Jump to content

Ping.Exe Virus


Recommended Posts

This virus deleted a vital part of microsoft security essentials before I even knew I had it. i noticed MSE was deactivated and trying to start it yielded the dialogue box

"Couldn't start Security Essentials service

The specified service does not exist as an installed service"

I downloaded Malwarebytes and accepted the full version trial. Malwarebytes was able to locate the virus but couldn't totally remove it. It's under windows\installer\[random-letters here]\U

I ended some processes at this point causing a reset of my computer

Upon restarting my computer I get two error messages

"Run DLL

There was a problem starting c\users\[my user]\appdata\local\temp\ orosc.dll [and] oseals.dll "

Having looked at other PING.exe topics i tried running TDSSkiller but it does not find the virus.

Includeded are my DDS logs.

DDS.txtAttach.txt

Thanks in advance

Link to post
Share on other sites

Hello Esskay and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall µTorrent, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Please manually delete your TDSSKiller copy and then download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Please follow my instructions strictly:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
In your next reply, post the following log files:
Link to post
Share on other sites

TDSSKiller:

22:28:26.0424 3796 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

22:28:26.0595 3796 ============================================================

22:28:26.0595 3796 Current date / time: 2012/06/03 22:28:26.0595

22:28:26.0595 3796 SystemInfo:

22:28:26.0595 3796

22:28:26.0595 3796 OS Version: 6.1.7601 ServicePack: 1.0

22:28:26.0595 3796 Product type: Workstation

22:28:26.0595 3796 ComputerName: KIM-JONG-IL

22:28:26.0595 3796 UserName: Kelvin

22:28:26.0595 3796 Windows directory: C:\Windows

22:28:26.0595 3796 System windows directory: C:\Windows

22:28:26.0595 3796 Running under WOW64

22:28:26.0595 3796 Processor architecture: Intel x64

22:28:26.0595 3796 Number of processors: 4

22:28:26.0595 3796 Page size: 0x1000

22:28:26.0595 3796 Boot type: Normal boot

22:28:26.0595 3796 ============================================================

22:28:27.0422 3796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:28:27.0438 3796 ============================================================

22:28:27.0438 3796 \Device\Harddisk0\DR0:

22:28:27.0438 3796 MBR partitions:

22:28:27.0438 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:28:27.0438 3796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

22:28:27.0438 3796 ============================================================

22:28:27.0469 3796 C: <-> \Device\Harddisk0\DR0\Partition1

22:28:27.0469 3796 ============================================================

22:28:27.0469 3796 Initialize success

22:28:27.0469 3796 ============================================================

22:28:37.0063 2824 ============================================================

22:28:37.0063 2824 Scan started

22:28:37.0063 2824 Mode: Manual; SigCheck; TDLFS;

22:28:37.0063 2824 ============================================================

22:28:37.0983 2824 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:28:38.0061 2824 1394ohci - ok

22:28:38.0093 2824 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:28:38.0108 2824 ACPI - ok

22:28:38.0124 2824 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:28:38.0124 2824 AcpiPmi - ok

22:28:38.0249 2824 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:28:38.0264 2824 AdobeARMservice - ok

22:28:38.0311 2824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

22:28:38.0342 2824 adp94xx - ok

22:28:38.0358 2824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

22:28:38.0373 2824 adpahci - ok

22:28:38.0389 2824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

22:28:38.0405 2824 adpu320 - ok

22:28:38.0436 2824 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

22:28:38.0467 2824 AeLookupSvc - ok

22:28:38.0514 2824 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:28:38.0529 2824 AFD - ok

22:28:38.0545 2824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:28:38.0545 2824 agp440 - ok

22:28:38.0576 2824 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

22:28:38.0576 2824 ALG - ok

22:28:38.0592 2824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:28:38.0607 2824 aliide - ok

22:28:38.0670 2824 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

22:28:38.0685 2824 AMD External Events Utility - ok

22:28:38.0732 2824 AMD FUEL Service - ok

22:28:38.0748 2824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:28:38.0763 2824 amdide - ok

22:28:38.0779 2824 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

22:28:38.0810 2824 amdiox64 - ok

22:28:38.0826 2824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

22:28:38.0841 2824 AmdK8 - ok

22:28:39.0450 2824 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

22:28:39.0559 2824 amdkmdag - ok

22:28:39.0699 2824 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

22:28:39.0731 2824 amdkmdap - ok

22:28:39.0762 2824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:28:39.0777 2824 AmdPPM - ok

22:28:39.0793 2824 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:28:39.0809 2824 amdsata - ok

22:28:39.0840 2824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

22:28:39.0855 2824 amdsbs - ok

22:28:39.0887 2824 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:28:39.0887 2824 amdxata - ok

22:28:39.0933 2824 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

22:28:39.0949 2824 AODDriver4.01 - ok

22:28:39.0996 2824 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

22:28:40.0011 2824 AODDriver4.1 - ok

22:28:40.0043 2824 AODService (419dfc4fcf642a3d8d9794c15fca92fd) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

22:28:40.0058 2824 AODService - ok

22:28:40.0089 2824 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:28:40.0136 2824 AppID - ok

22:28:40.0152 2824 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

22:28:40.0183 2824 AppIDSvc - ok

22:28:40.0199 2824 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

22:28:40.0214 2824 Appinfo - ok

22:28:40.0245 2824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

22:28:40.0261 2824 arc - ok

22:28:40.0261 2824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

22:28:40.0277 2824 arcsas - ok

22:28:40.0370 2824 AsIO (68726474c69b738eac3a62e06b33addc) C:\Windows\syswow64\drivers\AsIO.sys

22:28:40.0386 2824 AsIO - ok

22:28:40.0417 2824 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys

22:28:40.0448 2824 asmthub3 - ok

22:28:40.0479 2824 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys

22:28:40.0526 2824 asmtxhci - ok

22:28:40.0542 2824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:28:40.0573 2824 AsyncMac - ok

22:28:40.0573 2824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:28:40.0589 2824 atapi - ok

22:28:40.0635 2824 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

22:28:40.0651 2824 AtiHDAudioService - ok

22:28:40.0729 2824 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:28:40.0776 2824 AudioEndpointBuilder - ok

22:28:40.0776 2824 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:28:40.0807 2824 AudioSrv - ok

22:28:40.0838 2824 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

22:28:40.0854 2824 AxInstSV - ok

22:28:40.0885 2824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

22:28:40.0901 2824 b06bdrv - ok

22:28:40.0932 2824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:28:40.0932 2824 b57nd60a - ok

22:28:40.0947 2824 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

22:28:40.0947 2824 BDESVC - ok

22:28:40.0979 2824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:28:40.0994 2824 Beep - ok

22:28:41.0072 2824 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

22:28:41.0119 2824 BITS - ok

22:28:41.0135 2824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:28:41.0135 2824 blbdrive - ok

22:28:41.0150 2824 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:28:41.0166 2824 bowser - ok

