:\Users\Yang\Desktop\50pips.PNG
[2013/01/15 14:54:08 | 000,016,432 | ---- | C] () -- C:\Users\Yang\Desktop\lolz.PNG
[2013/01/15 13:55:10 | 000,001,762 | ---- | C] () -- C:\Users\Yang\Desktop\Spotify.lnk
[2013/01/15 13:55:10 | 000,001,748 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/01/15 03:37:42 | 000,198,243 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m1mf1neEgX1rscs64o1_1280.jpg
[2013/01/14 11:45:55 | 000,055,069 | ---- | C] () -- C:\Users\Yang\Desktop\BAMMKVrCEAEbdtd.jpg-large
[2013/01/14 00:16:35 | 000,077,946 | ---- | C] () -- C:\Users\Yang\Desktop\Skyfall.ENG.srt
[2013/01/13 22:36:55 | 000,012,851 | ---- | C] () -- C:\Users\Yang\Desktop\1024.jpg
[2013/01/13 22:33:00 | 000,008,198 | ---- | C] () -- C:\Users\Yang\Desktop\123321123.jpeg
[2013/01/13 22:24:50 | 000,014,383 | ---- | C] () -- C:\Users\Yang\Desktop\me1.jpg
[2013/01/12 22:37:05 | 000,688,122 | ---- | C] () -- C:\Users\Yang\Desktop\yanggg1.PNG
[2013/01/12 18:30:12 | 003,422,298 | ---- | C] () -- C:\Users\Yang\Desktop\IMG_2488.JPG
[2013/01/12 16:29:13 | 001,260,608 | ---- | C] () -- C:\Users\Yang\Desktop\twitter.jpg
[2013/01/12 16:18:54 | 000,237,201 | ---- | C] () -- C:\Users\Yang\Desktop\maryyyyyyyyy.jpg
[2013/01/12 16:18:21 | 000,013,966 | ---- | C] () -- C:\Users\Yang\Desktop\pp1.jpg
[2013/01/12 16:14:59 | 000,688,091 | ---- | C] () -- C:\Users\Yang\Desktop\yanggg.PNG
[2013/01/11 14:37:43 | 000,000,259 | ---- | C] () -- C:\Users\Yang\Desktop\230_F12_L22_acid_base1 2 (2).url
[2013/01/11 03:51:54 | 000,833,302 | ---- | C] () -- C:\Users\Yang\Desktop\em.png
[2013/01/11 02:27:45 | 000,876,242 | ---- | C] () -- C:\Users\Yang\Desktop\charleys.PNG
[2013/01/11 02:18:17 | 000,090,996 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m53dilRAsz1rscs64o1_1280.jpg
[2013/01/11 02:18:06 | 000,223,988 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m53l08suR81rscs64o1_1280.jpg
[2013/01/11 02:16:57 | 000,143,399 | ---- | C] () -- C:\Users\Yang\Desktop\tumblr_m571ku1VfR1rscs64o1_1280.jpg
[2013/01/10 13:15:05 | 000,053,951 | ---- | C] () -- C:\Users\Yang\Desktop\wow.PNG
[2013/01/08 05:17:17 | 000,000,532 | ---- | C] () -- C:\Users\Yang\Desktop\PokeMMO - Shortcut.lnk
[2013/01/07 21:19:30 | 000,468,538 | ---- | C] () -- C:\Users\Yang\Desktop\aj.jpg
[2012/11/16 15:26:27 | 000,000,647 | ---- | C] () -- C:\Users\Yang\Libraries - Shortcut.lnk
[2012/08/24 21:42:24 | 000,776,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 16:32:06 | 000,000,250 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/11 21:45:08 | 000,000,132 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/07/02 15:12:09 | 000,186,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/06/29 14:57:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/23 17:14:53 | 000,000,017 | ---- | C] () -- C:\Users\Yang\AppData\Local\resmon.resmoncfg
[2012/06/23 02:19:50 | 000,045,270 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\room_v3.dat
[2012/06/21 12:18:18 | 000,000,256 | ---- | C] () -- C:\Users\Yang\AppData\Roaming\04F46D044299C8
[2012/06/10 20:10:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/05/02 21:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/25 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\.minecraft
[2012/06/30 21:26:47 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Acoustica
[2012/07/22 01:31:34 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Ambient Design
[2012/08/19 16:29:53 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Antares
[2012/06/29 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\calibre
[2013/02/04 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\DAEMON Tools Lite
[2012/06/21 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\duowan
[2012/06/14 15:46:31 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\FlashGet
[2012/07/08 18:12:50 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\FXTS2
[2012/06/23 02:13:53 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\GarenaPlus
[2012/06/29 15:01:49 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\HandBrake
[2012/10/17 22:43:05 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\ICAClient
[2012/06/13 10:58:15 | 000,000,000 | -H-D | M] -- C:\Users\Yang\AppData\Roaming\ijjigame
[2012/07/07 13:32:07 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\LolClient
[2012/06/12 12:30:42 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\LolClient2
[2013/01/08 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Mumble
[2012/06/27 23:21:21 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Need for Speed World
[2012/09/09 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Nitro PDF
[2012/12/09 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\OBS
[2012/07/03 13:27:39 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\PACE Anti-Piracy
[2012/12/07 04:22:53 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\PandoraClient
[2012/07/11 21:24:47 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\PDAppFlex
[2012/09/09 14:38:48 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\PrimoPDF
[2012/06/10 21:57:07 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Rainmeter
[2012/08/02 10:55:53 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\six-updater
[2012/08/02 10:55:15 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\six-zsync
[2012/06/14 13:53:32 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\SplitMediaLabs
[2013/01/17 00:51:48 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Spotify
[2012/06/10 22:15:27 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Stardock
[2012/07/01 10:30:09 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Steinberg
[2012/06/30 21:26:55 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\SynthMaker
[2012/11/01 17:55:32 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\TeamViewer
[2012/10/13 16:28:20 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Tunngle
[2012/07/19 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Unity
[2013/02/04 15:01:08 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\uTorrent
[2012/09/18 17:51:15 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\webex
[2012/06/29 14:50:11 | 000,000,000 | ---D | M] -- C:\Users\Yang\AppData\Roaming\Wondershare Video Converter Ultimate

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/06/25 11:01:39 | 000,000,000 | ---D | M](E:\Users\Yang\Documents\??YY) -- E:\Users\Yang\Documents\我的YY
[2012/06/25 11:01:39 | 000,000,000 | ---D | C](E:\Users\Yang\Documents\??YY) -- E:\Users\Yang\Documents\我的YY
(C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\多玩

< End of report >







ADW





# AdwCleaner v2.110 - Logfile created 02/04/2013 at 15:08:47
# Updated 03/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Yang - YANG-PC
# Boot Mode : Normal
# Running from : E:\Users\Yang\Downloads\adwcleaner (2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Yang\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Yang\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Yang\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110790&tt=3612_4&babsrc=NT_ss&mntrId=3cb4a76c000000000000f46d044299c8 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\prefs.js

C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Yang\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [352 octets] - [04/02/2013 13:13:40]
AdwCleaner[R2].txt - [6200 octets] - [04/02/2013 15:08:19]
AdwCleaner[R3].txt - [6319 octets] - [04/02/2013 15:08:43]
AdwCleaner[S1].txt - [317 octets] - [04/02/2013 15:08:25]
AdwCleaner[S2].txt - [6497 octets] - [04/02/2013 15:08:47]

########## EOF - C:\AdwCleaner[S2].txt - [6557 octets] ##########
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the popups in all browsers or just one
  • 0

#5
yangcliu

yangcliu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
All browsers

Edited by yangcliu, 04 February 2013 - 03:06 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see you have run combofix, could you post the log



Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#7
yangcliu

yangcliu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 13-02-03.03 - Yang 02/04/2013 16:54:15.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8089.5591 [GMT -5:00]
Running from: e:\users\Yang\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\a\lp.crx
c:\programdata\~00084C15_Sr0kv(c~c_0.tmp
c:\programdata\~00084C15_Sr0kv(c~c_1.tmp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Yang\AppData\Roaming\04F46D044299C8
c:\windows\SysWow64\tmp675A.tmp
c:\windows\SysWow64\tmp675B.tmp
c:\windows\SysWow64\tmp7722.tmp
c:\windows\SysWow64\tmp7723.tmp
c:\windows\SysWow64\tmpFD8.tmp
c:\windows\SysWow64\tmpFD9.tmp
c:\windows\SysWow64\v.vbs
D:\uninstall.exe
E:\install.exe
e:\users\Yang\Documents\~WRL0003.tmp
e:\users\Yang\Documents\~WRL0498.tmp
e:\users\Yang\Documents\~WRL1633.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 )))))))))))))))))))))))))))))))
.
.
2013-02-04 21:56 . 2013-02-04 21:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-04 21:56 . 2013-02-04 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-04 19:17 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A97147A-2510-4618-BFB4-EB7630B3D088}\mpengine.dll
2013-02-03 19:07 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-20 23:04 . 2013-01-20 23:06 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-19 03:22 . 2013-01-19 03:22 -------- d-----w- c:\users\Yang\AppData\Local\Macromedia
2013-01-19 03:19 . 2013-01-19 03:19 -------- d-----w- c:\users\Yang\AppData\Local\Mozilla
2013-01-15 18:55 . 2013-01-15 18:55 -------- d-----w- c:\users\Yang\AppData\Local\Spotify
2013-01-15 18:54 . 2013-01-17 05:51 -------- d-----w- c:\users\Yang\AppData\Roaming\Spotify
2013-01-13 23:34 . 2013-01-13 23:35 -------- d-----w- c:\programdata\BlueStacks
2013-01-10 08:00 . 2013-01-10 08:00 -------- d-----w- c:\program files(x86)\Reference Assemblies
2013-01-09 09:18 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 09:18 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-07 23:29 . 2013-01-07 23:29 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2012-06-10 21:15 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 08:01 . 2012-06-10 21:41 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-20 19:10 . 2012-12-20 19:10 741 ----a-w- c:\windows\SysWow64\lod1.vbs
2012-12-19 09:04 . 2012-10-10 01:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-12-19 09:04 . 2012-06-10 22:10 346112 ----a-w- c:\windows\system32\bcdedit.exe
2012-12-19 09:04 . 2012-06-10 20:37 605552 ----a-w- c:\windows\system32\winload.exe
2012-12-18 06:46 . 2012-12-18 06:46 605552 ----a-w- c:\windows\system32\winload.bak
2012-12-18 06:46 . 2012-12-18 06:46 5559664 ----a-w- c:\windows\system32\ntoskrnl.bak
2012-12-16 17:11 . 2012-12-21 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2012-11-20 20:43 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 09:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 23:48 . 2012-11-28 23:48 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0DB0307-E9D2-45EF-8269-582274B67C9D}\gapaengine.dll
2012-11-14 07:06 . 2012-12-12 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 08:00 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 08:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 08:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-11 19:21 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-11 19:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-14 20:46 . 2012-06-14 20:46 189368 ----a-w- c:\program files\uninst.exe
2007-09-25 08:10 . 2007-09-25 08:10 2007088 ----a-w- c:\program files\flashget.exe
2007-08-06 09:11 . 2007-08-06 09:11 94308 ----a-w- c:\program files\jccatch.dll
2007-06-15 06:35 . 2007-06-15 06:35 626688 ----a-w- c:\program files\FGBTCORE.dll
2007-06-14 10:52 . 2007-06-14 10:52 1327184 ----a-w- c:\program files\FGEMCORE.dll
2007-05-18 16:13 . 2007-05-18 16:13 163840 ----a-w- c:\program files\getflash.dll
2007-05-18 16:13 . 2007-05-18 16:13 1145896 ----a-w- c:\program files\gt.exe
2007-05-18 16:13 . 2007-05-18 16:13 53329 ----a-w- c:\program files\fgmgr.dll
2007-05-18 16:13 . 2007-05-18 16:13 176208 ----a-w- c:\program files\fgupdate.dll
2007-05-18 16:13 . 2007-05-18 16:13 45056 ----a-w- c:\program files\debugrpt.dll
2007-05-18 16:13 . 2007-05-18 16:13 1030144 ----a-w- c:\program files\dbghelp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-12-19 . 0338BBC49FFD8B8FCB19E7B8476AE8C9 . 5559664 . . [6.1.7601.17944] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe
[7] 2012-08-30 . CD632F72C798CA012FE429F66E1F1CAD . 5505904 . . [6.1.7600.17118] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_c873e905cd98c0d0\ntoskrnl.exe
[7] 2012-08-30 . 502070A5B89F1E6DEC54817DEBF46425 . 5473136 . . [6.1.7600.21315] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_c8fa86d8e6b911bc\ntoskrnl.exe
[7] 2012-08-30 . A0D1C0E813A7C6E17C029375AC2ACE18 . 5562736 . . [6.1.7601.22103] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe
[7] 2012-05-04 . C4C870BD7F081C7AAC4DA553CD17E0F1 . 5473136 . . [6.1.7600.21207] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21207_none_c9075572e6af2b52\ntoskrnl.exe
[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[7] 2012-05-04 . BD31B81BFA2E89680315AB15D0D58671 . 5505392 . . [6.1.7600.17017] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17017_none_c872e6d5cd99aa52\ntoskrnl.exe
[7] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[7] 2012-04-02 . 9579F84C40B3BE205C9FD4CCDD99B6B7 . 5504880 . . [6.1.7600.16988] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_c8285f89cdd153fe\ntoskrnl.exe
[7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[7] 2012-03-31 . 5E6017E5814B3BC366A5A7A88538D0FC . 5473136 . . [6.1.7600.21179] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_c8bda4ace6e62470\ntoskrnl.exe
[7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[7] 2012-03-06 . F96AA8BE1890C99883A6C233F9FB59A7 . 5473136 . . [6.1.7600.21163] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_c8c272dce6e37075\ntoskrnl.exe
[7] 2012-03-06 . 51F2FD7B6C7966AFE271611D786D35A3 . 5504880 . . [6.1.7600.16973] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_c82e2e03cdcdb95a\ntoskrnl.exe
[7] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe
[7] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2012-12-19 . 0338BBC49FFD8B8FCB19E7B8476AE8C9 . 5559664 . . [6.1.7601.17944] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Yang\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2012-03-19 1020416]
"F.lux"="c:\users\Yang\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]
"Facebook Update"="c:\users\Yang\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-14 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Spotify Web Helper"="c:\users\Yang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-15 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-15 2254768]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-12-05 597880]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Yang\AppData\Local\Temp\ALSysIO64.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-10 1255736]
R3 XcOFcQB;XcOFcQB;c:\programdata\00084C15_S_tvn [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-03 743320]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 91864]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-13 283200]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-12-05 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-05 384888]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-08-17 66728]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-04-22 75552]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 09:02]
.
2013-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000Core.job
- c:\users\Yang\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-14 05:35]
.
2013-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000UA.job
- c:\users\Yang\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-14 05:35]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000Core.job
- c:\users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:17]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594025053-2878111276-1025752850-1000UA.job
- c:\users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download All with FlashGet - c:\program files\jc_all.htm
IE: &Download with FlashGet - c:\program files\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~4\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~4\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\
FF - ExtSQL: 2013-01-18 22:22; [email protected]; c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\9swxg1lg.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
AddRemove-Acoustica Mixcraft 6 - d:\\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Yang\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\XcOFcQB]
"ImagePath"="\??\c:\programdata\00084C15_S_tvn"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-04 16:58:25
ComboFix-quarantined-files.txt 2013-02-04 21:58
.
Pre-Run: 7,533,101,056 bytes free
Post-Run: 8,415,133,696 bytes free
.
- - End Of File - - CC101260D77DF2CBC42A8165CEA7D84A












