Possible infection?

xeraese · June 5, 2013

Problems started a day before yesterday after a quick update and restart i think...

Since then whenever i open a video using any programs, the pc would just hang for a few seconds or so and even stopped responding whenever i skipped forward into the video...

I've yet to encounter any problems with other programs unless it's related to video playback...

Here is the dds report, i hope i'm not infected with any malicious program...

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2

Run by Ryuujin91 at 8:04:23 on 2013-06-05

Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.3583.1319 [GMT 8:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

G:\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

G:\Tunngle\TnglCtrl.exe

C:\Program Files\SoftDenchi\UCManSvc.exe

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Program Files\Yontoo\Y2Desktop.Updater.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Ryuujin91\AppData\Local\Akamai\netsession_win.exe

G:\Salaat Time\SalaatTime.exe

C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files\Aztech\WL230USB-L Wireless Utility\Installer\WINXP\WL230USB-L Wireless Utility.exe

C:\Users\Ryuujin91\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Ryuujin91\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Ryuujin91\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

C:\Users\Ryuujin91\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\taskhost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.my/

uSearch Bar = Preserve

mStart Page = about:blank

uProxyOverride = 127.0.0.1:9421;<local>

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Akamai NetSession Interface] "c:\users\ryuujin91\appdata\local\akamai\netsession_win.exe"

uRun: [salaatTime] g:\salaat time\SalaatTime.exe

uRun: [Google Update] "c:\users\ryuujin91\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe"

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wl230u~1.lnk - c:\program files\aztech\wl230usb-l wireless utility\installer\winxp\WL230USB-L Wireless Utility.exe

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{146AD9BC-F77B-4BD5-AD06-7FAAB0BD74B6} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3CE4C4FF-D750-4312-ACF9-289314F3ECF5} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{6F74F726-DAA0-4127-8FB4-4EDB275099AC} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{E701AA20-1A60-4873-AB16-4E6A3696937F} : DHCPNameServer = 192.168.1.1

.

============= SERVICES / DRIVERS ===============

.

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]

R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44432]

R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-20 219136]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 MBAMScheduler;MBAMScheduler;g:\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 418376]

R2 TunngleService;TunngleService;g:\tunngle\TnglCtrl.exe [2011-10-25 745832]

R2 UCManSvc;UCManSvc;c:\program files\softdenchi\UCManSvc.exe [2012-11-1 186512]

R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-4-27 23552]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-11-6 84992]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-3 218688]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-16 22856]

R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2012-1-19 23208]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-10-25 27136]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-3-8 1102848]

S2 MBAMService;MBAMService;g:\malwarebytes' anti-malware\mbamservice.exe [2012-9-16 701512]

S3 apf003;apf003;c:\windows\system32\apf003.sys [2012-11-29 13232]

S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2011-10-5 564800]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-3 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-16 1343400]

S3 WL230V32;Aztech 802.11g WL230 1211B Driver;c:\windows\system32\drivers\WlanUZG.sys [2010-11-21 449536]

.

=============== Created Last 30 ================

.

2013-06-04 23:06:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-04 23:01:45 69632 ----a-w- c:\windows\system32\smss.exe

2013-06-04 23:01:45 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-04 23:01:45 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-04 23:01:45 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-06-04 23:01:02 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-06-04 23:01:02 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-06-04 23:01:02 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-06-04 23:00:48 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2013-06-04 23:00:30 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-06-04 23:00:30 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2013-06-04 23:00:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-06-04 23:00:18 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-06-04 22:59:01 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 22:58:58 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2013-06-04 22:58:58 242176 ----a-w- c:\windows\system32\nlasvc.dll

2013-06-04 22:58:58 175104 ----a-w- c:\windows\system32\netcorehc.dll

2013-06-04 22:58:58 156672 ----a-w- c:\windows\system32\ncsi.dll

2013-06-04 22:58:57 52224 ----a-w- c:\windows\system32\nlaapi.dll

2013-06-04 22:58:57 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-06-04 22:58:57 18944 ----a-w- c:\windows\system32\netevent.dll

2013-06-04 22:58:53 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-06-04 22:58:53 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-06-04 22:58:53 186368 ----a-w- c:\windows\system32\wwansvc.dll

2013-06-04 22:54:08 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-06-04 22:54:08 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-06-04 22:54:07 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-06-04 22:54:07 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2013-06-04 22:53:47 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-06-04 22:53:47 1796096 ----a-w- c:\windows\system32\authui.dll

2013-06-04 22:53:47 101720 ----a-w- c:\windows\system32\consent.exe

2013-06-04 22:50:32 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-06-04 21:59:57 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c5237b70-a4a0-4fe5-9e20-c4ff9be383ec}\mpengine.dll

2013-06-04 11:02:45 -------- d-----w- c:\windows\pss

2013-06-01 08:41:12 -------- d-----w- c:\users\ryuujin91\appdata\local\FLT

2013-06-01 08:40:50 -------- d-----w- c:\users\ryuujin91\appdata\local\CAPCOM

2013-05-20 21:39:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-05-20 21:38:59 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-05-20 21:38:59 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-15 05:16:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 05:16:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-01 18:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-22 07:50:03 44432 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-04-22 07:50:03 145040 ----a-w- c:\windows\system32\drivers\kneps.sys

2013-04-22 07:50:00 74848 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-04-16 15:40:53 152576 ----a-w- c:\windows\system32\msclmd.dll

2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-04-04 06:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-22 07:48:04 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2006-10-12 03:09:40 94208 --sh--w- c:\windows\system32\SalaatTime.dll

.

============= FINISH: 8:04:41.24 ===============

Your help would be very much appreciated.

Psychotic · June 5, 2013

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

The issue you described has not to be malware related. Let´s check this.

Scan with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
Click Upload.

xeraese · June 6, 2013

Thank you for the reply.

Here are the logs as instructed...I hope I did it right...

# AdwCleaner v2.301 - Logfile created 06/06/2013 at 14:10:59

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)

# User : Ryuujin91 - VOIDSPACE

# Boot Mode : Normal

# Running from : C:\Users\Ryuujin91\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

File Deleted : C:\Users\RYUUJI~1\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

Folder Deleted : C:\Program Files\PutLockerDownloader

Folder Deleted : C:\Program Files\Yontoo

Folder Deleted : C:\Program Files\yourfiledownloader

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast

Folder Deleted : C:\ProgramData\SoftSafe

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Ryuujin91\AppData\Local\PackageAware

Folder Deleted : C:\Users\Ryuujin91\AppData\Local\PutLockerDownloader

Folder Deleted : C:\Users\Ryuujin91\AppData\LocalLow\wxDfast

Folder Deleted : C:\Users\Ryuujin91\AppData\Roaming\BabSolution

Folder Deleted : C:\Users\Ryuujin91\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Ryuujin91\AppData\Roaming\Yontoo

Folder Deleted : C:\Users\Ryuujin91\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SProtector

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\YourFileDownloader

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj

Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PutLockerDownloader

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\e5388dfe634ee48

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SProtector

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\YourFileDownloader

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (en-US)

File : C:\Users\Ryuujin91\AppData\Roaming\Mozilla\Firefox\Profiles\1fi2009b.default\prefs.js

C:\Users\Ryuujin91\AppData\Roaming\Mozilla\Firefox\Profiles\1fi2009b.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("extensions.503a0b5ff3664.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Ryuujin91\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6921 octets] - [06/06/2013 14:10:37]

AdwCleaner[s1].txt - [6834 octets] - [06/06/2013 14:10:59]

########## EOF - C:\AdwCleaner[s1].txt - [6894 octets] ##########

Gmer.txt

Psychotic · June 6, 2013

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Scan with aswMBR

Please download aswMBR.exe to your desktop.

Double-click the aswMBR.exe to run it
When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
Now click on the Scan button to start scan
On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

xeraese · June 6, 2013

The next log as instructed...

TDSSKiller...