22:28:41.0166 2824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

22:28:41.0181 2824 BrFiltLo - ok

22:28:41.0197 2824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

22:28:41.0213 2824 BrFiltUp - ok

22:28:41.0228 2824 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

22:28:41.0244 2824 Browser - ok

22:28:41.0275 2824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:28:41.0291 2824 Brserid - ok

22:28:41.0306 2824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:28:41.0306 2824 BrSerWdm - ok

22:28:41.0322 2824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:28:41.0337 2824 BrUsbMdm - ok

22:28:41.0337 2824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:28:41.0353 2824 BrUsbSer - ok

22:28:41.0369 2824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

22:28:41.0369 2824 BTHMODEM - ok

22:28:41.0384 2824 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

22:28:41.0415 2824 bthserv - ok

22:28:41.0431 2824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:28:41.0462 2824 cdfs - ok

22:28:41.0478 2824 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

22:28:41.0493 2824 cdrom - ok

22:28:41.0493 2824 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:28:41.0525 2824 CertPropSvc - ok

22:28:41.0634 2824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

22:28:41.0649 2824 circlass - ok

22:28:41.0696 2824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:28:41.0712 2824 CLFS - ok

22:28:41.0759 2824 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:28:41.0774 2824 clr_optimization_v2.0.50727_32 - ok

22:28:41.0805 2824 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:28:41.0805 2824 clr_optimization_v2.0.50727_64 - ok

22:28:41.0883 2824 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:28:41.0899 2824 clr_optimization_v4.0.30319_32 - ok

22:28:41.0899 2824 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:28:41.0915 2824 clr_optimization_v4.0.30319_64 - ok

22:28:41.0915 2824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

22:28:41.0930 2824 CmBatt - ok

22:28:41.0946 2824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:28:41.0946 2824 cmdide - ok

22:28:42.0008 2824 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:28:42.0039 2824 CNG - ok

22:28:42.0055 2824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

22:28:42.0055 2824 Compbatt - ok

22:28:42.0071 2824 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

22:28:42.0086 2824 CompositeBus - ok

22:28:42.0102 2824 COMSysApp - ok

22:28:42.0102 2824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

22:28:42.0102 2824 crcdisk - ok

22:28:42.0149 2824 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

22:28:42.0180 2824 CryptSvc - ok

22:28:42.0227 2824 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:28:42.0273 2824 DcomLaunch - ok

22:28:42.0305 2824 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

22:28:42.0336 2824 defragsvc - ok

22:28:42.0351 2824 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:28:42.0367 2824 DfsC - ok

22:28:42.0414 2824 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

22:28:42.0445 2824 Dhcp - ok

22:28:42.0461 2824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:28:42.0476 2824 discache - ok

22:28:42.0492 2824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

22:28:42.0507 2824 Disk - ok

22:28:42.0523 2824 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

22:28:42.0539 2824 Dnscache - ok

22:28:42.0554 2824 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

22:28:42.0585 2824 dot3svc - ok

22:28:42.0601 2824 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

22:28:42.0632 2824 DPS - ok

22:28:42.0663 2824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:28:42.0663 2824 drmkaud - ok

22:28:42.0726 2824 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

22:28:42.0757 2824 dtsoftbus01 - ok

22:28:42.0804 2824 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:28:42.0819 2824 DXGKrnl - ok

22:28:42.0835 2824 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

22:28:42.0866 2824 EapHost - ok

22:28:43.0038 2824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

22:28:43.0085 2824 ebdrv - ok

22:28:43.0194 2824 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

22:28:43.0225 2824 EFS - ok

22:28:43.0287 2824 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

22:28:43.0319 2824 ehRecvr - ok

22:28:43.0350 2824 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

22:28:43.0350 2824 ehSched - ok

22:28:43.0412 2824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

22:28:43.0443 2824 elxstor - ok

22:28:43.0584 2824 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

22:28:43.0584 2824 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

22:28:43.0584 2824 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

22:28:43.0599 2824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:28:43.0615 2824 ErrDev - ok

22:28:43.0662 2824 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

22:28:43.0709 2824 EventSystem - ok

22:28:43.0724 2824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:28:43.0755 2824 exfat - ok

22:28:43.0771 2824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:28:43.0787 2824 fastfat - ok

22:28:43.0833 2824 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

22:28:43.0849 2824 Fax - ok

22:28:43.0865 2824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

22:28:43.0865 2824 fdc - ok

22:28:43.0880 2824 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

22:28:43.0911 2824 fdPHost - ok

22:28:43.0927 2824 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

22:28:43.0943 2824 FDResPub - ok

22:28:43.0958 2824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:28:43.0958 2824 FileInfo - ok

22:28:43.0974 2824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:28:44.0005 2824 Filetrace - ok

22:28:44.0005 2824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

22:28:44.0021 2824 flpydisk - ok

22:28:44.0052 2824 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:28:44.0052 2824 FltMgr - ok

22:28:44.0130 2824 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

22:28:44.0145 2824 FontCache - ok

22:28:44.0223 2824 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:28:44.0239 2824 FontCache3.0.0.0 - ok

22:28:44.0255 2824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:28:44.0270 2824 FsDepends - ok

22:28:44.0317 2824 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

22:28:44.0333 2824 Fs_Rec - ok

22:28:44.0364 2824 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:28:44.0379 2824 fvevol - ok

22:28:44.0379 2824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

22:28:44.0395 2824 gagp30kx - ok

22:28:44.0442 2824 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

22:28:44.0473 2824 gpsvc - ok

22:28:44.0520 2824 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

22:28:44.0520 2824 hamachi - ok

22:28:44.0723 2824 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

22:28:44.0769 2824 Hamachi2Svc - ok

22:28:44.0863 2824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:28:44.0879 2824 hcw85cir - ok

22:28:44.0910 2824 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:28:44.0925 2824 HdAudAddService - ok

22:28:44.0941 2824 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:28:44.0957 2824 HDAudBus - ok

22:28:44.0957 2824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

22:28:44.0972 2824 HidBatt - ok

22:28:44.0988 2824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

22:28:45.0003 2824 HidBth - ok

22:28:45.0035 2824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

22:28:45.0050 2824 HidIr - ok

22:28:45.0066 2824 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

22:28:45.0081 2824 hidserv - ok

22:28:45.0128 2824 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:28:45.0144 2824 HidUsb - ok

22:28:45.0237 2824 HiPatchService (7ea28605e37617f9f7ea918e3b811319) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

22:28:45.0237 2824 HiPatchService ( UnsignedFile.Multi.Generic ) - warning

22:28:45.0237 2824 HiPatchService - detected UnsignedFile.Multi.Generic (1)

22:28:45.0269 2824 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

22:28:45.0315 2824 hkmsvc - ok

22:28:45.0331 2824 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

22:28:45.0347 2824 HomeGroupListener - ok

22:28:45.0362 2824 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

22:28:45.0362 2824 HomeGroupProvider - ok

22:28:45.0393 2824 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:28:45.0393 2824 HpSAMD - ok

22:28:45.0456 2824 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:28:45.0487 2824 HTTP - ok