16:58:53.0112 4192 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:58:53.0418 4192 ============================================================
16:58:53.0418 4192 Current date / time: 2013/02/04 16:58:53.0418
16:58:53.0418 4192 SystemInfo:
16:58:53.0418 4192
16:58:53.0418 4192 OS Version: 6.1.7601 ServicePack: 1.0
16:58:53.0418 4192 Product type: Workstation
16:58:53.0418 4192 ComputerName: YANG-PC
16:58:53.0418 4192 UserName: Yang
16:58:53.0418 4192 Windows directory: C:\Windows
16:58:53.0418 4192 System windows directory: C:\Windows
16:58:53.0418 4192 Running under WOW64
16:58:53.0418 4192 Processor architecture: Intel x64
16:58:53.0418 4192 Number of processors: 4
16:58:53.0418 4192 Page size: 0x1000
16:58:53.0418 4192 Boot type: Normal boot
16:58:53.0418 4192 ============================================================
16:58:53.0543 4192 Drive \Device\Harddisk0\DR0 - Size: 0x15D51500000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C882, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:58:53.0543 4192 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:58:53.0546 4192 ============================================================
16:58:53.0546 4192 \Device\Harddisk0\DR0:
16:58:53.0546 4192 MBR partitions:
16:58:53.0546 4192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x249F0000
16:58:53.0546 4192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x8A099800
16:58:53.0546 4192 \Device\Harddisk1\DR1:
16:58:53.0546 4192 MBR partitions:
16:58:53.0546 4192 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:58:53.0546 4192 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
16:58:53.0546 4192 ============================================================
16:58:53.0547 4192 C: <-> \Device\Harddisk1\DR1\Partition2
16:58:53.0555 4192 D: <-> \Device\Harddisk0\DR0\Partition1
16:58:53.0579 4192 E: <-> \Device\Harddisk0\DR0\Partition2
16:58:53.0579 4192 ============================================================
16:58:53.0579 4192 Initialize success
16:58:53.0579 4192 ============================================================
16:59:05.0708 0940 ============================================================
16:59:05.0708 0940 Scan started
16:59:05.0708 0940 Mode: Manual; SigCheck; TDLFS;
16:59:05.0708 0940 ============================================================
16:59:05.0882 0940 ================ Scan system memory ========================
16:59:05.0882 0940 System memory - ok
16:59:05.0882 0940 ================ Scan services =============================
16:59:05.0915 0940 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:59:05.0934 0940 1394ohci - ok
16:59:05.0939 0940 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:59:05.0946 0940 ACPI - ok
16:59:05.0948 0940 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:59:05.0954 0940 AcpiPmi - ok
16:59:05.0959 0940 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:59:05.0963 0940 AdobeARMservice - ok
16:59:05.0983 0940 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:05.0988 0940 AdobeFlashPlayerUpdateSvc - ok
16:59:05.0995 0940 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:06.0003 0940 adp94xx - ok
16:59:06.0007 0940 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:59:06.0014 0940 adpahci - ok
16:59:06.0017 0940 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:59:06.0023 0940 adpu320 - ok
16:59:06.0026 0940 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:59:06.0044 0940 AeLookupSvc - ok
16:59:06.0049 0940 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:59:06.0057 0940 AFD - ok
16:59:06.0060 0940 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:59:06.0065 0940 agp440 - ok
16:59:06.0067 0940 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:59:06.0072 0940 ALG - ok
16:59:06.0074 0940 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:59:06.0078 0940 aliide - ok
16:59:06.0097 0940 ALSysIO - ok
16:59:06.0099 0940 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:59:06.0103 0940 amdide - ok
16:59:06.0106 0940 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:59:06.0111 0940 AmdK8 - ok
16:59:06.0113 0940 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:59:06.0118 0940 AmdPPM - ok
16:59:06.0120 0940 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:59:06.0125 0940 amdsata - ok
16:59:06.0128 0940 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:06.0134 0940 amdsbs - ok
16:59:06.0137 0940 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:59:06.0141 0940 amdxata - ok
16:59:06.0144 0940 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:59:06.0160 0940 AppID - ok
16:59:06.0162 0940 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:59:06.0179 0940 AppIDSvc - ok
16:59:06.0182 0940 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:59:06.0198 0940 Appinfo - ok
16:59:06.0203 0940 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:06.0206 0940 Apple Mobile Device - ok
16:59:06.0211 0940 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:59:06.0217 0940 AppMgmt - ok
16:59:06.0219 0940 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:59:06.0224 0940 arc - ok
16:59:06.0226 0940 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:59:06.0231 0940 arcsas - ok
16:59:06.0234 0940 [ 6D9C024AA8F24065A6DBEAB1F431D854 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:59:06.0239 0940 asmthub3 ( UnsignedFile.Multi.Generic ) - warning
16:59:06.0239 0940 asmthub3 - detected UnsignedFile.Multi.Generic (1)
16:59:06.0245 0940 [ ECAD22F15D8F17CC04F24E9A6FB00F2F ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:59:06.0251 0940 asmtxhci ( UnsignedFile.Multi.Generic ) - warning
16:59:06.0251 0940 asmtxhci - detected UnsignedFile.Multi.Generic (1)
16:59:06.0259 0940 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:59:06.0263 0940 aspnet_state - ok
16:59:06.0271 0940 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:06.0287 0940 AsyncMac - ok
16:59:06.0289 0940 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:59:06.0294 0940 atapi - ok
16:59:06.0302 0940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:06.0322 0940 AudioEndpointBuilder - ok
16:59:06.0329 0940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:59:06.0350 0940 AudioSrv - ok
16:59:06.0355 0940 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:59:06.0363 0940 AxInstSV - ok
16:59:06.0369 0940 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:59:06.0376 0940 b06bdrv - ok
16:59:06.0380 0940 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:59:06.0386 0940 b57nd60a - ok
16:59:06.0390 0940 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:59:06.0396 0940 BDESVC - ok
16:59:06.0398 0940 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:59:06.0415 0940 Beep - ok
16:59:06.0424 0940 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:59:06.0445 0940 BFE - ok
16:59:06.0454 0940 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:59:06.0475 0940 BITS - ok
16:59:06.0477 0940 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:06.0482 0940 blbdrive - ok
16:59:06.0488 0940 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:06.0494 0940 Bonjour Service - ok
16:59:06.0497 0940 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:59:06.0502 0940 bowser - ok
16:59:06.0504 0940 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:06.0510 0940 BrFiltLo - ok
16:59:06.0512 0940 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:06.0518 0940 BrFiltUp - ok
16:59:06.0520 0940 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:59:06.0538 0940 BridgeMP - ok
16:59:06.0540 0940 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:59:06.0546 0940 Browser - ok
16:59:06.0550 0940 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:59:06.0556 0940 Brserid - ok
16:59:06.0559 0940 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:06.0565 0940 BrSerWdm - ok
16:59:06.0569 0940 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:06.0575 0940 BrUsbMdm - ok
16:59:06.0577 0940 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:06.0582 0940 BrUsbSer - ok
16:59:06.0587 0940 [ 9D7B3E989AED3DE53B13E514D3D3FDD2 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
16:59:06.0594 0940 BstHdAndroidSvc - ok
16:59:06.0596 0940 [ 82D92C0DF7FDA102E10D0E653316EB8A ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
16:59:06.0600 0940 BstHdDrv - ok
16:59:06.0605 0940 [ 4CA44453E9DD74FB2210A198B28199CD ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
16:59:06.0612 0940 BstHdLogRotatorSvc - ok
16:59:06.0614 0940 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:06.0621 0940 BTHMODEM - ok
16:59:06.0624 0940 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:59:06.0641 0940 bthserv - ok
16:59:06.0643 0940 catchme - ok
16:59:06.0646 0940 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:59:06.0663 0940 cdfs - ok
16:59:06.0666 0940 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:59:06.0672 0940 cdrom - ok
16:59:06.0675 0940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:59:06.0693 0940 CertPropSvc - ok
16:59:06.0695 0940 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:59:06.0702 0940 circlass - ok
16:59:06.0707 0940 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:59:06.0714 0940 CLFS - ok
16:59:06.0718 0940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:06.0722 0940 clr_optimization_v2.0.50727_32 - ok
16:59:06.0726 0940 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:59:06.0730 0940 clr_optimization_v2.0.50727_64 - ok
16:59:06.0736 0940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:06.0741 0940 clr_optimization_v4.0.30319_32 - ok
16:59:06.0743 0940 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:59:06.0748 0940 clr_optimization_v4.0.30319_64 - ok
16:59:06.0750 0940 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:06.0755 0940 CmBatt - ok
16:59:06.0756 0940 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:59:06.0761 0940 cmdide - ok
16:59:06.0766 0940 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:59:06.0778 0940 CNG - ok
16:59:06.0780 0940 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:59:06.0784 0940 Compbatt - ok
16:59:06.0786 0940 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:59:06.0793 0940 CompositeBus - ok
16:59:06.0794 0940 COMSysApp - ok
16:59:06.0815 0940 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:59:06.0820 0940 cphs - ok
16:59:06.0822 0940 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
16:59:06.0826 0940 cpuz135 - ok
16:59:06.0828 0940 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:59:06.0832 0940 crcdisk - ok
16:59:06.0838 0940 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:59:06.0844 0940 CryptSvc - ok
16:59:06.0852 0940 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:59:06.0859 0940 CSC - ok
16:59:06.0868 0940 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:59:06.0876 0940 CscService - ok
16:59:06.0879 0940 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
16:59:06.0883 0940 ctxusbm - ok
16:59:06.0885 0940 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
16:59:06.0889 0940 CVirtA - ok
16:59:06.0903 0940 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:59:06.0918 0940 CVPND - ok
16:59:06.0923 0940 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
16:59:06.0928 0940 CVPNDRVA - ok
16:59:06.0935 0940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:59:06.0955 0940 DcomLaunch - ok
16:59:06.0959 0940 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:59:06.0977 0940 defragsvc - ok
16:59:06.0980 0940 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:59:06.0997 0940 DfsC - ok
16:59:07.0001 0940 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:59:07.0008 0940 Dhcp - ok
16:59:07.0011 0940 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:59:07.0028 0940 discache - ok
16:59:07.0030 0940 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:59:07.0035 0940 Disk - ok
16:59:07.0039 0940 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
16:59:07.0044 0940 DNE - ok
16:59:07.0047 0940 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:59:07.0054 0940 Dnscache - ok
16:59:07.0058 0940 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:59:07.0075 0940 dot3svc - ok
16:59:07.0079 0940 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:59:07.0096 0940 DPS - ok
16:59:07.0098 0940 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:59:07.0104 0940 drmkaud - ok
16:59:07.0108 0940 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:59:07.0114 0940 dtsoftbus01 - ok
16:59:07.0125 0940 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:59:07.0136 0940 DXGKrnl - ok
16:59:07.0142 0940 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
16:59:07.0148 0940 e1cexpress - ok
16:59:07.0150 0940 EagleX64 - ok
16:59:07.0153 0940 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:59:07.0170 0940 EapHost - ok
16:59:07.0197 0940 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:59:07.0219 0940 ebdrv - ok
16:59:07.0222 0940 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:59:07.0227 0940 EFS - ok
16:59:07.0236 0940 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:59:07.0245 0940 ehRecvr - ok
16:59:07.0247 0940 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:59:07.0253 0940 ehSched - ok
16:59:07.0259 0940 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:59:07.0267 0940 elxstor - ok
16:59:07.0269 0940 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:59:07.0274 0940 ErrDev - ok
16:59:07.0278 0940 [ 932C05033053ADA2404FD836C9AB2C70 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
16:59:07.0281 0940 EuMusDesignVirtualAudioCableWdm - ok
16:59:07.0290 0940 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:59:07.0309 0940 EventSystem - ok
16:59:07.0312 0940 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:59:07.0330 0940 exfat - ok
16:59:07.0333 0940 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:59:07.0351 0940 fastfat - ok
16:59:07.0359 0940 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:59:07.0368 0940 Fax - ok
16:59:07.0370 0940 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:59:07.0376 0940 fdc - ok
16:59:07.0378 0940 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:59:07.0395 0940 fdPHost - ok
16:59:07.0397 0940 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:59:07.0414 0940 FDResPub - ok