23:29:56.0913 9592 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

23:29:57.0893 9592 ============================================================

23:29:57.0893 9592 Current date / time: 2013/06/06 23:29:57.0893

23:29:57.0893 9592 SystemInfo:

23:29:57.0893 9592

23:29:57.0893 9592 OS Version: 6.1.7601 ServicePack: 1.0

23:29:57.0893 9592 Product type: Workstation

23:29:57.0893 9592 ComputerName: VOIDSPACE

23:29:57.0893 9592 UserName: Ryuujin91

23:29:57.0893 9592 Windows directory: C:\Windows

23:29:57.0893 9592 System windows directory: C:\Windows

23:29:57.0893 9592 Processor architecture: Intel x86

23:29:57.0893 9592 Number of processors: 4

23:29:57.0893 9592 Page size: 0x1000

23:29:57.0893 9592 Boot type: Normal boot

23:29:57.0893 9592 ============================================================

23:30:05.0057 9592 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C100DE00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0xE01F4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050

23:30:05.0126 9592 ============================================================

23:30:05.0126 9592 \Device\Harddisk0\DR0:

23:30:05.0131 9592 MBR partitions:

23:30:05.0131 9592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:30:05.0131 9592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000

23:30:05.0131 9592 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x124F8000

23:30:05.0149 9592 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x249F1000, BlocksNum 0x124F8000

23:30:05.0163 9592 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x36EE9800, BlocksNum 0x3D090000

23:30:05.0178 9592 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x73F7A000, BlocksNum 0xC350000

23:30:05.0193 9592 \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0x802CA800, BlocksNum 0xC350000

23:30:05.0210 9592 \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x8C61B000, BlocksNum 0xC350000

23:30:05.0263 9592 \Device\Harddisk0\DR0\Partition9: MBR, Type 0x7, StartLBA 0x9896B800, BlocksNum 0x124F8000

23:30:05.0322 9592 \Device\Harddisk0\DR0\Partition10: MBR, Type 0x7, StartLBA 0xAAE64000, BlocksNum 0x186A0000

23:30:05.0342 9592 \Device\Harddisk0\DR0\Partition11: MBR, Type 0x7, StartLBA 0xC3504800, BlocksNum 0x186A0000

23:30:05.0361 9592 \Device\Harddisk0\DR0\Partition12: MBR, Type 0x7, StartLBA 0xDBBA5000, BlocksNum 0xD262800

23:30:05.0361 9592 ============================================================

23:30:05.0416 9592 C: <-> \Device\Harddisk0\DR0\Partition2

23:30:05.0485 9592 D: <-> \Device\Harddisk0\DR0\Partition4

23:30:05.0531 9592 E: <-> \Device\Harddisk0\DR0\Partition5

23:30:05.0564 9592 G: <-> \Device\Harddisk0\DR0\Partition7

23:30:05.0627 9592 H: <-> \Device\Harddisk0\DR0\Partition8

23:30:05.0668 9592 I: <-> \Device\Harddisk0\DR0\Partition9

23:30:05.0719 9592 J: <-> \Device\Harddisk0\DR0\Partition3

23:30:05.0786 9592 F: <-> \Device\Harddisk0\DR0\Partition10

23:30:05.0900 9592 M: <-> \Device\Harddisk0\DR0\Partition11

23:30:06.0072 9592 N: <-> \Device\Harddisk0\DR0\Partition12

23:30:06.0127 9592 L: <-> \Device\Harddisk0\DR0\Partition6

23:30:06.0160 9592 ============================================================

23:30:06.0160 9592 Initialize success

23:30:06.0160 9592 ============================================================

23:30:13.0469 8236 ============================================================

23:30:13.0469 8236 Scan started

23:30:13.0469 8236 Mode: Manual;

23:30:13.0469 8236 ============================================================

23:30:15.0194 8236 ================ Scan system memory ========================

23:30:15.0194 8236 System memory - ok

23:30:15.0194 8236 ================ Scan services =============================

23:30:15.0328 8236 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:30:15.0331 8236 1394ohci - ok

23:30:15.0365 8236 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:30:15.0369 8236 ACPI - ok

23:30:15.0401 8236 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:30:15.0403 8236 AcpiPmi - ok

23:30:15.0498 8236 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

23:30:15.0500 8236 AdobeARMservice - ok

23:30:15.0566 8236 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

23:30:15.0568 8236 AdobeFlashPlayerUpdateSvc - ok

23:30:15.0602 8236 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:30:15.0608 8236 adp94xx - ok

23:30:15.0626 8236 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:30:15.0631 8236 adpahci - ok

23:30:15.0643 8236 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:30:15.0646 8236 adpu320 - ok

23:30:15.0708 8236 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\Windows\system32\DRIVERS\AegisP.sys

23:30:15.0710 8236 AegisP - ok

23:30:15.0747 8236 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:30:15.0748 8236 AeLookupSvc - ok

23:30:15.0821 8236 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

23:30:15.0826 8236 AFD - ok

23:30:15.0854 8236 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

23:30:15.0856 8236 agp440 - ok

23:30:15.0869 8236 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

23:30:15.0872 8236 aic78xx - ok

23:30:16.0014 8236 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files\common files\akamai/netsession_win_ca0e279.dll

23:30:16.0015 8236 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE

23:30:16.0023 8236 Akamai ( HiddenFile.Multi.Generic ) - warning

23:30:16.0023 8236 Akamai - detected HiddenFile.Multi.Generic (1)

23:30:16.0058 8236 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

23:30:16.0060 8236 ALG - ok

23:30:16.0078 8236 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

23:30:16.0080 8236 aliide - ok

23:30:16.0109 8236 [ 20883D2D6E1D94321246AFF39AFCE56C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

23:30:16.0113 8236 AMD External Events Utility - ok

23:30:16.0127 8236 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

23:30:16.0130 8236 amdagp - ok

23:30:16.0143 8236 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

23:30:16.0145 8236 amdide - ok

23:30:16.0165 8236 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:30:16.0168 8236 AmdK8 - ok

23:30:16.0343 8236 [ 8852D7B22CC76CBFE38FE1B539D40285 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

23:30:16.0496 8236 amdkmdag - ok

23:30:16.0521 8236 [ E84DAD432A49480D3FBB7AFBD854AC1C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

23:30:16.0527 8236 amdkmdap - ok

23:30:16.0540 8236 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:30:16.0542 8236 AmdPPM - ok

23:30:16.0559 8236 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:30:16.0562 8236 amdsata - ok

23:30:16.0583 8236 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:30:16.0587 8236 amdsbs - ok

23:30:16.0593 8236 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:30:16.0595 8236 amdxata - ok

23:30:16.0641 8236 [ 459C0FFF8FF5EB4E8DF7E2EFDCB28DE1 ] apf003 C:\Windows\system32\apf003.sys

23:30:16.0644 8236 apf003 - ok

23:30:16.0666 8236 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

23:30:16.0668 8236 AppID - ok

23:30:16.0679 8236 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:30:16.0680 8236 AppIDSvc - ok

23:30:16.0712 8236 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll

23:30:16.0715 8236 Appinfo - ok

23:30:16.0735 8236 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

23:30:16.0738 8236 arc - ok

23:30:16.0749 8236 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:30:16.0752 8236 arcsas - ok

23:30:16.0834 8236 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

23:30:16.0883 8236 aspnet_state - ok

23:30:16.0903 8236 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:30:16.0905 8236 AsyncMac - ok

23:30:16.0922 8236 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

23:30:16.0923 8236 atapi - ok

23:30:16.0976 8236 [ 44FA26470D4C8123CCF71F4200B782D3 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys

23:30:16.0986 8236 athrusb - ok

23:30:17.0039 8236 [ C7C4A32657EA691895DC5A270EB1DE77 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys

23:30:17.0042 8236 AtiHDAudioService - ok

23:30:17.0077 8236 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:30:17.0084 8236 AudioEndpointBuilder - ok

23:30:17.0093 8236 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

23:30:17.0096 8236 Audiosrv - ok

23:30:17.0163 8236 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

23:30:17.0166 8236 AVP - ok

23:30:17.0199 8236 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:30:17.0202 8236 AxInstSV - ok

23:30:17.0228 8236 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

23:30:17.0234 8236 b06bdrv - ok

23:30:17.0251 8236 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

23:30:17.0256 8236 b57nd60x - ok

23:30:17.0276 8236 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

23:30:17.0278 8236 BDESVC - ok

23:30:17.0299 8236 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

23:30:17.0301 8236 Beep - ok

23:30:17.0337 8236 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll

23:30:17.0344 8236 BFE - ok

23:30:17.0384 8236 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll

23:30:17.0393 8236 BITS - ok

23:30:17.0409 8236 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:30:17.0411 8236 blbdrive - ok