22:28:45.0487 2824 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:28:45.0503 2824 hwpolicy - ok

22:28:45.0534 2824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

22:28:45.0534 2824 i8042prt - ok

22:28:45.0581 2824 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:28:45.0612 2824 iaStorV - ok

22:28:45.0721 2824 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:28:45.0752 2824 idsvc - ok

22:28:45.0752 2824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

22:28:45.0768 2824 iirsp - ok

22:28:45.0830 2824 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

22:28:45.0861 2824 IKEEXT - ok

22:28:46.0017 2824 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys

22:28:46.0064 2824 IntcAzAudAddService - ok

22:28:46.0173 2824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:28:46.0189 2824 intelide - ok

22:28:46.0220 2824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

22:28:46.0220 2824 intelppm - ok

22:28:46.0236 2824 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

22:28:46.0267 2824 IPBusEnum - ok

22:28:46.0283 2824 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:28:46.0314 2824 IpFilterDriver - ok

22:28:46.0314 2824 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:28:46.0314 2824 IPMIDRV - ok

22:28:46.0345 2824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:28:46.0376 2824 IPNAT - ok

22:28:46.0392 2824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:28:46.0407 2824 IRENUM - ok

22:28:46.0407 2824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:28:46.0407 2824 isapnp - ok

22:28:46.0439 2824 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:28:46.0454 2824 iScsiPrt - ok

22:28:46.0485 2824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:28:46.0501 2824 kbdclass - ok

22:28:46.0501 2824 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

22:28:46.0517 2824 kbdhid - ok

22:28:46.0563 2824 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:28:46.0579 2824 KeyIso - ok

22:28:46.0610 2824 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:28:46.0626 2824 KSecDD - ok

22:28:46.0657 2824 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:28:46.0657 2824 KSecPkg - ok

22:28:46.0673 2824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:28:46.0704 2824 ksthunk - ok

22:28:46.0751 2824 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

22:28:46.0797 2824 KtmRm - ok

22:28:46.0829 2824 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

22:28:46.0844 2824 LanmanServer - ok

22:28:46.0875 2824 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

22:28:46.0907 2824 LanmanWorkstation - ok

22:28:46.0922 2824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:28:46.0953 2824 lltdio - ok

22:28:46.0985 2824 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

22:28:47.0016 2824 lltdsvc - ok

22:28:47.0031 2824 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

22:28:47.0063 2824 lmhosts - ok

22:28:47.0094 2824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

22:28:47.0109 2824 LSI_FC - ok

22:28:47.0109 2824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

22:28:47.0125 2824 LSI_SAS - ok

22:28:47.0141 2824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

22:28:47.0141 2824 LSI_SAS2 - ok

22:28:47.0156 2824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

22:28:47.0156 2824 LSI_SCSI - ok

22:28:47.0172 2824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:28:47.0203 2824 luafv - ok

22:28:47.0234 2824 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

22:28:47.0250 2824 MBAMProtector - ok

22:28:47.0343 2824 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:28:47.0375 2824 MBAMService - ok

22:28:47.0406 2824 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

22:28:47.0406 2824 Mcx2Svc - ok

22:28:47.0421 2824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

22:28:47.0437 2824 megasas - ok

22:28:47.0437 2824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

22:28:47.0453 2824 MegaSR - ok

22:28:47.0468 2824 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:28:47.0499 2824 MMCSS - ok

22:28:47.0515 2824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:28:47.0546 2824 Modem - ok

22:28:47.0562 2824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:28:47.0577 2824 monitor - ok

22:28:47.0577 2824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:28:47.0577 2824 mouclass - ok

22:28:47.0593 2824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:28:47.0609 2824 mouhid - ok

22:28:47.0624 2824 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:28:47.0624 2824 mountmgr - ok

22:28:47.0655 2824 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

22:28:47.0671 2824 MpFilter - ok

22:28:47.0687 2824 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:28:47.0702 2824 mpio - ok

22:28:47.0718 2824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:28:47.0749 2824 mpsdrv - ok

22:28:47.0765 2824 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:28:47.0780 2824 MRxDAV - ok

22:28:47.0811 2824 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:28:47.0811 2824 mrxsmb - ok

22:28:47.0843 2824 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:28:47.0843 2824 mrxsmb10 - ok

22:28:47.0858 2824 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:28:47.0874 2824 mrxsmb20 - ok

22:28:47.0889 2824 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:28:47.0905 2824 msahci - ok

22:28:47.0921 2824 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:28:47.0936 2824 msdsm - ok

22:28:47.0967 2824 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

22:28:47.0967 2824 MSDTC - ok

22:28:47.0999 2824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:28:48.0030 2824 Msfs - ok

22:28:48.0045 2824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:28:48.0092 2824 mshidkmdf - ok

22:28:48.0123 2824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:28:48.0139 2824 msisadrv - ok

22:28:48.0170 2824 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

22:28:48.0186 2824 MSiSCSI - ok

22:28:48.0201 2824 msiserver - ok

22:28:48.0217 2824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:28:48.0248 2824 MSKSSRV - ok

22:28:48.0248 2824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:28:48.0279 2824 MSPCLOCK - ok

22:28:48.0279 2824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:28:48.0311 2824 MSPQM - ok

22:28:48.0342 2824 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:28:48.0342 2824 MsRPC - ok

22:28:48.0357 2824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

22:28:48.0373 2824 mssmbios - ok

22:28:48.0389 2824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:28:48.0404 2824 MSTEE - ok

22:28:48.0420 2824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

22:28:48.0435 2824 MTConfig - ok

22:28:48.0467 2824 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

22:28:48.0467 2824 MTsensor - ok

22:28:48.0482 2824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:28:48.0482 2824 Mup - ok

22:28:48.0529 2824 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

22:28:48.0545 2824 napagent - ok

22:28:48.0576 2824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:28:48.0591 2824 NativeWifiP - ok

22:28:48.0669 2824 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:28:48.0701 2824 NDIS - ok

22:28:48.0716 2824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:28:48.0747 2824 NdisCap - ok

22:28:48.0763 2824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:28:48.0794 2824 NdisTapi - ok

22:28:48.0810 2824 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:28:48.0825 2824 Ndisuio - ok

22:28:48.0857 2824 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:28:48.0872 2824 NdisWan - ok

22:28:48.0888 2824 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:28:48.0919 2824 NDProxy - ok

22:28:48.0919 2824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:28:48.0950 2824 NetBIOS - ok

22:28:48.0966 2824 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:28:48.0997 2824 NetBT - ok

22:28:49.0028 2824 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:28:49.0044 2824 Netlogon - ok

22:28:49.0075 2824 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

22:28:49.0137 2824 Netman - ok

22:28:49.0169 2824 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

22:28:49.0200 2824 netprofm - ok

22:28:49.0278 2824 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:28:49.0293 2824 NetTcpPortSharing - ok

22:28:49.0340 2824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

22:28:49.0340 2824 nfrd960 - ok

22:28:49.0387 2824 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:28:49.0403 2824 NisDrv - ok