16:59:07.0416 0940 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:59:07.0421 0940 FileInfo - ok
16:59:07.0423 0940 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:59:07.0440 0940 Filetrace - ok
16:59:07.0442 0940 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:07.0447 0940 flpydisk - ok
16:59:07.0451 0940 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:59:07.0458 0940 FltMgr - ok
16:59:07.0469 0940 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:59:07.0480 0940 FontCache - ok
16:59:07.0483 0940 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:59:07.0487 0940 FontCache3.0.0.0 - ok
16:59:07.0489 0940 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:59:07.0493 0940 FsDepends - ok
16:59:07.0496 0940 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:59:07.0500 0940 Fs_Rec - ok
16:59:07.0504 0940 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:59:07.0511 0940 fvevol - ok
16:59:07.0513 0940 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:07.0518 0940 gagp30kx - ok
16:59:07.0521 0940 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:07.0524 0940 GEARAspiWDM - ok
16:59:07.0527 0940 GGSAFERDriver - ok
16:59:07.0534 0940 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:59:07.0554 0940 gpsvc - ok
16:59:07.0557 0940 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:59:07.0560 0940 hamachi - ok
16:59:07.0581 0940 [ 848BB54F18819EC6D7B255B38697E239 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:59:07.0603 0940 Hamachi2Svc - ok
16:59:07.0606 0940 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:59:07.0611 0940 hcw85cir - ok
16:59:07.0615 0940 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:59:07.0624 0940 HdAudAddService - ok
16:59:07.0626 0940 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:59:07.0633 0940 HDAudBus - ok
16:59:07.0635 0940 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:07.0640 0940 HidBatt - ok
16:59:07.0642 0940 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:59:07.0649 0940 HidBth - ok
16:59:07.0653 0940 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:59:07.0660 0940 HidIr - ok
16:59:07.0662 0940 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:59:07.0679 0940 hidserv - ok
16:59:07.0681 0940 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:59:07.0686 0940 HidUsb - ok
16:59:07.0689 0940 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:59:07.0706 0940 hkmsvc - ok
16:59:07.0710 0940 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:59:07.0716 0940 HomeGroupListener - ok
16:59:07.0721 0940 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:59:07.0727 0940 HomeGroupProvider - ok
16:59:07.0730 0940 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:59:07.0735 0940 HpSAMD - ok
16:59:07.0743 0940 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:59:07.0764 0940 HTTP - ok
16:59:07.0766 0940 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:59:07.0770 0940 hwpolicy - ok
16:59:07.0773 0940 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:59:07.0778 0940 i8042prt - ok
16:59:07.0785 0940 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:59:07.0793 0940 iaStor - ok
16:59:07.0795 0940 [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:59:07.0798 0940 IAStorDataMgrSvc - ok
16:59:07.0804 0940 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:59:07.0811 0940 iaStorV - ok
16:59:07.0822 0940 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:59:07.0832 0940 idsvc - ok
16:59:07.0958 0940 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:59:08.0048 0940 igfx - ok
16:59:08.0054 0940 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:59:08.0058 0940 iirsp - ok
16:59:08.0066 0940 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:59:08.0088 0940 IKEEXT - ok
16:59:08.0091 0940 [ D7B978F4504D3DA95A21002863D0E7EE ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
16:59:08.0096 0940 Intel® PROSet Monitoring Service - ok
16:59:08.0098 0940 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:59:08.0103 0940 intelide - ok
16:59:08.0105 0940 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:59:08.0110 0940 intelppm - ok
16:59:08.0113 0940 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:59:08.0130 0940 IPBusEnum - ok
16:59:08.0133 0940 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:08.0150 0940 IpFilterDriver - ok
16:59:08.0156 0940 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:59:08.0164 0940 iphlpsvc - ok
16:59:08.0167 0940 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:59:08.0173 0940 IPMIDRV - ok
16:59:08.0176 0940 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:59:08.0193 0940 IPNAT - ok
16:59:08.0202 0940 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:59:08.0212 0940 iPod Service - ok
16:59:08.0214 0940 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:59:08.0221 0940 IRENUM - ok
16:59:08.0224 0940 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:59:08.0228 0940 isapnp - ok
16:59:08.0232 0940 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:59:08.0238 0940 iScsiPrt - ok
16:59:08.0241 0940 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:59:08.0245 0940 kbdclass - ok
16:59:08.0247 0940 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:59:08.0252 0940 kbdhid - ok
16:59:08.0254 0940 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:59:08.0259 0940 KeyIso - ok
16:59:08.0262 0940 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:59:08.0267 0940 KSecDD - ok
16:59:08.0271 0940 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:59:08.0276 0940 KSecPkg - ok
16:59:08.0278 0940 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:59:08.0296 0940 ksthunk - ok
16:59:08.0300 0940 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:59:08.0319 0940 KtmRm - ok
16:59:08.0323 0940 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:59:08.0341 0940 LanmanServer - ok
16:59:08.0344 0940 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:59:08.0361 0940 LanmanWorkstation - ok
16:59:08.0366 0940 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:59:08.0384 0940 lltdio - ok
16:59:08.0388 0940 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:59:08.0407 0940 lltdsvc - ok
16:59:08.0409 0940 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:59:08.0426 0940 lmhosts - ok
16:59:08.0429 0940 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:59:08.0434 0940 LSI_FC - ok
16:59:08.0437 0940 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:59:08.0442 0940 LSI_SAS - ok
16:59:08.0444 0940 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:59:08.0449 0940 LSI_SAS2 - ok
16:59:08.0451 0940 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:59:08.0456 0940 LSI_SCSI - ok
16:59:08.0459 0940 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:59:08.0476 0940 luafv - ok
16:59:08.0479 0940 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:59:08.0485 0940 Mcx2Svc - ok
16:59:08.0487 0940 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:59:08.0492 0940 megasas - ok
16:59:08.0496 0940 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:59:08.0502 0940 MegaSR - ok
16:59:08.0505 0940 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:59:08.0509 0940 MEIx64 - ok
16:59:08.0513 0940 Microsoft SharePoint Workspace Audit Service - ok
16:59:08.0515 0940 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:59:08.0532 0940 MMCSS - ok
16:59:08.0536 0940 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:59:08.0553 0940 Modem - ok
16:59:08.0555 0940 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:59:08.0561 0940 monitor - ok
16:59:08.0563 0940 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:59:08.0568 0940 mouclass - ok
16:59:08.0570 0940 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:59:08.0575 0940 mouhid - ok
16:59:08.0578 0940 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:59:08.0582 0940 mountmgr - ok
16:59:08.0585 0940 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:59:08.0590 0940 MozillaMaintenance - ok
16:59:08.0594 0940 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:59:08.0601 0940 MpFilter - ok
16:59:08.0605 0940 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:59:08.0610 0940 mpio - ok
16:59:08.0612 0940 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:59:08.0630 0940 mpsdrv - ok
16:59:08.0638 0940 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:59:08.0659 0940 MpsSvc - ok
16:59:08.0662 0940 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:59:08.0670 0940 MRxDAV - ok
16:59:08.0673 0940 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:08.0679 0940 mrxsmb - ok
16:59:08.0683 0940 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:08.0689 0940 mrxsmb10 - ok
16:59:08.0692 0940 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:08.0697 0940 mrxsmb20 - ok
16:59:08.0699 0940 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:59:08.0704 0940 msahci - ok
16:59:08.0707 0940 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:59:08.0712 0940 msdsm - ok
16:59:08.0715 0940 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:59:08.0721 0940 MSDTC - ok
16:59:08.0724 0940 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:59:08.0740 0940 Msfs - ok
16:59:08.0742 0940 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:59:08.0760 0940 mshidkmdf - ok
16:59:08.0761 0940 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:59:08.0766 0940 msisadrv - ok
16:59:08.0771 0940 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:59:08.0790 0940 MSiSCSI - ok
16:59:08.0792 0940 msiserver - ok
16:59:08.0793 0940 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:59:08.0810 0940 MSKSSRV - ok
16:59:08.0814 0940 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:59:08.0819 0940 MsMpSvc - ok
16:59:08.0820 0940 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:08.0837 0940 MSPCLOCK - ok
16:59:08.0839 0940 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:59:08.0855 0940 MSPQM - ok
16:59:08.0860 0940 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:59:08.0867 0940 MsRPC - ok
16:59:08.0870 0940 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:59:08.0874 0940 mssmbios - ok
16:59:08.0876 0940 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:59:08.0892 0940 MSTEE - ok
16:59:08.0894 0940 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:59:08.0899 0940 MTConfig - ok
16:59:08.0902 0940 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:59:08.0907 0940 Mup - ok
16:59:08.0912 0940 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:59:08.0932 0940 napagent - ok
16:59:08.0938 0940 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:59:08.0946 0940 NativeWifiP - ok
16:59:08.0956 0940 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:59:08.0967 0940 NDIS - ok
16:59:08.0969 0940 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:08.0986 0940 NdisCap - ok
16:59:08.0988 0940 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:09.0005 0940 NdisTapi - ok
16:59:09.0007 0940 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:09.0024 0940 Ndisuio - ok
16:59:09.0027 0940 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:09.0045 0940 NdisWan - ok
16:59:09.0047 0940 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:59:09.0064 0940 NDProxy - ok
16:59:09.0066 0940 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:59:09.0083 0940 NetBIOS - ok
16:59:09.0087 0940 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:59:09.0104 0940 NetBT - ok
16:59:09.0106 0940 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:59:09.0111 0940 Netlogon - ok
16:59:09.0115 0940 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:59:09.0134 0940 Netman - ok
16:59:09.0141 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:09.0146 0940 NetMsmqActivator - ok
16:59:09.0148 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:09.0152 0940 NetPipeActivator - ok
16:59:09.0157 0940 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:59:09.0177 0940 netprofm - ok
16:59:09.0187 0940 [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
16:59:09.0197 0940 netr28ux - ok
16:59:09.0199 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:09.0204 0940 NetTcpActivator - ok
16:59:09.0206 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:09.0210 0940 NetTcpPortSharing - ok
16:59:09.0212 0940 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:59:09.0216 0940 nfrd960 - ok
16:59:09.0219 0940 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:59:09.0225 0940 NisDrv - ok
16:59:09.0229 0940 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:59:09.0237 0940 NisSrv - ok
16:59:09.0241 0940 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:59:09.0247 0940 NlaSvc - ok
16:59:09.0249 0940 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:59:09.0266 0940 Npfs - ok
16:59:09.0268 0940 npggsvc - ok
16:59:09.0269 0940 NPPTNT2 - ok
16:59:09.0271 0940 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:59:09.0288 0940 nsi - ok
16:59:09.0291 0940 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:59:09.0307 0940 nsiproxy - ok
16:59:09.0323 0940 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:59:09.0340 0940 Ntfs - ok
16:59:09.0343 0940 nTuneService - ok
16:59:09.0344 0940 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:59:09.0361 0940 Null - ok
16:59:09.0364 0940 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:59:09.0369 0940 NVHDA - ok
16:59:09.0478 0940 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:59:09.0584 0940 nvlddmkm - ok
16:59:09.0588 0940 [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev C:\Windows\nvoclk64.sys
16:59:09.0591 0940 NVR0Dev - ok
16:59:09.0594 0940 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:59:09.0599 0940 nvraid - ok
16:59:09.0602 0940 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:59:09.0607 0940 nvstor - ok
16:59:09.0616 0940 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:59:09.0627 0940 nvsvc - ok
16:59:09.0638 0940 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:59:09.0651 0940 nvUpdatusService - ok
16:59:09.0654 0940 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:59:09.0659 0940 nv_agp - ok
16:59:09.0661 0940 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:59:09.0666 0940 ohci1394 - ok
16:59:09.0669 0940 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:09.0673 0940 ose - ok