23:30:17.0442 8236 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:30:17.0444 8236 bowser - ok

23:30:17.0457 8236 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:30:17.0460 8236 BrFiltLo - ok

23:30:17.0471 8236 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:30:17.0474 8236 BrFiltUp - ok

23:30:17.0481 8236 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

23:30:17.0484 8236 BridgeMP - ok

23:30:17.0546 8236 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll

23:30:17.0549 8236 Browser - ok

23:30:17.0570 8236 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:30:17.0575 8236 Brserid - ok

23:30:17.0586 8236 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:30:17.0588 8236 BrSerWdm - ok

23:30:17.0605 8236 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:30:17.0607 8236 BrUsbMdm - ok

23:30:17.0621 8236 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:30:17.0623 8236 BrUsbSer - ok

23:30:17.0642 8236 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:30:17.0644 8236 BTHMODEM - ok

23:30:17.0666 8236 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

23:30:17.0669 8236 bthserv - ok

23:30:17.0724 8236 catchme - ok

23:30:17.0739 8236 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:30:17.0742 8236 cdfs - ok

23:30:17.0770 8236 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys

23:30:17.0772 8236 cdrom - ok

23:30:17.0817 8236 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

23:30:17.0819 8236 CertPropSvc - ok

23:30:17.0838 8236 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:30:17.0840 8236 circlass - ok

23:30:17.0857 8236 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

23:30:17.0861 8236 CLFS - ok

23:30:17.0895 8236 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:30:17.0899 8236 clr_optimization_v2.0.50727_32 - ok

23:30:17.0941 8236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:30:18.0025 8236 clr_optimization_v4.0.30319_32 - ok

23:30:18.0059 8236 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:30:18.0061 8236 CmBatt - ok

23:30:18.0067 8236 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:30:18.0070 8236 cmdide - ok

23:30:18.0097 8236 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys

23:30:18.0102 8236 CNG - ok

23:30:18.0109 8236 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:30:18.0112 8236 Compbatt - ok

23:30:18.0127 8236 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:30:18.0129 8236 CompositeBus - ok

23:30:18.0136 8236 COMSysApp - ok

23:30:18.0186 8236 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:30:18.0189 8236 crcdisk - ok

23:30:18.0211 8236 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:30:18.0214 8236 CryptSvc - ok

23:30:18.0237 8236 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

23:30:18.0243 8236 DcomLaunch - ok

23:30:18.0263 8236 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

23:30:18.0268 8236 defragsvc - ok

23:30:18.0283 8236 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:30:18.0286 8236 DfsC - ok

23:30:18.0313 8236 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

23:30:18.0318 8236 Dhcp - ok

23:30:18.0331 8236 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

23:30:18.0334 8236 discache - ok

23:30:18.0346 8236 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:30:18.0349 8236 Disk - ok

23:30:18.0389 8236 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:30:18.0392 8236 Dnscache - ok

23:30:18.0424 8236 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

23:30:18.0429 8236 dot3svc - ok

23:30:18.0452 8236 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

23:30:18.0455 8236 DPS - ok

23:30:18.0476 8236 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:30:18.0478 8236 drmkaud - ok

23:30:18.0517 8236 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

23:30:18.0521 8236 dtsoftbus01 - ok

23:30:18.0551 8236 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:30:18.0625 8236 DXGKrnl - ok

23:30:18.0652 8236 EagleXNt - ok

23:30:18.0677 8236 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

23:30:18.0681 8236 EapHost - ok

23:30:18.0747 8236 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

23:30:18.0804 8236 ebdrv - ok

23:30:18.0835 8236 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

23:30:18.0838 8236 EFS - ok

23:30:18.0884 8236 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:30:18.0892 8236 ehRecvr - ok

23:30:18.0923 8236 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

23:30:18.0926 8236 ehSched - ok

23:30:18.0948 8236 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:30:18.0955 8236 elxstor - ok

23:30:18.0968 8236 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:30:18.0970 8236 ErrDev - ok

23:30:18.0993 8236 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

23:30:18.0999 8236 EventSystem - ok

23:30:19.0012 8236 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

23:30:19.0015 8236 exfat - ok

23:30:19.0037 8236 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:30:19.0040 8236 fastfat - ok

23:30:19.0082 8236 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

23:30:19.0089 8236 Fax - ok

23:30:19.0102 8236 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:30:19.0104 8236 fdc - ok

23:30:19.0115 8236 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

23:30:19.0118 8236 fdPHost - ok

23:30:19.0129 8236 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

23:30:19.0132 8236 FDResPub - ok

23:30:19.0138 8236 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:30:19.0141 8236 FileInfo - ok

23:30:19.0157 8236 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:30:19.0159 8236 Filetrace - ok

23:30:19.0172 8236 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:30:19.0174 8236 flpydisk - ok

23:30:19.0195 8236 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:30:19.0199 8236 FltMgr - ok

23:30:19.0235 8236 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll

23:30:19.0245 8236 FontCache - ok

23:30:19.0275 8236 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

23:30:19.0280 8236 FontCache3.0.0.0 - ok

23:30:19.0285 8236 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:30:19.0288 8236 FsDepends - ok

23:30:19.0319 8236 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:30:19.0321 8236 Fs_Rec - ok

23:30:19.0351 8236 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:30:19.0355 8236 fvevol - ok

23:30:19.0375 8236 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:30:19.0378 8236 gagp30kx - ok

23:30:19.0410 8236 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

23:30:19.0419 8236 gpsvc - ok

23:30:19.0425 8236 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:30:19.0427 8236 hcw85cir - ok

23:30:19.0488 8236 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:30:19.0493 8236 HdAudAddService - ok

23:30:19.0509 8236 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

23:30:19.0512 8236 HDAudBus - ok

23:30:19.0518 8236 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:30:19.0520 8236 HidBatt - ok

23:30:19.0535 8236 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:30:19.0556 8236 HidBth - ok

23:30:19.0580 8236 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:30:19.0586 8236 HidIr - ok

23:30:19.0614 8236 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

23:30:19.0617 8236 hidserv - ok

23:30:19.0639 8236 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys

23:30:19.0878 8236 HidUsb - ok

23:30:19.0960 8236 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:30:19.0993 8236 hkmsvc - ok

23:30:20.0093 8236 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:30:20.0098 8236 HomeGroupListener - ok

23:30:20.0129 8236 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:30:20.0135 8236 HomeGroupProvider - ok

23:30:20.0147 8236 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:30:20.0149 8236 HpSAMD - ok

23:30:20.0187 8236 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:30:20.0194 8236 HTTP - ok

23:30:20.0209 8236 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:30:20.0211 8236 hwpolicy - ok

23:30:20.0244 8236 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:30:20.0247 8236 i8042prt - ok

23:30:20.0281 8236 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:30:20.0286 8236 iaStorV - ok

23:30:20.0354 8236 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

23:30:20.0363 8236 IDriverT - ok

23:30:20.0415 8236 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:30:20.0443 8236 idsvc - ok

23:30:20.0465 8236 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:30:20.0468 8236 iirsp - ok

23:30:20.0489 8236 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

23:30:20.0497 8236 IKEEXT - ok

23:30:20.0510 8236 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

23:30:20.0512 8236 intelide - ok

23:30:20.0528 8236 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:30:20.0530 8236 intelppm - ok

23:30:20.0540 8236 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:30:20.0543 8236 IPBusEnum - ok

23:30:20.0557 8236 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:30:20.0559 8236 IpFilterDriver - ok

23:30:20.0598 8236 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:30:20.0740 8236 iphlpsvc - ok

23:30:20.0747 8236 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:30:20.0749 8236 IPMIDRV - ok

23:30:20.0792 8236 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:30:20.0795 8236 IPNAT - ok

23:30:20.0818 8236 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:30:20.0820 8236 IRENUM - ok

23:30:20.0827 8236 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:30:20.0829 8236 isapnp - ok

23:30:20.0852 8236 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:30:20.0857 8236 iScsiPrt - ok

23:30:20.0867 8236 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

23:30:20.0876 8236 kbdclass - ok

23:30:20.0886 8236 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

23:30:20.0888 8236 kbdhid - ok

23:30:20.0894 8236 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

23:30:20.0896 8236 KeyIso - ok

23:30:20.0942 8236 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys

23:30:20.0946 8236 kl1 - ok

23:30:21.0006 8236 [ BE21AC70BB25B9BA0D79AA510D6BBFCB ] KLIF C:\Windows\system32\DRIVERS\klif.sys