22:28:49.0481 2824 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

22:28:49.0512 2824 NisSrv - ok

22:28:49.0527 2824 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

22:28:49.0574 2824 NlaSvc - ok

22:28:49.0574 2824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:28:49.0605 2824 Npfs - ok

22:28:49.0605 2824 npggsvc - ok

22:28:49.0621 2824 NPPTNT2 - ok

22:28:49.0621 2824 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

22:28:49.0652 2824 nsi - ok

22:28:49.0652 2824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:28:49.0683 2824 nsiproxy - ok

22:28:49.0793 2824 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:28:49.0824 2824 Ntfs - ok

22:28:49.0886 2824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:28:49.0917 2824 Null - ok

22:28:49.0949 2824 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:28:49.0964 2824 nvraid - ok

22:28:49.0980 2824 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:28:49.0995 2824 nvstor - ok

22:28:50.0027 2824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:28:50.0027 2824 nv_agp - ok

22:28:50.0042 2824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:28:50.0042 2824 ohci1394 - ok

22:28:50.0073 2824 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:28:50.0089 2824 p2pimsvc - ok

22:28:50.0105 2824 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

22:28:50.0120 2824 p2psvc - ok

22:28:50.0151 2824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:28:50.0151 2824 Parport - ok

22:28:50.0198 2824 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

22:28:50.0214 2824 partmgr - ok

22:28:50.0229 2824 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

22:28:50.0245 2824 PcaSvc - ok

22:28:50.0276 2824 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:28:50.0276 2824 pci - ok

22:28:50.0292 2824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:28:50.0292 2824 pciide - ok

22:28:50.0323 2824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

22:28:50.0323 2824 pcmcia - ok

22:28:50.0339 2824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:28:50.0354 2824 pcw - ok

22:28:50.0385 2824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:28:50.0417 2824 PEAUTH - ok

22:28:50.0479 2824 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

22:28:50.0510 2824 PerfHost - ok

22:28:50.0573 2824 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

22:28:50.0619 2824 pla - ok

22:28:50.0666 2824 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

22:28:50.0682 2824 PlugPlay - ok

22:28:50.0697 2824 PnkBstrA - ok

22:28:50.0713 2824 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

22:28:50.0713 2824 PNRPAutoReg - ok

22:28:50.0744 2824 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:28:50.0760 2824 PNRPsvc - ok

22:28:50.0791 2824 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

22:28:50.0822 2824 PolicyAgent - ok

22:28:50.0853 2824 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

22:28:50.0885 2824 Power - ok

22:28:50.0931 2824 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:28:50.0947 2824 PptpMiniport - ok

22:28:50.0978 2824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

22:28:50.0978 2824 Processor - ok

22:28:50.0994 2824 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

22:28:51.0025 2824 ProfSvc - ok

22:28:51.0072 2824 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:28:51.0087 2824 ProtectedStorage - ok

22:28:51.0134 2824 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:28:51.0165 2824 Psched - ok

22:28:51.0493 2824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

22:28:51.0540 2824 ql2300 - ok

22:28:51.0633 2824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

22:28:51.0665 2824 ql40xx - ok

22:28:51.0696 2824 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

22:28:51.0711 2824 QWAVE - ok

22:28:51.0727 2824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:28:51.0743 2824 QWAVEdrv - ok

22:28:51.0758 2824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:28:51.0789 2824 RasAcd - ok

22:28:51.0821 2824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:28:51.0852 2824 RasAgileVpn - ok

22:28:51.0867 2824 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

22:28:51.0899 2824 RasAuto - ok

22:28:51.0914 2824 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:28:51.0945 2824 Rasl2tp - ok

22:28:51.0961 2824 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

22:28:51.0992 2824 RasMan - ok

22:28:52.0008 2824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:28:52.0039 2824 RasPppoe - ok

22:28:52.0055 2824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:28:52.0086 2824 RasSstp - ok

22:28:52.0101 2824 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:28:52.0133 2824 rdbss - ok

22:28:52.0148 2824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

22:28:52.0148 2824 rdpbus - ok

22:28:52.0179 2824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:28:52.0211 2824 RDPCDD - ok

22:28:52.0211 2824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:28:52.0242 2824 RDPENCDD - ok

22:28:52.0257 2824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:28:52.0289 2824 RDPREFMP - ok

22:28:52.0367 2824 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

22:28:52.0382 2824 RDPWD - ok

22:28:52.0398 2824 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:28:52.0413 2824 rdyboost - ok

22:28:52.0445 2824 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

22:28:52.0476 2824 RemoteAccess - ok

22:28:52.0491 2824 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

22:28:52.0523 2824 RemoteRegistry - ok

22:28:52.0523 2824 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

22:28:52.0554 2824 RpcEptMapper - ok

22:28:52.0569 2824 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

22:28:52.0585 2824 RpcLocator - ok

22:28:52.0616 2824 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:28:52.0647 2824 RpcSs - ok

22:28:52.0663 2824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:28:52.0679 2824 rspndr - ok

22:28:52.0741 2824 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

22:28:52.0772 2824 RTL8167 - ok

22:28:52.0803 2824 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:28:52.0835 2824 SamSs - ok

22:28:52.0850 2824 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:28:52.0866 2824 sbp2port - ok

22:28:52.0975 2824 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

22:28:52.0991 2824 SBSDWSCService - ok

22:28:53.0006 2824 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

22:28:53.0053 2824 SCardSvr - ok

22:28:53.0084 2824 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:28:53.0115 2824 scfilter - ok

22:28:53.0178 2824 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

22:28:53.0209 2824 Schedule - ok

22:28:53.0240 2824 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:28:53.0256 2824 SCPolicySvc - ok

22:28:53.0271 2824 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

22:28:53.0287 2824 SDRSVC - ok

22:28:53.0303 2824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:28:53.0334 2824 secdrv - ok

22:28:53.0349 2824 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

22:28:53.0381 2824 seclogon - ok

22:28:53.0396 2824 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

22:28:53.0412 2824 SENS - ok

22:28:53.0427 2824 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

22:28:53.0443 2824 SensrSvc - ok

22:28:53.0459 2824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:28:53.0459 2824 Serenum - ok

22:28:53.0474 2824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:28:53.0490 2824 Serial - ok

22:28:53.0505 2824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

22:28:53.0521 2824 sermouse - ok

22:28:53.0521 2824 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

22:28:53.0552 2824 SessionEnv - ok

22:28:53.0568 2824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:28:53.0583 2824 sffdisk - ok

22:28:53.0583 2824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:28:53.0599 2824 sffp_mmc - ok

22:28:53.0615 2824 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:28:53.0630 2824 sffp_sd - ok

22:28:53.0646 2824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

22:28:53.0646 2824 sfloppy - ok

22:28:53.0708 2824 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

22:28:53.0755 2824 ShellHWDetection - ok

22:28:53.0771 2824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

22:28:53.0771 2824 SiSRaid2 - ok

22:28:53.0786 2824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

22:28:53.0802 2824 SiSRaid4 - ok

22:28:53.0880 2824 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

22:28:53.0895 2824 SkypeUpdate - ok

22:28:53.0911 2824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:28:53.0942 2824 Smb - ok