16:59:09.0716 0940 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:59:09.0759 0940 osppsvc - ok
16:59:09.0765 0940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:59:09.0772 0940 p2pimsvc - ok
16:59:09.0777 0940 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:59:09.0784 0940 p2psvc - ok
16:59:09.0787 0940 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:59:09.0792 0940 Parport - ok
16:59:09.0794 0940 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:59:09.0799 0940 partmgr - ok
16:59:09.0802 0940 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:59:09.0810 0940 PcaSvc - ok
16:59:09.0814 0940 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:59:09.0819 0940 pci - ok
16:59:09.0821 0940 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:59:09.0825 0940 pciide - ok
16:59:09.0828 0940 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:59:09.0834 0940 pcmcia - ok
16:59:09.0836 0940 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:59:09.0840 0940 pcw - ok
16:59:09.0847 0940 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:59:09.0867 0940 PEAUTH - ok
16:59:09.0879 0940 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:59:09.0892 0940 PeerDistSvc - ok
16:59:09.0910 0940 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:59:09.0916 0940 PerfHost - ok
16:59:09.0931 0940 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:59:09.0955 0940 pla - ok
16:59:09.0960 0940 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:59:09.0968 0940 PlugPlay - ok
16:59:09.0969 0940 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:59:09.0974 0940 PNRPAutoReg - ok
16:59:09.0978 0940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:59:09.0985 0940 PNRPsvc - ok
16:59:09.0992 0940 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:59:10.0011 0940 PolicyAgent - ok
16:59:10.0015 0940 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:59:10.0033 0940 Power - ok
16:59:10.0036 0940 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:59:10.0052 0940 PptpMiniport - ok
16:59:10.0055 0940 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:59:10.0060 0940 Processor - ok
16:59:10.0064 0940 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:59:10.0070 0940 ProfSvc - ok
16:59:10.0071 0940 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:59:10.0076 0940 ProtectedStorage - ok
16:59:10.0079 0940 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:59:10.0096 0940 Psched - ok
16:59:10.0110 0940 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:59:10.0125 0940 ql2300 - ok
16:59:10.0128 0940 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:59:10.0133 0940 ql40xx - ok
16:59:10.0137 0940 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:59:10.0145 0940 QWAVE - ok
16:59:10.0147 0940 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:59:10.0154 0940 QWAVEdrv - ok
16:59:10.0156 0940 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:59:10.0173 0940 RasAcd - ok
16:59:10.0175 0940 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:59:10.0192 0940 RasAgileVpn - ok
16:59:10.0195 0940 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:59:10.0213 0940 RasAuto - ok
16:59:10.0215 0940 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:10.0232 0940 Rasl2tp - ok
16:59:10.0237 0940 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:59:10.0255 0940 RasMan - ok
16:59:10.0258 0940 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:10.0275 0940 RasPppoe - ok
16:59:10.0277 0940 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:59:10.0294 0940 RasSstp - ok
16:59:10.0299 0940 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:59:10.0317 0940 rdbss - ok
16:59:10.0319 0940 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:59:10.0326 0940 rdpbus - ok
16:59:10.0327 0940 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:10.0345 0940 RDPCDD - ok
16:59:10.0352 0940 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:59:10.0358 0940 RDPDR - ok
16:59:10.0359 0940 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:59:10.0376 0940 RDPENCDD - ok
16:59:10.0379 0940 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:59:10.0396 0940 RDPREFMP - ok
16:59:10.0403 0940 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:59:10.0407 0940 RdpVideoMiniport - ok
16:59:10.0410 0940 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:59:10.0416 0940 RDPWD - ok
16:59:10.0420 0940 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:59:10.0426 0940 rdyboost - ok
16:59:10.0428 0940 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:59:10.0446 0940 RemoteAccess - ok
16:59:10.0449 0940 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:59:10.0467 0940 RemoteRegistry - ok
16:59:10.0469 0940 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:59:10.0473 0940 RimUsb - ok
16:59:10.0476 0940 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:59:10.0494 0940 RpcEptMapper - ok
16:59:10.0496 0940 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:59:10.0501 0940 RpcLocator - ok
16:59:10.0507 0940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
16:59:10.0527 0940 RpcSs - ok
16:59:10.0529 0940 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:59:10.0546 0940 rspndr - ok
16:59:10.0548 0940 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:59:10.0553 0940 s3cap - ok
16:59:10.0555 0940 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:59:10.0559 0940 SamSs - ok
16:59:10.0562 0940 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:59:10.0567 0940 sbp2port - ok
16:59:10.0570 0940 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:59:10.0588 0940 SCardSvr - ok
16:59:10.0590 0940 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:59:10.0607 0940 scfilter - ok
16:59:10.0617 0940 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:59:10.0639 0940 Schedule - ok
16:59:10.0642 0940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:59:10.0658 0940 SCPolicySvc - ok
16:59:10.0661 0940 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:59:10.0667 0940 SDRSVC - ok
16:59:10.0669 0940 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:59:10.0686 0940 secdrv - ok
16:59:10.0688 0940 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:59:10.0705 0940 seclogon - ok
16:59:10.0707 0940 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:59:10.0724 0940 SENS - ok
16:59:10.0726 0940 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:59:10.0732 0940 SensrSvc - ok
16:59:10.0735 0940 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:59:10.0740 0940 Serenum - ok
16:59:10.0742 0940 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:59:10.0747 0940 Serial - ok
16:59:10.0749 0940 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:59:10.0754 0940 sermouse - ok
16:59:10.0759 0940 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:59:10.0776 0940 SessionEnv - ok
16:59:10.0778 0940 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:59:10.0784 0940 sffdisk - ok
16:59:10.0786 0940 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:59:10.0793 0940 sffp_mmc - ok
16:59:10.0794 0940 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:59:10.0801 0940 sffp_sd - ok
16:59:10.0803 0940 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:59:10.0808 0940 sfloppy - ok
16:59:10.0812 0940 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:59:10.0831 0940 SharedAccess - ok
16:59:10.0837 0940 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:59:10.0855 0940 ShellHWDetection - ok
16:59:10.0857 0940 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:59:10.0862 0940 SiSRaid2 - ok
16:59:10.0864 0940 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:59:10.0868 0940 SiSRaid4 - ok
16:59:10.0872 0940 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:59:10.0876 0940 SkypeUpdate - ok
16:59:10.0878 0940 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:59:10.0895 0940 Smb - ok
16:59:10.0899 0940 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:59:10.0905 0940 SNMPTRAP - ok
16:59:10.0907 0940 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:59:10.0911 0940 spldr - ok
16:59:10.0917 0940 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:59:10.0924 0940 Spooler - ok
16:59:10.0964 0940 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:59:11.0000 0940 sppsvc - ok
16:59:11.0002 0940 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:59:11.0020 0940 sppuinotify - ok
16:59:11.0026 0940 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:59:11.0033 0940 srv - ok
16:59:11.0039 0940 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:59:11.0046 0940 srv2 - ok
16:59:11.0049 0940 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:59:11.0054 0940 srvnet - ok
16:59:11.0057 0940 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
16:59:11.0061 0940 sscdbus - ok
16:59:11.0062 0940 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:59:11.0066 0940 sscdmdfl - ok
16:59:11.0069 0940 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
16:59:11.0074 0940 sscdmdm - ok
16:59:11.0077 0940 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
16:59:11.0081 0940 sscdserd - ok
16:59:11.0084 0940 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:59:11.0102 0940 SSDPSRV - ok
16:59:11.0104 0940 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:59:11.0122 0940 SstpSvc - ok
16:59:11.0124 0940 Steam Client Service - ok
16:59:11.0129 0940 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:59:11.0135 0940 Stereo Service - ok
16:59:11.0137 0940 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:59:11.0141 0940 stexstor - ok
16:59:11.0148 0940 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:59:11.0160 0940 stisvc - ok
16:59:11.0162 0940 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:59:11.0166 0940 storflt - ok
16:59:11.0169 0940 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:59:11.0173 0940 storvsc - ok
16:59:11.0175 0940 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:59:11.0179 0940 swenum - ok
16:59:11.0186 0940 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:59:11.0193 0940 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:59:11.0193 0940 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:59:11.0199 0940 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:59:11.0219 0940 swprv - ok
16:59:11.0220 0940 Synth3dVsc - ok
16:59:11.0236 0940 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:59:11.0253 0940 SysMain - ok
16:59:11.0256 0940 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:59:11.0264 0940 TabletInputService - ok
16:59:11.0266 0940 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
16:59:11.0271 0940 tap0901t - ok
16:59:11.0275 0940 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:59:11.0294 0940 TapiSrv - ok
16:59:11.0296 0940 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:59:11.0314 0940 TBS - ok
16:59:11.0331 0940 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:59:11.0350 0940 Tcpip - ok
16:59:11.0366 0940 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:59:11.0385 0940 TCPIP6 - ok
16:59:11.0388 0940 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:59:11.0392 0940 tcpipreg - ok
16:59:11.0394 0940 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:59:11.0399 0940 TDPIPE - ok
16:59:11.0401 0940 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:59:11.0406 0940 TDTCP - ok
16:59:11.0408 0940 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:59:11.0425 0940 tdx - ok
16:59:11.0451 0940 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:59:11.0476 0940 TeamViewer7 - ok
16:59:11.0479 0940 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:59:11.0483 0940 TermDD - ok
16:59:11.0492 0940 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:59:11.0512 0940 TermService - ok
16:59:11.0514 0940 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:59:11.0522 0940 Themes - ok
16:59:11.0524 0940 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:59:11.0541 0940 THREADORDER - ok
16:59:11.0544 0940 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:59:11.0562 0940 TrkWks - ok
16:59:11.0565 0940 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:59:11.0583 0940 TrustedInstaller - ok
16:59:11.0585 0940 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:11.0602 0940 tssecsrv - ok
16:59:11.0604 0940 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:59:11.0609 0940 TsUsbFlt - ok
16:59:11.0610 0940 tsusbhub - ok
16:59:11.0613 0940 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:59:11.0630 0940 tunnel - ok
16:59:11.0638 0940 [ 1A5F1301C1EA3B49D1222E9CBB552EBB ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
16:59:11.0646 0940 TunngleService - ok
16:59:11.0648 0940 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:59:11.0654 0940 uagp35 - ok
16:59:11.0658 0940 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:59:11.0676 0940 udfs - ok
16:59:11.0679 0940 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:59:11.0685 0940 UI0Detect - ok
16:59:11.0688 0940 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:59:11.0692 0940 uliagpkx - ok
16:59:11.0694 0940 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:59:11.0699 0940 umbus - ok
16:59:11.0701 0940 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:59:11.0706 0940 UmPass - ok
16:59:11.0709 0940 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:59:11.0715 0940 UmRdpService - ok
16:59:11.0721 0940 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:59:11.0740 0940 upnphost - ok
16:59:11.0742 0940 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:59:11.0747 0940 USBAAPL64 - ok
16:59:11.0752 0940 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:11.0757 0940 usbccgp - ok
16:59:11.0759 0940 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:59:11.0766 0940 usbcir - ok
16:59:11.0767 0940 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:59:11.0772 0940 usbehci - ok
16:59:11.0776 0940 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:59:11.0783 0940 usbhub - ok
16:59:11.0785 0940 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:59:11.0867 0940 usbohci - ok
16:59:11.0869 0940 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:59:11.0875 0940 usbprint - ok
16:59:11.0878 0940 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:11.0883 0940 USBSTOR - ok