23:30:21.0011 8236 KLIF - ok

23:30:21.0030 8236 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys

23:30:21.0032 8236 KLIM6 - ok

23:30:21.0051 8236 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys

23:30:21.0053 8236 klkbdflt - ok

23:30:21.0067 8236 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys

23:30:21.0069 8236 klmouflt - ok

23:30:21.0094 8236 [ E7EFE379B05BB01F13885C5DBE5A4E64 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys

23:30:21.0096 8236 kltdi - ok

23:30:21.0133 8236 [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps C:\Windows\system32\DRIVERS\kneps.sys

23:30:21.0136 8236 kneps - ok

23:30:21.0174 8236 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:30:21.0177 8236 KSecDD - ok

23:30:21.0211 8236 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:30:21.0215 8236 KSecPkg - ok

23:30:21.0242 8236 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

23:30:21.0249 8236 KtmRm - ok

23:30:21.0259 8236 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll

23:30:21.0265 8236 LanmanServer - ok

23:30:21.0279 8236 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:30:21.0284 8236 LanmanWorkstation - ok

23:30:21.0299 8236 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:30:21.0301 8236 lltdio - ok

23:30:21.0322 8236 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:30:21.0327 8236 lltdsvc - ok

23:30:21.0340 8236 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

23:30:21.0342 8236 lmhosts - ok

23:30:21.0355 8236 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:30:21.0358 8236 LSI_FC - ok

23:30:21.0364 8236 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:30:21.0367 8236 LSI_SAS - ok

23:30:21.0373 8236 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:30:21.0375 8236 LSI_SAS2 - ok

23:30:21.0410 8236 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:30:21.0413 8236 LSI_SCSI - ok

23:30:21.0427 8236 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

23:30:21.0429 8236 luafv - ok

23:30:21.0462 8236 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

23:30:21.0464 8236 MBAMProtector - ok

23:30:21.0525 8236 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler G:\Malwarebytes' Anti-Malware\mbamscheduler.exe

23:30:21.0531 8236 MBAMScheduler - ok

23:30:21.0596 8236 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService G:\Malwarebytes' Anti-Malware\mbamservice.exe

23:30:21.0604 8236 MBAMService - ok

23:30:21.0690 8236 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:30:21.0694 8236 Mcx2Svc - ok

23:30:21.0700 8236 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:30:21.0702 8236 megasas - ok

23:30:21.0768 8236 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:30:21.0772 8236 MegaSR - ok

23:30:21.0794 8236 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

23:30:21.0798 8236 MMCSS - ok

23:30:21.0804 8236 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

23:30:21.0807 8236 Modem - ok

23:30:21.0846 8236 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:30:21.0849 8236 monitor - ok

23:30:21.0867 8236 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys

23:30:21.0870 8236 mouclass - ok

23:30:21.0876 8236 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:30:21.0878 8236 mouhid - ok

23:30:21.0908 8236 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:30:21.0911 8236 mountmgr - ok

23:30:21.0943 8236 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

23:30:21.0946 8236 mpio - ok

23:30:21.0956 8236 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:30:21.0958 8236 mpsdrv - ok

23:30:22.0000 8236 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:30:22.0008 8236 MpsSvc - ok

23:30:22.0033 8236 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:30:22.0036 8236 MRxDAV - ok

23:30:22.0075 8236 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:30:22.0079 8236 mrxsmb - ok

23:30:22.0111 8236 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:30:22.0114 8236 mrxsmb10 - ok

23:30:22.0126 8236 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:30:22.0129 8236 mrxsmb20 - ok

23:30:22.0140 8236 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys

23:30:22.0142 8236 msahci - ok

23:30:22.0149 8236 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:30:22.0152 8236 msdsm - ok

23:30:22.0164 8236 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

23:30:22.0169 8236 MSDTC - ok

23:30:22.0182 8236 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:30:22.0185 8236 Msfs - ok

23:30:22.0195 8236 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:30:22.0196 8236 mshidkmdf - ok

23:30:22.0218 8236 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:30:22.0220 8236 msisadrv - ok

23:30:22.0242 8236 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:30:22.0245 8236 MSiSCSI - ok

23:30:22.0250 8236 msiserver - ok

23:30:22.0272 8236 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:30:22.0275 8236 MSKSSRV - ok

23:30:22.0283 8236 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:30:22.0286 8236 MSPCLOCK - ok

23:30:22.0291 8236 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:30:22.0293 8236 MSPQM - ok

23:30:22.0311 8236 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:30:22.0315 8236 MsRPC - ok

23:30:22.0328 8236 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:30:22.0330 8236 mssmbios - ok

23:30:22.0336 8236 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:30:22.0339 8236 MSTEE - ok

23:30:22.0344 8236 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:30:22.0346 8236 MTConfig - ok

23:30:22.0385 8236 [ CBE71C122434805CB73FFB6619F60598 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

23:30:22.0387 8236 MTsensor - ok

23:30:22.0460 8236 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

23:30:22.0462 8236 Mup - ok

23:30:22.0490 8236 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

23:30:22.0497 8236 napagent - ok

23:30:22.0511 8236 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:30:22.0515 8236 NativeWifiP - ok

23:30:22.0548 8236 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:30:22.0558 8236 NDIS - ok

23:30:22.0564 8236 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:30:22.0572 8236 NdisCap - ok

23:30:22.0577 8236 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:30:22.0580 8236 NdisTapi - ok

23:30:22.0616 8236 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:30:22.0618 8236 Ndisuio - ok

23:30:22.0649 8236 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:30:22.0651 8236 NdisWan - ok

23:30:22.0679 8236 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:30:22.0682 8236 NDProxy - ok

23:30:22.0688 8236 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:30:22.0690 8236 NetBIOS - ok

23:30:22.0721 8236 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:30:22.0725 8236 NetBT - ok

23:30:22.0730 8236 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

23:30:22.0732 8236 Netlogon - ok

23:30:22.0755 8236 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

23:30:22.0760 8236 Netman - ok

23:30:22.0819 8236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:30:22.0837 8236 NetMsmqActivator - ok

23:30:22.0843 8236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:30:22.0844 8236 NetPipeActivator - ok

23:30:22.0865 8236 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

23:30:22.0871 8236 netprofm - ok

23:30:22.0915 8236 [ B8DEE9E7E8F55138F9BC886519C617C4 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys

23:30:22.0923 8236 netr73 - ok

23:30:22.0939 8236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:30:22.0941 8236 NetTcpActivator - ok

23:30:22.0948 8236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:30:22.0949 8236 NetTcpPortSharing - ok

23:30:23.0027 8236 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:30:23.0029 8236 nfrd960 - ok

23:30:23.0055 8236 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll

23:30:23.0134 8236 NlaSvc - ok

23:30:23.0150 8236 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:30:23.0152 8236 Npfs - ok

23:30:23.0166 8236 npggsvc - ok

23:30:23.0189 8236 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

23:30:23.0192 8236 nsi - ok

23:30:23.0197 8236 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:30:23.0199 8236 nsiproxy - ok

23:30:23.0247 8236 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:30:23.0263 8236 Ntfs - ok

23:30:23.0285 8236 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

23:30:23.0354 8236 Null - ok

23:30:23.0535 8236 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:30:23.0695 8236 nvlddmkm - ok

23:30:23.0734 8236 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:30:23.0738 8236 nvraid - ok

23:30:23.0773 8236 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:30:23.0776 8236 nvstor - ok

23:30:23.0789 8236 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:30:23.0792 8236 nv_agp - ok

23:30:23.0828 8236 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:30:23.0831 8236 ohci1394 - ok

23:30:23.0852 8236 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:30:23.0858 8236 p2pimsvc - ok

23:30:23.0882 8236 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

23:30:23.0889 8236 p2psvc - ok

23:30:23.0903 8236 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:30:23.0906 8236 Parport - ok

23:30:23.0935 8236 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:30:23.0938 8236 partmgr - ok

23:30:23.0949 8236 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

23:30:23.0951 8236 Parvdm - ok

23:30:23.0967 8236 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:30:23.0971 8236 PcaSvc - ok