22:28:53.0973 2824 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

22:28:53.0973 2824 SNMPTRAP - ok

22:28:53.0989 2824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:28:53.0989 2824 spldr - ok

22:28:54.0036 2824 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

22:28:54.0067 2824 Spooler - ok

22:28:54.0223 2824 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

22:28:54.0285 2824 sppsvc - ok

22:28:54.0363 2824 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

22:28:54.0410 2824 sppuinotify - ok

22:28:54.0473 2824 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:28:54.0488 2824 srv - ok

22:28:54.0519 2824 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:28:54.0551 2824 srv2 - ok

22:28:54.0566 2824 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:28:54.0566 2824 srvnet - ok

22:28:54.0613 2824 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

22:28:54.0629 2824 SSDPSRV - ok

22:28:54.0644 2824 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

22:28:54.0675 2824 SstpSvc - ok

22:28:54.0722 2824 Steam Client Service - ok

22:28:54.0753 2824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

22:28:54.0769 2824 stexstor - ok

22:28:54.0831 2824 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

22:28:54.0863 2824 stisvc - ok

22:28:54.0863 2824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

22:28:54.0878 2824 swenum - ok

22:28:54.0909 2824 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

22:28:54.0941 2824 swprv - ok

22:28:55.0019 2824 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

22:28:55.0034 2824 SysMain - ok

22:28:55.0143 2824 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

22:28:55.0175 2824 TabletInputService - ok

22:28:55.0221 2824 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys

22:28:55.0237 2824 tap0901t - ok

22:28:55.0253 2824 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

22:28:55.0299 2824 TapiSrv - ok

22:28:55.0315 2824 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

22:28:55.0331 2824 TBS - ok

22:28:55.0487 2824 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

22:28:55.0518 2824 Tcpip - ok

22:28:55.0674 2824 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

22:28:55.0721 2824 TCPIP6 - ok

22:28:55.0767 2824 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:28:55.0799 2824 tcpipreg - ok

22:28:55.0814 2824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:28:55.0814 2824 TDPIPE - ok

22:28:55.0845 2824 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

22:28:55.0845 2824 TDTCP - ok

22:28:55.0861 2824 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:28:55.0892 2824 tdx - ok

22:28:55.0908 2824 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

22:28:55.0923 2824 TermDD - ok

22:28:55.0955 2824 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

22:28:55.0986 2824 TermService - ok

22:28:56.0017 2824 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

22:28:56.0017 2824 Themes - ok

22:28:56.0033 2824 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:28:56.0064 2824 THREADORDER - ok

22:28:56.0079 2824 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

22:28:56.0111 2824 TrkWks - ok

22:28:56.0142 2824 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

22:28:56.0173 2824 TrustedInstaller - ok

22:28:56.0204 2824 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:28:56.0235 2824 tssecsrv - ok

22:28:56.0235 2824 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:28:56.0251 2824 TsUsbFlt - ok

22:28:56.0251 2824 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

22:28:56.0267 2824 TsUsbGD - ok

22:28:56.0282 2824 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:28:56.0313 2824 tunnel - ok

22:28:56.0407 2824 TunngleService (7a34128510eeb13cf8583531c8fb081c) C:\Program Files (x86)\Tunngle\TnglCtrl.exe

22:28:56.0438 2824 TunngleService - ok

22:28:56.0454 2824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

22:28:56.0469 2824 uagp35 - ok

22:28:56.0501 2824 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:28:56.0532 2824 udfs - ok

22:28:56.0547 2824 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

22:28:56.0563 2824 UI0Detect - ok

22:28:56.0579 2824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:28:56.0579 2824 uliagpkx - ok

22:28:56.0594 2824 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

22:28:56.0610 2824 umbus - ok

22:28:56.0625 2824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

22:28:56.0641 2824 UmPass - ok

22:28:56.0672 2824 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

22:28:56.0688 2824 upnphost - ok

22:28:56.0735 2824 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

22:28:56.0735 2824 usbaudio - ok

22:28:56.0766 2824 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:28:56.0781 2824 usbccgp - ok

22:28:56.0797 2824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:28:56.0813 2824 usbcir - ok

22:28:56.0828 2824 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

22:28:56.0844 2824 usbehci - ok

22:28:56.0875 2824 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:28:56.0891 2824 usbhub - ok

22:28:56.0891 2824 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

22:28:56.0906 2824 usbohci - ok

22:28:56.0906 2824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

22:28:56.0922 2824 usbprint - ok

22:28:56.0937 2824 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

22:28:56.0937 2824 USBSTOR - ok

22:28:56.0953 2824 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:28:56.0953 2824 usbuhci - ok

22:28:56.0969 2824 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

22:28:57.0000 2824 UxSms - ok

22:28:57.0047 2824 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:28:57.0062 2824 VaultSvc - ok

22:28:57.0078 2824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:28:57.0093 2824 vdrvroot - ok

22:28:57.0140 2824 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

22:28:57.0171 2824 vds - ok

22:28:57.0187 2824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:28:57.0187 2824 vga - ok

22:28:57.0203 2824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:28:57.0234 2824 VgaSave - ok

22:28:57.0249 2824 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:28:57.0265 2824 vhdmp - ok

22:28:57.0265 2824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:28:57.0281 2824 viaide - ok

22:28:57.0296 2824 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:28:57.0312 2824 volmgr - ok

22:28:57.0327 2824 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:28:57.0343 2824 volmgrx - ok

22:28:57.0359 2824 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:28:57.0374 2824 volsnap - ok

22:28:57.0530 2824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

22:28:57.0561 2824 vsmraid - ok

22:28:57.0655 2824 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

22:28:57.0702 2824 VSS - ok

22:28:57.0795 2824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:28:57.0811 2824 vwifibus - ok

22:28:57.0967 2824 VX1000 (7959ea6eadc1aaf7fb40678f0bab4c0e) C:\Windows\system32\DRIVERS\VX1000.sys

22:28:58.0014 2824 VX1000 - ok

22:28:58.0107 2824 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

22:28:58.0139 2824 W32Time - ok

22:28:58.0154 2824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

22:28:58.0154 2824 WacomPen - ok

22:28:58.0185 2824 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:28:58.0217 2824 WANARP - ok

22:28:58.0217 2824 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:28:58.0232 2824 Wanarpv6 - ok

22:28:58.0326 2824 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

22:28:58.0341 2824 WatAdminSvc - ok

22:28:58.0451 2824 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

22:28:58.0482 2824 wbengine - ok

22:28:58.0529 2824 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

22:28:58.0544 2824 WbioSrvc - ok

22:28:58.0560 2824 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

22:28:58.0575 2824 wcncsvc - ok

22:28:58.0591 2824 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

22:28:58.0607 2824 WcsPlugInService - ok

22:28:58.0607 2824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

22:28:58.0622 2824 Wd - ok

22:28:58.0653 2824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:28:58.0669 2824 Wdf01000 - ok