16:59:11.0885 0940 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:59:11.0890 0940 usbuhci - ok
16:59:11.0892 0940 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:59:11.0909 0940 UxSms - ok
16:59:11.0910 0940 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:59:11.0915 0940 VaultSvc - ok
16:59:11.0918 0940 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:59:11.0922 0940 vdrvroot - ok
16:59:11.0929 0940 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:59:11.0948 0940 vds - ok
16:59:11.0951 0940 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:11.0958 0940 vga - ok
16:59:11.0959 0940 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:59:11.0976 0940 VgaSave - ok
16:59:11.0977 0940 VGPU - ok
16:59:11.0981 0940 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:59:11.0987 0940 vhdmp - ok
16:59:11.0988 0940 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:59:11.0993 0940 viaide - ok
16:59:11.0995 0940 [ F6FC245CC95D9035057B8E15232B5AD2 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
16:59:11.0999 0940 VirtuWDDM - ok
16:59:12.0002 0940 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:59:12.0008 0940 vmbus - ok
16:59:12.0009 0940 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:59:12.0014 0940 VMBusHID - ok
16:59:12.0018 0940 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:59:12.0023 0940 volmgr - ok
16:59:12.0028 0940 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:59:12.0035 0940 volmgrx - ok
16:59:12.0040 0940 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:59:12.0046 0940 volsnap - ok
16:59:12.0049 0940 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:59:12.0055 0940 vsmraid - ok
16:59:12.0078 0940 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:59:12.0103 0940 VSS - ok
16:59:12.0105 0940 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:59:12.0111 0940 vwifibus - ok
16:59:12.0113 0940 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:59:12.0120 0940 vwififlt - ok
16:59:12.0125 0940 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:59:12.0144 0940 W32Time - ok
16:59:12.0146 0940 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:59:12.0152 0940 WacomPen - ok
16:59:12.0154 0940 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:59:12.0171 0940 WANARP - ok
16:59:12.0173 0940 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:59:12.0189 0940 Wanarpv6 - ok
16:59:12.0203 0940 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:59:12.0217 0940 WatAdminSvc - ok
16:59:12.0235 0940 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:59:12.0248 0940 wbengine - ok
16:59:12.0254 0940 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:59:12.0262 0940 WbioSrvc - ok
16:59:12.0267 0940 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:59:12.0277 0940 wcncsvc - ok
16:59:12.0279 0940 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:59:12.0284 0940 WcsPlugInService - ok
16:59:12.0286 0940 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:59:12.0290 0940 Wd - ok
16:59:12.0298 0940 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:59:12.0308 0940 Wdf01000 - ok
16:59:12.0311 0940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:59:12.0321 0940 WdiServiceHost - ok
16:59:12.0323 0940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:59:12.0332 0940 WdiSystemHost - ok
16:59:12.0336 0940 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:59:12.0345 0940 WebClient - ok
16:59:12.0349 0940 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:59:12.0367 0940 Wecsvc - ok
16:59:12.0370 0940 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:59:12.0388 0940 wercplsupport - ok
16:59:12.0390 0940 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:59:12.0407 0940 WerSvc - ok
16:59:12.0409 0940 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:59:12.0426 0940 WfpLwf - ok
16:59:12.0427 0940 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:59:12.0432 0940 WIMMount - ok
16:59:12.0433 0940 WinDefend - ok
16:59:12.0436 0940 WinHttpAutoProxySvc - ok
16:59:12.0441 0940 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:59:12.0459 0940 Winmgmt - ok
16:59:12.0476 0940 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:59:12.0504 0940 WinRM - ok
16:59:12.0508 0940 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:59:12.0514 0940 WinUsb - ok
16:59:12.0522 0940 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:59:12.0535 0940 Wlansvc - ok
16:59:12.0557 0940 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:59:12.0578 0940 wlidsvc - ok
16:59:12.0580 0940 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:59:12.0585 0940 WmiAcpi - ok
16:59:12.0590 0940 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:59:12.0596 0940 wmiApSrv - ok
16:59:12.0597 0940 WMPNetworkSvc - ok
16:59:12.0601 0940 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:59:12.0606 0940 WPCSvc - ok
16:59:12.0609 0940 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:59:12.0615 0940 WPDBusEnum - ok
16:59:12.0617 0940 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:59:12.0634 0940 ws2ifsl - ok
16:59:12.0636 0940 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:59:12.0645 0940 wscsvc - ok
16:59:12.0646 0940 WSearch - ok
16:59:12.0669 0940 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:59:12.0692 0940 wuauserv - ok
16:59:12.0695 0940 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:59:12.0700 0940 WudfPf - ok
16:59:12.0703 0940 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:12.0709 0940 WUDFRd - ok
16:59:12.0712 0940 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:59:12.0718 0940 wudfsvc - ok
16:59:12.0721 0940 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:59:12.0730 0940 WwanSvc - ok
16:59:12.0732 0940 XcOFcQB - ok
16:59:12.0738 0940 ================ Scan global ===============================
16:59:12.0739 0940 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:59:12.0743 0940 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:59:12.0748 0940 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:59:12.0751 0940 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:59:12.0755 0940 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:59:12.0757 0940 [Global] - ok
16:59:12.0757 0940 ================ Scan MBR ==================================
16:59:12.0769 0940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:59:12.0804 0940 \Device\Harddisk0\DR0 - ok
16:59:12.0806 0940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:59:12.0901 0940 \Device\Harddisk1\DR1 - ok
16:59:12.0902 0940 ================ Scan VBR ==================================
16:59:12.0903 0940 [ 8106ACAF9CE7721EB407A55D6C533662 ] \Device\Harddisk0\DR0\Partition1
16:59:12.0903 0940 \Device\Harddisk0\DR0\Partition1 - ok
16:59:12.0916 0940 [ 800424296F552F2BE007AEA322357D95 ] \Device\Harddisk0\DR0\Partition2
16:59:12.0916 0940 \Device\Harddisk0\DR0\Partition2 - ok
16:59:12.0918 0940 [ 34E9D9FAF1A9F98194A7E54CC4D38D2E ] \Device\Harddisk1\DR1\Partition1
16:59:12.0918 0940 \Device\Harddisk1\DR1\Partition1 - ok
16:59:12.0919 0940 [ 6EC8DF861233CC23D0E6C8DC0571850E ] \Device\Harddisk1\DR1\Partition2
16:59:12.0920 0940 \Device\Harddisk1\DR1\Partition2 - ok
16:59:12.0920 0940 ============================================================
16:59:12.0920 0940 Scan finished
16:59:12.0920 0940 ============================================================
16:59:12.0924 2592 Detected object count: 3
16:59:12.0924 2592 Actual detected object count: 3
16:59:22.0229 2592 asmthub3 ( UnsignedFile.Multi.Generic ) - skipped by user
16:59:22.0229 2592 asmthub3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:59:22.0229 2592 asmtxhci ( UnsignedFile.Multi.Generic ) - skipped by user
16:59:22.0229 2592 asmtxhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:59:22.0230 2592 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:59:22.0230 2592 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:59:49.0490 1684 ============================================================
16:59:49.0490 1684 Scan started
16:59:49.0490 1684 Mode: Manual; SigCheck; TDLFS;
16:59:49.0490 1684 ============================================================
16:59:49.0605 1684 ================ Scan system memory ========================
16:59:49.0605 1684 System memory - ok
16:59:49.0605 1684 ================ Scan services =============================
16:59:49.0636 1684 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:59:49.0645 1684 1394ohci - ok
16:59:49.0650 1684 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:59:49.0657 1684 ACPI - ok
16:59:49.0659 1684 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:59:49.0665 1684 AcpiPmi - ok
16:59:49.0669 1684 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:59:49.0673 1684 AdobeARMservice - ok
16:59:49.0695 1684 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:49.0700 1684 AdobeFlashPlayerUpdateSvc - ok
16:59:49.0706 1684 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:49.0714 1684 adp94xx - ok
16:59:49.0719 1684 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:59:49.0726 1684 adpahci - ok
16:59:49.0729 1684 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:59:49.0734 1684 adpu320 - ok
16:59:49.0737 1684 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:59:49.0755 1684 AeLookupSvc - ok
16:59:49.0761 1684 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:59:49.0768 1684 AFD - ok
16:59:49.0770 1684 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:59:49.0775 1684 agp440 - ok
16:59:49.0777 1684 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:59:49.0783 1684 ALG - ok
16:59:49.0785 1684 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:59:49.0789 1684 aliide - ok
16:59:49.0807 1684 ALSysIO - ok
16:59:49.0810 1684 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:59:49.0814 1684 amdide - ok
16:59:49.0817 1684 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:59:49.0822 1684 AmdK8 - ok
16:59:49.0824 1684 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:59:49.0829 1684 AmdPPM - ok
16:59:49.0831 1684 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:59:49.0836 1684 amdsata - ok
16:59:49.0840 1684 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:49.0846 1684 amdsbs - ok
16:59:49.0848 1684 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:59:49.0853 1684 amdxata - ok
16:59:49.0856 1684 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:59:49.0872 1684 AppID - ok
16:59:49.0876 1684 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:59:49.0893 1684 AppIDSvc - ok
16:59:49.0895 1684 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:59:49.0912 1684 Appinfo - ok
16:59:49.0916 1684 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:49.0920 1684 Apple Mobile Device - ok
16:59:49.0923 1684 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:59:49.0929 1684 AppMgmt - ok
16:59:49.0931 1684 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:59:49.0936 1684 arc - ok
16:59:49.0938 1684 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:59:49.0943 1684 arcsas - ok
16:59:49.0946 1684 [ 6D9C024AA8F24065A6DBEAB1F431D854 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:59:49.0949 1684 asmthub3 ( UnsignedFile.Multi.Generic ) - warning
16:59:49.0950 1684 asmthub3 - detected UnsignedFile.Multi.Generic (1)
16:59:49.0956 1684 [ ECAD22F15D8F17CC04F24E9A6FB00F2F ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:59:49.0961 1684 asmtxhci ( UnsignedFile.Multi.Generic ) - warning
16:59:49.0961 1684 asmtxhci - detected UnsignedFile.Multi.Generic (1)
16:59:49.0969 1684 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:59:49.0973 1684 aspnet_state - ok
16:59:49.0976 1684 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:49.0993 1684 AsyncMac - ok
16:59:49.0995 1684 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:59:49.0999 1684 atapi - ok
16:59:50.0007 1684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:50.0027 1684 AudioEndpointBuilder - ok
16:59:50.0034 1684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:59:50.0054 1684 AudioSrv - ok
16:59:50.0057 1684 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:59:50.0065 1684 AxInstSV - ok
16:59:50.0070 1684 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:59:50.0077 1684 b06bdrv - ok
16:59:50.0081 1684 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:59:50.0088 1684 b57nd60a - ok
16:59:50.0091 1684 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:59:50.0096 1684 BDESVC - ok
16:59:50.0098 1684 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:59:50.0114 1684 Beep - ok
16:59:50.0123 1684 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:59:50.0143 1684 BFE - ok
16:59:50.0152 1684 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:59:50.0173 1684 BITS - ok
16:59:50.0176 1684 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:50.0181 1684 blbdrive - ok
16:59:50.0187 1684 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:50.0194 1684 Bonjour Service - ok
16:59:50.0197 1684 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:59:50.0201 1684 bowser - ok
16:59:50.0203 1684 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:50.0210 1684 BrFiltLo - ok
16:59:50.0211 1684 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:50.0217 1684 BrFiltUp - ok
16:59:50.0220 1684 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:59:50.0237 1684 BridgeMP - ok
16:59:50.0240 1684 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:59:50.0246 1684 Browser - ok
16:59:50.0249 1684 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:59:50.0255 1684 Brserid - ok
16:59:50.0258 1684 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:50.0264 1684 BrSerWdm - ok
16:59:50.0266 1684 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:50.0272 1684 BrUsbMdm - ok
16:59:50.0276 1684 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:50.0281 1684 BrUsbSer - ok
16:59:50.0287 1684 [ 9D7B3E989AED3DE53B13E514D3D3FDD2 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
16:59:50.0294 1684 BstHdAndroidSvc - ok
16:59:50.0296 1684 [ 82D92C0DF7FDA102E10D0E653316EB8A ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
16:59:50.0300 1684 BstHdDrv - ok
16:59:50.0304 1684 [ 4CA44453E9DD74FB2210A198B28199CD ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