23:30:23.0983 8236 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

23:30:23.0985 8236 pci - ok

23:30:23.0990 8236 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

23:30:23.0993 8236 pciide - ok

23:30:24.0008 8236 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:30:24.0011 8236 pcmcia - ok

23:30:24.0030 8236 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

23:30:24.0032 8236 pcw - ok

23:30:24.0055 8236 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:30:24.0063 8236 PEAUTH - ok

23:30:24.0142 8236 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

23:30:24.0175 8236 pla - ok

23:30:24.0209 8236 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:30:24.0215 8236 PlugPlay - ok

23:30:24.0230 8236 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:30:24.0234 8236 PNRPAutoReg - ok

23:30:24.0242 8236 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:30:24.0245 8236 PNRPsvc - ok

23:30:24.0259 8236 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:30:24.0265 8236 PolicyAgent - ok

23:30:24.0300 8236 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

23:30:24.0305 8236 Power - ok

23:30:24.0316 8236 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:30:24.0319 8236 PptpMiniport - ok

23:30:24.0329 8236 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:30:24.0332 8236 Processor - ok

23:30:24.0351 8236 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll

23:30:24.0356 8236 ProfSvc - ok

23:30:24.0361 8236 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:30:24.0363 8236 ProtectedStorage - ok

23:30:24.0398 8236 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:30:24.0401 8236 Psched - ok

23:30:24.0439 8236 [ C456C2DB7F7D6A3112A360DDF315298B ] PTSimBus C:\Windows\system32\DRIVERS\PTSimBus.sys

23:30:24.0441 8236 PTSimBus - ok

23:30:24.0449 8236 [ F98BB914074A43E7E83EA98D7D13D612 ] PTSimHid C:\Windows\System32\Drivers\PTSimHid.sys

23:30:24.0450 8236 PTSimHid - ok

23:30:24.0480 8236 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:30:24.0496 8236 ql2300 - ok

23:30:24.0514 8236 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:30:24.0516 8236 ql40xx - ok

23:30:24.0536 8236 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

23:30:24.0542 8236 QWAVE - ok

23:30:24.0558 8236 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:30:24.0560 8236 QWAVEdrv - ok

23:30:24.0566 8236 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:30:24.0568 8236 RasAcd - ok

23:30:24.0598 8236 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:30:24.0600 8236 RasAgileVpn - ok

23:30:24.0612 8236 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

23:30:24.0617 8236 RasAuto - ok

23:30:24.0630 8236 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:30:24.0633 8236 Rasl2tp - ok

23:30:24.0648 8236 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

23:30:24.0654 8236 RasMan - ok

23:30:24.0671 8236 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:30:24.0674 8236 RasPppoe - ok

23:30:24.0690 8236 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:30:24.0692 8236 RasSstp - ok

23:30:24.0726 8236 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:30:24.0731 8236 rdbss - ok

23:30:24.0747 8236 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:30:24.0749 8236 rdpbus - ok

23:30:24.0783 8236 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:30:24.0785 8236 RDPCDD - ok

23:30:24.0813 8236 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:30:24.0814 8236 RDPENCDD - ok

23:30:24.0829 8236 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:30:24.0831 8236 RDPREFMP - ok

23:30:24.0845 8236 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:30:24.0848 8236 RDPWD - ok

23:30:24.0889 8236 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:30:24.0892 8236 rdyboost - ok

23:30:24.0925 8236 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

23:30:24.0929 8236 RemoteAccess - ok

23:30:24.0937 8236 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:30:24.0942 8236 RemoteRegistry - ok

23:30:25.0037 8236 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe

23:30:25.0042 8236 RichVideo - ok

23:30:25.0050 8236 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:30:25.0054 8236 RpcEptMapper - ok

23:30:25.0074 8236 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

23:30:25.0077 8236 RpcLocator - ok

23:30:25.0136 8236 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll

23:30:25.0141 8236 RpcSs - ok

23:30:25.0155 8236 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:30:25.0158 8236 rspndr - ok

23:30:25.0205 8236 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

23:30:25.0212 8236 RTL8167 - ok

23:30:25.0218 8236 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

23:30:25.0220 8236 SamSs - ok

23:30:25.0239 8236 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:30:25.0241 8236 sbp2port - ok

23:30:25.0256 8236 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:30:25.0260 8236 SCardSvr - ok

23:30:25.0309 8236 [ C23DBD9BFBA8B1170706E0896B3CF7DA ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

23:30:25.0312 8236 SCDEmu - ok

23:30:25.0323 8236 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:30:25.0325 8236 scfilter - ok

23:30:25.0374 8236 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

23:30:25.0386 8236 Schedule - ok

23:30:25.0405 8236 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:30:25.0406 8236 SCPolicySvc - ok

23:30:25.0440 8236 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:30:25.0445 8236 SDRSVC - ok

23:30:25.0450 8236 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:30:25.0453 8236 secdrv - ok

23:30:25.0473 8236 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

23:30:25.0477 8236 seclogon - ok

23:30:25.0495 8236 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

23:30:25.0499 8236 SENS - ok

23:30:25.0521 8236 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:30:25.0526 8236 SensrSvc - ok

23:30:25.0539 8236 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:30:25.0541 8236 Serenum - ok

23:30:25.0579 8236 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:30:25.0581 8236 Serial - ok

23:30:25.0588 8236 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:30:25.0590 8236 sermouse - ok

23:30:25.0633 8236 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

23:30:25.0638 8236 SessionEnv - ok

23:30:25.0665 8236 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:30:25.0668 8236 sffdisk - ok

23:30:25.0673 8236 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:30:25.0675 8236 sffp_mmc - ok

23:30:25.0681 8236 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:30:25.0683 8236 sffp_sd - ok

23:30:25.0699 8236 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:30:25.0701 8236 sfloppy - ok

23:30:25.0737 8236 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:30:25.0743 8236 SharedAccess - ok

23:30:25.0757 8236 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:30:25.0764 8236 ShellHWDetection - ok

23:30:25.0777 8236 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

23:30:25.0780 8236 sisagp - ok

23:30:25.0794 8236 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:30:25.0797 8236 SiSRaid2 - ok

23:30:25.0816 8236 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:30:25.0819 8236 SiSRaid4 - ok

23:30:25.0832 8236 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:30:25.0835 8236 Smb - ok

23:30:25.0861 8236 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:30:25.0921 8236 SNMPTRAP - ok

23:30:25.0935 8236 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

23:30:25.0937 8236 spldr - ok

23:30:25.0972 8236 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe

23:30:26.0014 8236 Spooler - ok

23:30:26.0266 8236 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

23:30:26.0304 8236 sppsvc - ok

23:30:26.0319 8236 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:30:26.0323 8236 sppuinotify - ok

23:30:26.0355 8236 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:30:26.0360 8236 srv - ok

23:30:26.0381 8236 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:30:26.0386 8236 srv2 - ok

23:30:26.0396 8236 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:30:26.0398 8236 srvnet - ok

23:30:26.0416 8236 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:30:26.0421 8236 SSDPSRV - ok

23:30:26.0436 8236 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:30:26.0440 8236 SstpSvc - ok

23:30:26.0496 8236 Steam Client Service - ok

23:30:26.0501 8236 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:30:26.0504 8236 stexstor - ok

23:30:26.0539 8236 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

23:30:26.0548 8236 StiSvc - ok

23:30:26.0576 8236 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys

23:30:26.0578 8236 swenum - ok

23:30:26.0592 8236 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

23:30:26.0598 8236 swprv - ok

23:30:26.0646 8236 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

23:30:26.0662 8236 SysMain - ok

23:30:26.0671 8236 Tablet2k - ok

23:30:26.0695 8236 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:30:26.0700 8236 TabletInputService - ok

23:30:26.0739 8236 [ B7AEE68D2E867CBF69B649B18FCEDBBB ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys

23:30:26.0742 8236 tap0901t - ok

23:30:26.0778 8236 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

23:30:26.0784 8236 TapiSrv - ok

23:30:26.0804 8236 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

23:30:26.0809 8236 TBS - ok

23:30:26.0841 8236 [ 9B10F2BE724D8E978E21A5DA498FF5C1 ] TClass2k C:\Windows\System32\Drivers\TClass2k.sys

23:30:26.0844 8236 TClass2k - ok

23:30:26.0895 8236 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:30:26.0911 8236 Tcpip - ok