22:28:58.0685 2824 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:28:58.0700 2824 WdiServiceHost - ok

22:28:58.0700 2824 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:28:58.0716 2824 WdiSystemHost - ok

22:28:58.0731 2824 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

22:28:58.0747 2824 WebClient - ok

22:28:58.0763 2824 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

22:28:58.0794 2824 Wecsvc - ok

22:28:58.0809 2824 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

22:28:58.0841 2824 wercplsupport - ok

22:28:58.0856 2824 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

22:28:58.0887 2824 WerSvc - ok

22:28:58.0919 2824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:28:58.0934 2824 WfpLwf - ok

22:28:58.0950 2824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:28:58.0965 2824 WIMMount - ok

22:28:58.0965 2824 WinHttpAutoProxySvc - ok

22:28:58.0997 2824 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

22:28:59.0028 2824 Winmgmt - ok

22:28:59.0121 2824 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

22:28:59.0168 2824 WinRM - ok

22:28:59.0293 2824 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

22:28:59.0324 2824 Wlansvc - ok

22:28:59.0511 2824 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:28:59.0543 2824 wlidsvc - ok

22:28:59.0605 2824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:28:59.0621 2824 WmiAcpi - ok

22:28:59.0652 2824 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

22:28:59.0667 2824 wmiApSrv - ok

22:28:59.0667 2824 WMPNetworkSvc - ok

22:28:59.0683 2824 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

22:28:59.0699 2824 WPCSvc - ok

22:28:59.0714 2824 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

22:28:59.0714 2824 WPDBusEnum - ok

22:28:59.0730 2824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:28:59.0761 2824 ws2ifsl - ok

22:28:59.0761 2824 WSearch - ok

22:28:59.0901 2824 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

22:28:59.0948 2824 wuauserv - ok

22:29:00.0057 2824 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:29:00.0104 2824 WudfPf - ok

22:29:00.0120 2824 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

22:29:00.0151 2824 wudfsvc - ok

22:29:00.0182 2824 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

22:29:00.0198 2824 WwanSvc - ok

22:29:00.0213 2824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:29:00.0525 2824 \Device\Harddisk0\DR0 - ok

22:29:00.0525 2824 Boot (0x1200) (dd4ef2824251f4020f7656726dfc6c04) \Device\Harddisk0\DR0\Partition0

22:29:00.0525 2824 \Device\Harddisk0\DR0\Partition0 - ok

22:29:00.0557 2824 Boot (0x1200) (acf234909bf990fb40592f0f64c07e67) \Device\Harddisk0\DR0\Partition1

22:29:00.0557 2824 \Device\Harddisk0\DR0\Partition1 - ok

22:29:00.0557 2824 ============================================================

22:29:00.0557 2824 Scan finished

22:29:00.0557 2824 ============================================================

22:29:00.0572 2220 Detected object count: 2

22:29:00.0572 2220 Actual detected object count: 2

22:29:14.0316 2220 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

22:29:14.0316 2220 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:29:14.0316 2220 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user

22:29:14.0316 2220 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:29:19.0043 3564 Deinitialize success

MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.03.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Kelvin :: KIM-JONG-IL [administrator]

Protection: Enabled

03/06/2012 22:30:45

mbam-log-2012-06-03 (22-30-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221045

Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{b11744b3-706b-35b6-e7dc-ff6ae50d6f6f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Kelvin at 22:36:06 on 2012-06-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.6939 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Skype\Updater\Updater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\vVX1000.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Kelvin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Epson Stylus Photo PX720WD(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_SE724.tmp" /EF "HKCU"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Kelvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\ERROR\ImpulseNow.exe

StartupFolder: C:\Users\Kelvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: Interfaces\{14222484-5BC8-4226-9E2B-07D58D78D64F} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{45CCCE97-DF47-45D4-BA1F-871C2CD1168E} : DhcpNameServer = 7.254.254.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-13 8704]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-19 1153368]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-12-29 736104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-03 21:18:12 -------- d-----w- C:\Users\Kelvin\AppData\Local\{355EB578-BA71-4C19-9E31-5178507E372E}

2012-06-01 09:31:22 -------- d-----w- C:\Users\Kelvin\AppData\Local\{397C6C5C-BD0D-44D3-B71A-BFF832B5D95D}

2012-05-31 21:41:15 -------- d-----w- C:\Users\Kelvin\AppData\Local\{A21F41C3-F74F-4546-946B-C189915BE8DB}

2012-05-31 20:57:17 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Malwarebytes

2012-05-31 20:57:09 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-31 20:57:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-31 20:57:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-31 09:40:47 -------- d-----w- C:\Users\Kelvin\AppData\Local\{5C3264ED-45B5-4E40-B7DE-84F7B40AC449}

2012-05-31 09:40:36 -------- d-----w- C:\Users\Kelvin\AppData\Local\{CAA1442C-E5C6-4F3C-8C79-1F2FF496D5D0}

2012-05-31 01:22:56 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-05-31 01:12:59 -------- d-----w- C:\Users\Kelvin\AppData\Local\{C108D650-AABD-11E1-8270-B8AC6F996F26}

2012-05-30 11:37:46 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E62959B-44DB-4F32-8153-801D9FFE761A}\mpengine.dll

2012-05-30 11:26:23 -------- d-----w- C:\Users\Kelvin\AppData\Local\{BA3F6A81-028C-46DD-84FD-C3D66D37FD6A}

2012-05-30 11:26:13 -------- d-----w- C:\Users\Kelvin\AppData\Local\{D2EF11CF-3D2E-4DE4-B3F4-664551E5F18B}

2012-05-29 09:15:18 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-29 09:05:14 -------- d-----w- C:\Users\Kelvin\AppData\Local\{6C379F3F-9A2A-40D9-B3CC-2AE6BA4BFAC5}

2012-05-29 09:05:03 -------- d-----w- C:\Users\Kelvin\AppData\Local\{81A021E1-7C09-45D5-8D7B-D99EC6B959A3}

2012-05-28 11:14:51 -------- d-----w- C:\Users\Kelvin\AppData\Local\{0ECAC8F5-01C5-4C3A-BB86-A23FCF072CB5}

2012-05-28 11:14:30 -------- d-----w- C:\Users\Kelvin\AppData\Local\{2E1C66C7-427D-409E-9305-4D3F255FE522}

2012-05-27 23:14:05 -------- d-----w- C:\Users\Kelvin\AppData\Local\{260250CD-4B3C-4942-91C7-5676B5B787D0}

2012-05-27 23:13:43 -------- d-----w- C:\Users\Kelvin\AppData\Local\{4E590710-F8AD-4694-8C4E-6C1E85183D55}

2012-05-27 11:12:56 -------- d-----w- C:\Users\Kelvin\AppData\Local\{8B7E28D3-3FD9-4AD6-B089-1F573A758E39}

2012-05-27 11:12:39 -------- d-----w- C:\Users\Kelvin\AppData\Local\{F26CC650-7ECC-4A92-80D2-83379678463F}