16:59:50.0311 1684 BstHdLogRotatorSvc - ok
16:59:50.0313 1684 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:50.0319 1684 BTHMODEM - ok
16:59:50.0322 1684 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:59:50.0339 1684 bthserv - ok
16:59:50.0341 1684 catchme - ok
16:59:50.0346 1684 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:59:50.0363 1684 cdfs - ok
16:59:50.0366 1684 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:59:50.0372 1684 cdrom - ok
16:59:50.0374 1684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:59:50.0391 1684 CertPropSvc - ok
16:59:50.0393 1684 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:59:50.0399 1684 circlass - ok
16:59:50.0404 1684 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:59:50.0411 1684 CLFS - ok
16:59:50.0416 1684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:50.0420 1684 clr_optimization_v2.0.50727_32 - ok
16:59:50.0423 1684 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:59:50.0428 1684 clr_optimization_v2.0.50727_64 - ok
16:59:50.0434 1684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:50.0438 1684 clr_optimization_v4.0.30319_32 - ok
16:59:50.0441 1684 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:59:50.0445 1684 clr_optimization_v4.0.30319_64 - ok
16:59:50.0447 1684 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:50.0452 1684 CmBatt - ok
16:59:50.0454 1684 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:59:50.0458 1684 cmdide - ok
16:59:50.0464 1684 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:59:50.0475 1684 CNG - ok
16:59:50.0477 1684 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:59:50.0481 1684 Compbatt - ok
16:59:50.0484 1684 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:59:50.0490 1684 CompositeBus - ok
16:59:50.0493 1684 COMSysApp - ok
16:59:50.0513 1684 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:59:50.0519 1684 cphs - ok
16:59:50.0521 1684 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
16:59:50.0525 1684 cpuz135 - ok
16:59:50.0527 1684 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:59:50.0531 1684 crcdisk - ok
16:59:50.0535 1684 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:59:50.0541 1684 CryptSvc - ok
16:59:50.0548 1684 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:59:50.0555 1684 CSC - ok
16:59:50.0566 1684 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:59:50.0574 1684 CscService - ok
16:59:50.0576 1684 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
16:59:50.0581 1684 ctxusbm - ok
16:59:50.0583 1684 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
16:59:50.0586 1684 CVirtA - ok
16:59:50.0600 1684 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:59:50.0615 1684 CVPND - ok
16:59:50.0619 1684 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
16:59:50.0625 1684 CVPNDRVA - ok
16:59:50.0633 1684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:59:50.0652 1684 DcomLaunch - ok
16:59:50.0656 1684 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:59:50.0675 1684 defragsvc - ok
16:59:50.0677 1684 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:59:50.0694 1684 DfsC - ok
16:59:50.0699 1684 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:59:50.0705 1684 Dhcp - ok
16:59:50.0707 1684 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:59:50.0724 1684 discache - ok
16:59:50.0727 1684 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:59:50.0731 1684 Disk - ok
16:59:50.0735 1684 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
16:59:50.0739 1684 DNE - ok
16:59:50.0742 1684 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:59:50.0748 1684 Dnscache - ok
16:59:50.0752 1684 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:59:50.0769 1684 dot3svc - ok
16:59:50.0772 1684 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:59:50.0789 1684 DPS - ok
16:59:50.0793 1684 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:59:50.0799 1684 drmkaud - ok
16:59:50.0803 1684 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:59:50.0809 1684 dtsoftbus01 - ok
16:59:50.0820 1684 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:59:50.0831 1684 DXGKrnl - ok
16:59:50.0836 1684 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
16:59:50.0842 1684 e1cexpress - ok
16:59:50.0844 1684 EagleX64 - ok
16:59:50.0846 1684 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:59:50.0864 1684 EapHost - ok
16:59:50.0891 1684 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:59:50.0913 1684 ebdrv - ok
16:59:50.0915 1684 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:59:50.0920 1684 EFS - ok
16:59:50.0929 1684 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:59:50.0937 1684 ehRecvr - ok
16:59:50.0941 1684 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:59:50.0946 1684 ehSched - ok
16:59:50.0952 1684 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:59:50.0960 1684 elxstor - ok
16:59:50.0962 1684 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:59:50.0967 1684 ErrDev - ok
16:59:50.0970 1684 [ 932C05033053ADA2404FD836C9AB2C70 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
16:59:50.0974 1684 EuMusDesignVirtualAudioCableWdm - ok
16:59:50.0980 1684 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:59:50.0999 1684 EventSystem - ok
16:59:51.0002 1684 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:59:51.0020 1684 exfat - ok
16:59:51.0023 1684 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:59:51.0041 1684 fastfat - ok
16:59:51.0049 1684 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:59:51.0058 1684 Fax - ok
16:59:51.0060 1684 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:59:51.0065 1684 fdc - ok
16:59:51.0066 1684 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:59:51.0083 1684 fdPHost - ok
16:59:51.0085 1684 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:59:51.0102 1684 FDResPub - ok
16:59:51.0105 1684 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:59:51.0109 1684 FileInfo - ok
16:59:51.0111 1684 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:59:51.0128 1684 Filetrace - ok
16:59:51.0130 1684 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:51.0134 1684 flpydisk - ok
16:59:51.0139 1684 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:59:51.0145 1684 FltMgr - ok
16:59:51.0156 1684 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:59:51.0167 1684 FontCache - ok
16:59:51.0170 1684 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:59:51.0174 1684 FontCache3.0.0.0 - ok
16:59:51.0176 1684 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:59:51.0180 1684 FsDepends - ok
16:59:51.0182 1684 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:59:51.0187 1684 Fs_Rec - ok
16:59:51.0191 1684 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:59:51.0199 1684 fvevol - ok
16:59:51.0201 1684 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:51.0206 1684 gagp30kx - ok
16:59:51.0208 1684 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:51.0211 1684 GEARAspiWDM - ok
16:59:51.0213 1684 GGSAFERDriver - ok
16:59:51.0221 1684 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:59:51.0242 1684 gpsvc - ok
16:59:51.0244 1684 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:59:51.0248 1684 hamachi - ok
16:59:51.0269 1684 [ 848BB54F18819EC6D7B255B38697E239 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:59:51.0291 1684 Hamachi2Svc - ok
16:59:51.0294 1684 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:59:51.0299 1684 hcw85cir - ok
16:59:51.0303 1684 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:59:51.0311 1684 HdAudAddService - ok
16:59:51.0314 1684 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:59:51.0320 1684 HDAudBus - ok
16:59:51.0322 1684 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:51.0327 1684 HidBatt - ok
16:59:51.0330 1684 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:59:51.0337 1684 HidBth - ok
16:59:51.0339 1684 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:59:51.0345 1684 HidIr - ok
16:59:51.0347 1684 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:59:51.0364 1684 hidserv - ok
16:59:51.0366 1684 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:59:51.0371 1684 HidUsb - ok
16:59:51.0373 1684 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:59:51.0390 1684 hkmsvc - ok
16:59:51.0396 1684 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:59:51.0402 1684 HomeGroupListener - ok
16:59:51.0406 1684 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:59:51.0411 1684 HomeGroupProvider - ok
16:59:51.0414 1684 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:59:51.0419 1684 HpSAMD - ok
16:59:51.0428 1684 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:59:51.0448 1684 HTTP - ok
16:59:51.0450 1684 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:59:51.0454 1684 hwpolicy - ok
16:59:51.0457 1684 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:59:51.0462 1684 i8042prt - ok
16:59:51.0469 1684 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:59:51.0477 1684 iaStor - ok
16:59:51.0479 1684 [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:59:51.0483 1684 IAStorDataMgrSvc - ok
16:59:51.0488 1684 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:59:51.0495 1684 iaStorV - ok
16:59:51.0506 1684 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:59:51.0516 1684 idsvc - ok
16:59:51.0645 1684 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:59:51.0734 1684 igfx - ok
16:59:51.0738 1684 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:59:51.0743 1684 iirsp - ok
16:59:51.0751 1684 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:59:51.0772 1684 IKEEXT - ok
16:59:51.0777 1684 [ D7B978F4504D3DA95A21002863D0E7EE ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
16:59:51.0782 1684 Intel® PROSet Monitoring Service - ok
16:59:51.0784 1684 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:59:51.0788 1684 intelide - ok
16:59:51.0791 1684 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:59:51.0796 1684 intelppm - ok
16:59:51.0798 1684 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:59:51.0816 1684 IPBusEnum - ok
16:59:51.0818 1684 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:51.0835 1684 IpFilterDriver - ok
16:59:51.0841 1684 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:59:51.0849 1684 iphlpsvc - ok
16:59:51.0852 1684 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:59:51.0857 1684 IPMIDRV - ok
16:59:51.0860 1684 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:59:51.0877 1684 IPNAT - ok
16:59:51.0886 1684 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:59:51.0896 1684 iPod Service - ok
16:59:51.0898 1684 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:59:51.0905 1684 IRENUM - ok
16:59:51.0910 1684 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:59:51.0915 1684 isapnp - ok
16:59:51.0919 1684 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:59:51.0925 1684 iScsiPrt - ok
16:59:51.0927 1684 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:59:51.0932 1684 kbdclass - ok
16:59:51.0934 1684 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:59:51.0939 1684 kbdhid - ok
16:59:51.0942 1684 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:59:51.0948 1684 KeyIso - ok
16:59:51.0950 1684 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:59:51.0955 1684 KSecDD - ok
16:59:51.0958 1684 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:59:51.0963 1684 KSecPkg - ok
16:59:51.0965 1684 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:59:51.0982 1684 ksthunk - ok
16:59:51.0986 1684 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:59:52.0005 1684 KtmRm - ok
16:59:52.0011 1684 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:59:52.0029 1684 LanmanServer - ok
16:59:52.0032 1684 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:59:52.0049 1684 LanmanWorkstation - ok
16:59:52.0052 1684 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:59:52.0068 1684 lltdio - ok
16:59:52.0072 1684 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:59:52.0091 1684 lltdsvc - ok
16:59:52.0093 1684 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:59:52.0110 1684 lmhosts - ok
16:59:52.0113 1684 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:59:52.0119 1684 LSI_FC - ok
16:59:52.0121 1684 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:59:52.0126 1684 LSI_SAS - ok
16:59:52.0129 1684 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:59:52.0133 1684 LSI_SAS2 - ok
16:59:52.0136 1684 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:59:52.0141 1684 LSI_SCSI - ok
16:59:52.0144 1684 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:59:52.0161 1684 luafv - ok
16:59:52.0163 1684 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:59:52.0169 1684 Mcx2Svc - ok
16:59:52.0171 1684 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:59:52.0176 1684 megasas - ok
16:59:52.0180 1684 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:59:52.0186 1684 MegaSR - ok
16:59:52.0193 1684 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:59:52.0197 1684 MEIx64 - ok
16:59:52.0201 1684 Microsoft SharePoint Workspace Audit Service - ok
16:59:52.0203 1684 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:59:52.0221 1684 MMCSS - ok
16:59:52.0223 1684 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:59:52.0239 1684 Modem - ok
16:59:52.0243 1684 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:59:52.0249 1684 monitor - ok
16:59:52.0251 1684 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:59:52.0256 1684 mouclass - ok
16:59:52.0258 1684 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:59:52.0263 1684 mouhid - ok
16:59:52.0265 1684 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:59:52.0270 1684 mountmgr - ok
16:59:52.0273 1684 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:59:52.0278 1684 MozillaMaintenance - ok
16:59:52.0282 1684 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:59:52.0289 1684 MpFilter - ok
16:59:52.0292 1684 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:59:52.0297 1684 mpio - ok
16:59:52.0300 1684 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:59:52.0317 1684 mpsdrv - ok
16:59:52.0326 1684 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:59:52.0346 1684 MpsSvc - ok