23:30:26.0973 8236 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:30:26.0981 8236 TCPIP6 - ok

23:30:27.0012 8236 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:30:27.0127 8236 tcpipreg - ok

23:30:27.0154 8236 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:30:27.0156 8236 TDPIPE - ok

23:30:27.0175 8236 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:30:27.0177 8236 TDTCP - ok

23:30:27.0215 8236 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:30:27.0217 8236 tdx - ok

23:30:27.0230 8236 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:30:27.0233 8236 TermDD - ok

23:30:27.0276 8236 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

23:30:27.0286 8236 TermService - ok

23:30:27.0318 8236 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

23:30:27.0321 8236 Themes - ok

23:30:27.0338 8236 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

23:30:27.0340 8236 THREADORDER - ok

23:30:27.0346 8236 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

23:30:27.0350 8236 TrkWks - ok

23:30:27.0389 8236 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:30:27.0394 8236 TrustedInstaller - ok

23:30:27.0420 8236 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:30:27.0422 8236 tssecsrv - ok

23:30:27.0459 8236 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:30:27.0461 8236 TsUsbFlt - ok

23:30:27.0503 8236 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:30:27.0506 8236 tunnel - ok

23:30:27.0572 8236 [ DE4FA36E187DB4242DF8FFF2E2A86631 ] TunngleService G:\Tunngle\TnglCtrl.exe

23:30:27.0582 8236 TunngleService - ok

23:30:27.0627 8236 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:30:27.0630 8236 uagp35 - ok

23:30:27.0678 8236 [ 6ED5BAAF4CF1FE809D2511D001B0A7C6 ] UCManSvc C:\Program Files\SoftDenchi\UCManSvc.exe

23:30:27.0681 8236 UCManSvc - ok

23:30:27.0689 8236 [ 915A53A87CF9B3BC27359846ECD6A547 ] UCTblHid C:\Windows\System32\Drivers\UCTblHid.sys

23:30:27.0691 8236 UCTblHid - ok

23:30:27.0704 8236 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:30:27.0708 8236 udfs - ok

23:30:27.0732 8236 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:30:27.0737 8236 UI0Detect - ok

23:30:27.0756 8236 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:30:27.0758 8236 uliagpkx - ok

23:30:27.0780 8236 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys

23:30:27.0782 8236 umbus - ok

23:30:27.0791 8236 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:30:27.0793 8236 UmPass - ok

23:30:27.0816 8236 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

23:30:27.0823 8236 upnphost - ok

23:30:27.0862 8236 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:30:27.0865 8236 usbccgp - ok

23:30:27.0896 8236 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:30:27.0898 8236 usbcir - ok

23:30:27.0936 8236 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:30:27.0938 8236 usbehci - ok

23:30:27.0955 8236 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:30:27.0959 8236 usbhub - ok

23:30:27.0974 8236 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:30:27.0976 8236 usbohci - ok

23:30:27.0990 8236 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:30:27.0992 8236 usbprint - ok

23:30:28.0023 8236 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:30:28.0025 8236 usbscan - ok

23:30:28.0035 8236 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:30:28.0037 8236 USBSTOR - ok

23:30:28.0043 8236 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:30:28.0045 8236 usbuhci - ok

23:30:28.0051 8236 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

23:30:28.0055 8236 UxSms - ok

23:30:28.0060 8236 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

23:30:28.0062 8236 VaultSvc - ok

23:30:28.0067 8236 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:30:28.0069 8236 vdrvroot - ok

23:30:28.0092 8236 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

23:30:28.0101 8236 vds - ok

23:30:28.0106 8236 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:30:28.0109 8236 vga - ok

23:30:28.0124 8236 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

23:30:28.0126 8236 VgaSave - ok

23:30:28.0137 8236 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:30:28.0140 8236 vhdmp - ok

23:30:28.0157 8236 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

23:30:28.0159 8236 viaagp - ok

23:30:28.0171 8236 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

23:30:28.0174 8236 ViaC7 - ok

23:30:28.0223 8236 [ DC56A867A2D92E1C51CB6D3F9C540548 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys

23:30:28.0237 8236 VIAHdAudAddService - ok

23:30:28.0243 8236 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

23:30:28.0246 8236 viaide - ok

23:30:28.0275 8236 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:30:28.0277 8236 volmgr - ok

23:30:28.0296 8236 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:30:28.0301 8236 volmgrx - ok

23:30:28.0313 8236 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:30:28.0317 8236 volsnap - ok

23:30:28.0324 8236 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:30:28.0327 8236 vsmraid - ok

23:30:28.0377 8236 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

23:30:28.0392 8236 VSS - ok

23:30:28.0408 8236 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

23:30:28.0410 8236 vwifibus - ok

23:30:28.0416 8236 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

23:30:28.0418 8236 vwififlt - ok

23:30:28.0440 8236 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

23:30:28.0441 8236 vwifimp - ok

23:30:28.0471 8236 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

23:30:28.0478 8236 W32Time - ok

23:30:28.0488 8236 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:30:28.0490 8236 WacomPen - ok

23:30:28.0528 8236 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:30:28.0530 8236 WANARP - ok

23:30:28.0535 8236 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:30:28.0536 8236 Wanarpv6 - ok

23:30:28.0592 8236 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:30:28.0612 8236 WatAdminSvc - ok

23:30:28.0666 8236 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

23:30:28.0683 8236 wbengine - ok

23:30:28.0723 8236 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:30:28.0729 8236 WbioSrvc - ok

23:30:28.0746 8236 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:30:28.0754 8236 wcncsvc - ok

23:30:28.0759 8236 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:30:28.0765 8236 WcsPlugInService - ok

23:30:28.0770 8236 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:30:28.0773 8236 Wd - ok

23:30:28.0810 8236 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:30:28.0817 8236 Wdf01000 - ok

23:30:28.0830 8236 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:30:28.0834 8236 WdiServiceHost - ok

23:30:28.0838 8236 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:30:28.0841 8236 WdiSystemHost - ok

23:30:28.0863 8236 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

23:30:28.0869 8236 WebClient - ok

23:30:28.0882 8236 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:30:28.0888 8236 Wecsvc - ok

23:30:28.0899 8236 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:30:28.0904 8236 wercplsupport - ok

23:30:28.0909 8236 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

23:30:28.0914 8236 WerSvc - ok

23:30:28.0943 8236 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:30:28.0945 8236 WfpLwf - ok

23:30:28.0966 8236 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:30:28.0968 8236 WIMMount - ok

23:30:29.0005 8236 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

23:30:29.0014 8236 WinDefend - ok

23:30:29.0024 8236 WinHttpAutoProxySvc - ok

23:30:29.0078 8236 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:30:29.0081 8236 Winmgmt - ok

23:30:29.0128 8236 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

23:30:29.0144 8236 WinRM - ok

23:30:29.0232 8236 [ CB95270393DD2FCB370EFD24126F94BD ] WinTabService C:\Windows\System32\Drivers\WTSRV.EXE

23:30:29.0235 8236 WinTabService - ok

23:30:29.0277 8236 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:30:29.0280 8236 WinUsb - ok

23:30:29.0331 8236 [ 59DB74EF3B328852A736578DFF3FCAD6 ] WL230V32 C:\Windows\system32\DRIVERS\WlanUZG.sys

23:30:29.0338 8236 WL230V32 - ok

23:30:29.0367 8236 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

23:30:29.0380 8236 Wlansvc - ok

23:30:29.0386 8236 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:30:29.0388 8236 WmiAcpi - ok

23:30:29.0416 8236 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:30:29.0419 8236 wmiApSrv - ok

23:30:29.0464 8236 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

23:30:29.0478 8236 WMPNetworkSvc - ok

23:30:29.0504 8236 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:30:29.0509 8236 WPCSvc - ok

23:30:29.0537 8236 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:30:29.0542 8236 WPDBusEnum - ok

23:30:29.0561 8236 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:30:29.0563 8236 ws2ifsl - ok

23:30:29.0569 8236 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll

23:30:29.0574 8236 wscsvc - ok

23:30:29.0579 8236 WSearch - ok

23:30:29.0653 8236 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

23:30:29.0687 8236 wuauserv - ok

23:30:29.0725 8236 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:30:29.0727 8236 WudfPf - ok

23:30:29.0742 8236 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:30:29.0745 8236 WUDFRd - ok

23:30:29.0764 8236 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:30:29.0770 8236 wudfsvc - ok

23:30:29.0804 8236 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll

23:30:29.0916 8236 WwanSvc - ok

23:30:29.0935 8236 XDva356 - ok

23:30:29.0965 8236 XDva385 - ok

23:30:29.0994 8236 [ C26C68BCBAC1F33F890C226769759209 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

23:30:29.0997 8236 xusb21 - ok

23:30:30.0105 8236 ================ Scan global ===============================

23:30:30.0136 8236 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

23:30:30.0167 8236 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

23:30:30.0176 8236 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

23:30:30.0200 8236 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

23:30:30.0226 8236 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

23:30:30.0231 8236 [Global] - ok

23:30:30.0232 8236 ================ Scan MBR ==================================

23:30:30.0256 8236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:30:30.0487 8236 \Device\Harddisk0\DR0 - ok

23:30:30.0487 8236 ================ Scan VBR ==================================

23:30:30.0491 8236 [ 9D801AFEFD00DBA83F087576295895AF ] \Device\Harddisk0\DR0\Partition1

23:30:30.0492 8236 \Device\Harddisk0\DR0\Partition1 - ok

23:30:30.0514 8236 [ 13634096C1DE1A4EFC7C8FAA7AFB5719 ] \Device\Harddisk0\DR0\Partition2

23:30:30.0515 8236 \Device\Harddisk0\DR0\Partition2 - ok

23:30:30.0564 8236 [ B62E6DAA386A501DF343EC16D96794D4 ] \Device\Harddisk0\DR0\Partition3

23:30:30.0568 8236 \Device\Harddisk0\DR0\Partition3 - ok

23:30:30.0589 8236 [ E3E1E5095E8F814466847495FA0C381D ] \Device\Harddisk0\DR0\Partition4

23:30:30.0591 8236 \Device\Harddisk0\DR0\Partition4 - ok

23:30:30.0615 8236 [ D618815E2E4122C5E84379F7A699C146 ] \Device\Harddisk0\DR0\Partition5

23:30:30.0616 8236 \Device\Harddisk0\DR0\Partition5 - ok

23:30:30.0643 8236 [ 96E93D0F740DD82AEE34D7219DC2E4A7 ] \Device\Harddisk0\DR0\Partition6

23:30:30.0644 8236 \Device\Harddisk0\DR0\Partition6 - ok

23:30:30.0659 8236 [ 0F31C066C5BD792A4E7B6C9DBE227450 ] \Device\Harddisk0\DR0\Partition7

23:30:30.0660 8236 \Device\Harddisk0\DR0\Partition7 - ok

23:30:30.0677 8236 [ 285A65C240B285067AFDC1D54C71535A ] \Device\Harddisk0\DR0\Partition8

23:30:30.0679 8236 \Device\Harddisk0\DR0\Partition8 - ok

23:30:30.0697 8236 [ 0396E269FE9D503384B699E682E9C5D9 ] \Device\Harddisk0\DR0\Partition9

23:30:30.0698 8236 \Device\Harddisk0\DR0\Partition9 - ok

23:30:30.0723 8236 [ E5DBD010B7FC720C055BD75E64BE74DF ] \Device\Harddisk0\DR0\Partition10

23:30:30.0724 8236 \Device\Harddisk0\DR0\Partition10 - ok

23:30:30.0746 8236 [ BBCB64568362C9C4600DBA312466031C ] \Device\Harddisk0\DR0\Partition11

23:30:30.0748 8236 \Device\Harddisk0\DR0\Partition11 - ok

23:30:30.0765 8236 [ 0A694A7FFAC58DB40061C7868D4B9132 ] \Device\Harddisk0\DR0\Partition12

23:30:30.0767 8236 \Device\Harddisk0\DR0\Partition12 - ok

23:30:30.0768 8236 ============================================================

23:30:30.0768 8236 Scan finished

23:30:30.0768 8236 ============================================================

23:30:30.0781 8612 Detected object count: 1

23:30:30.0782 8612 Actual detected object count: 1

23:30:43.0504 8612 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

23:30:43.0504 8612 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

23:31:03.0389 3720 Deinitialize success

=================================================================================

aswMBR...

Run date: 2013-06-06 23:31:47

-----------------------------

23:31:47.710 OS Version: Windows 6.1.7601 Service Pack 1

23:31:47.710 Number of processors: 4 586 0x1707

23:31:47.729 ComputerName: VOIDSPACE UserName: Ryuujin91

23:31:57.558 Initialize success

23:32:12.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4

23:32:12.274 Disk 0 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907728MB BusType: 3

23:32:12.472 Disk 0 MBR read successfully

23:32:12.475 Disk 0 MBR scan

23:32:12.478 Disk 0 Windows 7 default MBR code

23:32:12.496 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

23:32:12.509 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149900 MB offset 206848

23:32:12.538 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150000 MB offset 307202048

23:32:12.541 Disk 0 Partition - 00 0F Extended LBA 1607726 MB offset 614402048

23:32:12.573 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 150000 MB offset 614404096

23:32:12.578 Disk 0 Partition - 00 05 Extended 500001 MB offset 921604096

23:32:12.611 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 500000 MB offset 921606144

23:32:12.617 Disk 0 Partition - 00 05 Extended 100001 MB offset 2252808192

23:32:12.660 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 100000 MB offset 1945608192

23:32:12.667 Disk 0 Partition - 00 05 Extended 100001 MB offset 3481612288

23:32:12.710 Disk 0 Partition 7 00 07 HPFS/NTFS NTFS 100000 MB offset 2150410240

23:32:12.716 Disk 0 Partition - 00 05 Extended 100001 MB offset 3891216384

23:32:12.750 Disk 0 Partition 8 00 07 HPFS/NTFS NTFS 100000 MB offset 2355212288

23:32:12.757 Disk 0 Partition - 00 05 Extended 150001 MB offset 4300820480

23:32:12.792 Disk 0 Partition 9 00 07 HPFS/NTFS NTFS 150000 MB offset 2560014336

23:32:12.799 Disk 0 Partition - 00 05 Extended 200001 MB offset 4812824576

23:32:12.840 Disk 0 Partition 10 00 07 HPFS/NTFS NTFS 200000 MB offset 2867216384

23:32:12.847 Disk 0 Partition - 00 05 Extended 200001 MB offset 5529628672

23:32:12.897 Disk 0 Partition 11 00 07 HPFS/NTFS NTFS 200000 MB offset 3276818432

23:32:12.904 Disk 0 Partition - 00 05 Extended 107718 MB offset 6348832768

23:32:12.950 Disk 0 Partition 12 00 07 HPFS/NTFS NTFS 107717 MB offset 3686420480

23:32:12.977 Disk 0 scanning sectors +3907024896

23:32:13.201 Disk 0 scanning C:\Windows\system32\drivers

23:32:27.845 Service scanning

23:32:32.444 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5

23:32:32.602 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5

23:32:32.679 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5

23:32:32.705 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5

23:32:32.743 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5

23:32:32.782 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5

23:32:35.256 Service PTSimHid C:\Windows\"%SystemRoot%\System32\Drivers\PTSimHid.sys" **LOCKED** 123

23:32:36.994 Service Tablet2k C:\Windows\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123

23:32:37.110 Service TClass2k C:\Windows\"%SystemRoot%\System32\Drivers\TClass2k.sys" **LOCKED** 123

23:32:37.539 Service UCTblHid C:\Windows\"%SystemRoot%\System32\Drivers\UCTblHid.sys" **LOCKED** 123

23:32:40.041 Modules scanning

23:33:01.950 Disk 0 trace - called modules:

23:33:02.005 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys

23:33:02.011 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875997a0]

23:33:02.018 3 CLASSPNP.SYS[8db8f59e] -> nt!IofCallDriver -> [0x86746608]

23:33:02.024 5 ACPI.sys[846d63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-4[0x87043908]

23:33:02.031 Scan finished successfully

23:33:50.512 Disk 0 MBR has been saved successfully to "C:\Users\Ryuujin91\Desktop\MBR.dat"

23:33:50.518 The log file has been saved successfully to "C:\Users\Ryuujin91\Desktop\aswMBR.txt"

Psychotic · June 6, 2013

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

xeraese · June 7, 2013

Combofix log as instructed...

ComboFix 13-06-06.04 - Ryuujin91 07/06/2013 10:50:04.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.3583.2545 [GMT 8:00]

Running from: c:\users\Ryuujin91\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Ryuujin91\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2

c:\users\Ryuujin91\AppData\Roaming\BDL+D

c:\users\Ryuujin91\AppData\Roaming\BDL+D\MANGAGAMER.COM\2FBD69B0-79F0-4E42-BD3E-4D7EC9D7C148\____.hld

c:\users\Ryuujin91\AppData\Roaming\BDL+D\MANGAGAMER.COM\2FBD69B0-79F0-4E42-BD3E-4D7EC9D7C148\____.sys

c:\users\Ryuujin91\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat

c:\windows\apppatch\AppLoc.exe

c:\windows\apppatch\AppLocA.exe

c:\windows\apppatch\unins000.dat

c:\windows\apppatch\unins000.exe

c:\windows\system32\SETDE16.tmp

c:\windows\system32\SETDF02.tmp

c:\windows\system32\SETEC30.tmp

c:\windows\system32\SETEE28.tmp

c:\windows\system32\SETEE68.tmp

c:\windows\system32\SETEF07.tmp

E:\install.exe

.

((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 )))))))))))))))))))))))))))))))

.

2013-06-07 03:01 . 2013-06-07 03:01 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-06-07 03:01 . 2013-06-07 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-06 18:28 . 2013-06-06 18:28 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5237B70-A4A0-4FE5-9E20-C4FF9BE383EC}\offreg.dll

2013-06-04 23:06 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-04 23:01 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-04 23:01 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-04 23:01 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-06-04 23:01 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe

2013-06-04 23:01 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-06-04 23:01 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-06-04 23:01 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-06-04 23:00 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2013-06-04 23:00 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-06-04 23:00 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2013-06-04 23:00 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-06-04 23:00 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-06-04 22:59 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 22:58 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll

2013-06-04 22:58 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll

2013-06-04 22:58 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll

2013-06-04 22:58 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2013-06-04 22:58 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll

2013-06-04 22:58 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll

2013-06-04 22:58 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-06-04 22:58 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll

2013-06-04 22:58 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-06-04 22:58 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-06-04 22:54 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-06-04 22:54 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-06-04 22:54 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-06-04 22:54 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2013-06-04 22:53 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe

2013-06-04 22:53 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll

2013-06-04 22:53 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-06-04 22:50 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-06-04 21:59 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5237B70-A4A0-4FE5-9E20-C4FF9BE383EC}\mpengine.dll

2013-06-01 08:41 . 2013-06-01 08:41 -------- d-----w- c:\users\Ryuujin91\AppData\Local\FLT

2013-06-01 08:40 . 2013-06-01 08:40 -------- d-----w- c:\users\Ryuujin91\AppData\Local\CAPCOM

2013-05-20 21:39 . 2013-05-20 21:39 -------- d-----w- c:\program files\Common Files\Java

2013-05-20 21:39 . 2013-05-20 21:38 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-20 21:38 . 2012-07-05 22:51 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-05-20 21:38 . 2011-02-17 11:08 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-15 05:16 . 2013-04-21 06:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 05:16 . 2013-04-21 06:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-01 18:06 . 2011-03-04 06:34 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-22 07:50 . 2012-08-13 08:49 145040 ----a-w- c:\windows\system32\drivers\kneps.sys

2013-04-22 07:50 . 2012-06-08 03:38 44432 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-04-22 07:50 . 2012-11-17 06:01 74848 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-04-16 15:40 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2013-04-13 04:45 . 2013-06-04 22:59 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-06-04 22:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-04 06:50 . 2012-09-15 23:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-22 07:48 . 2013-03-22 07:48 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2006-10-12 03:09 94208 --sh--w- c:\windows\System32\SalaatTime.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Akamai NetSession Interface"="c:\users\Ryuujin91\AppData\Local\Akamai\netsession_win.exe" [2013-01-25 4480768]

"SalaatTime"="g:\salaat time\SalaatTime.exe" [2008-05-16 13496320]

"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 1701888]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-17 356376]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-16 280576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WL230USB-L Wireless Utility.lnk - c:\program files\Aztech\WL230USB-L Wireless Utility\Installer\WINXP\WL230USB-L Wireless Utility.exe [2013-3-22 598016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Users^Ryuujin91^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\Ryuujin91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-11-02 08:38 167936 ----a-w- g:\poweriso\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WTClient]

2009-10-30 02:19 32768 ----a-w- c:\windows\System32\WTClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 MBAMService;MBAMService;g:\malwarebytes' anti-malware\mbamservice.exe [2013-04-04 701512]

R3 apf003;apf003;c:\windows\system32\apf003.sys [2012-11-29 13232]

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-28 904192]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-29 4119024]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\System32\Drivers\PTSimHid.sys [2009-06-22 14504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-16 1343400]

R3 WL230V32;Aztech 802.11g WL230 1211B Driver;c:\windows\system32\DRIVERS\WlanUZG.sys [2007-06-04 449536]

R3 XDva356;XDva356;c:\windows\system32\XDva356.sys [x]

R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-22 44432]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-04-22 145040]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]

S2 MBAMScheduler;MBAMScheduler;g:\malwarebytes' anti-malware\mbamscheduler.exe [2013-04-04 418376]

S2 TunngleService;TunngleService;g:\tunngle\TnglCtrl.exe [2011-10-14 745832]

S2 UCManSvc;UCManSvc;c:\program files\SoftDenchi\UCManSvc.exe [2012-11-01 186512]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-11-06 84992]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-03 218688]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-17 25944]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-17 25944]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 18078105

*NewlyCreated* - ASWMBR

*NewlyCreated* - KXLOIPOB

*Deregistered* - 18078105

*Deregistered* - aswMBR

*Deregistered* - kxloipob

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-21 05:16]

.

2013-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234617212-88641621-211170840-1000Core.job

- c:\users\Ryuujin91\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 03:40]

.

2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234617212-88641621-211170840-1000UA.job

- c:\users\Ryuujin91\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 03:40]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.my/

mStart Page = about:blank

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Yontoo Desktop - c:\users\Ryuujin91\AppData\Roaming\Yontoo\YontooDesktop.exe

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

AddRemove-{0E931A51-A183-4E66-8562-D82896E74C67} - c:\progra~2\INSTAL~2\{0E931~1\Setup.exe

AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe

AddRemove-{B912E887-9559-A6C4-B55E-0588BE630D43} - c:\progra~2\INSTAL~2\{225F2~1\Setup.exe

AddRemove-majikoi - f:\maji de watashi ni koishinasai!\Game\マジこい！\Uninstall.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-07 11:03:51

ComboFix-quarantined-files.txt 2013-06-07 03:03

ComboFix2.txt 2012-09-20 01:08

.

Pre-Run: 98,991,058,944 bytes free

Post-Run: 107,713,925,120 bytes free

.

- - End Of File - - 06E70F3B74F9D26124D10F94947AC9AF

A36C5E4F47E84449FF07ED3517B43A31

Psychotic · June 7, 2013

Please check the file in the code box via Virustotal

Click browse
copy the following into the search box
```
c:\windows\System32\SalaatTime.dll 
```
and click open.
click Send File.

please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.

xeraese · June 7, 2013

Address...

https://www.virustotal.com/en/file/7a1b1e654a01fb4e5d62917ec8dc93f0b61389ceb70bf449d4fbb7e1f42a0ff6/analysis/1370586509/

Psychotic · June 7, 2013

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

When finished, run a full system scan with Malwarebytes´ Antimalware and post up the log also.

CFScript.txt

xeraese · June 8, 2013

Combofix with text log...

ComboFix 13-06-06.04 - Ryuujin91 07/06/2013 19:35:18.3.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.3583.2462 [GMT 8:00]

Running from: c:\users\Ryuujin91\Desktop\ComboFix.exe

Command switches used :: c:\users\Ryuujin91\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Ryuujin91\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\SARCheck.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_XDVA356

-------\Legacy_XDVA385

-------\Service_XDva356

-------\Service_XDva385

.

((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 )))))))))))))))))))))))))))))))

.

2013-06-07 11:45 . 2013-06-07 11:45 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-06-07 11:45 . 2013-06-07 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-07 03:33 . 2013-06-07 03:33 -------- d-----w- c:\users\Ryuujin91\AppData\Roaming\Media Player Classic