2012-05-26 22:52:04 -------- d-----w- C:\Users\Kelvin\AppData\Local\{FFE8993D-9027-4334-B01B-6A893BCCEF35}

2012-05-26 22:51:42 -------- d-----w- C:\Users\Kelvin\AppData\Local\{6A678D74-F62C-4CA4-9222-1BCEA6E3168B}

2012-05-26 10:51:16 -------- d-----w- C:\Users\Kelvin\AppData\Local\{B3572A03-A69A-4F5D-9C46-93990BA19F3A}

2012-05-26 10:50:51 -------- d-----w- C:\Users\Kelvin\AppData\Local\{9AB3946F-2616-4001-AC01-EB44EB0745AB}

2012-05-25 10:51:40 -------- d-----w- C:\Users\Kelvin\AppData\Local\{E475792C-774C-462E-AB5D-8D7F1553CFA7}

2012-05-25 10:51:25 -------- d-----w- C:\Users\Kelvin\AppData\Local\{AFA7D40E-CA43-412F-B5ED-61604AA3D804}

2012-05-24 21:04:35 -------- d-----w- C:\Users\Kelvin\AppData\Local\{4F02D55E-6C52-4951-AE6B-884AD10C6E9F}

2012-05-24 21:04:14 -------- d-----w- C:\Users\Kelvin\AppData\Local\{58488005-13E4-49D1-973A-E70B77702D23}

2012-05-24 09:03:44 -------- d-----w- C:\Users\Kelvin\AppData\Local\{BB35867F-E417-46AF-95B9-02A83EFB6AD5}

2012-05-24 09:03:23 -------- d-----w- C:\Users\Kelvin\AppData\Local\{BE062FD4-B4C9-495B-B526-4203A963D023}

2012-05-23 06:37:24 -------- d-----w- C:\Users\Kelvin\AppData\Local\{33626DF0-9EEB-4B72-A722-5B0CFF585F97}

2012-05-23 06:37:13 -------- d-----w- C:\Users\Kelvin\AppData\Local\{5A33C6FC-1431-402E-833F-330477072F81}

2012-05-22 12:53:28 -------- d-----w- C:\Users\Kelvin\AppData\Local\{F2A01867-3AF7-4344-BDEA-A11FD16787B8}

2012-05-22 12:53:17 -------- d-----w- C:\Users\Kelvin\AppData\Local\{E6CFB819-9438-4951-96A4-572B83A03B84}

2012-05-21 23:35:14 -------- d-----w- C:\Users\Kelvin\AppData\Local\{E2454472-9A5B-48D8-A640-F2CBD972E147}

2012-05-21 23:34:52 -------- d-----w- C:\Users\Kelvin\AppData\Local\{F4BB236A-AA24-4151-8656-004FF7AF841F}

2012-05-21 11:34:41 -------- d-----w- C:\Users\Kelvin\AppData\Local\{07C8AEB9-AC44-456D-989D-074B77120C5F}

2012-05-21 11:34:20 -------- d-----w- C:\Users\Kelvin\AppData\Local\{44ADE3A3-DB89-4F9C-9570-BD2E11C20992}

2012-05-20 23:33:55 -------- d-----w- C:\Users\Kelvin\AppData\Local\{8ED81D57-84E8-4D3E-89B0-43711341CB34}

2012-05-20 23:33:34 -------- d-----w- C:\Users\Kelvin\AppData\Local\{8EB12C46-86EC-496A-84D0-DC8E99C6D5E2}

2012-05-20 11:33:09 -------- d-----w- C:\Users\Kelvin\AppData\Local\{5B7054E1-9454-48C2-89F7-0A6692278267}

2012-05-20 11:32:56 -------- d-----w- C:\Users\Kelvin\AppData\Local\{51ACAA12-805C-4167-A307-BCAD31143230}

2012-05-19 20:54:49 -------- d-----w- C:\Users\Kelvin\AppData\Local\{445CA2DA-1FD5-44BF-9A5C-E0A6604977A7}

2012-05-19 20:54:28 -------- d-----w- C:\Users\Kelvin\AppData\Local\{E93C5463-D084-4840-A982-422C43B7721D}

2012-05-19 08:54:02 -------- d-----w- C:\Users\Kelvin\AppData\Local\{85CFEA22-1C5A-4BFF-83A5-2C29860D600A}

2012-05-19 08:53:49 -------- d-----w- C:\Users\Kelvin\AppData\Local\{FCA0C89D-338B-471F-B94E-801ADD1974BB}

2012-05-18 12:44:36 -------- d-----w- C:\Users\Kelvin\AppData\Local\{68708074-880D-45D8-8646-640A2D4DD0B9}

2012-05-18 12:44:14 -------- d-----w- C:\Users\Kelvin\AppData\Local\{116467C5-9C9F-4633-B67C-590EAC3CA57A}

2012-05-18 00:43:50 -------- d-----w- C:\Users\Kelvin\AppData\Local\{AA9546E0-E65A-4358-8505-6662B6EC566F}

2012-05-18 00:43:29 -------- d-----w- C:\Users\Kelvin\AppData\Local\{EE426EB3-7C91-410C-BA91-0F1A5FB59A52}

2012-05-17 12:43:04 -------- d-----w- C:\Users\Kelvin\AppData\Local\{78A47731-1DCD-4FA8-9A87-7C680376E79A}

2012-05-17 12:42:54 -------- d-----w- C:\Users\Kelvin\AppData\Local\{0027EEF3-9EC6-4DE4-8FCB-5FE553232619}

2012-05-16 11:52:36 -------- d-----w- C:\Users\Kelvin\AppData\Local\{A69D59DE-6617-4E60-B053-FD87D669543A}

2012-05-16 11:52:14 -------- d-----w- C:\Users\Kelvin\AppData\Local\{8B259E81-EF38-4B64-AF87-E4A663CAE277}

2012-05-15 23:51:50 -------- d-----w- C:\Users\Kelvin\AppData\Local\{71A1876D-BE2D-4A7D-BB9F-49CA39D8AE58}

2012-05-15 23:51:28 -------- d-----w- C:\Users\Kelvin\AppData\Local\{A2ADCE19-EEEB-448C-9ABA-65315A4D62F9}

2012-05-15 11:50:52 -------- d-----w- C:\Users\Kelvin\AppData\Local\{A90F1A62-CABB-4752-B540-AEFA203ACCB8}

2012-05-15 11:50:28 -------- d-----w- C:\Users\Kelvin\AppData\Local\{03B7B286-9AF6-4682-BDD6-C5BC2909997A}

2012-05-14 23:38:22 -------- d-----w- C:\Users\Kelvin\AppData\Local\{F453946E-5FB4-40C2-B044-F23539C75314}

2012-05-14 23:38:01 -------- d-----w- C:\Users\Kelvin\AppData\Local\{31F222C0-1F2B-4BA5-8D6D-AB4FC73A8900}