16:59:52.0349 1684 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:59:52.0358 1684 MRxDAV - ok
16:59:52.0360 1684 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:52.0366 1684 mrxsmb - ok
16:59:52.0370 1684 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:52.0376 1684 mrxsmb10 - ok
16:59:52.0379 1684 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:52.0384 1684 mrxsmb20 - ok
16:59:52.0386 1684 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:59:52.0391 1684 msahci - ok
16:59:52.0393 1684 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:59:52.0399 1684 msdsm - ok
16:59:52.0401 1684 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:59:52.0407 1684 MSDTC - ok
16:59:52.0412 1684 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:59:52.0429 1684 Msfs - ok
16:59:52.0430 1684 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:59:52.0447 1684 mshidkmdf - ok
16:59:52.0449 1684 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:59:52.0453 1684 msisadrv - ok
16:59:52.0457 1684 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:59:52.0475 1684 MSiSCSI - ok
16:59:52.0478 1684 msiserver - ok
16:59:52.0480 1684 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:59:52.0496 1684 MSKSSRV - ok
16:59:52.0498 1684 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:59:52.0503 1684 MsMpSvc - ok
16:59:52.0505 1684 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:52.0522 1684 MSPCLOCK - ok
16:59:52.0524 1684 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:59:52.0540 1684 MSPQM - ok
16:59:52.0545 1684 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:59:52.0552 1684 MsRPC - ok
16:59:52.0555 1684 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:59:52.0560 1684 mssmbios - ok
16:59:52.0562 1684 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:59:52.0578 1684 MSTEE - ok
16:59:52.0580 1684 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:59:52.0585 1684 MTConfig - ok
16:59:52.0587 1684 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:59:52.0592 1684 Mup - ok
16:59:52.0598 1684 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:59:52.0617 1684 napagent - ok
16:59:52.0621 1684 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:59:52.0630 1684 NativeWifiP - ok
16:59:52.0639 1684 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:59:52.0651 1684 NDIS - ok
16:59:52.0653 1684 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:52.0670 1684 NdisCap - ok
16:59:52.0672 1684 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:52.0689 1684 NdisTapi - ok
16:59:52.0693 1684 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:52.0709 1684 Ndisuio - ok
16:59:52.0712 1684 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:52.0729 1684 NdisWan - ok
16:59:52.0731 1684 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:59:52.0748 1684 NDProxy - ok
16:59:52.0750 1684 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:59:52.0767 1684 NetBIOS - ok
16:59:52.0771 1684 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:59:52.0788 1684 NetBT - ok
16:59:52.0802 1684 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:59:52.0807 1684 Netlogon - ok
16:59:52.0812 1684 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:59:52.0831 1684 Netman - ok
16:59:52.0837 1684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:52.0841 1684 NetMsmqActivator - ok
16:59:52.0844 1684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:52.0848 1684 NetPipeActivator - ok
16:59:52.0854 1684 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:59:52.0874 1684 netprofm - ok
16:59:52.0884 1684 [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
16:59:52.0894 1684 netr28ux - ok
16:59:52.0897 1684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:52.0901 1684 NetTcpActivator - ok
16:59:52.0904 1684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:52.0908 1684 NetTcpPortSharing - ok
16:59:52.0910 1684 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:59:52.0915 1684 nfrd960 - ok
16:59:52.0918 1684 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:59:52.0924 1684 NisDrv - ok
16:59:52.0929 1684 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:59:52.0937 1684 NisSrv - ok
16:59:52.0941 1684 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:59:52.0948 1684 NlaSvc - ok
16:59:52.0950 1684 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:59:52.0967 1684 Npfs - ok
16:59:52.0969 1684 npggsvc - ok
16:59:52.0970 1684 NPPTNT2 - ok
16:59:52.0972 1684 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:59:52.0990 1684 nsi - ok
16:59:52.0992 1684 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:59:53.0009 1684 nsiproxy - ok
16:59:53.0025 1684 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:59:53.0042 1684 Ntfs - ok
16:59:53.0045 1684 nTuneService - ok
16:59:53.0047 1684 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:59:53.0064 1684 Null - ok
16:59:53.0068 1684 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:59:53.0072 1684 NVHDA - ok
16:59:53.0182 1684 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:59:53.0289 1684 nvlddmkm - ok
16:59:53.0293 1684 [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev C:\Windows\nvoclk64.sys
16:59:53.0296 1684 NVR0Dev - ok
16:59:53.0299 1684 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:59:53.0305 1684 nvraid - ok
16:59:53.0308 1684 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:59:53.0313 1684 nvstor - ok
16:59:53.0322 1684 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:59:53.0333 1684 nvsvc - ok
16:59:53.0344 1684 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:59:53.0357 1684 nvUpdatusService - ok
16:59:53.0360 1684 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:59:53.0365 1684 nv_agp - ok
16:59:53.0367 1684 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:59:53.0373 1684 ohci1394 - ok
16:59:53.0376 1684 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:53.0381 1684 ose - ok
16:59:53.0424 1684 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:59:53.0466 1684 osppsvc - ok
16:59:53.0472 1684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:59:53.0479 1684 p2pimsvc - ok
16:59:53.0484 1684 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:59:53.0492 1684 p2psvc - ok
16:59:53.0495 1684 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:59:53.0500 1684 Parport - ok
16:59:53.0502 1684 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:59:53.0507 1684 partmgr - ok
16:59:53.0510 1684 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:59:53.0519 1684 PcaSvc - ok
16:59:53.0522 1684 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:59:53.0528 1684 pci - ok
16:59:53.0530 1684 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:59:53.0534 1684 pciide - ok
16:59:53.0538 1684 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:59:53.0544 1684 pcmcia - ok
16:59:53.0546 1684 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:59:53.0550 1684 pcw - ok
16:59:53.0557 1684 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:59:53.0577 1684 PEAUTH - ok
16:59:53.0589 1684 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:59:53.0602 1684 PeerDistSvc - ok
16:59:53.0620 1684 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:59:53.0625 1684 PerfHost - ok
16:59:53.0640 1684 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:59:53.0664 1684 pla - ok
16:59:53.0669 1684 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:59:53.0677 1684 PlugPlay - ok
16:59:53.0679 1684 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:59:53.0684 1684 PNRPAutoReg - ok
16:59:53.0689 1684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:59:53.0695 1684 PNRPsvc - ok
16:59:53.0702 1684 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:59:53.0721 1684 PolicyAgent - ok
16:59:53.0725 1684 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:59:53.0743 1684 Power - ok
16:59:53.0745 1684 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:59:53.0762 1684 PptpMiniport - ok
16:59:53.0764 1684 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:59:53.0769 1684 Processor - ok
16:59:53.0773 1684 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:59:53.0779 1684 ProfSvc - ok
16:59:53.0781 1684 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:59:53.0786 1684 ProtectedStorage - ok
16:59:53.0789 1684 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:59:53.0805 1684 Psched - ok
16:59:53.0820 1684 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:59:53.0836 1684 ql2300 - ok
16:59:53.0839 1684 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:59:53.0844 1684 ql40xx - ok
16:59:53.0848 1684 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:59:53.0857 1684 QWAVE - ok
16:59:53.0859 1684 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:59:53.0866 1684 QWAVEdrv - ok
16:59:53.0867 1684 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:59:53.0885 1684 RasAcd - ok
16:59:53.0887 1684 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:59:53.0904 1684 RasAgileVpn - ok
16:59:53.0909 1684 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:59:53.0926 1684 RasAuto - ok
16:59:53.0929 1684 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:53.0946 1684 Rasl2tp - ok
16:59:53.0950 1684 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:59:53.0969 1684 RasMan - ok
16:59:53.0972 1684 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:53.0989 1684 RasPppoe - ok
16:59:53.0991 1684 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:59:54.0008 1684 RasSstp - ok
16:59:54.0013 1684 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:59:54.0030 1684 rdbss - ok
16:59:54.0032 1684 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:59:54.0038 1684 rdpbus - ok
16:59:54.0042 1684 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:54.0058 1684 RDPCDD - ok
16:59:54.0062 1684 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:59:54.0067 1684 RDPDR - ok
16:59:54.0069 1684 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:59:54.0086 1684 RDPENCDD - ok
16:59:54.0089 1684 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:59:54.0105 1684 RDPREFMP - ok
16:59:54.0109 1684 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:59:54.0114 1684 RdpVideoMiniport - ok
16:59:54.0117 1684 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:59:54.0122 1684 RDPWD - ok
16:59:54.0126 1684 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:59:54.0132 1684 rdyboost - ok
16:59:54.0134 1684 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:59:54.0152 1684 RemoteAccess - ok
16:59:54.0155 1684 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:59:54.0173 1684 RemoteRegistry - ok
16:59:54.0176 1684 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:59:54.0180 1684 RimUsb - ok
16:59:54.0182 1684 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:59:54.0201 1684 RpcEptMapper - ok
16:59:54.0203 1684 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:59:54.0208 1684 RpcLocator - ok
16:59:54.0215 1684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
16:59:54.0234 1684 RpcSs - ok
16:59:54.0236 1684 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:59:54.0254 1684 rspndr - ok
16:59:54.0256 1684 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:59:54.0260 1684 s3cap - ok
16:59:54.0262 1684 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:59:54.0267 1684 SamSs - ok
16:59:54.0270 1684 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:59:54.0275 1684 sbp2port - ok
16:59:54.0278 1684 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:59:54.0296 1684 SCardSvr - ok
16:59:54.0298 1684 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:59:54.0315 1684 scfilter - ok
16:59:54.0325 1684 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:59:54.0348 1684 Schedule - ok
16:59:54.0350 1684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:59:54.0366 1684 SCPolicySvc - ok
16:59:54.0370 1684 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:59:54.0376 1684 SDRSVC - ok
16:59:54.0378 1684 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:59:54.0394 1684 secdrv - ok
16:59:54.0396 1684 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:59:54.0413 1684 seclogon - ok
16:59:54.0415 1684 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:59:54.0432 1684 SENS - ok
16:59:54.0435 1684 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:59:54.0439 1684 SensrSvc - ok
16:59:54.0442 1684 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:59:54.0447 1684 Serenum - ok
16:59:54.0450 1684 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:59:54.0455 1684 Serial - ok
16:59:54.0457 1684 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:59:54.0461 1684 sermouse - ok
16:59:54.0466 1684 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:59:54.0483 1684 SessionEnv - ok
16:59:54.0485 1684 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:59:54.0491 1684 sffdisk - ok
16:59:54.0493 1684 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:59:54.0499 1684 sffp_mmc - ok
16:59:54.0501 1684 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:59:54.0507 1684 sffp_sd - ok
16:59:54.0510 1684 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:59:54.0515 1684 sfloppy - ok
16:59:54.0519 1684 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:59:54.0538 1684 SharedAccess - ok
16:59:54.0543 1684 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:59:54.0561 1684 ShellHWDetection - ok
16:59:54.0563 1684 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:59:54.0568 1684 SiSRaid2 - ok
16:59:54.0570 1684 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:59:54.0575 1684 SiSRaid4 - ok
16:59:54.0579 1684 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:59:54.0584 1684 SkypeUpdate - ok
16:59:54.0586 1684 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:59:54.0603 1684 Smb - ok
16:59:54.0606 1684 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:59:54.0612 1684 SNMPTRAP - ok
16:59:54.0614 1684 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:59:54.0619 1684 spldr - ok
16:59:54.0625 1684 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:59:54.0633 1684 Spooler - ok
16:59:54.0671 1684 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:59:54.0707 1684 sppsvc - ok
16:59:54.0709 1684 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:59:54.0727 1684 sppuinotify - ok