2012-05-14 11:37:36 -------- d-----w- C:\Users\Kelvin\AppData\Local\{0475F780-C8C9-431C-B716-FB3EFF278178}

2012-05-14 11:37:23 -------- d-----w- C:\Users\Kelvin\AppData\Local\{21522DB1-983B-4786-AB5C-8C41DE049F34}

2012-05-13 14:59:48 -------- d-----w- C:\Users\Kelvin\AppData\Local\{11B0DCD8-6A93-4347-919D-EDAF5CB02044}

2012-05-13 14:59:34 -------- d-----w- C:\Users\Kelvin\AppData\Local\{4368FD49-2B6F-4A46-9D7D-ED06BF6FA842}

2012-05-11 11:42:44 -------- d-----w- C:\Users\Kelvin\AppData\Local\{5F79C881-634D-4D57-BB6C-1869C03A52EC}

2012-05-11 11:42:32 -------- d-----w- C:\Users\Kelvin\AppData\Local\{B75BEC9C-B31C-4AD6-8FE4-BE16B5DC24E7}

2012-05-11 00:55:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-05-10 23:25:30 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-10 23:25:30 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-10 23:25:29 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-10 23:25:29 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-10 23:25:28 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-10 23:25:28 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-10 23:24:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 23:24:45 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 23:24:44 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 23:24:44 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 23:24:43 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 23:24:43 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 23:24:43 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-10 18:38:35 -------- d-----w- C:\Users\Kelvin\AppData\Local\{4D71D39C-D7BB-41CC-85AB-145982AABD63}

2012-05-10 18:38:14 -------- d-----w- C:\Users\Kelvin\AppData\Local\{55B2C8B8-D0A1-460D-8169-7C485F6CB746}

2012-05-10 06:38:01 -------- d-----w- C:\Users\Kelvin\AppData\Local\{EA5E0728-3BC9-4B5E-982B-FD90B72D4086}

2012-05-10 06:37:35 -------- d-----w- C:\Users\Kelvin\AppData\Local\{AD7B2C2D-BCF2-4B70-977A-F4CFB83F05D3}

2012-05-09 11:54:37 -------- d-----w- C:\Users\Kelvin\AppData\Local\{47625E10-ED3E-4B1C-B2E7-BAFBC0C70242}

2012-05-09 11:54:23 -------- d-----w- C:\Users\Kelvin\AppData\Local\{ACA9BD5D-A5A3-4A28-8E78-0E8929D64C09}

2012-05-08 23:21:54 -------- d-----w- C:\Users\Kelvin\AppData\Local\{36B9E144-62A0-404A-B486-308925E6BC21}

2012-05-08 23:21:32 -------- d-----w- C:\Users\Kelvin\AppData\Local\{3271D7C3-5854-4FFF-8964-94F69179F3BE}

2012-05-08 14:48:30 -------- d-----w- C:\Users\Kelvin\AppData\Local\ArmA 2

2012-05-08 14:14:36 -------- d-----w- C:\Users\Kelvin\AppData\Local\ArmA 2 OA

2012-05-08 12:17:00 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive

2012-05-08 11:21:20 -------- d-----w- C:\Users\Kelvin\AppData\Local\{96AFF6DB-9F90-42B0-8B55-C9B60825AEE4}

2012-05-08 11:20:58 -------- d-----w- C:\Users\Kelvin\AppData\Local\{303D7613-182C-4636-ACF4-BCF9CECDCE6A}

2012-05-07 23:20:33 -------- d-----w- C:\Users\Kelvin\AppData\Local\{57115E85-480A-4375-9153-0C7825057A47}

2012-05-07 23:20:12 -------- d-----w- C:\Users\Kelvin\AppData\Local\{00656A5E-B8EC-4F6E-BE08-1AD42FE00DB1}

2012-05-07 11:19:45 -------- d-----w- C:\Users\Kelvin\AppData\Local\{D838C428-1B80-485F-8AD9-DEA45918DCFE}

2012-05-07 11:19:34 -------- d-----w- C:\Users\Kelvin\AppData\Local\{66DFF000-2C03-4B9C-AA17-66122A144F99}

2012-05-06 20:27:14 -------- d-----w- C:\Users\Kelvin\AppData\Local\{E6B54213-7E46-4854-A9B1-BFF36367D7A3}

2012-05-06 20:27:03 -------- d-----w- C:\Users\Kelvin\AppData\Local\{AF16FC7F-7C7A-4142-89B0-5FE0EE028B16}

2012-05-05 17:55:25 -------- d-----w- C:\Users\Kelvin\AppData\Local\{7840577E-77B2-42AC-BD42-371CA4974845}

2012-05-05 17:55:13 -------- d-----w- C:\Users\Kelvin\AppData\Local\{439E3F21-A4A9-48EE-8CCD-9BE537DD01F9}

2012-05-05 02:28:03 -------- d-----w- C:\Users\Kelvin\AppData\Local\{6B4EB509-BFAF-441B-9893-7BDCCB5177D3}

2012-05-05 02:27:42 -------- d-----w- C:\Users\Kelvin\AppData\Local\{896DAA12-6BA9-449E-BAD4-04BE31D9D6EA}

.

==================== Find3M ====================

.

2012-05-31 01:22:57 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 01:22:57 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll

2012-04-30 14:55:20 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-04-30 14:55:01 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-04-30 14:55:01 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-04-30 14:54:57 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-04-30 14:54:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-04-30 14:54:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-04-30 14:54:20 26181632 ----a-w- C:\Windows\System32\atio6axx.dll

2012-04-30 14:54:20 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-04-30 14:54:20 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-04-30 14:54:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-04-30 14:54:15 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-04-30 14:54:07 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-04-30 14:52:50 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-04-30 14:52:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-04-30 14:52:43 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-04-30 14:52:41 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-04-30 14:52:35 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-04-30 14:52:34 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-04-30 14:52:33 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-04-30 14:52:31 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-04-30 14:52:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-04-30 14:52:23 503808 ----a-w- C:\Windows\System32\atieclxx.exe

2012-04-30 14:52:08 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-04-30 14:52:05 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-04-30 14:51:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-04-30 14:51:31 7479296 ----a-w- C:\Windows\System32\atidxx64.dll

2012-04-30 14:51:24 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-04-30 14:51:19 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-04-30 14:51:16 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-04-30 14:51:14 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-04-30 14:51:13 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-04-30 14:51:12 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2012-04-30 14:51:04 44544 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-04-28 21:30:43 419840 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-04-28 21:30:43 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-04-28 21:30:43 133632 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-04-28 21:30:43 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-04-25 22:53:40 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-04-25 22:53:40 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-04-25 22:53:12 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-04-05 21:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-04-05 21:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-04-05 21:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-04-05 21:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-04-05 21:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-04-05 21:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-04-05 21:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-03-11 14:36:34 96256 ----a-w- C:\Windows\System32\EAW + FOC Patch.exe

2012-03-11 13:59:46 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-03-09 13:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-03-09 13:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

.

============= FINISH: 22:37:12.54 ===============

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.