16:59:54.0732 1684 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:59:54.0739 1684 srv - ok
16:59:54.0744 1684 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:59:54.0750 1684 srv2 - ok
16:59:54.0753 1684 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:59:54.0759 1684 srvnet - ok
16:59:54.0762 1684 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
16:59:54.0766 1684 sscdbus - ok
16:59:54.0769 1684 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:59:54.0772 1684 sscdmdfl - ok
16:59:54.0775 1684 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
16:59:54.0780 1684 sscdmdm - ok
16:59:54.0783 1684 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
16:59:54.0787 1684 sscdserd - ok
16:59:54.0792 1684 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:59:54.0810 1684 SSDPSRV - ok
16:59:54.0813 1684 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:59:54.0830 1684 SstpSvc - ok
16:59:54.0831 1684 Steam Client Service - ok
16:59:54.0837 1684 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:59:54.0843 1684 Stereo Service - ok
16:59:54.0846 1684 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:59:54.0850 1684 stexstor - ok
16:59:54.0857 1684 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:59:54.0868 1684 stisvc - ok
16:59:54.0871 1684 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:59:54.0875 1684 storflt - ok
16:59:54.0877 1684 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:59:54.0882 1684 storvsc - ok
16:59:54.0884 1684 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:59:54.0888 1684 swenum - ok
16:59:54.0896 1684 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:59:54.0903 1684 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:59:54.0903 1684 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:59:54.0909 1684 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:59:54.0929 1684 swprv - ok
16:59:54.0930 1684 Synth3dVsc - ok
16:59:54.0946 1684 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:59:54.0963 1684 SysMain - ok
16:59:54.0966 1684 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:59:54.0974 1684 TabletInputService - ok
16:59:54.0976 1684 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
16:59:54.0981 1684 tap0901t - ok
16:59:54.0985 1684 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:59:55.0004 1684 TapiSrv - ok
16:59:55.0007 1684 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:59:55.0024 1684 TBS - ok
16:59:55.0041 1684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:59:55.0060 1684 Tcpip - ok
16:59:55.0077 1684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:59:55.0096 1684 TCPIP6 - ok
16:59:55.0099 1684 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:59:55.0103 1684 tcpipreg - ok
16:59:55.0106 1684 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:59:55.0111 1684 TDPIPE - ok
16:59:55.0113 1684 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:59:55.0117 1684 TDTCP - ok
16:59:55.0120 1684 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:59:55.0137 1684 tdx - ok
16:59:55.0163 1684 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:59:55.0188 1684 TeamViewer7 - ok
16:59:55.0192 1684 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:59:55.0197 1684 TermDD - ok
16:59:55.0205 1684 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:59:55.0225 1684 TermService - ok
16:59:55.0228 1684 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:59:55.0235 1684 Themes - ok
16:59:55.0237 1684 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:59:55.0254 1684 THREADORDER - ok
16:59:55.0259 1684 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:59:55.0277 1684 TrkWks - ok
16:59:55.0281 1684 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:59:55.0298 1684 TrustedInstaller - ok
16:59:55.0300 1684 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:55.0316 1684 tssecsrv - ok
16:59:55.0319 1684 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:59:55.0323 1684 TsUsbFlt - ok
16:59:55.0325 1684 tsusbhub - ok
16:59:55.0328 1684 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:59:55.0344 1684 tunnel - ok
16:59:55.0352 1684 [ 1A5F1301C1EA3B49D1222E9CBB552EBB ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
16:59:55.0361 1684 TunngleService - ok
16:59:55.0364 1684 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:59:55.0368 1684 uagp35 - ok
16:59:55.0373 1684 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:59:55.0391 1684 udfs - ok
16:59:55.0394 1684 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:59:55.0400 1684 UI0Detect - ok
16:59:55.0402 1684 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:59:55.0407 1684 uliagpkx - ok
16:59:55.0409 1684 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:59:55.0414 1684 umbus - ok
16:59:55.0416 1684 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:59:55.0421 1684 UmPass - ok
16:59:55.0426 1684 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:59:55.0432 1684 UmRdpService - ok
16:59:55.0437 1684 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:59:55.0456 1684 upnphost - ok
16:59:55.0459 1684 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:59:55.0462 1684 USBAAPL64 - ok
16:59:55.0466 1684 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:55.0470 1684 usbccgp - ok
16:59:55.0473 1684 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:59:55.0479 1684 usbcir - ok
16:59:55.0481 1684 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:59:55.0486 1684 usbehci - ok
16:59:55.0490 1684 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:59:55.0496 1684 usbhub - ok
16:59:55.0499 1684 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:59:55.0504 1684 usbohci - ok
16:59:55.0506 1684 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:59:55.0512 1684 usbprint - ok
16:59:55.0514 1684 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:55.0519 1684 USBSTOR - ok
16:59:55.0521 1684 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:59:55.0526 1684 usbuhci - ok
16:59:55.0528 1684 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:59:55.0545 1684 UxSms - ok
16:59:55.0547 1684 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:59:55.0552 1684 VaultSvc - ok
16:59:55.0554 1684 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:59:55.0559 1684 vdrvroot - ok
16:59:55.0565 1684 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:59:55.0584 1684 vds - ok
16:59:55.0586 1684 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:55.0593 1684 vga - ok
16:59:55.0594 1684 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:59:55.0611 1684 VgaSave - ok
16:59:55.0613 1684 VGPU - ok
16:59:55.0616 1684 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:59:55.0622 1684 vhdmp - ok
16:59:55.0627 1684 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:59:55.0631 1684 viaide - ok
16:59:55.0634 1684 [ F6FC245CC95D9035057B8E15232B5AD2 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
16:59:55.0638 1684 VirtuWDDM - ok
16:59:55.0641 1684 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:59:55.0647 1684 vmbus - ok
16:59:55.0649 1684 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:59:55.0653 1684 VMBusHID - ok
16:59:55.0655 1684 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:59:55.0660 1684 volmgr - ok
16:59:55.0666 1684 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:59:55.0673 1684 volmgrx - ok
16:59:55.0678 1684 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:59:55.0684 1684 volsnap - ok
16:59:55.0687 1684 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:59:55.0693 1684 vsmraid - ok
16:59:55.0708 1684 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:59:55.0732 1684 VSS - ok
16:59:55.0734 1684 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:59:55.0740 1684 vwifibus - ok
16:59:55.0743 1684 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:59:55.0750 1684 vwififlt - ok
16:59:55.0754 1684 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:59:55.0774 1684 W32Time - ok
16:59:55.0776 1684 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:59:55.0781 1684 WacomPen - ok
16:59:55.0784 1684 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:59:55.0800 1684 WANARP - ok
16:59:55.0802 1684 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:59:55.0818 1684 Wanarpv6 - ok
16:59:55.0832 1684 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:59:55.0846 1684 WatAdminSvc - ok
16:59:55.0864 1684 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:59:55.0878 1684 wbengine - ok
16:59:55.0881 1684 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:59:55.0890 1684 WbioSrvc - ok
16:59:55.0894 1684 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:59:55.0904 1684 wcncsvc - ok
16:59:55.0908 1684 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:59:55.0913 1684 WcsPlugInService - ok
16:59:55.0915 1684 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:59:55.0920 1684 Wd - ok
16:59:55.0927 1684 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:59:55.0938 1684 Wdf01000 - ok
16:59:55.0942 1684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:59:55.0950 1684 WdiServiceHost - ok
16:59:55.0952 1684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:59:55.0960 1684 WdiSystemHost - ok
16:59:55.0964 1684 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:59:55.0974 1684 WebClient - ok
16:59:55.0978 1684 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:59:55.0996 1684 Wecsvc - ok
16:59:55.0999 1684 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:59:56.0016 1684 wercplsupport - ok
16:59:56.0019 1684 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:59:56.0036 1684 WerSvc - ok
16:59:56.0038 1684 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:59:56.0055 1684 WfpLwf - ok
16:59:56.0057 1684 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:59:56.0061 1684 WIMMount - ok
16:59:56.0063 1684 WinDefend - ok
16:59:56.0066 1684 WinHttpAutoProxySvc - ok
16:59:56.0072 1684 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:59:56.0090 1684 Winmgmt - ok
16:59:56.0107 1684 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:59:56.0135 1684 WinRM - ok
16:59:56.0140 1684 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:59:56.0147 1684 WinUsb - ok
16:59:56.0156 1684 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:59:56.0168 1684 Wlansvc - ok
16:59:56.0190 1684 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:59:56.0212 1684 wlidsvc - ok
16:59:56.0214 1684 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:59:56.0219 1684 WmiAcpi - ok
16:59:56.0223 1684 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:59:56.0229 1684 wmiApSrv - ok
16:59:56.0230 1684 WMPNetworkSvc - ok
16:59:56.0232 1684 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:59:56.0237 1684 WPCSvc - ok
16:59:56.0242 1684 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:59:56.0249 1684 WPDBusEnum - ok
16:59:56.0251 1684 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:59:56.0267 1684 ws2ifsl - ok
16:59:56.0270 1684 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:59:56.0278 1684 wscsvc - ok
16:59:56.0280 1684 WSearch - ok
16:59:56.0303 1684 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:59:56.0327 1684 wuauserv - ok
16:59:56.0329 1684 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:59:56.0334 1684 WudfPf - ok
16:59:56.0337 1684 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:56.0343 1684 WUDFRd - ok
16:59:56.0346 1684 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:59:56.0352 1684 wudfsvc - ok
16:59:56.0355 1684 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:59:56.0364 1684 WwanSvc - ok
16:59:56.0366 1684 XcOFcQB - ok
16:59:56.0370 1684 ================ Scan global ===============================
16:59:56.0373 1684 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:59:56.0377 1684 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:59:56.0380 1684 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:59:56.0383 1684 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:59:56.0388 1684 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:59:56.0389 1684 [Global] - ok
16:59:56.0389 1684 ================ Scan MBR ==================================
16:59:56.0390 1684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:59:56.0393 1684 \Device\Harddisk0\DR0 - ok
16:59:56.0394 1684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:59:56.0490 1684 \Device\Harddisk1\DR1 - ok
16:59:56.0490 1684 ================ Scan VBR ==================================
16:59:56.0491 1684 [ 8106ACAF9CE7721EB407A55D6C533662 ] \Device\Harddisk0\DR0\Partition1
16:59:56.0492 1684 \Device\Harddisk0\DR0\Partition1 - ok
16:59:56.0493 1684 [ 800424296F552F2BE007AEA322357D95 ] \Device\Harddisk0\DR0\Partition2
16:59:56.0493 1684 \Device\Harddisk0\DR0\Partition2 - ok
16:59:56.0495 1684 [ 34E9D9FAF1A9F98194A7E54CC4D38D2E ] \Device\Harddisk1\DR1\Partition1
16:59:56.0495 1684 \Device\Harddisk1\DR1\Partition1 - ok
16:59:56.0496 1684 [ 6EC8DF861233CC23D0E6C8DC0571850E ] \Device\Harddisk1\DR1\Partition2
16:59:56.0497 1684 \Device\Harddisk1\DR1\Partition2 - ok
16:59:56.0497 1684 ============================================================
16:59:56.0497 1684 Scan finished
16:59:56.0497 1684 ============================================================
16:59:56.0500 3256 Detected object count: 3
16:59:56.0500 3256 Actual detected object count: 3
17:00:03.0493 3256 asmthub3 ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:03.0493 3256 asmthub3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:03.0494 3256 asmtxhci ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:03.0494 3256 asmtxhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:03.0494 3256 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:03.0494 3256 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip





nothing found
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you recognise this file ?

C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\多玩
  • 0

#9
yangcliu

yangcliu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Uhh actually yeah haha. That shouldnt be the problem. Next step?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK are any other systems that use you router experiencing the same problem ?
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP