fxjudy Posted June 23, 2013 ID:694767 Share Posted June 23, 2013 this is the protection-log-2013-06-23.txt2013/06/23 08:29:24 +0800 JUDY-PC judy MESSAGE Executing scheduled update: Daily2013/06/23 08:29:26 +0800 JUDY-PC judy ERROR Scheduled update failed: Host not found failed with error code 02013/06/23 08:29:30 +0800 JUDY-PC judy MESSAGE Starting protection2013/06/23 08:29:30 +0800 JUDY-PC judy MESSAGE Protection started successfully2013/06/23 08:29:30 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/23 08:29:33 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/23 08:30:58 +0800 JUDY-PC judy IP-BLOCK 222.186.25.8 (Type: incoming, Port: 6668, Process: svchost.exe)2013/06/23 08:37:09 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 08:38:16 +0800 JUDY-PC judy MESSAGE Starting database refresh2013/06/23 08:38:16 +0800 JUDY-PC judy MESSAGE Stopping IP protection2013/06/23 08:38:18 +0800 JUDY-PC judy MESSAGE IP Protection stopped successfully2013/06/23 08:38:32 +0800 JUDY-PC judy MESSAGE Database refreshed successfully2013/06/23 08:38:32 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/23 08:38:36 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/23 09:20:30 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 09:40:26 +0800 JUDY-PC judy IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)2013/06/23 09:55:10 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 10:01:43 +0800 JUDY-PC judy IP-BLOCK 60.173.11.84 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 10:21:15 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 10:29:57 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 10:35:35 +0800 JUDY-PC judy IP-BLOCK 60.173.8.239 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 10:36:15 +0800 JUDY-PC judy IP-BLOCK 222.186.34.93 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 10:57:02 +0800 JUDY-PC judy IP-BLOCK 211.95.79.137 (Type: incoming, Port: 1433, Process: svchost.exe)2013/06/23 10:57:26 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 11:03:37 +0800 JUDY-PC judy IP-BLOCK 121.10.133.196 (Type: incoming, Port: 39507, Process: svchost.exe)2013/06/23 11:03:45 +0800 JUDY-PC judy IP-BLOCK 121.10.133.196 (Type: incoming, Port: 18707, Process: svchost.exe)2013/06/23 11:03:45 +0800 JUDY-PC judy IP-BLOCK 121.10.133.196 (Type: incoming, Port: 39507, Process: svchost.exe)2013/06/23 11:04:01 +0800 JUDY-PC judy IP-BLOCK 60.173.11.84 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 11:18:26 +0800 JUDY-PC judy IP-BLOCK 58.241.131.198 (Type: incoming, Port: 4306, Process: svchost.exe)2013/06/23 11:32:22 +0800 JUDY-PC judy IP-BLOCK 60.173.12.89 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 11:38:14 +0800 JUDY-PC judy IP-BLOCK 60.173.8.238 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 11:39:19 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 11:44:55 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 12:06:32 +0800 JUDY-PC judy IP-BLOCK 60.173.8.247 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 12:07:05 +0800 JUDY-PC judy IP-BLOCK 89.248.171.125 (Type: incoming, Port: 53, Process: svchost.exe)2013/06/23 12:14:05 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 12:34:41 +0800 JUDY-PC judy IP-BLOCK 60.173.8.248 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 12:40:04 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 12:40:45 +0800 JUDY-PC judy IP-BLOCK 220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)2013/06/23 12:40:45 +0800 JUDY-PC judy IP-BLOCK 220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)2013/06/23 12:40:53 +0800 JUDY-PC judy IP-BLOCK 220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)2013/06/23 12:40:53 +0800 JUDY-PC judy IP-BLOCK 220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)2013/06/23 12:40:53 +0800 JUDY-PC judy IP-BLOCK 220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)2013/06/23 12:41:01 +0800 JUDY-PC judy IP-BLOCK 220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)2013/06/23 12:48:44 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 12:48:44 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 13:08:48 +0800 JUDY-PC judy IP-BLOCK 60.173.8.238 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 13:23:28 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 15:24:16 +0800 JUDY-PC judy MESSAGE Starting protection2013/06/23 15:24:16 +0800 JUDY-PC judy MESSAGE Protection started successfully2013/06/23 15:24:16 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/23 15:24:20 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/23 15:38:07 +0800 JUDY-PC judy IP-BLOCK 60.173.10.107 (Type: incoming, Port: 6667, Process: svchost.exe)2013/06/23 15:38:07 +0800 JUDY-PC judy IP-BLOCK 60.173.10.107 (Type: incoming, Port: 8909, Process: svchost.exe)2013/06/23 15:45:37 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 15:53:39 +0800 JUDY-PC judy MESSAGE Starting protection2013/06/23 15:53:39 +0800 JUDY-PC judy MESSAGE Protection started successfully2013/06/23 15:53:39 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/23 15:53:42 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/23 16:02:21 +0800 JUDY-PC judy IP-BLOCK 60.173.8.238 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 16:15:50 +0800 JUDY-PC judy IP-BLOCK 222.186.31.6 (Type: incoming, Port: 1433, Process: svchost.exe)2013/06/23 16:52:33 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 16:59:05 +0800 JUDY-PC judy IP-BLOCK 60.173.8.248 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 20:43:59 +0800 JUDY-PC judy MESSAGE Starting protection2013/06/23 20:43:59 +0800 JUDY-PC judy MESSAGE Protection started successfully2013/06/23 20:43:59 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/23 20:44:03 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/23 21:20:37 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 21:55:21 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 22:07:54 +0800 JUDY-PC judy IP-BLOCK 222.186.34.80 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/23 22:08:18 +0800 JUDY-PC judy IP-BLOCK 222.186.34.77 (Type: incoming, Port: 6670, Process: svchost.exe)2013/06/23 22:21:23 +0800 JUDY-PC judy IP-BLOCK 222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe) Link to post Share on other sites More sharing options...
fxjudy Posted June 23, 2013 Author ID:694772 Share Posted June 23, 2013 dds.txtattach.txt Link to post Share on other sites More sharing options...
Maniac Posted June 23, 2013 ID:694774 Share Posted June 23, 2013 Hello fxjudy and ! My name is Maniac and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please uninstall the following applications: ContinueToSave 1.74 continuetosiavee easyMule Yontoo Layers Runtime 1.10.01 μTorrent Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 4Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware loga new fresh DDS log Link to post Share on other sites More sharing options...
fxjudy Posted June 24, 2013 Author ID:694963 Share Posted June 24, 2013 Thank you for your help!these are the logs.JRT.txtAdwCleanerS1.txtmbam-log-2013-06-24 (10-31-36).txtdds.txtattach.txt Link to post Share on other sites More sharing options...
Maniac Posted June 24, 2013 ID:695079 Share Posted June 24, 2013 Please take a look at my instructions: Post your log files, don't attach them. Every log file should be copy/pasted in your next reply. Post the contents of JRT.txt into your next message. Please post the content of that logfile with your next answer. Copy&Paste the entire report in your next reply. In your next reply, post the following log files: Link to post Share on other sites More sharing options...
fxjudy Posted June 25, 2013 Author ID:695427 Share Posted June 25, 2013 JRT log:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Home Basic x86Ran by judy on 2013/06/24 周一 at 10:17:05.35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baiduSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baiduSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminentSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweakSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotectorSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduituninstaller_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduituninstaller_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3174398Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\ProgramData\baidu"Successfully deleted: [Folder] "C:\ProgramData\installmate"Successfully deleted: [Folder] "C:\ProgramData\softsafe"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\judy\AppData\Roaming\babylon"Failed to delete: [Folder] "C:\Users\judy\AppData\Roaming\baidu"Successfully deleted: [Folder] "C:\Users\judy\AppData\Roaming\goforfiles"Successfully deleted: [Folder] "C:\Users\judy\AppData\Roaming\tencent"Successfully deleted: [Folder] "C:\Users\judy\appdata\local\babylon"Successfully deleted: [Folder] "C:\Users\judy\appdata\local\baidu"Successfully deleted: [Folder] "C:\Users\judy\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\judy\appdata\local\tencent"Successfully deleted: [Folder] "C:\Users\judy\appdata\locallow\baidu"Successfully deleted: [Folder] "C:\Users\judy\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\judy\appdata\locallow\tencent"Successfully deleted: [Folder] "C:\Program Files\baidu"Successfully deleted: [Folder] "C:\Program Files\conduit"Successfully deleted: [Folder] "C:\Program Files\tencent"Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"Successfully deleted: [Folder] "C:\Program Files\ask.com"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 2013/06/24 周一 at 10:18:43.80End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.303 - Logfile created 06/24/2013 at 10:23:55# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)# User : judy - JUDY-PC# Boot Mode : Normal# Running from : D:\download\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\ProgramData\APNFolder Deleted : C:\ProgramData\continuetosiaveeFolder Deleted : C:\Users\judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\doejkibmjpgjmfddphnakbfhjfcbgknkFolder Deleted : C:\Users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.comFolder Deleted : C:\Users\judy\AppData\Roaming\NCdownloaderFolder Deleted : C:\Users\judy\Documents\Tencent***** [Registry] *****Key Deleted : HKCU\Software\Alexa InternetKey Deleted : HKCU\Software\AppDataLow\TENCENTKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{49544940-E4F9-CEBD-693C-48E11C1BF6BD}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49544940-E4F9-CEBD-693C-48E11C1BF6BD}Key Deleted : HKCU\Software\TENCENTKey Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekfKey Deleted : HKLM\Software\InstallIQKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\Software\TENCENT***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Mozilla Firefox v21.0 (zh-CN)File : C:\Users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\prefs.jsC:\Users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\user.js ... Deleted !Deleted : user_pref("aol_toolbar.default.homepage.check", false);Deleted : user_pref("aol_toolbar.default.search.check", false);Deleted : user_pref("extensions.5183bd47b7a72.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");-\\ Google Chrome v27.0.1453.116File : C:\Users\judy\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.-\\ Opera v [unable to get version]File : C:\Users\judy\AppData\Roaming\Opera\Opera\operaprefs.ini[OK] File is clean.*************************AdwCleaner[R1].txt - [3778 octets] - [24/06/2013 10:23:16]AdwCleaner[s1].txt - [3884 octets] - [24/06/2013 10:23:55]########## EOF - C:\AdwCleaner[s1].txt - [3944 octets] ########## Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org数据库版本 v2013.06.23.06Windows 7 Service Pack 1 x86 NTFSInternet Explorer 浏览器 10.0.9200.16618judy :: JUDY-PC [管理员]防护: 已启用2013/6/24 10:31:36mbam-log-2013-06-24 (10-31-36).txt扫描类型: 快速扫描启用扫描选项: 内存 | 启动项 | 注册表 | 文件系统 | 启发式/附加 | 启发式/Shuriken 引擎 | PUP | PUM禁用扫描选项: P2P扫描项目: 227080扫描用时 8 分钟, 14 秒被感染内存进程数目 0(未发现有害项目被感染内存模块数目 0(未发现有害项目被感染注册表项数目 0(未发现有害项目被感染注册表值数目 0(未发现有害项目被感染注册表数据项数目 0(未发现有害项目被感染文件夹数目 0(未发现有害项目被感染文件数目 0(未发现有害项目(结束) DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.7.2Run by judy at 10:41:41 on 2013-06-24Microsoft Windows 7 家庭普通版 6.1.7601.1.936.86.2052.18.2037.1155 [GMT 8:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeD:\Program Files\Sandboxie\SbieSvc.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exeC:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXEC:\Program Files\Common Files\Microsoft Shared\IME14WR\SHARED\IMEDICTUPDATE.EXED:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeD:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeD:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\vmnat.exeD:\Program Files\Genie9\Zoolz2\ZoolzService.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Microsoft Security Client\msseces.exeD:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\NOTEPAD.EXED:\Program Files\vmware\vmware-authd.exeC:\Windows\system32\vmnetdhcp.exeC:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\wbem\wmiprvse.exeD:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\notepad.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuProxyServer = socks=127.0.0.1:30000uProxyOverride = localBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: 迅雷下载支持: {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\program files\thunder network\minithunder\bho\XunleiBHO7.1.7.2248.dllBHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\judy\appdata\roaming\flashgetbho\FlashGetBHO.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - d:\program files\microsoft office\office14\URLREDIR.DLLBHO: ICBC Anti-Phishing class: {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\Icbc_AntiPhishing.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllmRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeyuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-Explorer: NoDrives = dword:0IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC} - <orphaned>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllLSP: %SystemRoot%\system32\PrxerDrv.dllLSP: %windir%\system32\vsocklib.dllTrusted Zone: alipay.comTrusted Zone: alipay.comTrusted Zone: alisoft.comTrusted Zone: alisoft.comTrusted Zone: icbc.com.cnTrusted Zone: taobao.comTrusted Zone: taobao.comTrusted Zone: twitter.comTCP: Interfaces\{0E9C1ED3-F3C1-4FA3-9127-040F6E3269CC} : NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{341D0DAC-33D1-4A64-8D9D-43E4103AB40A} : NameServer = 8.8.8.8 8.8.4.4TCP: Interfaces\{E988ABA6-A6D6-4FBD-A040-7C2A38834C0C} : NameServer = 8.8.8.8,8.8.4.4Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllNotify: DfLogon - LogonDll.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft office\office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\judy\appdata\roaming\mozilla\firefox\profiles\ofugp520.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: network.proxy.socks - 127.0.0.1FF - prefs.js: network.proxy.socks_port - 30000FF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dllFF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dllFF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dllFF - plugin: c:\users\judy\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\users\judy\appdata\roaming\alipay\cf\npalicdo.dllFF - plugin: c:\windows\downloaded program files\21293574\npxbdsetup.dllFF - plugin: c:\windows\system32\itruscert\NPComBrg701.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dllFF - plugin: c:\windows\system32\npaliedit\1.3.0.6\npaliedit.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dllFF - plugin: d:\progra~2\micros~1\office14\NPAUTHZ.DLLFF - plugin: d:\progra~2\micros~1\office14\NPSPWRAP.DLLFF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npBDSetupDone.dllFF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npBDSetupDoneReg.dllFF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npibdyy.dllFF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\NPSWF32.dllFF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npxbdyy.dllFF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npxbdyyreg.dllFF - ExtSQL: 2013-05-08 19:18; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\judy\appdata\roaming\mozilla\firefox\profiles\ofugp520.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]R0 tpsacpi;TPS Firmware Extension Device Driver;c:\windows\system32\drivers\tpsacpi.sys [2007-7-13 6912]R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-12-7 61464]R1 MpKsledc3622e;MpKsledc3622e;c:\programdata\microsoft\microsoft antimalware\definition updates\{d3a15deb-f6ce-4fa3-bc20-dde86286cf4e}\MpKsledc3622e.sys [2013-6-24 29904]R2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\IcbcDaemon.exe [2011-12-26 430720]R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-10-20 59760]R2 ImeDictUpdateServiceWR;Microsoft IME Dictionary Update For Web Release;c:\program files\common files\microsoft shared\ime14wr\shared\IMEDICTUPDATE.EXE [2010-2-1 60208]R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-19 418376]R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-19 701512]R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]R2 PassGuard;PassGuard;c:\windows\system32\drivers\PassGuard.sys [2012-10-1 425368]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]R2 Zoolz 2 Service;Zoolz Service;d:\program files\genie9\zoolz2\ZoolzService.exe [2013-4-17 453136]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-19 22856]R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2011-5-31 22016]R3 NisSrv;Microsoft 网络检查;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-12 230912]R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2012-8-26 157776]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2011-5-31 22016]S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-12-1 27192]S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-2-22 37064]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224].=============== File Associations ===============.FileExt: .js: jsfile="d:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="d:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1".=============== Created Last 30 ================.2013-06-24 02:27:05 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d3a15deb-f6ce-4fa3-bc20-dde86286cf4e}\MpKsledc3622e.sys2013-06-24 02:17:02 -------- d-----w- c:\windows\ERUNT2013-06-24 02:16:55 -------- d-----w- C:\JRT2013-06-23 07:38:56 -------- d-----w- c:\users\judy\appdata\local\SvchostViewer2013-06-23 07:36:28 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d3a15deb-f6ce-4fa3-bc20-dde86286cf4e}\mpengine.dll2013-06-23 04:27:45 -------- d-----w- c:\programdata\kingsoft2013-06-22 08:47:00 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-06-22 01:11:35 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-06-21 00:40:07 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5503ed4c-1a13-465e-83ae-090b9ce04942}\gapaengine.dll2013-06-19 02:25:32 -------- d-----w- c:\users\judy\appdata\roaming\Malwarebytes2013-06-19 02:25:14 -------- d-----w- c:\programdata\Malwarebytes2013-06-19 02:25:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-06-16 13:26:44 -------- d-----w- c:\users\judy\appdata\local\Jolinco_LLC2013-06-12 15:39:08 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-12 15:39:07 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll2013-06-12 07:53:46 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-06-12 07:53:42 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-12 07:53:40 492544 ----a-w- c:\windows\system32\win32spl.dll2013-06-12 07:53:37 903168 ----a-w- c:\windows\system32\certutil.exe2013-06-12 07:53:37 43008 ----a-w- c:\windows\system32\certenc.dll2013-06-12 07:53:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-12 07:53:37 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-06-12 07:53:37 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-06-12 07:53:34 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-12 07:53:33 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-12 07:53:32 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-12 07:53:31 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys.==================== Find3M ====================.2013-06-12 08:33:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-12 08:33:57 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 10:42:51.61 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 家庭普通版Boot Device: \Device\HarddiskVolume1Install Date: 2011/2/23 10:48:02System Uptime: 2013/6/24 10:26:26 (0 hours ago).Motherboard: Render | | C02Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU 1 | 2133/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 39 GiB total, 5.062 GiB free.D: is FIXED (NTFS) - 80 GiB total, 30.517 GiB free.E: is FIXED (NTFS) - 80 GiB total, 16.786 GiB free.F: is FIXED (NTFS) - 99 GiB total, 28.237 GiB free.G: is CDROM ()I: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Atheros AR9285 Wireless Network AdapterDevice ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&EDEF54E&0&00E1Manufacturer: Atheros Communications Inc.Name: Atheros AR9285 Wireless Network AdapterPNP Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&EDEF54E&0&00E1Service: athr.==== System Restore Points ===================.RP455: 2013/6/21 16:08:29 - Installed Amz Treasure Hunter 2.0 StandardRP456: 2013/6/23 9:49:24 - 已除去 RnotifyRP457: 2013/6/23 15:36:07 - Windows Update.==== Installed Programs ======================.7-Zip 9.20A1 Website DownloadActivePerl 5.14.2 Build 1402Adobe AIRAdobe Community HelpAdobe Dreamweaver CS5.5Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop CS5.1Adobe Reader X (10.1.7) - Chinese SimplifiedAdobe Widget BrowserAmz Treasure Hunter 2.0 StandardAndroid SDK ToolsApplian FLV and Media Player 3.1.1.12Atheros Client Installation ProgramAuto Blog SamuraiAzon Product InspectorBelarc Advisor 8.3Captcha SniperCCleanerDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDropboxElite Proxy Switcher 1.21ExamXMLProFaceDominatorFeedback ToolFileSeek 2.1.3FileZilla Client 3.5.3FlashGet3.7Google App EngineGoogle ChromeGoogle Update HelperIE搜索助手ImageMagick 6.7.0-0 Q16 (2011-06-01)Java 7 Update 7Java Auto UpdaterJavaFX 2.1.1Keyword Optimizer Pro 2Lingoes 2.7.1LongTailPro - Version 2.1.6Malwarebytes Anti-Malware 版本 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 Client Profile CHS Language PackMicrosoft .NET Framework 4 Client Profile 简体中文语言包Microsoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Extended CHS Language PackMicrosoft .NET Framework 4 Extended 简体中文语言包Microsoft Antimalware Service ZH-CN Language PackMicrosoft Office 2010 Language Pack Service Pack 1 (SP1)Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (Chinese (Simplified)) 2010Microsoft Office Excel MUI (Chinese (Simplified)) 2010Microsoft Office Groove MUI (Chinese (Simplified)) 2010Microsoft Office IME (Chinese (Simplified)) 2010Microsoft Office IMESS (Chinese (Simplified)) 2010Microsoft Office InfoPath MUI (Chinese (Simplified)) 2010Microsoft Office Language Pack 2010 - Chinese (PRC)/中文(简体)Microsoft Office O MUI (Chinese (Simplified)) 2010Microsoft Office OneNote MUI (Chinese (Simplified)) 2010Microsoft Office Outlook MUI (Chinese (Simplified)) 2010Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (Chinese (Simplified)) 2010Microsoft Office Proof (English) 2010Microsoft Office Proofing (Chinese (Simplified)) 2010Microsoft Office Publisher MUI (Chinese (Simplified)) 2010Microsoft Office ScreenTip Language 2010 - 简体中文Microsoft Office Shared MUI (Chinese (Simplified)) 2010Microsoft Office SharePoint Designer MUI (Chinese (Simplified)) 2010Microsoft Office Word MUI (Chinese (Simplified)) 2010Microsoft Office X MUI (Chinese (Simplified)) 2010Microsoft Security ClientMicrosoft Security Client ZH-CN Language PackMicrosoft Security EssentialsMicrosoft SharePoint Designer 2010 Service Pack 1 (SP1)Microsoft SilverlightMicrosoft SOAP Toolkit 3.0Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Microsoft_VC90_MFCLOC_x86Mozilla Firefox 21.0 (x86 zh-CN)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NewsTweets version 1.0NVIDIA 3D Vision 控制器驱动程序 306.23NVIDIA 3D Vision 驱动程序 306.23NVIDIA HD 音频驱动程序 1.3.18.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX 系统软件 9.12.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update ComponentsNVIDIA 更新 1.10.8NVIDIA 控制面板 306.23NVIDIA 图形驱动程序 306.23OANDA - MetaTrader 4.00Opera 11.01Opera Mobile EmulatorPDF Settings CS5PoeditPPS影音2.7.0.1392Proxifier version 3.21ProxyChecker (remove only)Python 2.5.2Python 2.7.2QQ概念版Realtek Ethernet Controller Driver For Windows Vista and LaterRealtek High Definition Audio DriverRegistry Trash Keys Finder (Freeware)Revo Uninstaller Pro 2.5.9RSS Feeds SubmitSandboxie 3.74 (32-bit)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile 简体中文语言包 (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile 简体中文语言包 (KB2518870)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSynaptics Pointing Device DriverSystem Requirements Labtools-windowsTortoiseSVN 1.7.1.22161 (32 bit)TweetAttacksUltraISO Premium V9.36Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598241) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate or Uninstall SENukeXVBRunALLVMware PlayerWindows Media Player Firefox PluginWinHTTrack Website Copier 3.46-1WinMerge 2.12.4WinRAR 压缩文件管理器XAMPP 1.4.13Zoolz2百度影音浏览器工行网银助手网赢网站发布平台微软拼音输入法 2010银联在线支付安全控件IE版 1.0.0.4支付宝安全插件 1.3.0.6支付宝数字证书组件 2.0.0.6中国工商银行防钓鱼软件.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted June 25, 2013 ID:695489 Share Posted June 25, 2013 Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
fxjudy Posted June 25, 2013 Author ID:695503 Share Posted June 25, 2013 Hi,Thank you for your help!the software show:congratulations, no cleanup is required!san finished: no malware found! I only found system-log.txt in folder,paste it below: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x86Account is AdministrativeInternet Explorer version: 10.0.9200.16618File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 2.133000 GHzMemory total: 2135486464, free: 1249083392Downloaded database version: v2013.06.25.03Initializing...------------ Kernel report ------------ 06/25/2013 19:58:37------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\vmci.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\vsock.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\tpsacpi.SYS\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\D:\Program Files\UltraISO\drivers\ISODrive.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\Rt86win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\??\C:\Windows\system32\drivers\VMkbd.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\ndisrd.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\vmnetadapter.sys\SystemRoot\system32\DRIVERS\VMNET.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda32v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\??\D:\Program Files\Sandboxie\SbieDrv.sys\SystemRoot\system32\DRIVERS\vmnetbridge.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Windows\system32\drivers\hcmon.sys\??\C:\Windows\system32\Drivers\vmx86.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\??\C:\Windows\system32\drivers\PassGuard.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\??\C:\Windows\system32\drivers\vmnetuserif.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64C21C9C-16E2-4AA5-92EE-B32B26B71F42}\MpKsl73ca3388.sys\SystemRoot\system32\drivers\spsys.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\Wldap32.dll\Windows\System32\ole32.dll\Windows\System32\urlmon.dll\Windows\System32\oleaut32.dll\Windows\System32\gdi32.dll\Windows\System32\wininet.dll\Windows\System32\msctf.dll\Windows\System32\shell32.dll\Windows\System32\advapi32.dll\Windows\System32\ws2_32.dll\Windows\System32\imagehlp.dll\Windows\System32\difxapi.dll\Windows\System32\usp10.dll\Windows\System32\iertutil.dll\Windows\System32\rpcrt4.dll\Windows\System32\msvcrt.dll\Windows\System32\sechost.dll\Windows\System32\imm32.dll\Windows\System32\nsi.dll\Windows\System32\shlwapi.dll\Windows\System32\comdlg32.dll\Windows\System32\clbcatq.dll\Windows\System32\user32.dll\Windows\System32\psapi.dll\Windows\System32\lpk.dll\Windows\System32\kernel32.dll\Windows\System32\setupapi.dll\Windows\System32\normaliz.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\crypt32.dll\Windows\System32\comctl32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff87a8d948Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xffffffff87990908Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff87a8d948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff87a8d628, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff87a8d948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff87990908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 29A329A2Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 81979632 Partition file system is NTFS Partition is bootable Partition 1 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 81979695 Numsec = 543157650 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 320072933376 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...Done!Scan finished Link to post Share on other sites More sharing options...
Maniac Posted June 25, 2013 ID:695507 Share Posted June 25, 2013 Do you still have problem with IP blocking? Link to post Share on other sites More sharing options...
fxjudy Posted June 25, 2013 Author ID:695527 Share Posted June 25, 2013 Yes,I still have problem with IP blocking,this is today's protection-log-2013-06-25.txt 2013/06/25 09:25:13 +0800 JUDY-PC judy MESSAGE Starting protection2013/06/25 09:25:13 +0800 JUDY-PC judy MESSAGE Protection started successfully2013/06/25 09:25:13 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/25 09:25:16 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/25 09:33:32 +0800 JUDY-PC judy IP-BLOCK 60.173.8.248 (Type: incoming, Port: 8080, Process: svchost.exe)2013/06/25 09:40:03 +0800 JUDY-PC judy MESSAGE Executing scheduled update: Daily2013/06/25 09:40:25 +0800 JUDY-PC judy MESSAGE Scheduled update executed successfully: database updated from version v2013.06.23.06 to version v2013.06.25.012013/06/25 09:40:25 +0800 JUDY-PC judy MESSAGE Starting database refresh2013/06/25 09:40:26 +0800 JUDY-PC judy MESSAGE Stopping IP protection2013/06/25 09:40:26 +0800 JUDY-PC judy MESSAGE IP Protection stopped successfully2013/06/25 09:40:29 +0800 JUDY-PC judy MESSAGE Database refreshed successfully2013/06/25 09:40:29 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/25 09:40:32 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/25 10:29:58 +0800 JUDY-PC judy IP-BLOCK 60.173.8.247 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/25 11:34:21 +0800 JUDY-PC judy IP-BLOCK 222.186.63.186 (Type: incoming, Port: 8083, Process: svchost.exe)2013/06/25 12:15:13 +0800 JUDY-PC judy IP-BLOCK 109.236.82.186 (Type: outgoing, Port: 53137, Process: firefox.exe)2013/06/25 12:15:13 +0800 JUDY-PC judy IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53138, Process: firefox.exe)2013/06/25 12:15:13 +0800 JUDY-PC judy IP-BLOCK 109.236.82.186 (Type: outgoing, Port: 53145, Process: firefox.exe)2013/06/25 12:15:13 +0800 JUDY-PC judy IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53146, Process: firefox.exe)2013/06/25 12:17:21 +0800 JUDY-PC judy IP-BLOCK 222.186.26.31 (Type: incoming, Port: 8088, Process: svchost.exe)2013/06/25 12:24:42 +0800 JUDY-PC judy IP-BLOCK 219.235.3.92 (Type: incoming, Port: 3306, Process: svchost.exe)2013/06/25 12:53:01 +0800 JUDY-PC judy IP-BLOCK 60.173.8.248 (Type: incoming, Port: 80, Process: svchost.exe)2013/06/25 15:21:42 +0800 JUDY-PC judy MESSAGE Starting protection2013/06/25 15:21:44 +0800 JUDY-PC judy MESSAGE Protection started successfully2013/06/25 15:21:44 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/25 15:21:48 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/25 15:29:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.240 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/25 15:29:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.240 (Type: incoming, Port: 8000, Process: svchost.exe)2013/06/25 15:29:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.240 (Type: incoming, Port: 8080, Process: svchost.exe)2013/06/25 15:29:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.240 (Type: incoming, Port: 9000, Process: svchost.exe)2013/06/25 15:29:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.240 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/25 15:29:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.240 (Type: incoming, Port: 8088, Process: svchost.exe)2013/06/25 15:30:19 +0800 JUDY-PC judy IP-BLOCK 60.173.8.238 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/25 15:43:24 +0800 JUDY-PC judy IP-BLOCK 222.186.63.186 (Type: incoming, Port: 8083, Process: svchost.exe)2013/06/25 15:44:21 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/25 15:44:37 +0800 JUDY-PC judy IP-BLOCK 222.186.63.186 (Type: incoming, Port: 8099, Process: svchost.exe)2013/06/25 16:05:13 +0800 JUDY-PC judy IP-BLOCK 60.173.11.149 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/25 16:12:18 +0800 JUDY-PC judy IP-BLOCK 60.173.11.149 (Type: incoming, Port: 6675, Process: svchost.exe)2013/06/25 16:18:35 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 6675, Process: svchost.exe)2013/06/25 16:18:35 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 9000, Process: svchost.exe)2013/06/25 16:18:35 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 443, Process: svchost.exe)2013/06/25 16:18:35 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/25 16:33:33 +0800 JUDY-PC judy IP-BLOCK 60.173.8.239 (Type: incoming, Port: 8080, Process: svchost.exe)2013/06/25 17:08:44 +0800 JUDY-PC judy IP-BLOCK 60.173.12.91 (Type: incoming, Port: 8080, Process: svchost.exe)2013/06/25 19:52:24 +0800 JUDY-PC judy MESSAGE Starting protection2013/06/25 19:52:24 +0800 JUDY-PC judy MESSAGE Protection started successfully2013/06/25 19:52:24 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/25 19:52:28 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/25 19:58:01 +0800 JUDY-PC judy MESSAGE Starting database refresh2013/06/25 19:58:01 +0800 JUDY-PC judy MESSAGE Stopping IP protection2013/06/25 19:58:01 +0800 JUDY-PC judy MESSAGE IP Protection stopped successfully2013/06/25 19:58:05 +0800 JUDY-PC judy MESSAGE Database refreshed successfully2013/06/25 19:58:05 +0800 JUDY-PC judy MESSAGE Starting IP protection2013/06/25 19:58:07 +0800 JUDY-PC judy MESSAGE IP Protection started successfully2013/06/25 20:27:49 +0800 JUDY-PC judy IP-BLOCK 60.173.8.233 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/25 20:55:55 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 6675, Process: svchost.exe)2013/06/25 20:55:55 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 9000, Process: svchost.exe)2013/06/25 20:55:55 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/25 20:55:55 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 443, Process: svchost.exe)2013/06/25 21:09:59 +0800 JUDY-PC judy IP-BLOCK 222.186.25.8 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/25 21:09:59 +0800 JUDY-PC judy IP-BLOCK 222.186.25.8 (Type: incoming, Port: 3128, Process: svchost.exe)2013/06/25 21:09:59 +0800 JUDY-PC judy IP-BLOCK 222.186.25.8 (Type: incoming, Port: 6675, Process: svchost.exe)2013/06/25 21:10:31 +0800 JUDY-PC judy IP-BLOCK 222.186.34.80 (Type: incoming, Port: 6666, Process: svchost.exe) Link to post Share on other sites More sharing options...
Maniac Posted June 25, 2013 ID:695530 Share Posted June 25, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingc...to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review. Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
fxjudy Posted June 26, 2013 Author ID:695774 Share Posted June 26, 2013 Thank you for your help,this is the log,still have problem with IP blocking after run this. ComboFix 13-06-25.01 - judy 3/06/26 周三 9:58.1.2 - x86Microsoft Windows 7 家庭普通版 6.1.7601.1.936.86.2052.18.2037.1302 [GMT 8:00]执行位置: d:\download\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功创造新还原点..((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))..C:\dfinstall.logC:\menu.lstc:\users\Default\AppData\Local\Tempc:\users\Default\AppData\Local\Temp\Temppc.bakc:\users\judy\AppData\Roaming\Vvtbrsec:\users\judy\AppData\Roaming\Vvtbrse\Brsplus\profiles.inic:\windows\Downloaded Program Files\15428374c:\windows\Downloaded Program Files\15428374\BaiduSetupAx_0.dllc:\windows\Downloaded Program Files\15428374\npxbdsetup.dllc:\windows\Downloaded Program Files\21293574c:\windows\Downloaded Program Files\21293574\BaiduSetupAx_0.dllc:\windows\Downloaded Program Files\21293574\npxbdsetup.dllc:\windows\Downloaded Program Files\3845596c:\windows\Downloaded Program Files\3845596\BaiduSetupAx_0.dllc:\windows\Downloaded Program Files\3845596\npxbdsetup.dllc:\windows\system32\drivers\etc\hosts.icse:\favoritevideo\InvisibleFoldere:\favoritevideo\InvisibleFolder\20120530101828_zhucevip120530chabo.jpge:\favoritevideo\InvisibleFolder\20120820111559_tongyisucaie120820zhuzt.swfe:\favoritevideo\InvisibleFolder\20120823150132_tongyisucaif120824zhuhc.swfe:\favoritevideo\InvisibleFolder\20120823150242_tongyisucaif120824zhuzt.swfe:\favoritevideo\InvisibleFolder\20120824170818_tongyisucaig120826zhuzt.swfe:\favoritevideo\InvisibleFolder\20120827104618_mabao120827zhuzt.swfe:\favoritevideo\InvisibleFolder\20120827155611_mabao120827zhuhc.swfe:\favoritevideo\InvisibleFolder\20120903160254_kangshifu120903zanting.swfe:\favoritevideo\InvisibleFolder\20120914170330_tongyisucaiJ120914zt.swfe:\favoritevideo\InvisibleFolder\20120925121027_tongyisucaiM120925zhuzt.swfe:\favoritevideo\InvisibleFolder\20121009120031_tongyisucain121010zhuzt.swfe:\favoritevideo\InvisibleFolder\20121101104922_1111.jpge:\favoritevideo\InvisibleFolder\20121108160758_tongyisucaio121108zhuzt.swfe:\favoritevideo\InvisibleFolder\20121119175759_wuxianji121119zhuzt.swfe:\favoritevideo\InvisibleFolder\20121121163406_jianeng121121fuceng.swfe:\favoritevideo\InvisibleFolder\20121123110658_yayao121123zhufuceng.swfe:\favoritevideo\InvisibleFolder\20121123165049_yanchanghui121123zhuzt.swfe:\favoritevideo\InvisibleFolder\20121127101620_liantong121127fuceng.swfe:\favoritevideo\InvisibleFolder\20121127101717_liantong121127qipao.swfe:\favoritevideo\InvisibleFolder\20121128104550_huiyuantiyan121128zhuhc.swfe:\favoritevideo\InvisibleFolder\20121128133559_chuanyuesanguo121128qipao2.swfe:\favoritevideo\InvisibleFolder\20121130095659_kasadi121130zhuzt.swfe:\favoritevideo\InvisibleFolder\20121130104052_zhanzheng121130zhuhc.swfe:\favoritevideo\InvisibleFolder\20121130104420_zhanzheng121130zhuzt.swfe:\favoritevideo\InvisibleFolder\20121130145846_rexuesanguo121130qipao1.swfe:\favoritevideo\InvisibleFolder\20121130153002_liehuozhanshen121130qipao1.swfe:\favoritevideo\InvisibleFolder\20121130153313_liehuozhanshen121130qipao2.swfe:\favoritevideo\InvisibleFolder\20121130155857_tengxunCF121130zhuzt.swfe:\favoritevideo\InvisibleFolder\20121130161339_jianeng121130zhuhc.swfe:\favoritevideo\InvisibleFolder\20121130161339_jianeng121130zhuzt.swfe:\favoritevideo\InvisibleFolder\20121130162114_CF121130zhuhc.swfe:\favoritevideo\InvisibleFolder\20121130162253_CF121130zhuzt.swfe:\favoritevideo\InvisibleFolder\20121130171152_olay121201zhuztporx.swfe:\favoritevideo\InvisibleFolder\20121130172636_olay121201zhuztrg.swfe:\favoritevideo\InvisibleFolder\20121130175403_olay121201zhuztte.swfe:\favoritevideo\InvisibleFolder\20121130184045_qiya121130zhuzt.swfe:\favoritevideo\InvisibleFolder\20121130185625_olay121201zhuztnw.swfe:\favoritevideo\InvisibleFolder\20121203111129_yingchao121203zhujiaobiao.swfe:\favoritevideo\InvisibleFolder\20121203111708_yingchao121203zhuzt.swfe:\favoritevideo\InvisibleFolder\20121203112035_yingchao121203biaotilanguanggao.swfe:\favoritevideo\InvisibleFolder\20121203142006_huawei121203zhuzt.swfe:\favoritevideo\InvisibleFolder\20121203154124_daxingren121203zhuzt.swfe:\favoritevideo\InvisibleFolder\20121203171111_CF121103zhuhc.swfe:\favoritevideo\InvisibleFolder\20121203171342_CF121203zhuzt.swfe:\favoritevideo\InvisibleFolder\20121204141816_kutingwang121204zhuzt.swfe:\favoritevideo\InvisibleFolder\20121204152918_huawei121204zhuzt.swfe:\favoritevideo\InvisibleFolder\20121204153810_tulong121204qipao1.swfe:\favoritevideo\InvisibleFolder\20121204153839_tulong121204qipao2.swfe:\favoritevideo\InvisibleFolder\20121204153905_tulong121204qipao3.swfe:\favoritevideo\InvisibleFolder\20121204161103_400X300.swfe:\favoritevideo\InvisibleFolder\20121204174720_jilieyingchao121204zhufuceng.swfe:\favoritevideo\InvisibleFolder\20121205114431_shengda121205newzhuhc.swfe:\favoritevideo\InvisibleFolder\20121205173139_shijitiancheng121205zhuqipao.swfe:\favoritevideo\InvisibleFolder\20121206114932_qingshi121206qipao1.swfe:\favoritevideo\InvisibleFolder\20121206114950_qingshi121206qipao2.swfe:\favoritevideo\InvisibleFolder\20121206115011_qingshi121206qipao3.swfe:\favoritevideo\InvisibleFolder\20121206221610_tea.swfe:\favoritevideo\InvisibleFolder\20121206222345_uoohe.jpge:\favoritevideo\InvisibleFolder\20121207145807_51wan121207zhuhc.swfe:\favoritevideo\InvisibleFolder\20121207164032_sanguoyanyi121207yixingqipao1.swfe:\favoritevideo\InvisibleFolder\20121207164140_sanguoyanyi121207yixingqipao2.swfe:\favoritevideo\InvisibleFolder\20121207164240_sanguoyanyi121207yixingqipao3.swfe:\favoritevideo\InvisibleFolder\20121207165549_zuixiyou121207yixingqipao2.swfe:\favoritevideo\InvisibleFolder\20121207165622_zuixiyou121207yixingqipao3.swfe:\favoritevideo\InvisibleFolder\20121207170016_zuixiyou121207yixingqipao1.swfe:\favoritevideo\InvisibleFolder\20121207201943_jijia121208zhuhc.swfe:\favoritevideo\InvisibleFolder\20121207202137_jijia121208zhuzt.swfe:\favoritevideo\InvisibleFolder\20121207203701_1203.swfe:\favoritevideo\InvisibleFolder\20121210100101_jianeng121210zhuhc.swfe:\favoritevideo\InvisibleFolder\20121210100212_jianeng121210zhuzt.swfe:\favoritevideo\InvisibleFolder\20121210104732_qiya121210zhuzt.swfe:\favoritevideo\InvisibleFolder\20121210152922_yaowan121210zhuzt.swfe:\favoritevideo\InvisibleFolder\20121210154248_yaowan121210zhuqipaohanbaoguang.swfe:\favoritevideo\InvisibleFolder\20121210171951_DNF121210zhuhc.swfe:\favoritevideo\InvisibleFolder\20121210172110_DNF121210zhuzt.swfe:\favoritevideo\InvisibleFolder\20121211125959_lianxiang121211zhuhc.swfe:\favoritevideo\InvisibleFolder\20121211130147_lianxiang121211zhuzt.swfe:\favoritevideo\InvisibleFolder\20121211130850_neibuceshi121211zhuzt.swfe:\favoritevideo\InvisibleFolder\20121213100314_tengxun121213zhuhc.swfe:\favoritevideo\InvisibleFolder\20121213141154_dingchengchuanmei121213zhuzt.swfe:\favoritevideo\InvisibleFolder\20121213142306_liehuo121213qipao2.swfe:\favoritevideo\InvisibleFolder\20121213142333_liehuo121213qipao3.swfe:\favoritevideo\InvisibleFolder\20121213163325_tengxun121213zhuhc.swfe:\favoritevideo\InvisibleFolder\20121213163612_tengxun121213zhuzt.swfe:\favoritevideo\InvisibleFolder\20121213181113_bilang121213zhuzt.swfe:\favoritevideo\InvisibleFolder\20121214104714_zhongguodianxin121214zhuhc.swfe:\favoritevideo\InvisibleFolder\20121214111705_oppo121214zhujiaobiao.swfe:\favoritevideo\InvisibleFolder\20121214112756_fanren121214qipao1.swfe:\favoritevideo\InvisibleFolder\20121214112812_fanren121214qipao2.swfe:\favoritevideo\InvisibleFolder\20121214112831_fanren121214qipao3.swfe:\favoritevideo\InvisibleFolder\20121214150203_shanghaishiguang121214zhuzt.swfe:\favoritevideo\InvisibleFolder\20121214154214_qunaer121214zhuhc.swfe:\favoritevideo\InvisibleFolder\20121214161248_shenqu121214qipao1.swfe:\favoritevideo\InvisibleFolder\20121214161304_shenqu121214qipao2.swfe:\favoritevideo\InvisibleFolder\20121214161324_shenqu121214qipao3.swfe:\favoritevideo\InvisibleFolder\20121214162917_nizhan121214zhuhuanchong15s.swfe:\favoritevideo\InvisibleFolder\20121214163014_nizhan121214zhuzt.swfe:\favoritevideo\InvisibleFolder\20121214163102_480360zishengtang121214zhuhc.swfe:\favoritevideo\InvisibleFolder\20121214163209_50560zishengtang121214fuceng.swfe:\favoritevideo\InvisibleFolder\20121214163239_400300zishengtang121214zhuzt.swfe:\favoritevideo\InvisibleFolder\20121214171005_xizangliantong121214zhufuceng.swfe:\favoritevideo\InvisibleFolder\20121214223845_400300.swfe:\favoritevideo\InvisibleFolder\20121217101318_zuanshishijia121217zhuzt.swfe:\favoritevideo\InvisibleFolder\20121217143424_jiangshen121217qipao1.swfe:\favoritevideo\InvisibleFolder\20121217143448_jiangshen121217qipao2.swfe:\favoritevideo\InvisibleFolder\20121217143512_jiangshen121217qipao3.swfe:\favoritevideo\InvisibleFolder\20121217163224_tengxundaojian121217zhuztnew.swfe:\favoritevideo\InvisibleFolder\20121218102015_yaowan121218zhuqipao.swfe:\favoritevideo\InvisibleFolder\20121218104941_fankemingxieku121218zhufuceng.swfe:\favoritevideo\InvisibleFolder\20121218151303_pptvlogo.jpge:\favoritevideo\InvisibleFolder\20121218153939_dajiangjun121218qipao1.swfe:\favoritevideo\InvisibleFolder\20121218153955_dajiangjun121218qipao2.swfe:\favoritevideo\InvisibleFolder\20121218154010_dajiangjun121218qipao3.swfe:\favoritevideo\InvisibleFolder\20121218164929_chuanyuehuoxian121218zhuch.swfe:\favoritevideo\InvisibleFolder\20121218165248_chuanyuehuoxian121218zhuzt.swfe:\favoritevideo\InvisibleFolder\20121218165748_QQfeiche121218zhuhc.swfe:\favoritevideo\InvisibleFolder\20121218175949_LOL121218zhuhc.swfe:\favoritevideo\InvisibleFolder\20121218180004_LOL121218zhuzt.swfe:\favoritevideo\InvisibleFolder\20121219093951_daojian121220zhu15s.swfe:\favoritevideo\InvisibleFolder\20121219094121_daojian121220zanting.swfe:\favoritevideo\InvisibleFolder\20121219115958_oppo121219ikanjiaobiao.swfe:\favoritevideo\InvisibleFolder\20121219171851_zhongguoliantong121219fuceng.swfe:\favoritevideo\InvisibleFolder\20121219172020_zhongguoliantong121219yixingqipao.swfe:\favoritevideo\InvisibleFolder\20121220111020_aili121220zhuhuanchong15s.swfe:\favoritevideo\InvisibleFolder\20121220120046_suning121220zhuhc1.swfe:\favoritevideo\InvisibleFolder\20121220122042_kutingwang121220zhuzt.swfe:\favoritevideo\InvisibleFolder\20121220152225_zhengtu121220zhuqipao.swfe:\favoritevideo\InvisibleFolder\20121220172430_guomei121220zhuzt.swfe:\favoritevideo\InvisibleFolder\20121220190110_281.swfe:\favoritevideo\InvisibleFolder\20121221095204_QQfeiche121221zhuzt.swfe:\favoritevideo\InvisibleFolder\20121221095551_tengxunLOL121221zhuhc.swfe:\favoritevideo\InvisibleFolder\20121221095808_tengxunLOL121221zhuzt.swfe:\favoritevideo\InvisibleFolder\20121221102041_tengxunNBA121221zhuhc.swfe:\favoritevideo\InvisibleFolder\20121221102502_tengxunNBA121221zhuzt.swfe:\favoritevideo\InvisibleFolder\20121221113140_neibu121221zhuhc.swfe:\favoritevideo\InvisibleFolder\20121221134628_zhanshen121221qipao2.swfe:\favoritevideo\InvisibleFolder\20121221134645_zhanshen121221qipao3.swfe:\favoritevideo\InvisibleFolder\20121221140923_zishengtang121221zhuhc.swfe:\favoritevideo\InvisibleFolder\20121221140957_zishengtang121221fuceng.swfe:\favoritevideo\InvisibleFolder\20121221141013_zishengtang121221zhuzt.swfe:\favoritevideo\InvisibleFolder\20121221154507_S3121221zhufuceng.swfe:\favoritevideo\InvisibleFolder\20121224104337_haierbingxiang121224zhuhc.swfe:\favoritevideo\InvisibleFolder\20121224134746_neibumori121224zhuhc.swfe:\favoritevideo\InvisibleFolder\20121224140737_qiya121224zhuzt.swfe:\favoritevideo\InvisibleFolder\20121225100709_suning121225zhuhc.swfe:\favoritevideo\InvisibleFolder\20121225151219_LOL121225zhuzt.swfe:\favoritevideo\InvisibleFolder\20121225162013_chuanyuehuoxian121225zhuhc.swfe:\favoritevideo\InvisibleFolder\20121226001906_400300.swfe:\favoritevideo\InvisibleFolder\20121226115236_yaowanwang121226zhuqipao.swfe:\favoritevideo\InvisibleFolder\20121226115333_yaowanwang121226zhuzt.swfe:\favoritevideo\InvisibleFolder\20121226145333_duguqiubai121226zhuhc27hao.swfe:\favoritevideo\InvisibleFolder\20121226155814_wuxiaozhen121226zhuzt.swfe:\favoritevideo\InvisibleFolder\20121226155820_sanguo121226qipao1.swfe:\favoritevideo\InvisibleFolder\20121226155836_sanguo121226qipao2.swfe:\favoritevideo\InvisibleFolder\20121226162012_diaoyan121226zhuhc.swfe:\favoritevideo\InvisibleFolder\20121226171240_tengxunLOL121226zhuzt.swfe:\favoritevideo\InvisibleFolder\20121227100845_ruilan121227zhuhc.swfe:\favoritevideo\InvisibleFolder\20121227101254_ruilan121227zhuzt.swfe:\favoritevideo\InvisibleFolder\20121227103454_480360.jpge:\favoritevideo\InvisibleFolder\20121227150119_gaoquwang121227zhuzt.swfe:\favoritevideo\InvisibleFolder\20121227171942_xizangdianxin121227zhufuceng.swfe:\favoritevideo\InvisibleFolder\peer.dllF:\ghosf:\ghos\giex..((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_XUETR..((((((((((((((((((((((((( 2013-05-26 至 2013-06-26 的新的档案 )))))))))))))))))))))))))))))))..2013-06-26 02:04 . 2013-06-26 02:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-06-26 01:16 . 2013-06-26 01:16 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CF9AF3B-FA3F-4F88-8709-E98C1237A15B}\MpKsl0242ce58.sys2013-06-25 15:27 . 2013-06-25 15:28 -------- d-----w- c:\users\judy\AppData\Roaming\Tencent2013-06-25 15:27 . 2013-06-25 15:27 -------- d-----w- c:\users\judy\AppData\Local\Tencent2013-06-25 12:54 . 2013-06-25 12:54 -------- d-----w- c:\users\judy\AppData\Roaming\com.pageone.Kudani2013-06-25 12:05 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CF9AF3B-FA3F-4F88-8709-E98C1237A15B}\mpengine.dll2013-06-25 08:38 . 2013-06-25 08:38 -------- d-----w- c:\users\judy\AppData\Roaming\com.ideaincubatorlp.crystl2013-06-24 11:33 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-06-24 02:17 . 2013-06-24 02:17 -------- d-----w- c:\windows\ERUNT2013-06-24 02:16 . 2013-06-24 02:16 -------- d-----w- C:\JRT2013-06-23 07:38 . 2013-06-23 07:48 -------- d-----w- c:\users\judy\AppData\Local\SvchostViewer2013-06-23 04:27 . 2013-06-23 04:27 -------- d-----w- c:\programdata\kingsoft2013-06-22 08:47 . 2013-06-25 13:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-06-21 00:40 . 2013-06-21 00:39 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\gapaengine.dll2013-06-19 02:25 . 2013-06-19 02:25 -------- d-----w- c:\users\judy\AppData\Roaming\Malwarebytes2013-06-19 02:25 . 2013-06-19 02:25 -------- d-----w- c:\programdata\Malwarebytes2013-06-19 02:25 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-06-16 13:26 . 2013-06-16 13:26 -------- d-----w- c:\users\judy\AppData\Local\Jolinco_LLC2013-06-12 15:39 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-12 15:39 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll2013-06-12 07:53 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-06-12 07:53 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-12 07:53 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll2013-06-12 07:53 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-12 07:53 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-06-12 07:53 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-06-12 07:53 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe2013-06-12 07:53 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll2013-06-12 07:53 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-12 07:53 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-12 07:53 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-12 07:53 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys...(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-12 08:33 . 2012-04-05 01:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-06-12 08:33 . 2011-05-31 07:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-05-22 00:43 . 2013-03-12 06:49 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-05-02 15:28 . 2011-02-23 03:10 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 04:45 . 2013-05-15 07:57 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 07:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 13:45 . 2013-04-24 00:25 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:18 . 2013-05-15 07:57 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:18 . 2013-05-15 07:57 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:14 . 2013-05-15 07:57 2347520 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))..*注意* 空白与合法缺省登录将不会被显示REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedupIcon]@="{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}"[HKEY_CLASSES_ROOT\CLSID\{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}]2012-12-31 09:56 148992 ----a-w- d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedUpModifiedIcon]@="{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}"[HKEY_CLASSES_ROOT\CLSID\{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}]2012-12-31 09:56 148992 ----a-w- d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-ColdStorageIcon]@="{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}"[HKEY_CLASSES_ROOT\CLSID\{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}]2012-12-31 09:56 148992 ----a-w- d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-FolderInCloudIcon]@="{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}"[HKEY_CLASSES_ROOT\CLSID\{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}]2012-12-31 09:56 148992 ----a-w- d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-NotBackedUpIcon]@="{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}"[HKEY_CLASSES_ROOT\CLSID\{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}]2012-12-31 09:56 148992 ----a-w- d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 02:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"mixer8"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220804] IME File REG_SZ IMSC14.IME.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804] IME File REG_SZ IMSCE14.IME.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OnlyWire.LNK]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OnlyWire.LNKbackup=c:\windows\pss\OnlyWire.LNK.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkbackup=c:\windows\pss\Dropbox.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkbackup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 屏幕剪辑程序和 Launcher.lnk]path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 屏幕剪辑程序和 Launcher.lnkbackup=c:\windows\pss\OneNote 2010 屏幕剪辑程序和 Launcher.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk]path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnkbackup=c:\windows\pss\PPS.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]2012-09-19 23:27 444904 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]2011-01-11 23:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]2010-03-13 06:54 91520 ----a-w- d:\program files\Microsoft Office\Office14\BCSSync.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]2012-03-15 02:05 3090056 ----a-w- d:\program files\FlashGet Network\FlashGet 3\Flashget3.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2011-09-21 12:17 136176 ----atw- c:\users\judy\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICBCEBankAssist]2012-07-10 04:47 319184 ----a-w- c:\program files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IME14 CHS Setup]2012-03-13 20:54 81200 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IME14 CHS WR Setup]2010-02-01 10:22 86832 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME14WR\SHARED\IMEKLMG.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]2010-07-23 08:39 2252800 ----a-w- d:\program files\Lingoes\Translator2\Lingoes.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]2013-01-27 03:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]2012-01-20 13:03 719672 ----a-w- d:\program files\Microsoft Office\Office14\MSOSYNC.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]2011-12-15 07:55 436088 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]2010-03-19 15:44 8546848 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]2012-08-25 20:27 545552 ----a-w- d:\program files\Sandboxie\SbieCtrl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SEnukeX]2013-06-23 14:05 12569088 ----a-w- c:\users\judy\AppData\Local\SENukeX\SENuke.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2012-07-03 01:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]2010-02-19 05:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoolz Tray]2013-04-17 07:14 389648 ----a-w- d:\program files\Genie9\Zoolz2\ZoolzLauncher.exe.R3 IODRV;IODRV;f:\512m driver\IODrv.sys [x]R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [2011-05-31 22016]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]R3 NisSrv;Microsoft 网络检查;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 37064]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]S0 tpsacpi;TPS Firmware Extension Device Driver;c:\windows\system32\DRIVERS\tpsacpi.SYS [2007-07-12 6912]S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 71152]S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 61464]S1 MpKsl0242ce58;MpKsl0242ce58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CF9AF3B-FA3F-4F88-8709-E98C1237A15B}\MpKsl0242ce58.sys [2013-06-26 29904]S2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [2011-12-26 430720]S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 59760]S2 ImeDictUpdateServiceWR;Microsoft IME Dictionary Update For Web Release;c:\program files\Common Files\Microsoft Shared\IME14WR\SHARED\IMEDICTUPDATE.EXE [2010-02-01 60208]S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 PassGuard;PassGuard;c:\windows\system32\drivers\PassGuard.sys [2012-10-02 425368]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-10-11 721048]S2 Zoolz 2 Service;Zoolz Service;d:\program files\Genie9\Zoolz2\ZoolzService.exe [2013-04-17 453136]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys [2011-05-31 22016]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc. ‘计划任务’ 文件夹 里的内容.2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:33].2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-14 10:43].2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-14 10:43].2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000Core.job- c:\users\judy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 12:17].2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000UA.job- c:\users\judy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 12:17]..------- 而外的扫描 -------.uInternet Settings,ProxyOverride = localuInternet Settings,ProxyServer = socks=127.0.0.1:30000LSP: %SystemRoot%\system32\PrxerDrv.dllTrusted Zone: alipay.comTrusted Zone: alisoft.comTrusted Zone: facebook.com\loginTrusted Zone: google.com\mailTrusted Zone: icbc.com.cnTrusted Zone: taobao.comTrusted Zone: twitter.comTCP: Interfaces\{0E9C1ED3-F3C1-4FA3-9127-040F6E3269CC}: NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{341D0DAC-33D1-4A64-8D9D-43E4103AB40A}: NameServer = 8.8.8.8 8.8.4.4TCP: Interfaces\{E988ABA6-A6D6-4FBD-A040-7C2A38834C0C}: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: network.proxy.socks - 127.0.0.1FF - prefs.js: network.proxy.socks_port - 30000FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-05-08 19:18; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{78CC40BF-8737-4686-9C71-0CDFD73EA47C} - (no file)Notify-DfLogon - LogonDll.dllSafeBoot-DFServMSConfigStartUp-BaofengPlatform - d:\program files\Baofeng\StormPlayer\BaofengPlatform.exeMSConfigStartUp-COMODO Internet Security - d:\program files\COMODO\COMODO Internet Security\cfp.exeMSConfigStartUp-IDMan - d:\program files\Internet Download Manager\IDMan.exeMSConfigStartUp-PPS Accelerator - d:\pps.tv\PPStream\ppsap.exeMSConfigStartUp-QvodTerminal - d:\program files\QvodPlayer\QvodTerminal.exeAddRemove-{DC85E68F-B526-450C-DB42-DC038A5059C4} - c:\progra~2\INSTAL~1\{BCF00~1\Setup.exeAddRemove-{DC9D4DE9-5DF6-1A2A-43E6-B4570D80F59B} - c:\progra~2\INSTAL~1\{9D8C5~1\Setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Office\14.0\Common\Open Find\Microsoft Excel\Settings\Sb*_]"ClientGUID"=hex:a1,b6,a9,7c,a9,14,86,46,a9,c6,2b,1f,4f,8e,a8,b7.[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Office\14.0\Common\Open Find\Microsoft OneNote\Settings\Sb*_{皨,g]"ClientGUID"=hex:af,5f,0d,cb,ab,5c,3b,4e,8b,f9,c4,a2,97,d4,2e,4c.[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{411f79cf-b24e-47dc-8874-23ff70599cdf}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:0000016b"Therad"=dword:00000014.[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):66,c1,90,1b,c5,12,7b,ac,ba,08,8a,2a,04,4b,87,c0,73,a3,36,85,89, df,df,0a,2c,88,72,63,3c,02,3c,1d,10,e1,f0,c3,e2,e5,31,70,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):b1,a5,42,91,11,8f,3e,ba,30,88,ef,18,12,1a,b5,8f,6e,ab,f1,b3,39, 9b,95,a9,7d,c0,22,5e,50,76,5a,be,3c,b2,76,3a,75,b4,fb,74,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{cbcf6953-f54a-45c1-bcf4-d15cea32d59f}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000041"Therad"=dword:00000001"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- 运行进程下的动态链接库 ---------------------.- - - - - - - > 'Explorer.exe'(2944)d:\program files\Genie9\Zoolz2\GSLogging.dllc:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.------------------------ 其他运行进程 ------------------------.c:\windows\system32\nvvsvc.exec:\program files\Microsoft Security Client\MsMpEng.exec:\program files\NVIDIA Corporation\Display\nvxdsync.exec:\windows\system32\nvvsvc.exed:\program files\Sandboxie\SbieSvc.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exed:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\windows\system32\vmnat.exec:\windows\system32\vmnetdhcp.exec:\windows\system32\conhost.exed:\program files\TortoiseSVN\bin\TSVNCache.exec:\program files\Synaptics\SynTP\SynTPHelper.exec:\windows\system32\sppsvc.exec:\\?\c:\windows\system32\wbem\WMIADAP.EXE.**************************************************************************.完成时间: 2013-06-26 10:13:47 - 电脑已重新启动ComboFix-quarantined-files.txt 2013-06-26 02:13.Pre-Run: 5,290,237,952 可用字节Post-Run: 4,875,739,136 可用字节.- - End Of File - - 15C3ABC292D2FA97BAA3C3F5601A7DA98F558EB6672622401DA993E1E865C861 Link to post Share on other sites More sharing options...
Maniac Posted June 26, 2013 ID:695775 Share Posted June 26, 2013 Step 1 Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Put a checkmark beside loaded modules. A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK. Click the Start Scan button. The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options. Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 2 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.In your next reply, post the following log files:TDSSKiller logESET Online Scanner log Link to post Share on other sites More sharing options...
fxjudy Posted June 27, 2013 Author ID:696116 Share Posted June 27, 2013 Thank you for the help!TDSSKiller.2.8.16.0_26.06.2013_19.58.02_log Cure is not available, I choose Skip instead.19:58:02.0207 1696 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:4219:58:03.0205 1696 ============================================================19:58:03.0205 1696 Current date / time: 2013/06/26 19:58:03.020519:58:03.0221 1696 SystemInfo:19:58:03.0221 1696 19:58:03.0221 1696 OS Version: 6.1.7601 ServicePack: 1.019:58:03.0221 1696 Product type: Workstation19:58:03.0221 1696 ComputerName: JUDY-PC19:58:03.0221 1696 UserName: judy19:58:03.0221 1696 Windows directory: C:\Windows19:58:03.0221 1696 System windows directory: C:\Windows19:58:03.0221 1696 Processor architecture: Intel x8619:58:03.0221 1696 Number of processors: 219:58:03.0221 1696 Page size: 0x100019:58:03.0221 1696 Boot type: Normal boot19:58:03.0221 1696 ============================================================19:58:05.0062 1696 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005019:58:05.0062 1696 ============================================================19:58:05.0062 1696 \Device\Harddisk0\DR0:19:58:05.0062 1696 MBR partitions:19:58:05.0062 1696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E2E8F019:58:05.0077 1696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E2E96E, BlocksNum 0xA01635219:58:05.0093 1696 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEE44CFF, BlocksNum 0xA01635219:58:05.0109 1696 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x18E5B090, BlocksNum 0xC5D263119:58:05.0109 1696 ============================================================19:58:05.0218 1696 C: <-> \Device\Harddisk0\DR0\Partition119:58:05.0249 1696 D: <-> \Device\Harddisk0\DR0\Partition219:58:05.0280 1696 E: <-> \Device\Harddisk0\DR0\Partition319:58:05.0436 1696 F: <-> \Device\Harddisk0\DR0\Partition419:58:05.0436 1696 ============================================================19:58:05.0436 1696 Initialize success19:58:05.0436 1696 ============================================================19:58:34.0328 3408 Deinitialize success ESET Online Scanner log C:\Users\judy\AppData\Local\WPsBoxPro\storage\storage_398.html HTML/ScrInject.B.Gen virusD:\download\677260.zip.exe Win32/InstalleRex.J applicationD:\download\BaiduPlayerun_41043039.exe a variant of Win32/Hao123.A applicationD:\download\bs_Time_stopper.exe multiple threatsD:\download\HmqF-v3.0.0.0.zip a variant of Win32/Packed.VProtect.B applicationD:\download\KeywordMapPro.1.70.rar a variant of MSIL/Packed.Confuser.G applicationD:\download\Proxy list free 07-05-2013 6821x_hackingway.net.rar(1).exe Win32/InstalleRex.J applicationD:\download\Proxy list free 07-05-2013 6821x_hackingway.net.rar.exe Win32/InstalleRex.J applicationD:\download\proxyhunter.zip a variant of Win32/NetTool.ProxySwitcher.A applicationD:\download\Tweet AutoPoster.7z Win32/InstalleRex.J applicationD:\download\Tweet AutoPoster.7z.exe Win32/InstalleRex.J applicationD:\download\wpppc-personal.zip PHP/Obfuscated.F applicationD:\download\YontooUninstaller.exe Win32/Adware.Yontoo application Link to post Share on other sites More sharing options...
Maniac Posted June 27, 2013 ID:696117 Share Posted June 27, 2013 This is just a part of the entire TDSSKiller log. Please post the rest. Link to post Share on other sites More sharing options...
fxjudy Posted June 27, 2013 Author ID:696147 Share Posted June 27, 2013 oh sorry!this is the rest. 20:00:08.0723 3728 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:4220:00:08.0864 3728 ============================================================20:00:08.0864 3728 Current date / time: 2013/06/26 20:00:08.086420:00:08.0864 3728 SystemInfo:20:00:08.0864 3728 20:00:08.0864 3728 OS Version: 6.1.7601 ServicePack: 1.020:00:08.0864 3728 Product type: Workstation20:00:08.0864 3728 ComputerName: JUDY-PC20:00:08.0864 3728 UserName: judy20:00:08.0864 3728 Windows directory: C:\Windows20:00:08.0864 3728 System windows directory: C:\Windows20:00:08.0864 3728 Processor architecture: Intel x8620:00:08.0864 3728 Number of processors: 220:00:08.0864 3728 Page size: 0x100020:00:08.0864 3728 Boot type: Normal boot20:00:08.0864 3728 ============================================================20:00:11.0453 3728 BG loaded20:00:12.0093 3728 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005020:00:12.0124 3728 ============================================================20:00:12.0124 3728 \Device\Harddisk0\DR0:20:00:12.0124 3728 MBR partitions:20:00:12.0124 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E2E8F020:00:12.0140 3728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E2E96E, BlocksNum 0xA01635220:00:12.0155 3728 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEE44CFF, BlocksNum 0xA01635220:00:12.0218 3728 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x18E5B090, BlocksNum 0xC5D263120:00:12.0218 3728 ============================================================20:00:12.0389 3728 C: <-> \Device\Harddisk0\DR0\Partition120:00:12.0405 3728 D: <-> \Device\Harddisk0\DR0\Partition220:00:12.0436 3728 E: <-> \Device\Harddisk0\DR0\Partition320:00:12.0514 3728 F: <-> \Device\Harddisk0\DR0\Partition420:00:12.0514 3728 ============================================================20:00:12.0514 3728 Initialize success20:00:12.0514 3728 ============================================================20:00:28.0189 3320 ============================================================20:00:28.0189 3320 Scan started20:00:28.0189 3320 Mode: Manual; SigCheck; TDLFS;20:00:28.0189 3320 ============================================================20:00:30.0311 3320 ================ Scan system memory ========================20:00:30.0311 3320 System memory - ok20:00:30.0311 3320 ================ Scan services =============================20:00:30.0482 3320 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys20:00:30.0591 3320 1394ohci - ok20:00:30.0623 3320 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys20:00:30.0654 3320 ACPI - ok20:00:30.0732 3320 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys20:00:30.0794 3320 AcpiPmi - ok20:00:30.0966 3320 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe20:00:30.0981 3320 AdobeARMservice - ok20:00:31.0091 3320 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe20:00:31.0106 3320 AdobeFlashPlayerUpdateSvc - ok20:00:31.0169 3320 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys20:00:31.0200 3320 adp94xx - ok20:00:31.0200 3320 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys20:00:31.0215 3320 adpahci - ok20:00:31.0247 3320 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys20:00:31.0262 3320 adpu320 - ok20:00:31.0309 3320 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll20:00:31.0434 3320 AeLookupSvc - ok20:00:31.0496 3320 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys20:00:31.0543 3320 AFD - ok20:00:31.0574 3320 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys20:00:31.0574 3320 agp440 - ok20:00:31.0621 3320 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys20:00:31.0637 3320 aic78xx - ok20:00:31.0699 3320 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe20:00:31.0730 3320 ALG - ok20:00:31.0777 3320 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys20:00:31.0793 3320 aliide - ok20:00:31.0824 3320 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys20:00:31.0824 3320 amdagp - ok20:00:31.0855 3320 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys20:00:31.0855 3320 amdide - ok20:00:31.0917 3320 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys20:00:31.0933 3320 AmdK8 - ok20:00:31.0933 3320 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys20:00:31.0964 3320 AmdPPM - ok20:00:32.0011 3320 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys20:00:32.0027 3320 amdsata - ok20:00:32.0073 3320 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys20:00:32.0089 3320 amdsbs - ok20:00:32.0105 3320 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys20:00:32.0120 3320 amdxata - ok20:00:32.0151 3320 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys20:00:32.0198 3320 AppID - ok20:00:32.0229 3320 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll20:00:32.0292 3320 AppIDSvc - ok20:00:32.0339 3320 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll20:00:32.0385 3320 Appinfo - ok20:00:32.0479 3320 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys20:00:32.0495 3320 arc - ok20:00:32.0510 3320 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys20:00:32.0526 3320 arcsas - ok20:00:32.0666 3320 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe20:00:32.0713 3320 aspnet_state - ok20:00:32.0760 3320 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys20:00:32.0885 3320 AsyncMac - ok20:00:32.0916 3320 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys20:00:32.0931 3320 atapi - ok20:00:32.0978 3320 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys20:00:33.0072 3320 athr - ok20:00:33.0119 3320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll20:00:33.0165 3320 AudioEndpointBuilder - ok20:00:33.0197 3320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll20:00:33.0228 3320 Audiosrv - ok20:00:33.0290 3320 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll20:00:33.0368 3320 AxInstSV - ok20:00:33.0431 3320 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys20:00:33.0477 3320 b06bdrv - ok20:00:33.0540 3320 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys20:00:33.0571 3320 b57nd60x - ok20:00:33.0633 3320 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll20:00:33.0696 3320 BDESVC - ok20:00:33.0727 3320 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys20:00:33.0821 3320 Beep - ok20:00:33.0867 3320 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll20:00:33.0930 3320 BFE - ok20:00:33.0977 3320 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll20:00:34.0039 3320 BITS - ok20:00:34.0055 3320 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys20:00:34.0070 3320 blbdrive - ok20:00:34.0101 3320 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys20:00:34.0148 3320 bowser - ok20:00:34.0195 3320 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys20:00:34.0257 3320 BrFiltLo - ok20:00:34.0257 3320 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys20:00:34.0320 3320 BrFiltUp - ok20:00:34.0351 3320 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys20:00:34.0413 3320 BridgeMP - ok20:00:34.0429 3320 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll20:00:34.0476 3320 Browser - ok20:00:34.0507 3320 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys20:00:34.0554 3320 Brserid - ok20:00:34.0569 3320 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys20:00:34.0616 3320 BrSerWdm - ok20:00:34.0616 3320 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys20:00:34.0632 3320 BrUsbMdm - ok20:00:34.0647 3320 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys20:00:34.0679 3320 BrUsbSer - ok20:00:34.0679 3320 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys20:00:34.0710 3320 BTHMODEM - ok20:00:34.0757 3320 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll20:00:34.0803 3320 bthserv - ok20:00:34.0959 3320 catchme - ok20:00:34.0991 3320 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys20:00:35.0037 3320 cdfs - ok20:00:35.0084 3320 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys20:00:35.0115 3320 cdrom - ok20:00:35.0147 3320 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll20:00:35.0193 3320 CertPropSvc - ok20:00:35.0225 3320 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys20:00:35.0240 3320 circlass - ok20:00:35.0271 3320 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys20:00:35.0287 3320 CLFS - ok20:00:35.0381 3320 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe20:00:35.0396 3320 clr_optimization_v2.0.50727_32 - ok20:00:35.0443 3320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe20:00:35.0552 3320 clr_optimization_v4.0.30319_32 - ok20:00:35.0568 3320 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys20:00:35.0583 3320 CmBatt - ok20:00:35.0615 3320 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys20:00:35.0630 3320 cmdide - ok20:00:35.0708 3320 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys20:00:35.0739 3320 CNG - ok20:00:35.0755 3320 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys20:00:35.0771 3320 Compbatt - ok20:00:35.0817 3320 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys20:00:35.0849 3320 CompositeBus - ok20:00:35.0864 3320 COMSysApp - ok20:00:35.0895 3320 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys20:00:35.0911 3320 crcdisk - ok20:00:35.0942 3320 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll20:00:35.0989 3320 CryptSvc - ok20:00:36.0051 3320 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll20:00:36.0114 3320 DcomLaunch - ok20:00:36.0145 3320 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll20:00:36.0192 3320 defragsvc - ok20:00:36.0207 3320 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys20:00:36.0254 3320 DfsC - ok20:00:36.0301 3320 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll20:00:36.0332 3320 Dhcp - ok20:00:36.0363 3320 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys20:00:36.0410 3320 discache - ok20:00:36.0441 3320 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys20:00:36.0441 3320 Disk - ok20:00:36.0488 3320 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll20:00:36.0535 3320 Dnscache - ok20:00:36.0566 3320 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll20:00:36.0613 3320 dot3svc - ok20:00:36.0660 3320 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll20:00:36.0707 3320 DPS - ok20:00:36.0753 3320 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys20:00:36.0769 3320 drmkaud - ok20:00:36.0800 3320 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys20:00:36.0816 3320 DXGKrnl - ok20:00:36.0863 3320 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll20:00:36.0909 3320 EapHost - ok20:00:37.0019 3320 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys20:00:37.0128 3320 ebdrv - ok20:00:37.0175 3320 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe20:00:37.0221 3320 EFS - ok20:00:37.0268 3320 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys20:00:37.0299 3320 elxstor - ok20:00:37.0331 3320 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys20:00:37.0362 3320 ErrDev - ok20:00:37.0424 3320 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll20:00:37.0471 3320 EventSystem - ok20:00:37.0502 3320 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys20:00:37.0533 3320 exfat - ok20:00:37.0580 3320 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys20:00:37.0611 3320 fastfat - ok20:00:37.0674 3320 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe20:00:37.0721 3320 Fax - ok20:00:37.0736 3320 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys20:00:37.0767 3320 fdc - ok20:00:37.0799 3320 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll20:00:37.0845 3320 fdPHost - ok20:00:37.0861 3320 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll20:00:37.0908 3320 FDResPub - ok20:00:37.0939 3320 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys20:00:37.0955 3320 FileInfo - ok20:00:37.0955 3320 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys20:00:37.0986 3320 Filetrace - ok20:00:38.0001 3320 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys20:00:38.0033 3320 flpydisk - ok20:00:38.0064 3320 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys20:00:38.0079 3320 FltMgr - ok20:00:38.0142 3320 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll20:00:38.0189 3320 FontCache - ok20:00:38.0267 3320 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe20:00:38.0282 3320 FontCache3.0.0.0 - ok20:00:38.0298 3320 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys20:00:38.0313 3320 FsDepends - ok20:00:38.0329 3320 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys20:00:38.0345 3320 Fs_Rec - ok20:00:38.0391 3320 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys20:00:38.0407 3320 fvevol - ok20:00:38.0438 3320 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys20:00:38.0454 3320 gagp30kx - ok20:00:38.0501 3320 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll20:00:38.0532 3320 gpsvc - ok20:00:38.0610 3320 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe20:00:38.0625 3320 gupdate - ok20:00:38.0625 3320 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe20:00:38.0641 3320 gupdatem - ok20:00:38.0703 3320 [ B6F5AC88A1A1FDD802CB689721D640FE ] hcmon C:\Windows\system32\drivers\hcmon.sys20:00:38.0735 3320 hcmon - ok20:00:38.0750 3320 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys20:00:38.0797 3320 hcw85cir - ok20:00:38.0844 3320 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys20:00:38.0859 3320 HdAudAddService - ok20:00:38.0906 3320 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys20:00:38.0937 3320 HDAudBus - ok20:00:38.0953 3320 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys20:00:38.0969 3320 HidBatt - ok20:00:38.0984 3320 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys20:00:39.0015 3320 HidBth - ok20:00:39.0047 3320 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys20:00:39.0078 3320 HidIr - ok20:00:39.0109 3320 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll20:00:39.0156 3320 hidserv - ok20:00:39.0171 3320 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys20:00:39.0203 3320 HidUsb - ok20:00:39.0218 3320 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll20:00:39.0265 3320 hkmsvc - ok20:00:39.0296 3320 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll20:00:39.0359 3320 HomeGroupListener - ok20:00:39.0390 3320 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll20:00:39.0421 3320 HomeGroupProvider - ok20:00:39.0452 3320 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys20:00:39.0468 3320 HpSAMD - ok20:00:39.0499 3320 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys20:00:39.0530 3320 HTTP - ok20:00:39.0561 3320 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys20:00:39.0577 3320 hwpolicy - ok20:00:39.0624 3320 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys20:00:39.0639 3320 i8042prt - ok20:00:39.0686 3320 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys20:00:39.0717 3320 iaStorV - ok20:00:39.0873 3320 [ 645B2E8D38F937DAB5A735B12922446E ] ICBC Daemon Service C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe20:00:39.0889 3320 ICBC Daemon Service - ok20:00:40.0014 3320 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe20:00:40.0076 3320 idsvc - ok20:00:40.0107 3320 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys20:00:40.0123 3320 iirsp - ok20:00:40.0170 3320 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll20:00:40.0217 3320 IKEEXT - ok20:00:40.0310 3320 [ 91AB587F7EA44B0DEB0522F71AD7B2DC ] ImeDictUpdateService C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE20:00:40.0310 3320 ImeDictUpdateService - ok20:00:40.0388 3320 [ 15D52DA93B328A3E7CAF9AAEE5E988C1 ] ImeDictUpdateServiceWR C:\Program Files\Common Files\Microsoft Shared\IME14WR\SHARED\IMEDICTUPDATE.EXE20:00:40.0388 3320 ImeDictUpdateServiceWR - ok20:00:40.0497 3320 [ 8DB43F2E5ABD24702D1DA1B1BCAD1B93 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys20:00:40.0575 3320 IntcAzAudAddService - ok20:00:40.0607 3320 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys20:00:40.0622 3320 intelide - ok20:00:40.0669 3320 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys20:00:40.0700 3320 intelppm - ok20:00:40.0731 3320 IODRV - ok20:00:40.0747 3320 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll20:00:40.0809 3320 IPBusEnum - ok20:00:40.0841 3320 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys20:00:40.0887 3320 IpFilterDriver - ok20:00:40.0950 3320 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll20:00:40.0981 3320 iphlpsvc - ok20:00:40.0997 3320 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys20:00:41.0028 3320 IPMIDRV - ok20:00:41.0028 3320 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys20:00:41.0075 3320 IPNAT - ok20:00:41.0121 3320 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys20:00:41.0137 3320 IRENUM - ok20:00:41.0153 3320 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys20:00:41.0168 3320 isapnp - ok20:00:41.0199 3320 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys20:00:41.0215 3320 iScsiPrt - ok20:00:41.0340 3320 [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive D:\Program Files\UltraISO\drivers\ISODrive.sys20:00:41.0402 3320 ISODrive - ok20:00:41.0433 3320 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys20:00:41.0449 3320 kbdclass - ok20:00:41.0480 3320 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys20:00:41.0511 3320 kbdhid - ok20:00:41.0527 3320 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe20:00:41.0527 3320 KeyIso - ok20:00:41.0558 3320 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys20:00:41.0574 3320 KSecDD - ok20:00:41.0589 3320 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys20:00:41.0605 3320 KSecPkg - ok20:00:41.0636 3320 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll20:00:41.0683 3320 KtmRm - ok20:00:41.0714 3320 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll20:00:41.0745 3320 LanmanServer - ok20:00:41.0777 3320 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll20:00:41.0792 3320 LanmanWorkstation - ok20:00:41.0839 3320 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys20:00:41.0870 3320 lltdio - ok20:00:41.0901 3320 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll20:00:41.0948 3320 lltdsvc - ok20:00:41.0964 3320 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll20:00:42.0011 3320 lmhosts - ok20:00:42.0042 3320 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys20:00:42.0057 3320 LSI_FC - ok20:00:42.0057 3320 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys20:00:42.0073 3320 LSI_SAS - ok20:00:42.0073 3320 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys20:00:42.0089 3320 LSI_SAS2 - ok20:00:42.0104 3320 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys20:00:42.0120 3320 LSI_SCSI - ok20:00:42.0135 3320 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys20:00:42.0182 3320 luafv - ok20:00:42.0229 3320 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys20:00:42.0245 3320 MBAMProtector - ok20:00:42.0323 3320 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe20:00:42.0416 3320 MBAMScheduler - ok20:00:42.0603 3320 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe20:00:42.0728 3320 MBAMService - ok20:00:42.0791 3320 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys20:00:42.0806 3320 megasas - ok20:00:42.0853 3320 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys20:00:42.0884 3320 MegaSR - ok20:00:42.0993 3320 Microsoft SharePoint Workspace Audit Service - ok20:00:43.0040 3320 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll20:00:43.0149 3320 MMCSS - ok20:00:43.0149 3320 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys20:00:43.0212 3320 Modem - ok20:00:43.0243 3320 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys20:00:43.0274 3320 monitor - ok20:00:43.0305 3320 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys20:00:43.0321 3320 mouclass - ok20:00:43.0352 3320 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys20:00:43.0399 3320 mouhid - ok20:00:43.0430 3320 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys20:00:43.0446 3320 mountmgr - ok20:00:43.0508 3320 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys20:00:43.0539 3320 MpFilter - ok20:00:43.0555 3320 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys20:00:43.0571 3320 mpio - ok20:00:43.0789 3320 [ A69630D039C38018689190234F866D77 ] MpKslddfba513 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\MpKslddfba513.sys20:00:43.0836 3320 MpKslddfba513 - ok20:00:43.0867 3320 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys20:00:43.0898 3320 mpsdrv - ok20:00:43.0992 3320 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll20:00:44.0101 3320 MpsSvc - ok20:00:44.0132 3320 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys20:00:44.0210 3320 MRxDAV - ok20:00:44.0241 3320 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys20:00:44.0304 3320 mrxsmb - ok20:00:44.0366 3320 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys20:00:44.0382 3320 mrxsmb10 - ok20:00:44.0429 3320 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys20:00:44.0444 3320 mrxsmb20 - ok20:00:44.0475 3320 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys20:00:44.0491 3320 msahci - ok20:00:44.0507 3320 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys20:00:44.0538 3320 msdsm - ok20:00:44.0569 3320 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe20:00:44.0600 3320 MSDTC - ok20:00:44.0647 3320 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys20:00:44.0678 3320 Msfs - ok20:00:44.0694 3320 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys20:00:44.0725 3320 mshidkmdf - ok20:00:44.0741 3320 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys20:00:44.0756 3320 msisadrv - ok20:00:44.0803 3320 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll20:00:44.0865 3320 MSiSCSI - ok20:00:44.0881 3320 msiserver - ok20:00:44.0912 3320 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys20:00:44.0943 3320 MSKSSRV - ok20:00:45.0006 3320 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe20:00:45.0037 3320 MsMpSvc - ok20:00:45.0068 3320 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys20:00:45.0115 3320 MSPCLOCK - ok20:00:45.0131 3320 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys20:00:45.0177 3320 MSPQM - ok20:00:45.0209 3320 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys20:00:45.0255 3320 MsRPC - ok20:00:45.0287 3320 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys20:00:45.0287 3320 mssmbios - ok20:00:45.0318 3320 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys20:00:45.0349 3320 MSTEE - ok20:00:45.0349 3320 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys20:00:45.0365 3320 MTConfig - ok20:00:45.0365 3320 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys20:00:45.0380 3320 Mup - ok20:00:45.0427 3320 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll20:00:45.0489 3320 napagent - ok20:00:45.0536 3320 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys20:00:45.0567 3320 NativeWifiP - ok20:00:45.0599 3320 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys20:00:45.0645 3320 NDIS - ok20:00:45.0677 3320 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys20:00:45.0723 3320 NdisCap - ok20:00:45.0755 3320 [ EF6574A4A8359379CAF7092850FE4C81 ] Ndisrd C:\Windows\system32\DRIVERS\ndisrd.sys20:00:45.0833 3320 Ndisrd - ok20:00:45.0833 3320 [ EF6574A4A8359379CAF7092850FE4C81 ] NdisrdMP C:\Windows\system32\DRIVERS\ndisrd.sys20:00:45.0864 3320 NdisrdMP - ok20:00:45.0895 3320 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys20:00:45.0942 3320 NdisTapi - ok20:00:46.0020 3320 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys20:00:46.0067 3320 Ndisuio - ok20:00:46.0098 3320 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys20:00:46.0113 3320 NdisWan - ok20:00:46.0160 3320 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys20:00:46.0207 3320 NDProxy - ok20:00:46.0254 3320 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys20:00:46.0301 3320 NetBIOS - ok20:00:46.0363 3320 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys20:00:46.0457 3320 NetBT - ok20:00:46.0488 3320 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe20:00:46.0503 3320 Netlogon - ok20:00:46.0550 3320 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll20:00:46.0597 3320 Netman - ok20:00:46.0644 3320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe20:00:46.0706 3320 NetMsmqActivator - ok20:00:46.0722 3320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe20:00:46.0722 3320 NetPipeActivator - ok20:00:46.0769 3320 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll20:00:46.0800 3320 netprofm - ok20:00:46.0800 3320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe20:00:46.0815 3320 NetTcpActivator - ok20:00:46.0815 3320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe20:00:46.0831 3320 NetTcpPortSharing - ok20:00:46.0878 3320 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys20:00:47.0018 3320 nfrd960 - ok20:00:47.0049 3320 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys20:00:47.0081 3320 NisDrv - ok20:00:47.0127 3320 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe20:00:47.0143 3320 NisSrv - ok20:00:47.0205 3320 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll20:00:47.0252 3320 NlaSvc - ok20:00:47.0268 3320 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys20:00:47.0315 3320 Npfs - ok20:00:47.0361 3320 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll20:00:47.0393 3320 nsi - ok20:00:47.0408 3320 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys20:00:47.0455 3320 nsiproxy - ok20:00:47.0533 3320 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys20:00:47.0627 3320 Ntfs - ok20:00:47.0642 3320 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys20:00:47.0673 3320 Null - ok20:00:47.0720 3320 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys20:00:47.0736 3320 NVHDA - ok20:00:48.0563 3320 [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys20:00:48.0781 3320 nvlddmkm - ok20:00:48.0843 3320 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys20:00:48.0875 3320 nvraid - ok20:00:48.0921 3320 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys20:00:48.0953 3320 nvstor - ok20:00:49.0015 3320 [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc C:\Windows\system32\nvvsvc.exe20:00:49.0062 3320 nvsvc - ok20:00:49.0171 3320 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe20:00:49.0249 3320 nvUpdatusService - ok20:00:49.0296 3320 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys20:00:49.0327 3320 nv_agp - ok20:00:49.0358 3320 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys20:00:49.0389 3320 ohci1394 - ok20:00:49.0436 3320 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE20:00:49.0467 3320 ose - ok20:00:49.0826 3320 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE20:00:50.0013 3320 osppsvc - ok20:00:50.0091 3320 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll20:00:50.0154 3320 p2pimsvc - ok20:00:50.0185 3320 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll20:00:50.0201 3320 p2psvc - ok20:00:50.0232 3320 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys20:00:50.0232 3320 Parport - ok20:00:50.0263 3320 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys20:00:50.0279 3320 partmgr - ok20:00:50.0294 3320 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys20:00:50.0325 3320 Parvdm - ok20:00:50.0372 3320 [ E1ACE17DDAF078458E2FF063C8457E8C ] PassGuard C:\Windows\system32\drivers\PassGuard.sys20:00:51.0651 3320 PassGuard - ok20:00:51.0698 3320 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll20:00:51.0729 3320 PcaSvc - ok20:00:51.0776 3320 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys20:00:51.0823 3320 pci - ok20:00:51.0823 3320 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys20:00:51.0839 3320 pciide - ok20:00:51.0870 3320 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys20:00:51.0885 3320 pcmcia - ok20:00:51.0901 3320 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys20:00:51.0932 3320 pcw - ok20:00:51.0948 3320 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys20:00:51.0995 3320 PEAUTH - ok20:00:52.0260 3320 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll20:00:52.0338 3320 pla - ok20:00:52.0369 3320 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll20:00:52.0416 3320 PlugPlay - ok20:00:52.0447 3320 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll20:00:52.0494 3320 PNRPAutoReg - ok20:00:52.0509 3320 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll20:00:52.0525 3320 PNRPsvc - ok20:00:52.0587 3320 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll20:00:52.0681 3320 PolicyAgent - ok20:00:52.0712 3320 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll20:00:52.0759 3320 Power - ok20:00:52.0790 3320 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys20:00:52.0837 3320 PptpMiniport - ok20:00:52.0884 3320 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys20:00:52.0899 3320 Processor - ok20:00:52.0931 3320 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll20:00:52.0946 3320 ProfSvc - ok20:00:52.0977 3320 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe20:00:52.0993 3320 ProtectedStorage - ok20:00:53.0024 3320 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys20:00:53.0055 3320 Psched - ok20:00:53.0102 3320 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys20:00:53.0196 3320 ql2300 - ok20:00:53.0196 3320 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys20:00:53.0211 3320 ql40xx - ok20:00:53.0243 3320 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll20:00:53.0274 3320 QWAVE - ok20:00:53.0289 3320 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys20:00:53.0305 3320 QWAVEdrv - ok20:00:53.0305 3320 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys20:00:53.0352 3320 RasAcd - ok20:00:53.0399 3320 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys20:00:53.0430 3320 RasAgileVpn - ok20:00:53.0445 3320 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll20:00:53.0492 3320 RasAuto - ok20:00:53.0523 3320 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys20:00:53.0570 3320 Rasl2tp - ok20:00:53.0601 3320 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll20:00:53.0648 3320 RasMan - ok20:00:53.0648 3320 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys20:00:53.0679 3320 RasPppoe - ok20:00:53.0711 3320 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys20:00:53.0757 3320 RasSstp - ok20:00:53.0789 3320 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys20:00:53.0835 3320 rdbss - ok20:00:53.0867 3320 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys20:00:53.0898 3320 rdpbus - ok20:00:53.0929 3320 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys20:00:53.0976 3320 RDPCDD - ok20:00:54.0007 3320 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys20:00:54.0054 3320 RDPENCDD - ok20:00:54.0054 3320 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys20:00:54.0101 3320 RDPREFMP - ok20:00:54.0132 3320 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys20:00:54.0179 3320 RDPWD - ok20:00:54.0225 3320 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys20:00:54.0257 3320 rdyboost - ok20:00:54.0272 3320 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll20:00:54.0335 3320 RemoteAccess - ok20:00:54.0366 3320 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll20:00:54.0413 3320 RemoteRegistry - ok20:00:54.0459 3320 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys20:00:54.0506 3320 Revoflt - ok20:00:54.0537 3320 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll20:00:54.0584 3320 RpcEptMapper - ok20:00:54.0615 3320 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe20:00:54.0647 3320 RpcLocator - ok20:00:54.0709 3320 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll20:00:54.0771 3320 RpcSs - ok20:00:54.0834 3320 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys20:00:54.0881 3320 rspndr - ok20:00:54.0927 3320 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys20:00:55.0005 3320 RTL8167 - ok20:00:55.0037 3320 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe20:00:55.0037 3320 SamSs - ok20:00:55.0146 3320 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv D:\Program Files\Sandboxie\SbieDrv.sys20:00:55.0255 3320 SbieDrv - ok20:00:55.0302 3320 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc D:\Program Files\Sandboxie\SbieSvc.exe20:00:55.0364 3320 SbieSvc - ok20:00:55.0411 3320 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys20:00:55.0427 3320 sbp2port - ok20:00:55.0458 3320 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll20:00:55.0489 3320 SCardSvr - ok20:00:55.0520 3320 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys20:00:55.0551 3320 scfilter - ok20:00:55.0629 3320 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll20:00:55.0676 3320 Schedule - ok20:00:55.0692 3320 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll20:00:55.0723 3320 SCPolicySvc - ok20:00:55.0754 3320 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll20:00:55.0801 3320 SDRSVC - ok20:00:55.0848 3320 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys20:00:55.0879 3320 secdrv - ok20:00:55.0895 3320 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll20:00:55.0957 3320 seclogon - ok20:00:56.0004 3320 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll20:00:56.0035 3320 SENS - ok20:00:56.0066 3320 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll20:00:56.0129 3320 SensrSvc - ok20:00:56.0144 3320 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys20:00:56.0191 3320 Serenum - ok20:00:56.0207 3320 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys20:00:56.0253 3320 Serial - ok20:00:56.0269 3320 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys20:00:56.0300 3320 sermouse - ok20:00:56.0347 3320 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll20:00:56.0394 3320 SessionEnv - ok20:00:56.0409 3320 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys20:00:56.0425 3320 sffdisk - ok20:00:56.0441 3320 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys20:00:56.0472 3320 sffp_mmc - ok20:00:56.0487 3320 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys20:00:56.0503 3320 sffp_sd - ok20:00:56.0534 3320 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys20:00:56.0581 3320 sfloppy - ok20:00:56.0628 3320 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll20:00:56.0659 3320 SharedAccess - ok20:00:56.0675 3320 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll20:00:56.0706 3320 ShellHWDetection - ok20:00:56.0737 3320 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys20:00:56.0753 3320 sisagp - ok20:00:56.0768 3320 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys20:00:56.0784 3320 SiSRaid2 - ok20:00:56.0784 3320 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys20:00:56.0799 3320 SiSRaid4 - ok20:00:56.0831 3320 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys20:00:56.0862 3320 Smb - ok20:00:56.0877 3320 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe20:00:56.0893 3320 SNMPTRAP - ok20:00:56.0909 3320 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys20:00:56.0924 3320 spldr - ok20:00:56.0971 3320 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe20:00:57.0018 3320 Spooler - ok20:00:57.0127 3320 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe20:00:57.0345 3320 sppsvc - ok20:00:57.0392 3320 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll20:00:57.0455 3320 sppuinotify - ok20:00:57.0486 3320 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys20:00:57.0533 3320 srv - ok Link to post Share on other sites More sharing options...
fxjudy Posted June 27, 2013 Author ID:696148 Share Posted June 27, 2013 20:00:57.0579 3320 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys20:00:57.0626 3320 srv2 - ok20:00:57.0657 3320 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys20:00:57.0673 3320 srvnet - ok20:00:57.0720 3320 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll20:00:57.0782 3320 SSDPSRV - ok20:00:57.0798 3320 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll20:00:57.0845 3320 SstpSvc - ok20:00:57.0923 3320 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe20:00:57.0969 3320 Stereo Service - ok20:00:58.0016 3320 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys20:00:58.0047 3320 stexstor - ok20:00:58.0110 3320 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll20:00:58.0157 3320 StiSvc - ok20:00:58.0188 3320 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys20:00:58.0203 3320 swenum - ok20:00:58.0344 3320 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe20:00:58.0391 3320 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning20:00:58.0391 3320 SwitchBoard - detected UnsignedFile.Multi.Generic (1)20:00:58.0469 3320 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll20:00:58.0547 3320 swprv - ok20:00:58.0609 3320 [ 6BEF3ACD6EE22EEC55B68699E8AACE09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys20:00:58.0656 3320 SynTP - ok20:00:58.0703 3320 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll20:00:58.0749 3320 SysMain - ok20:00:58.0796 3320 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll20:00:58.0859 3320 TabletInputService - ok20:00:58.0890 3320 [ 5A5927C254DA9D76D66DE866E21C1058 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys20:00:58.0968 3320 tap0901 - ok20:00:59.0015 3320 [ DEB7FA72F982C4881E633507C5265A3C ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys20:00:59.0046 3320 taphss6 - ok20:00:59.0093 3320 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll20:00:59.0139 3320 TapiSrv - ok20:00:59.0171 3320 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll20:00:59.0217 3320 TBS - ok20:00:59.0280 3320 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys20:00:59.0389 3320 Tcpip - ok20:00:59.0436 3320 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys20:00:59.0467 3320 TCPIP6 - ok20:00:59.0498 3320 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys20:00:59.0529 3320 tcpipreg - ok20:00:59.0561 3320 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys20:00:59.0607 3320 TDPIPE - ok20:00:59.0639 3320 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys20:00:59.0654 3320 TDTCP - ok20:00:59.0685 3320 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys20:00:59.0732 3320 tdx - ok20:00:59.0763 3320 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys20:00:59.0763 3320 TermDD - ok20:00:59.0795 3320 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll20:00:59.0857 3320 TermService - ok20:00:59.0888 3320 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll20:00:59.0904 3320 Themes - ok20:00:59.0935 3320 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll20:00:59.0966 3320 THREADORDER - ok20:00:59.0997 3320 [ A3633E498ACD7869553F1E5F229A39B1 ] tpsacpi C:\Windows\system32\DRIVERS\tpsacpi.SYS20:01:00.0044 3320 tpsacpi - ok20:01:00.0075 3320 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll20:01:00.0107 3320 TrkWks - ok20:01:00.0216 3320 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe20:01:00.0341 3320 TrustedInstaller - ok20:01:00.0356 3320 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys20:01:00.0403 3320 tssecsrv - ok20:01:00.0450 3320 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys20:01:00.0481 3320 TsUsbFlt - ok20:01:00.0528 3320 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys20:01:00.0575 3320 tunnel - ok20:01:00.0637 3320 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys20:01:00.0699 3320 uagp35 - ok20:01:00.0762 3320 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys20:01:00.0855 3320 udfs - ok20:01:00.0902 3320 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe20:01:00.0949 3320 UI0Detect - ok20:01:00.0980 3320 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys20:01:00.0996 3320 uliagpkx - ok20:01:01.0011 3320 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys20:01:01.0027 3320 umbus - ok20:01:01.0058 3320 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys20:01:01.0074 3320 UmPass - ok20:01:01.0105 3320 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll20:01:01.0152 3320 upnphost - ok20:01:01.0183 3320 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys20:01:01.0245 3320 usbccgp - ok20:01:01.0308 3320 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys20:01:01.0355 3320 usbcir - ok20:01:01.0386 3320 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys20:01:01.0401 3320 usbehci - ok20:01:01.0448 3320 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys20:01:01.0495 3320 usbhub - ok20:01:01.0542 3320 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys20:01:01.0604 3320 usbohci - ok20:01:01.0635 3320 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys20:01:01.0682 3320 usbprint - ok20:01:01.0698 3320 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS20:01:01.0745 3320 USBSTOR - ok20:01:01.0760 3320 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys20:01:01.0760 3320 usbuhci - ok20:01:01.0807 3320 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys20:01:01.0869 3320 usbvideo - ok20:01:01.0901 3320 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll20:01:01.0963 3320 UxSms - ok20:01:01.0979 3320 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe20:01:01.0994 3320 VaultSvc - ok20:01:02.0025 3320 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys20:01:02.0041 3320 vdrvroot - ok20:01:02.0088 3320 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe20:01:02.0150 3320 vds - ok20:01:02.0181 3320 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys20:01:02.0197 3320 vga - ok20:01:02.0228 3320 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys20:01:02.0244 3320 VgaSave - ok20:01:02.0275 3320 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys20:01:02.0291 3320 vhdmp - ok20:01:02.0306 3320 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys20:01:02.0322 3320 viaagp - ok20:01:02.0337 3320 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys20:01:02.0353 3320 ViaC7 - ok20:01:02.0369 3320 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys20:01:02.0384 3320 viaide - ok20:01:02.0587 3320 [ A942813405C51998DD2C2B86A08394D5 ] VMAuthdService D:\Program Files\vmware\vmware-authd.exe20:01:02.0649 3320 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning20:01:02.0649 3320 VMAuthdService - detected UnsignedFile.Multi.Generic (1)20:01:02.0759 3320 [ 753BD0240B6586ABA0D67A70B3EF44A0 ] vmci C:\Windows\system32\DRIVERS\vmci.sys20:01:02.0805 3320 vmci - ok20:01:02.0961 3320 [ 840EC98AD70C09F87E2F624320B9C3A3 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys20:01:02.0993 3320 vmkbd - ok20:01:03.0039 3320 [ A267D2321ED281359D301BFEB8202652 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys20:01:03.0055 3320 VMnetAdapter - ok20:01:03.0133 3320 [ 7A4BB278D7860551A716D46349492692 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys20:01:03.0180 3320 VMnetBridge - ok20:01:03.0273 3320 [ 24521D99BF36F190BA10BB2BFDB17682 ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe20:01:03.0320 3320 VMnetDHCP - ok20:01:03.0351 3320 [ 4214CE8AC6E4E2667E71B9A5E973D590 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys20:01:03.0367 3320 VMnetuserif - ok20:01:03.0539 3320 [ 90B4CC5C515B52796E26F72F3EEAF643 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe20:01:03.0601 3320 VMUSBArbService - ok20:01:03.0648 3320 [ 709B9008BCC9E0375D0A45B08F4C48ED ] VMware NAT Service C:\Windows\system32\vmnat.exe20:01:03.0679 3320 VMware NAT Service - ok20:01:03.0757 3320 [ 6B649BAAF488C8505C613A1159A8D05C ] vmx86 C:\Windows\system32\Drivers\vmx86.sys20:01:03.0788 3320 vmx86 - ok20:01:03.0819 3320 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys20:01:03.0835 3320 volmgr - ok20:01:03.0866 3320 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys20:01:03.0913 3320 volmgrx - ok20:01:03.0944 3320 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys20:01:03.0960 3320 volsnap - ok20:01:03.0991 3320 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys20:01:04.0007 3320 vsmraid - ok20:01:04.0038 3320 [ 4B1B677FC0338C85E1C30BD6F1BFD584 ] vsock C:\Windows\system32\drivers\vsock.sys20:01:04.0085 3320 vsock - ok20:01:04.0116 3320 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe20:01:04.0209 3320 VSS - ok20:01:04.0225 3320 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys20:01:04.0256 3320 vwifibus - ok20:01:04.0303 3320 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys20:01:04.0334 3320 vwififlt - ok20:01:04.0350 3320 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys20:01:04.0365 3320 vwifimp - ok20:01:04.0412 3320 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll20:01:04.0490 3320 W32Time - ok20:01:04.0521 3320 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys20:01:04.0553 3320 WacomPen - ok20:01:04.0568 3320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys20:01:04.0615 3320 WANARP - ok20:01:04.0615 3320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys20:01:04.0646 3320 Wanarpv6 - ok20:01:04.0693 3320 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe20:01:04.0787 3320 wbengine - ok20:01:04.0818 3320 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll20:01:04.0880 3320 WbioSrvc - ok20:01:04.0911 3320 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll20:01:04.0958 3320 wcncsvc - ok20:01:04.0974 3320 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll20:01:05.0083 3320 WcsPlugInService - ok20:01:05.0099 3320 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys20:01:05.0114 3320 Wd - ok20:01:05.0161 3320 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys20:01:05.0192 3320 Wdf01000 - ok20:01:05.0223 3320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll20:01:05.0286 3320 WdiServiceHost - ok20:01:05.0286 3320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll20:01:05.0301 3320 WdiSystemHost - ok20:01:05.0333 3320 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll20:01:05.0379 3320 WebClient - ok20:01:05.0395 3320 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll20:01:05.0426 3320 Wecsvc - ok20:01:05.0442 3320 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll20:01:05.0489 3320 wercplsupport - ok20:01:05.0520 3320 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll20:01:05.0598 3320 WerSvc - ok20:01:05.0645 3320 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys20:01:05.0691 3320 WfpLwf - ok20:01:05.0691 3320 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys20:01:05.0707 3320 WIMMount - ok20:01:05.0769 3320 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll20:01:05.0847 3320 WinDefend - ok20:01:05.0863 3320 WinHttpAutoProxySvc - ok20:01:05.0925 3320 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll20:01:05.0988 3320 Winmgmt - ok20:01:06.0050 3320 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll20:01:06.0175 3320 WinRM - ok20:01:06.0237 3320 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll20:01:06.0269 3320 Wlansvc - ok20:01:06.0284 3320 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys20:01:06.0300 3320 WmiAcpi - ok20:01:06.0315 3320 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe20:01:06.0425 3320 wmiApSrv - ok20:01:06.0518 3320 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe20:01:06.0627 3320 WMPNetworkSvc - ok20:01:06.0674 3320 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll20:01:06.0783 3320 WPCSvc - ok20:01:06.0815 3320 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll20:01:06.0877 3320 WPDBusEnum - ok20:01:06.0924 3320 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys20:01:06.0971 3320 ws2ifsl - ok20:01:07.0002 3320 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll20:01:07.0033 3320 wscsvc - ok20:01:07.0033 3320 WSearch - ok20:01:07.0111 3320 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll20:01:07.0236 3320 wuauserv - ok20:01:07.0267 3320 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys20:01:07.0283 3320 WudfPf - ok20:01:07.0345 3320 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys20:01:07.0376 3320 WUDFRd - ok20:01:07.0439 3320 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll20:01:07.0501 3320 wudfsvc - ok20:01:07.0532 3320 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll20:01:07.0579 3320 WwanSvc - ok20:01:07.0766 3320 [ 0DAAEBED3A2A3A86D2766C2B7163EB47 ] Zoolz 2 Service D:\Program Files\Genie9\Zoolz2\ZoolzService.exe20:01:07.0829 3320 Zoolz 2 Service - ok20:01:07.0891 3320 ================ Scan global ===============================20:01:07.0922 3320 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll20:01:07.0953 3320 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll20:01:07.0985 3320 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll20:01:08.0016 3320 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll20:01:08.0063 3320 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe20:01:08.0063 3320 [Global] - ok20:01:08.0063 3320 ================ Scan MBR ==================================20:01:08.0078 3320 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR020:01:08.0437 3320 \Device\Harddisk0\DR0 - ok20:01:08.0437 3320 ================ Scan VBR ==================================20:01:08.0437 3320 [ 766DE370477BC05418C3BC1DE249BE7F ] \Device\Harddisk0\DR0\Partition120:01:08.0437 3320 \Device\Harddisk0\DR0\Partition1 - ok20:01:08.0437 3320 [ FC9F26FFA8A214918C6B9E5998AE69B6 ] \Device\Harddisk0\DR0\Partition220:01:08.0453 3320 \Device\Harddisk0\DR0\Partition2 - ok20:01:08.0468 3320 [ 724A68E23B96479490A6C0C96F3C5277 ] \Device\Harddisk0\DR0\Partition320:01:08.0468 3320 \Device\Harddisk0\DR0\Partition3 - ok20:01:08.0499 3320 [ 19220EB45D081A4E079595C050D3B015 ] \Device\Harddisk0\DR0\Partition420:01:08.0499 3320 \Device\Harddisk0\DR0\Partition4 - ok20:01:08.0499 3320 ================ Scan active images ========================20:01:08.0499 3320 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys20:01:08.0499 3320 C:\Windows\System32\drivers\crashdmp.sys - ok20:01:08.0515 3320 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys20:01:08.0515 3320 C:\Windows\System32\drivers\beep.sys - ok20:01:08.0515 3320 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys20:01:08.0515 3320 C:\Windows\System32\drivers\cdrom.sys - ok20:01:08.0515 3320 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys20:01:08.0515 3320 C:\Windows\System32\drivers\null.sys - ok20:01:08.0531 3320 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys20:01:08.0531 3320 C:\Windows\System32\drivers\vga.sys - ok20:01:08.0531 3320 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys20:01:08.0531 3320 C:\Windows\System32\drivers\videoprt.sys - ok20:01:08.0546 3320 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys20:01:08.0546 3320 C:\Windows\System32\drivers\watchdog.sys - ok20:01:08.0546 3320 [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys20:01:08.0546 3320 C:\Windows\System32\drivers\RDPCDD.sys - ok20:01:08.0546 3320 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys20:01:08.0546 3320 C:\Windows\System32\drivers\RDPENCDD.sys - ok20:01:08.0562 3320 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys20:01:08.0562 3320 C:\Windows\System32\drivers\RDPREFMP.sys - ok20:01:08.0562 3320 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys20:01:08.0562 3320 C:\Windows\System32\drivers\msfs.sys - ok20:01:08.0562 3320 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys20:01:08.0562 3320 C:\Windows\System32\drivers\npfs.sys - ok20:01:08.0577 3320 [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys20:01:08.0577 3320 C:\Windows\System32\drivers\tdi.sys - ok20:01:08.0577 3320 [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys20:01:08.0577 3320 C:\Windows\System32\drivers\tdx.sys - ok20:01:08.0577 3320 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys20:01:08.0577 3320 C:\Windows\System32\drivers\afd.sys - ok20:01:08.0593 3320 [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys20:01:08.0593 3320 C:\Windows\System32\drivers\netbt.sys - ok20:01:08.0593 3320 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys20:01:08.0593 3320 C:\Windows\System32\drivers\wfplwf.sys - ok20:01:08.0609 3320 [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys20:01:08.0609 3320 C:\Windows\System32\drivers\ws2ifsl.sys - ok20:01:08.0609 3320 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys20:01:08.0609 3320 C:\Windows\System32\drivers\pacer.sys - ok20:01:08.0609 3320 [ 7090D3436EEB4E7DA3373090A23448F7 ] C:\Windows\System32\drivers\vwififlt.sys20:01:08.0609 3320 C:\Windows\System32\drivers\vwififlt.sys - ok20:01:08.0624 3320 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys20:01:08.0624 3320 C:\Windows\System32\drivers\netbios.sys - ok20:01:08.0624 3320 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys20:01:08.0624 3320 C:\Windows\System32\drivers\termdd.sys - ok20:01:08.0624 3320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys20:01:08.0624 3320 C:\Windows\System32\drivers\wanarp.sys - ok20:01:08.0640 3320 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys20:01:08.0640 3320 C:\Windows\System32\drivers\nsiproxy.sys - ok20:01:08.0640 3320 [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys20:01:08.0640 3320 C:\Windows\System32\drivers\rdbss.sys - ok20:01:08.0640 3320 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys20:01:08.0640 3320 C:\Windows\System32\drivers\mssmbios.sys - ok20:01:08.0655 3320 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys20:01:08.0655 3320 C:\Windows\System32\drivers\blbdrive.sys - ok20:01:08.0655 3320 [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys20:01:08.0655 3320 C:\Windows\System32\drivers\dfsc.sys - ok20:01:08.0671 3320 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys20:01:08.0671 3320 C:\Windows\System32\drivers\discache.sys - ok20:01:08.0671 3320 [ 2F03CEB28307983F3B36216D35FFA5AA ] D:\Program Files\UltraISO\drivers\ISODrive.sys20:01:08.0671 3320 D:\Program Files\UltraISO\drivers\ISODrive.sys - ok20:01:08.0671 3320 [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys20:01:08.0671 3320 C:\Windows\System32\drivers\tunnel.sys - ok20:01:08.0687 3320 [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll20:01:08.0687 3320 C:\Windows\System32\ntdll.dll - ok20:01:08.0687 3320 [ DE91DCC7BC55E940979097E98F743205 ] C:\Windows\System32\smss.exe20:01:08.0687 3320 C:\Windows\System32\smss.exe - ok20:01:08.0687 3320 [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe20:01:08.0702 3320 C:\Windows\System32\autochk.exe - ok20:01:08.0702 3320 [ D3F22DA8F670EFD15D348B5952769CEF ] C:\Windows\System32\drivers\nvlddmkm.sys20:01:08.0702 3320 C:\Windows\System32\drivers\nvlddmkm.sys - ok20:01:08.0702 3320 [ 16498EBC04AE9DD07049A8884B205C05 ] C:\Windows\System32\drivers\dxgkrnl.sys20:01:08.0702 3320 C:\Windows\System32\drivers\dxgkrnl.sys - ok20:01:08.0718 3320 [ E405328A0E38BF823E2361C413283F6D ] C:\Windows\System32\drivers\dxgmms1.sys20:01:08.0718 3320 C:\Windows\System32\drivers\dxgmms1.sys - ok20:01:08.0718 3320 [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys20:01:08.0718 3320 C:\Windows\System32\drivers\hdaudbus.sys - ok20:01:08.0718 3320 [ BCEBD5D1AABCE4EFB7597635E347C44B ] C:\Windows\System32\drivers\Rt86win7.sys20:01:08.0718 3320 C:\Windows\System32\drivers\Rt86win7.sys - ok20:01:08.0733 3320 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys20:01:08.0733 3320 C:\Windows\System32\drivers\usbehci.sys - ok20:01:08.0733 3320 [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys20:01:08.0733 3320 C:\Windows\System32\drivers\usbport.sys - ok20:01:08.0733 3320 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys20:01:08.0733 3320 C:\Windows\System32\drivers\i8042prt.sys - ok20:01:08.0749 3320 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys20:01:08.0749 3320 C:\Windows\System32\drivers\kbdclass.sys - ok20:01:08.0749 3320 [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys20:01:08.0749 3320 C:\Windows\System32\drivers\usbd.sys - ok20:01:08.0749 3320 [ 840EC98AD70C09F87E2F624320B9C3A3 ] C:\Windows\System32\drivers\VMkbd.sys20:01:08.0749 3320 C:\Windows\System32\drivers\VMkbd.sys - ok20:01:08.0765 3320 [ 6BEF3ACD6EE22EEC55B68699E8AACE09 ] C:\Windows\System32\drivers\SynTP.sys20:01:08.0765 3320 C:\Windows\System32\drivers\SynTP.sys - ok20:01:08.0765 3320 [ DEA805815E587DAD1DD2C502220B5616 ] C:\Windows\System32\drivers\CmBatt.sys20:01:08.0765 3320 C:\Windows\System32\drivers\CmBatt.sys - ok20:01:08.0780 3320 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys20:01:08.0780 3320 C:\Windows\System32\drivers\mouclass.sys - ok20:01:08.0780 3320 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys20:01:08.0780 3320 C:\Windows\System32\drivers\CompositeBus.sys - ok20:01:08.0780 3320 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys20:01:08.0780 3320 C:\Windows\System32\drivers\intelppm.sys - ok20:01:08.0796 3320 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys20:01:08.0796 3320 C:\Windows\System32\drivers\agilevpn.sys - ok20:01:08.0796 3320 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys20:01:08.0796 3320 C:\Windows\System32\drivers\ndistapi.sys - ok20:01:08.0796 3320 [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys20:01:08.0796 3320 C:\Windows\System32\drivers\ndiswan.sys - ok20:01:08.0811 3320 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys20:01:08.0811 3320 C:\Windows\System32\drivers\rasl2tp.sys - ok20:01:08.0811 3320 [ EF6574A4A8359379CAF7092850FE4C81 ] C:\Windows\System32\drivers\Ndisrd.sys20:01:08.0811 3320 C:\Windows\System32\drivers\Ndisrd.sys - ok20:01:08.0827 3320 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys20:01:08.0827 3320 C:\Windows\System32\drivers\raspppoe.sys - ok20:01:08.0827 3320 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys20:01:08.0827 3320 C:\Windows\System32\drivers\raspptp.sys - ok20:01:08.0827 3320 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys20:01:08.0827 3320 C:\Windows\System32\drivers\rassstp.sys - ok20:01:08.0843 3320 [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys20:01:08.0843 3320 C:\Windows\System32\drivers\ks.sys - ok20:01:08.0843 3320 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys20:01:08.0843 3320 C:\Windows\System32\drivers\swenum.sys - ok20:01:08.0843 3320 [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys20:01:08.0843 3320 C:\Windows\System32\drivers\umbus.sys - ok20:01:08.0858 3320 [ 70C73BF6EA125D0E4097A440D18A8463 ] C:\Windows\System32\drivers\vmnet.sys20:01:08.0858 3320 C:\Windows\System32\drivers\vmnet.sys - ok20:01:08.0858 3320 [ A267D2321ED281359D301BFEB8202652 ] C:\Windows\System32\drivers\vmnetadapter.sys20:01:08.0858 3320 C:\Windows\System32\drivers\vmnetadapter.sys - ok20:01:08.0858 3320 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys20:01:08.0858 3320 C:\Windows\System32\drivers\usbhub.sys - ok20:01:08.0874 3320 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys20:01:08.0874 3320 C:\Windows\System32\drivers\ndproxy.sys - ok20:01:08.0874 3320 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys20:01:08.0874 3320 C:\Windows\System32\drivers\drmk.sys - ok20:01:08.0874 3320 [ 77F9F9A199B87FE3F852E12F5419240B ] C:\Windows\System32\drivers\nvhda32v.sys20:01:08.0874 3320 C:\Windows\System32\drivers\nvhda32v.sys - ok20:01:08.0889 3320 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys20:01:08.0889 3320 C:\Windows\System32\drivers\portcls.sys - ok20:01:08.0889 3320 [ 8DB43F2E5ABD24702D1DA1B1BCAD1B93 ] C:\Windows\System32\drivers\RTKVHDA.sys20:01:08.0889 3320 C:\Windows\System32\drivers\RTKVHDA.sys - ok20:01:08.0905 3320 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll20:01:08.0905 3320 C:\Windows\System32\msvcrt.dll - ok20:01:08.0905 3320 [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll20:01:08.0905 3320 C:\Windows\System32\gdi32.dll - ok20:01:08.0905 3320 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll20:01:08.0905 3320 C:\Windows\System32\oleaut32.dll - ok20:01:08.0921 3320 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll20:01:08.0921 3320 C:\Windows\System32\clbcatq.dll - ok20:01:08.0921 3320 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll20:01:08.0921 3320 C:\Windows\System32\nsi.dll - ok20:01:08.0921 3320 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll20:01:08.0921 3320 C:\Windows\System32\shlwapi.dll - ok20:01:08.0936 3320 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll20:01:08.0936 3320 C:\Windows\System32\difxapi.dll - ok20:01:08.0936 3320 [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll20:01:08.0936 3320 C:\Windows\System32\imm32.dll - ok20:01:08.0936 3320 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll20:01:08.0936 3320 C:\Windows\System32\imagehlp.dll - ok20:01:08.0952 3320 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll20:01:08.0952 3320 C:\Windows\System32\comdlg32.dll - ok20:01:08.0952 3320 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll20:01:08.0952 3320 C:\Windows\System32\sechost.dll - ok20:01:08.0952 3320 [ 2473CA6595A2659D7039A4A89FECA269 ] C:\Windows\System32\wininet.dll20:01:08.0952 3320 C:\Windows\System32\wininet.dll - ok20:01:08.0967 3320 [ B3DC4D1658093C1E486CA9F22180BECF ] C:\Windows\System32\urlmon.dll20:01:08.0967 3320 C:\Windows\System32\urlmon.dll - ok20:01:08.0967 3320 [ AE09B85158C66E2C154C5C9B3C0027B3 ] C:\Windows\System32\kernel32.dll20:01:08.0967 3320 C:\Windows\System32\kernel32.dll - ok20:01:08.0983 3320 [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\System32\shell32.dll20:01:08.0983 3320 C:\Windows\System32\shell32.dll - ok20:01:08.0983 3320 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll20:01:08.0983 3320 C:\Windows\System32\lpk.dll - ok20:01:08.0983 3320 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll20:01:08.0983 3320 C:\Windows\System32\normaliz.dll - ok20:01:08.0999 3320 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll20:01:08.0999 3320 C:\Windows\System32\psapi.dll - ok20:01:08.0999 3320 [ F383B1AD5D7FDC1ACB0D900B50572F8D ] C:\Windows\System32\iertutil.dll20:01:08.0999 3320 C:\Windows\System32\iertutil.dll - ok20:01:08.0999 3320 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll20:01:08.0999 3320 C:\Windows\System32\setupapi.dll - ok20:01:09.0014 3320 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\System32\usp10.dll20:01:09.0014 3320 C:\Windows\System32\usp10.dll - ok20:01:09.0014 3320 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll20:01:09.0014 3320 C:\Windows\System32\msctf.dll - ok20:01:09.0014 3320 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll20:01:09.0014 3320 C:\Windows\System32\ole32.dll - ok20:01:09.0030 3320 [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll20:01:09.0030 3320 C:\Windows\System32\user32.dll - ok20:01:09.0030 3320 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll20:01:09.0030 3320 C:\Windows\System32\Wldap32.dll - ok20:01:09.0030 3320 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll20:01:09.0030 3320 C:\Windows\System32\ws2_32.dll - ok20:01:09.0045 3320 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll20:01:09.0045 3320 C:\Windows\System32\advapi32.dll - ok20:01:09.0045 3320 [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll20:01:09.0045 3320 C:\Windows\System32\rpcrt4.dll - ok20:01:09.0045 3320 [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll20:01:09.0045 3320 C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok20:01:09.0061 3320 [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll20:01:09.0061 3320 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok20:01:09.0061 3320 [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll20:01:09.0061 3320 C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok20:01:09.0077 3320 [ 92245C959E5BC378809D2CC5E9F6E9C7 ] C:\Windows\System32\crypt32.dll20:01:09.0077 3320 C:\Windows\System32\crypt32.dll - ok20:01:09.0077 3320 [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll20:01:09.0077 3320 C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok20:01:09.0077 3320 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll20:01:09.0077 3320 C:\Windows\System32\devobj.dll - ok20:01:09.0092 3320 [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll20:01:09.0092 3320 C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok20:01:09.0092 3320 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll20:01:09.0092 3320 C:\Windows\System32\comctl32.dll - ok20:01:09.0092 3320 [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll20:01:09.0092 3320 C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok20:01:09.0108 3320 [ AD88D390C9417C959E08F8BF6F2B8154 ] C:\Windows\System32\KernelBase.dll20:01:09.0108 3320 C:\Windows\System32\KernelBase.dll - ok20:01:09.0108 3320 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll20:01:09.0108 3320 C:\Windows\System32\wintrust.dll - ok20:01:09.0108 3320 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll20:01:09.0108 3320 C:\Windows\System32\cfgmgr32.dll - ok20:01:09.0123 3320 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll20:01:09.0123 3320 C:\Windows\System32\msasn1.dll - ok20:01:09.0123 3320 [ BD9C55D7023C5DE374507ACC7A14E2AC ] C:\Windows\System32\drivers\usbccgp.sys20:01:09.0123 3320 C:\Windows\System32\drivers\usbccgp.sys - ok20:01:09.0123 3320 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys20:01:09.0123 3320 C:\Windows\System32\drivers\dxapi.sys - ok20:01:09.0139 3320 [ 52948A58E4E64427DC399A409EF1CAB5 ] C:\Windows\System32\win32k.sys20:01:09.0139 3320 C:\Windows\System32\win32k.sys - ok20:01:09.0139 3320 [ 23AB7E36551C6BA5370EF7F05142F0EB ] C:\Windows\System32\csrsrv.dll20:01:09.0139 3320 C:\Windows\System32\csrsrv.dll - ok20:01:09.0155 3320 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe20:01:09.0155 3320 C:\Windows\System32\csrss.exe - ok20:01:09.0155 3320 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll20:01:09.0155 3320 C:\Windows\System32\basesrv.dll - ok20:01:09.0155 3320 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] C:\Windows\System32\drivers\usbvideo.sys20:01:09.0155 3320 C:\Windows\System32\drivers\usbvideo.sys - ok20:01:09.0170 3320 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\System32\winsrv.dll20:01:09.0170 3320 C:\Windows\System32\winsrv.dll - ok20:01:09.0170 3320 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys20:01:09.0170 3320 C:\Windows\System32\drivers\monitor.sys - ok20:01:09.0170 3320 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll20:01:09.0170 3320 C:\Windows\System32\tsddd.dll - ok20:01:09.0186 3320 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll20:01:09.0186 3320 C:\Windows\System32\profapi.dll - ok20:01:09.0186 3320 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll20:01:09.0186 3320 C:\Windows\System32\sxssrv.dll - ok20:01:09.0186 3320 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe20:01:09.0186 3320 C:\Windows\System32\wininit.exe - ok20:01:09.0201 3320 [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL20:01:09.0201 3320 C:\Windows\System32\KBDUS.DLL - ok20:01:09.0201 3320 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll20:01:09.0201 3320 C:\Windows\System32\RpcRtRemote.dll - ok20:01:09.0201 3320 [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll20:01:09.0201 3320 C:\Windows\System32\cdd.dll - ok20:01:09.0217 3320 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll20:01:09.0217 3320 C:\Windows\System32\sxs.dll - ok20:01:09.0217 3320 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll20:01:09.0217 3320 C:\Windows\System32\WlS0WndH.dll - ok20:01:09.0217 3320 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll20:01:09.0217 3320 C:\Windows\System32\cryptbase.dll - ok20:01:09.0233 3320 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll20:01:09.0233 3320 C:\Windows\System32\apphelp.dll - ok20:01:09.0233 3320 [ C95CA687D32DDAB1C91E1122E80D5E16 ] C:\Windows\System32\lsasrv.dll20:01:09.0233 3320 C:\Windows\System32\lsasrv.dll - ok20:01:09.0248 3320 [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe20:01:09.0248 3320 C:\Windows\System32\lsass.exe - ok20:01:09.0248 3320 [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe20:01:09.0248 3320 C:\Windows\System32\lsm.exe - ok20:01:09.0248 3320 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll20:01:09.0248 3320 C:\Windows\System32\scext.dll - ok20:01:09.0264 3320 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe20:01:09.0264 3320 C:\Windows\System32\services.exe - ok20:01:09.0264 3320 [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll20:01:09.0264 3320 C:\Windows\System32\sspicli.dll - ok20:01:09.0264 3320 [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll20:01:09.0264 3320 C:\Windows\System32\sspisrv.dll - ok20:01:09.0279 3320 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll20:01:09.0279 3320 C:\Windows\System32\sysntfy.dll - ok20:01:09.0279 3320 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll20:01:09.0279 3320 C:\Windows\System32\wmsgapi.dll - ok20:01:09.0279 3320 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll20:01:09.0279 3320 C:\Windows\System32\scesrv.dll - ok20:01:09.0295 3320 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll20:01:09.0295 3320 C:\Windows\System32\secur32.dll - ok20:01:09.0295 3320 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll20:01:09.0295 3320 C:\Windows\System32\srvcli.dll - ok20:01:09.0295 3320 [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll20:01:09.0295 3320 C:\Windows\System32\samsrv.dll - ok20:01:09.0311 3320 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll20:01:09.0311 3320 C:\Windows\System32\authz.dll - ok20:01:09.0311 3320 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll20:01:09.0311 3320 C:\Windows\System32\cngaudit.dll - ok20:01:09.0311 3320 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll20:01:09.0311 3320 C:\Windows\System32\cryptdll.dll - ok20:01:09.0326 3320 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll20:01:09.0326 3320 C:\Windows\System32\wevtapi.dll - ok20:01:09.0326 3320 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll20:01:09.0326 3320 C:\Windows\System32\bcrypt.dll - ok20:01:09.0326 3320 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll20:01:09.0326 3320 C:\Windows\System32\msprivs.dll - ok20:01:09.0342 3320 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\System32\ncrypt.dll20:01:09.0342 3320 C:\Windows\System32\ncrypt.dll - ok20:01:09.0342 3320 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll20:01:09.0342 3320 C:\Windows\System32\netjoin.dll - ok20:01:09.0357 3320 [ FD1D6C73E6333BE727CBCC6054247654 ] C:\Windows\System32\drivers\TsUsbFlt.sys20:01:09.0357 3320 C:\Windows\System32\drivers\TsUsbFlt.sys - ok20:01:09.0357 3320 [ 5DAF8A6B7F127C4E70A5C1F707347859 ] C:\Windows\System32\atmfd.dll20:01:09.0357 3320 C:\Windows\System32\atmfd.dll - ok20:01:09.0357 3320 [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll20:01:09.0357 3320 C:\Windows\System32\kerberos.dll - ok20:01:09.0373 3320 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll20:01:09.0373 3320 C:\Windows\System32\negoexts.dll - ok20:01:09.0373 3320 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll20:01:09.0373 3320 C:\Windows\System32\version.dll - ok20:01:09.0373 3320 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll20:01:09.0373 3320 C:\Windows\System32\cryptsp.dll - ok20:01:09.0389 3320 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll20:01:09.0389 3320 C:\Windows\System32\msv1_0.dll - ok20:01:09.0389 3320 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll20:01:09.0389 3320 C:\Windows\System32\mswsock.dll - ok20:01:09.0389 3320 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll20:01:09.0389 3320 C:\Windows\System32\netlogon.dll - ok20:01:09.0404 3320 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll20:01:09.0404 3320 C:\Windows\System32\wship6.dll - ok20:01:09.0404 3320 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll20:01:09.0404 3320 C:\Windows\System32\dnsapi.dll - ok20:01:09.0404 3320 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll20:01:09.0404 3320 C:\Windows\System32\logoncli.dll - ok20:01:09.0420 3320 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\System32\schannel.dll20:01:09.0420 3320 C:\Windows\System32\schannel.dll - ok20:01:09.0420 3320 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll20:01:09.0420 3320 C:\Windows\System32\wdigest.dll - ok20:01:09.0420 3320 [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe20:01:09.0420 3320 C:\Windows\System32\winlogon.exe - ok20:01:09.0435 3320 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll20:01:09.0435 3320 C:\Windows\System32\bcryptprimitives.dll - ok20:01:09.0435 3320 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll20:01:09.0435 3320 C:\Windows\System32\pku2u.dll - ok20:01:09.0451 3320 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll20:01:09.0451 3320 C:\Windows\System32\rsaenh.dll - ok20:01:09.0451 3320 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll20:01:09.0451 3320 C:\Windows\System32\TSpkg.dll - ok20:01:09.0451 3320 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll20:01:09.0451 3320 C:\Windows\System32\winsta.dll - ok20:01:09.0467 3320 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll20:01:09.0467 3320 C:\Windows\System32\credssp.dll - ok20:01:09.0467 3320 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll20:01:09.0467 3320 C:\Windows\System32\efslsaext.dll - ok20:01:09.0467 3320 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll20:01:09.0467 3320 C:\Windows\System32\ubpm.dll - ok20:01:09.0482 3320 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll20:01:09.0482 3320 C:\Windows\System32\scecli.dll - ok20:01:09.0482 3320 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe20:01:09.0482 3320 C:\Windows\System32\svchost.exe - ok20:01:09.0498 3320 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll20:01:09.0498 3320 C:\Windows\System32\umpnpmgr.dll - ok20:01:09.0498 3320 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll20:01:09.0498 3320 C:\Windows\System32\devrtl.dll - ok20:01:09.0498 3320 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll20:01:09.0498 3320 C:\Windows\System32\SPInf.dll - ok20:01:09.0513 3320 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll20:01:09.0513 3320 C:\Windows\System32\gpapi.dll - ok20:01:09.0513 3320 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll20:01:09.0513 3320 C:\Windows\System32\userenv.dll - ok20:01:09.0513 3320 [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll20:01:09.0513 3320 C:\Windows\System32\umpo.dll - ok20:01:09.0529 3320 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll20:01:09.0529 3320 C:\Windows\System32\pcwum.dll - ok20:01:09.0529 3320 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll20:01:09.0529 3320 C:\Windows\System32\powrprof.dll - ok20:01:09.0529 3320 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys20:01:09.0529 3320 C:\Windows\System32\drivers\luafv.sys - ok20:01:09.0545 3320 [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\Windows\System32\drivers\mbam.sys20:01:09.0545 3320 C:\Windows\System32\drivers\mbam.sys - ok20:01:09.0545 3320 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys20:01:09.0545 3320 C:\Windows\System32\drivers\WUDFPf.sys - ok20:01:09.0545 3320 [ A3B80E6B7CDE9660F639658739A5824E ] C:\Windows\System32\nvvsvc.exe20:01:09.0545 3320 C:\Windows\System32\nvvsvc.exe - ok20:01:09.0560 3320 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll20:01:09.0560 3320 C:\Windows\System32\wtsapi32.dll - ok20:01:09.0560 3320 [ A766CCAD980235FF34E7F8089D3175A3 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe20:01:09.0560 3320 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok20:01:09.0576 3320 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv20:01:09.0576 3320 C:\Windows\System32\winspool.drv - ok20:01:09.0576 3320 [ 91B82AFC372093C48D225CB358250325 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll20:01:09.0576 3320 C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll - ok20:01:09.0576 3320 [ 7FB76BB304C9CE38BDC398707E1EEE74 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll20:01:09.0576 3320 C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll - ok20:01:09.0591 3320 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll20:01:09.0591 3320 C:\Windows\System32\ntmarta.dll - ok20:01:09.0591 3320 [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll20:01:09.0591 3320 C:\Windows\System32\rpcss.dll - ok20:01:09.0591 3320 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll20:01:09.0591 3320 C:\Windows\System32\RpcEpMap.dll - ok20:01:09.0607 3320 [ 782BF54D15BCF6027DE9AA7192529FB7 ] C:\Windows\System32\PrxerDrv.dll20:01:09.0607 3320 C:\Windows\System32\PrxerDrv.dll - ok20:01:09.0607 3320 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL20:01:09.0607 3320 C:\Windows\System32\WSHTCPIP.DLL - ok20:01:09.0607 3320 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll20:01:09.0607 3320 C:\Windows\System32\wshqos.dll - ok20:01:09.0623 3320 [ F556912E70B22D740C9C99E310E3C11F ] C:\Program Files\Microsoft Security Client\MpSvc.dll20:01:09.0623 3320 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok20:01:09.0623 3320 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe20:01:09.0623 3320 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok20:01:09.0638 3320 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll20:01:09.0638 3320 C:\Windows\System32\FirewallAPI.dll - ok20:01:09.0638 3320 [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe20:01:09.0638 3320 C:\Windows\System32\LogonUI.exe - ok20:01:09.0638 3320 [ 3D9381A332E4373F8811C71BA5078B31 ] C:\Program Files\Microsoft Security Client\MpClient.dll20:01:09.0638 3320 C:\Program Files\Microsoft Security Client\MpClient.dll - ok20:01:09.0654 3320 [ E904178851A6A44BFA97E064EF779E9D ] C:\Windows\System32\authui.dll20:01:09.0654 3320 C:\Windows\System32\authui.dll - ok20:01:09.0654 3320 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll20:01:09.0654 3320 C:\Windows\System32\cryptui.dll - ok20:01:09.0669 3320 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll20:01:09.0669 3320 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok Link to post Share on other sites More sharing options...
Maniac Posted June 27, 2013 ID:696149 Share Posted June 27, 2013 I need the same part of the log file. It seems that there is a third and final section of the log file that is required to post. Link to post Share on other sites More sharing options...
fxjudy Posted June 27, 2013 Author ID:696150 Share Posted June 27, 2013 20:01:09.0669 3320 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll20:01:09.0669 3320 C:\Windows\System32\shacct.dll - ok20:01:09.0669 3320 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll20:01:09.0669 3320 C:\Windows\System32\propsys.dll - ok20:01:09.0685 3320 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll20:01:09.0685 3320 C:\Windows\System32\samlib.dll - ok20:01:09.0685 3320 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll20:01:09.0685 3320 C:\Windows\System32\uxtheme.dll - ok20:01:09.0685 3320 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll20:01:09.0685 3320 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok20:01:09.0701 3320 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll20:01:09.0701 3320 C:\Windows\System32\dui70.dll - ok20:01:09.0701 3320 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll20:01:09.0701 3320 C:\Windows\System32\duser.dll - ok20:01:09.0701 3320 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll20:01:09.0701 3320 C:\Windows\System32\SndVolSSO.dll - ok20:01:09.0716 3320 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll20:01:09.0716 3320 C:\Windows\System32\hid.dll - ok20:01:09.0716 3320 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll20:01:09.0716 3320 C:\Windows\System32\MMDevAPI.dll - ok20:01:09.0716 3320 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll20:01:09.0716 3320 C:\Windows\System32\dwmapi.dll - ok20:01:09.0732 3320 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll20:01:09.0732 3320 C:\Windows\System32\xmllite.dll - ok20:01:09.0732 3320 [ 5B2E4E90C04FB9AE9F2C5E99FF59B283 ] C:\Windows\System32\WindowsCodecs.dll20:01:09.0732 3320 C:\Windows\System32\WindowsCodecs.dll - ok20:01:09.0747 3320 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll20:01:09.0747 3320 C:\Windows\System32\VaultCredProvider.dll - ok20:01:09.0747 3320 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll20:01:09.0747 3320 C:\Windows\System32\winbrand.dll - ok20:01:09.0747 3320 [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll20:01:09.0747 3320 C:\Windows\System32\SmartcardCredentialProvider.dll - ok20:01:09.0763 3320 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll20:01:09.0763 3320 C:\Windows\System32\BioCredProv.dll - ok20:01:09.0763 3320 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll20:01:09.0763 3320 C:\Windows\System32\credui.dll - ok20:01:09.0763 3320 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll20:01:09.0763 3320 C:\Windows\System32\netapi32.dll - ok20:01:09.0779 3320 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll20:01:09.0779 3320 C:\Windows\System32\netutils.dll - ok20:01:09.0779 3320 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll20:01:09.0779 3320 C:\Windows\System32\samcli.dll - ok20:01:09.0779 3320 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll20:01:09.0779 3320 C:\Windows\System32\vaultcli.dll - ok20:01:09.0794 3320 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll20:01:09.0794 3320 C:\Windows\System32\winbio.dll - ok20:01:09.0794 3320 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll20:01:09.0794 3320 C:\Windows\System32\wkscli.dll - ok20:01:09.0794 3320 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll20:01:09.0794 3320 C:\Windows\System32\certCredProvider.dll - ok20:01:09.0810 3320 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll20:01:09.0810 3320 C:\Windows\System32\rasplap.dll - ok20:01:09.0810 3320 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll20:01:09.0810 3320 C:\Windows\System32\rasapi32.dll - ok20:01:09.0825 3320 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll20:01:09.0825 3320 C:\Windows\System32\rasman.dll - ok20:01:09.0825 3320 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll20:01:09.0825 3320 C:\Windows\System32\rtutils.dll - ok20:01:09.0825 3320 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll20:01:09.0825 3320 C:\Windows\System32\oleacc.dll - ok20:01:09.0841 3320 [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\System32\UIAutomationCore.dll20:01:09.0841 3320 C:\Windows\System32\UIAutomationCore.dll - ok20:01:09.0841 3320 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll20:01:09.0841 3320 C:\Windows\System32\msimg32.dll - ok20:01:09.0841 3320 [ 118D81523EA80B9E252CB840E94754C6 ] C:\Program Files\Microsoft Security Client\EppManifest.dll20:01:09.0841 3320 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok20:01:09.0857 3320 [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll20:01:09.0857 3320 C:\Windows\System32\wevtsvc.dll - ok20:01:09.0857 3320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll20:01:09.0857 3320 C:\Windows\System32\audiosrv.dll - ok20:01:09.0872 3320 [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll20:01:09.0872 3320 C:\Windows\System32\profsvc.dll - ok20:01:09.0872 3320 [ E12C4928B32ACE04610259647F072635 ] C:\Windows\System32\FntCache.dll20:01:09.0872 3320 C:\Windows\System32\FntCache.dll - ok20:01:09.0872 3320 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll20:01:09.0872 3320 C:\Windows\System32\avrt.dll - ok20:01:09.0888 3320 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll20:01:09.0888 3320 C:\Windows\System32\mmcss.dll - ok20:01:09.0888 3320 [ AA87D7709021503687326432DC59590D ] C:\Program Files\Microsoft Security Client\MpRTP.dll20:01:09.0888 3320 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok20:01:09.0888 3320 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll20:01:09.0888 3320 C:\Windows\System32\fltLib.dll - ok20:01:09.0903 3320 [ EE38212D3630819A6293A5BAE2D5C9A8 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll20:01:09.0903 3320 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok20:01:09.0903 3320 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] C:\Windows\System32\drivers\MpFilter.sys20:01:09.0903 3320 C:\Windows\System32\drivers\MpFilter.sys - ok20:01:09.0903 3320 [ AC66A87B91D548D8DBDA58D00FA21547 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll20:01:09.0903 3320 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok20:01:09.0919 3320 [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe20:01:09.0919 3320 C:\Windows\System32\audiodg.exe - ok20:01:09.0919 3320 [ 3E4F7CEF4D814584D3E9E390CA59DE5F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpengine.dll20:01:09.0919 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpengine.dll - ok20:01:09.0919 3320 [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll20:01:09.0935 3320 C:\Windows\System32\gpsvc.dll - ok20:01:09.0935 3320 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll20:01:09.0935 3320 C:\Windows\System32\atl.dll - ok20:01:09.0935 3320 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll20:01:09.0935 3320 C:\Windows\System32\dsrole.dll - ok20:01:09.0950 3320 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll20:01:09.0950 3320 C:\Windows\System32\es.dll - ok20:01:09.0950 3320 [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll20:01:09.0950 3320 C:\Windows\System32\nlaapi.dll - ok20:01:09.0950 3320 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll20:01:09.0950 3320 C:\Windows\System32\themeservice.dll - ok20:01:09.0966 3320 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll20:01:09.0966 3320 C:\Windows\System32\slc.dll - ok20:01:09.0966 3320 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll20:01:09.0966 3320 C:\Windows\System32\Sens.dll - ok20:01:09.0966 3320 [ 3129023CEF1A2225665D44F9545DAED4 ] D:\Program Files\Sandboxie\SbieSvc.exe20:01:09.0966 3320 D:\Program Files\Sandboxie\SbieSvc.exe - ok20:01:09.0981 3320 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll20:01:09.0981 3320 C:\Windows\System32\UXInit.dll - ok20:01:09.0981 3320 [ 913311F5F69932ADC29B0FF3015494CD ] D:\Program Files\Sandboxie\SbieDll.dll20:01:09.0981 3320 D:\Program Files\Sandboxie\SbieDll.dll - ok20:01:09.0981 3320 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll20:01:09.0981 3320 C:\Windows\System32\uxsms.dll - ok20:01:09.0997 3320 [ 954CA32CB0E3CCD19956D900A4A9F3FC ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe20:01:09.0997 3320 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok20:01:09.0997 3320 [ 26535C8F7105D7C2767C93FDFC49CF57 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasbase.vdm20:01:09.0997 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasbase.vdm - ok20:01:10.0013 3320 [ 0620AA2C0B176B89AC546C103FF2602C ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasdlta.vdm20:01:10.0013 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasdlta.vdm - ok20:01:10.0013 3320 [ 00000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavbase.vdm20:01:10.0013 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavbase.vdm - ok20:01:10.0013 3320 [ 82F190DF81BD2624DFE01AFBED4DE075 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavdlta.vdm20:01:10.0013 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavdlta.vdm - ok20:01:10.0028 3320 [ 56139C1B79B6EE0C6D02754F3F70892F ] C:\Windows\System32\nvsvc.dll20:01:10.0028 3320 C:\Windows\System32\nvsvc.dll - ok20:01:10.0028 3320 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL20:01:10.0028 3320 C:\Windows\System32\IPHLPAPI.DLL - ok20:01:10.0028 3320 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll20:01:10.0028 3320 C:\Windows\System32\imageres.dll - ok20:01:10.0044 3320 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll20:01:10.0044 3320 C:\Windows\System32\winnsi.dll - ok20:01:10.0044 3320 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll20:01:10.0044 3320 C:\Windows\System32\adtschema.dll - ok20:01:10.0044 3320 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll20:01:10.0044 3320 C:\Windows\System32\wlansvc.dll - ok20:01:10.0059 3320 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll20:01:10.0059 3320 C:\Windows\System32\mscms.dll - ok20:01:10.0059 3320 [ 97F064EA7D1240ADA38657E249EB3C5B ] C:\Windows\System32\nvapi.dll20:01:10.0059 3320 C:\Windows\System32\nvapi.dll - ok20:01:10.0059 3320 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll20:01:10.0059 3320 C:\Windows\System32\winmm.dll - ok20:01:10.0075 3320 [ 692A2ECA4ACB58BB337EE084E414B132 ] C:\Windows\System32\nvsvcr.dll20:01:10.0075 3320 C:\Windows\System32\nvsvcr.dll - ok20:01:10.0075 3320 [ 3CB15ED250A70B9FA3FF5AA125362A63 ] C:\Windows\System32\nvcpl.dll20:01:10.0075 3320 C:\Windows\System32\nvcpl.dll - ok20:01:10.0075 3320 [ B9ADA43CB3FFAF6669D34F432AA44A0F ] C:\Windows\System32\pstorec.dll20:01:10.0075 3320 C:\Windows\System32\pstorec.dll - ok20:01:10.0091 3320 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll20:01:10.0091 3320 C:\Windows\System32\WUDFSvc.dll - ok20:01:10.0091 3320 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll20:01:10.0091 3320 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok20:01:10.0106 3320 [ 224049C51E2C2D07B02B1BED262976A1 ] D:\Program Files\Sandboxie\SbieDrv.sys20:01:10.0106 3320 D:\Program Files\Sandboxie\SbieDrv.sys - ok20:01:10.0106 3320 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll20:01:10.0106 3320 C:\Windows\System32\WUDFPlatform.dll - ok20:01:10.0106 3320 [ 7A4BB278D7860551A716D46349492692 ] C:\Windows\System32\drivers\vmnetbridge.sys20:01:10.0106 3320 C:\Windows\System32\drivers\vmnetbridge.sys - ok20:01:10.0122 3320 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys20:01:10.0122 3320 C:\Windows\System32\drivers\lltdio.sys - ok20:01:10.0122 3320 [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys20:01:10.0122 3320 C:\Windows\System32\drivers\ndisuio.sys - ok20:01:10.0137 3320 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys20:01:10.0137 3320 C:\Windows\System32\drivers\nwifi.sys - ok20:01:10.0137 3320 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys20:01:10.0137 3320 C:\Windows\System32\drivers\rspndr.sys - ok20:01:10.0137 3320 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll20:01:10.0137 3320 C:\Windows\System32\keyiso.dll - ok20:01:10.0153 3320 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll20:01:10.0153 3320 C:\Windows\System32\lmhsvc.dll - ok20:01:10.0153 3320 [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll20:01:10.0153 3320 C:\Windows\System32\nrpsrv.dll - ok20:01:10.0153 3320 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll20:01:10.0153 3320 C:\Windows\System32\nsisvc.dll - ok20:01:10.0169 3320 [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll20:01:10.0169 3320 C:\Windows\System32\dhcpcore.dll - ok20:01:10.0169 3320 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll20:01:10.0169 3320 C:\Windows\System32\eapsvc.dll - ok20:01:10.0169 3320 [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll20:01:10.0169 3320 C:\Windows\System32\eapphost.dll - ok20:01:10.0184 3320 [ A2B99C57E9ED69E432390C3966946910 ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll20:01:10.0184 3320 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok20:01:10.0184 3320 [ 85E57D87AF7AF2EECBE4548F8A54061F ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll20:01:10.0184 3320 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok20:01:10.0184 3320 [ 25D4EAFF936A6FA97DAD44D303741868 ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll20:01:10.0184 3320 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok20:01:10.0200 3320 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll20:01:10.0200 3320 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok20:01:10.0200 3320 [ 82EC9AC48736E310F81C6F58F0D27FEF ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll20:01:10.0200 3320 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok20:01:10.0215 3320 [ C2D2270A85FE733BE9E606C67E43EC47 ] C:\Program Files\NVIDIA Corporation\Display\nvuir.dll20:01:10.0215 3320 C:\Program Files\NVIDIA Corporation\Display\nvuir.dll - ok20:01:10.0215 3320 [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll20:01:10.0215 3320 C:\Windows\System32\dnsrslvr.dll - ok20:01:10.0215 3320 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll20:01:10.0215 3320 C:\Windows\System32\comres.dll - ok20:01:10.0231 3320 [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll20:01:10.0231 3320 C:\Windows\System32\dhcpcore6.dll - ok20:01:10.0231 3320 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll20:01:10.0231 3320 C:\Windows\System32\dhcpcsvc6.dll - ok20:01:10.0231 3320 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll20:01:10.0231 3320 C:\Windows\System32\dhcpcsvc.dll - ok20:01:10.0247 3320 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys20:01:10.0247 3320 C:\Windows\System32\drivers\fltMgr.sys - ok20:01:10.0247 3320 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL20:01:10.0247 3320 C:\Windows\System32\PSHED.DLL - ok20:01:10.0247 3320 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe20:01:10.0247 3320 C:\Windows\System32\dllhost.exe - ok20:01:10.0262 3320 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll20:01:10.0262 3320 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok20:01:10.0262 3320 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll20:01:10.0262 3320 C:\Windows\System32\IDStore.dll - ok20:01:10.0262 3320 [ F8CEA61598065D44E8E328C160D24E8F ] C:\Windows\System32\IMSC14.IME20:01:10.0278 3320 C:\Windows\System32\IMSC14.IME - ok20:01:10.0278 3320 [ 10097B86D9F9237E4628AD2AD19BDAB2 ] C:\Windows\System32\IMSCE14.IME20:01:10.0278 3320 C:\Windows\System32\IMSCE14.IME - ok20:01:10.0278 3320 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll20:01:10.0278 3320 C:\Windows\System32\mpr.dll - ok20:01:10.0293 3320 [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe20:01:10.0293 3320 C:\Windows\System32\userinit.exe - ok20:01:10.0293 3320 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe20:01:10.0293 3320 C:\Windows\System32\dwm.exe - ok20:01:10.0293 3320 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll20:01:10.0293 3320 C:\Windows\System32\dwmcore.dll - ok20:01:10.0309 3320 [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll20:01:10.0309 3320 C:\Windows\System32\dwmredir.dll - ok20:01:10.0309 3320 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll20:01:10.0309 3320 C:\Windows\System32\dnsext.dll - ok20:01:10.0309 3320 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL20:01:10.0309 3320 C:\Windows\System32\FWPUCLNT.DLL - ok20:01:10.0325 3320 [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll20:01:10.0325 3320 C:\Windows\System32\umb.dll - ok20:01:10.0325 3320 [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll20:01:10.0325 3320 C:\Windows\System32\wlanmsm.dll - ok20:01:10.0325 3320 [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll20:01:10.0325 3320 C:\Windows\System32\wlansec.dll - ok20:01:10.0340 3320 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll20:01:10.0340 3320 C:\Windows\System32\eappcfg.dll - ok20:01:10.0340 3320 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll20:01:10.0340 3320 C:\Windows\System32\eappprxy.dll - ok20:01:10.0340 3320 [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll20:01:10.0340 3320 C:\Windows\System32\l2gpstore.dll - ok20:01:10.0356 3320 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll20:01:10.0356 3320 C:\Windows\System32\onex.dll - ok20:01:10.0356 3320 [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll20:01:10.0356 3320 C:\Windows\System32\wlgpclnt.dll - ok20:01:10.0371 3320 [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe20:01:10.0371 3320 C:\Windows\explorer.exe - ok20:01:10.0371 3320 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll20:01:10.0371 3320 C:\Windows\System32\ExplorerFrame.dll - ok20:01:10.0371 3320 [ 3C1936A12C62254F914A01BBC6A8DC69 ] C:\Windows\System32\d3d10_1.dll20:01:10.0371 3320 C:\Windows\System32\d3d10_1.dll - ok20:01:10.0387 3320 [ 3FC5B80B2FA502DF3461AC3BD97E622E ] D:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll20:01:10.0387 3320 D:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll - ok20:01:10.0387 3320 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\System32\msvcp100.dll20:01:10.0387 3320 C:\Windows\System32\msvcp100.dll - ok20:01:10.0387 3320 [ 8A79F691D739E565853EBFC542B2B123 ] D:\Program Files\Genie9\Zoolz2\Communicator.dll20:01:10.0387 3320 D:\Program Files\Genie9\Zoolz2\Communicator.dll - ok20:01:10.0403 3320 [ 983B356504D443E61B9012EA9F36496B ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll20:01:10.0403 3320 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok20:01:10.0403 3320 [ CB6B671ED6D97F2E9F2274EADB7517B2 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe20:01:10.0403 3320 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok20:01:10.0418 3320 [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll20:01:10.0418 3320 C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok20:01:10.0418 3320 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll20:01:10.0418 3320 C:\Windows\System32\wscapi.dll - ok20:01:10.0418 3320 [ D4212AB475A3B25EC4DF574536C3EDC5 ] C:\Windows\System32\d3d10_1core.dll20:01:10.0418 3320 C:\Windows\System32\d3d10_1core.dll - ok20:01:10.0434 3320 [ D4F264FE23F8953D840904418220C15E ] C:\Windows\System32\dxgi.dll20:01:10.0434 3320 C:\Windows\System32\dxgi.dll - ok20:01:10.0434 3320 [ 6DE66FE7C526637E74CD066461C7C871 ] C:\Windows\System32\d3d11.dll20:01:10.0434 3320 C:\Windows\System32\d3d11.dll - ok20:01:10.0434 3320 [ AD2B4A9C4ECFBC9BBD9F9A4B8C7510FF ] C:\Windows\System32\nvwgf2um.dll20:01:10.0434 3320 C:\Windows\System32\nvwgf2um.dll - ok20:01:10.0449 3320 [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll20:01:10.0449 3320 C:\Windows\System32\uDWM.dll - ok20:01:10.0449 3320 [ 3FA214B377B8711D859F950FDFEFF739 ] C:\Windows\System32\conhost.exe20:01:10.0449 3320 C:\Windows\System32\conhost.exe - ok20:01:10.0449 3320 [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\System32\msxml6.dll20:01:10.0449 3320 C:\Windows\System32\msxml6.dll - ok20:01:10.0465 3320 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll20:01:10.0465 3320 C:\Windows\System32\WinSCard.dll - ok20:01:10.0465 3320 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll20:01:10.0465 3320 C:\Windows\System32\wlanutil.dll - ok20:01:10.0465 3320 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll20:01:10.0465 3320 C:\Windows\System32\cabinet.dll - ok20:01:10.0481 3320 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll20:01:10.0481 3320 C:\Windows\System32\shsvcs.dll - ok20:01:10.0481 3320 [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll20:01:10.0481 3320 C:\Windows\System32\schedsvc.dll - ok20:01:10.0481 3320 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll20:01:10.0481 3320 C:\Windows\System32\ktmw32.dll - ok20:01:10.0496 3320 [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll20:01:10.0496 3320 C:\Windows\System32\fveapi.dll - ok20:01:10.0496 3320 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll20:01:10.0496 3320 C:\Windows\System32\p2pcollab.dll - ok20:01:10.0496 3320 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll20:01:10.0496 3320 C:\Windows\System32\fvecerts.dll - ok20:01:10.0512 3320 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll20:01:10.0512 3320 C:\Windows\System32\tbs.dll - ok20:01:10.0512 3320 [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll20:01:10.0512 3320 C:\Windows\System32\taskcomp.dll - ok20:01:10.0527 3320 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL20:01:10.0527 3320 C:\Windows\System32\QAGENTRT.DLL - ok20:01:10.0527 3320 [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll20:01:10.0527 3320 C:\Windows\System32\wiarpc.dll - ok20:01:10.0527 3320 [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll20:01:10.0527 3320 C:\Windows\System32\fveui.dll - ok20:01:10.0543 3320 [ 42DD9011D54C3A91F14BDBBF50791DA9 ] C:\Program Files\Microsoft Security Client\MsseWat.dll20:01:10.0543 3320 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok20:01:10.0543 3320 [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll20:01:10.0543 3320 C:\Windows\System32\slwga.dll - ok20:01:10.0543 3320 [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll20:01:10.0543 3320 C:\Windows\System32\sppc.dll - ok20:01:10.0559 3320 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\System32\msvcr100.dll20:01:10.0559 3320 C:\Windows\System32\msvcr100.dll - ok20:01:10.0559 3320 [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys20:01:10.0559 3320 C:\Windows\System32\drivers\http.sys - ok20:01:10.0559 3320 [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe20:01:10.0559 3320 C:\Windows\System32\spoolsv.exe - ok20:01:10.0574 3320 [ 72E953215CADE1A726C04AAFDF6B463D ] C:\Windows\System32\taskhost.exe20:01:10.0574 3320 C:\Windows\System32\taskhost.exe - ok20:01:10.0574 3320 [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll20:01:10.0574 3320 C:\Windows\System32\HotStartUserAgent.dll - ok20:01:10.0574 3320 [ 8FC518FFE9519C2631D37515A68009C4 ] C:\Windows\System32\SCardSvr.dll20:01:10.0574 3320 C:\Windows\System32\SCardSvr.dll - ok20:01:10.0590 3320 [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL20:01:10.0590 3320 C:\Windows\System32\BFE.DLL - ok20:01:10.0590 3320 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll20:01:10.0590 3320 C:\Windows\System32\esent.dll - ok20:01:10.0590 3320 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll20:01:10.0590 3320 C:\Windows\System32\PlaySndSrv.dll - ok20:01:10.0605 3320 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll20:01:10.0605 3320 C:\Windows\System32\MsCtfMonitor.dll - ok20:01:10.0605 3320 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll20:01:10.0605 3320 C:\Windows\System32\msutb.dll - ok20:01:10.0621 3320 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys20:01:10.0621 3320 C:\Windows\System32\drivers\bowser.sys - ok20:01:10.0621 3320 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys20:01:10.0621 3320 C:\Windows\System32\drivers\mpsdrv.sys - ok20:01:10.0621 3320 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys20:01:10.0621 3320 C:\Windows\System32\drivers\mrxsmb.sys - ok20:01:10.0637 3320 [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys20:01:10.0637 3320 C:\Windows\System32\drivers\mrxsmb10.sys - ok20:01:10.0637 3320 [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll20:01:10.0637 3320 C:\Windows\System32\MPSSVC.dll - ok20:01:10.0637 3320 [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys20:01:10.0637 3320 C:\Windows\System32\drivers\mrxsmb20.sys - ok20:01:10.0652 3320 [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll20:01:10.0652 3320 C:\Windows\System32\wkssvc.dll - ok20:01:10.0652 3320 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys20:01:10.0652 3320 C:\Windows\System32\drivers\parport.sys - ok20:01:10.0668 3320 [ B6F5AC88A1A1FDD802CB689721D640FE ] C:\Windows\System32\drivers\hcmon.sys20:01:10.0668 3320 C:\Windows\System32\drivers\hcmon.sys - ok20:01:10.0668 3320 [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll20:01:10.0668 3320 C:\Windows\System32\wfapigp.dll - ok20:01:10.0668 3320 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll20:01:10.0668 3320 C:\Windows\System32\pcasvc.dll - ok20:01:10.0683 3320 [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe20:01:10.0683 3320 C:\Windows\System32\snmptrap.exe - ok20:01:10.0683 3320 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe20:01:10.0683 3320 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok20:01:10.0699 3320 [ 6B649BAAF488C8505C613A1159A8D05C ] C:\Windows\System32\drivers\vmx86.sys20:01:10.0699 3320 C:\Windows\System32\drivers\vmx86.sys - ok20:01:10.0699 3320 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll20:01:10.0699 3320 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok20:01:10.0699 3320 [ 645B2E8D38F937DAB5A735B12922446E ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe20:01:10.0699 3320 C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe - ok20:01:10.0715 3320 [ 8A8B277067C22F4BF6AA9A31692FC4D3 ] C:\Windows\System32\cryptnet.dll20:01:10.0715 3320 C:\Windows\System32\cryptnet.dll - ok20:01:10.0715 3320 [ 3897DFF247D9ED0006190349DE264E14 ] C:\Windows\System32\cryptsvc.dll20:01:10.0715 3320 C:\Windows\System32\cryptsvc.dll - ok20:01:10.0715 3320 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll20:01:10.0715 3320 C:\Windows\System32\dps.dll - ok20:01:10.0730 3320 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll20:01:10.0730 3320 C:\Windows\System32\vssapi.dll - ok20:01:10.0730 3320 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll20:01:10.0730 3320 C:\Windows\System32\taskschd.dll - ok20:01:10.0730 3320 [ 91AB587F7EA44B0DEB0522F71AD7B2DC ] C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE20:01:10.0730 3320 C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE - ok20:01:10.0746 3320 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll20:01:10.0746 3320 C:\Windows\System32\vsstrace.dll - ok20:01:10.0746 3320 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll20:01:10.0746 3320 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok20:01:10.0761 3320 [ 15D52DA93B328A3E7CAF9AAEE5E988C1 ] C:\Program Files\Common Files\microsoft shared\IME14WR\SHARED\IMEDICTUPDATE.EXE20:01:10.0761 3320 C:\Program Files\Common Files\microsoft shared\IME14WR\SHARED\IMEDICTUPDATE.EXE - ok20:01:10.0761 3320 [ F95622F161474511B8D80D6B093AA610 ] C:\Windows\System32\IKEEXT.DLL20:01:10.0761 3320 C:\Windows\System32\IKEEXT.DLL - ok20:01:10.0761 3320 [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe20:01:10.0761 3320 C:\Windows\System32\taskeng.exe - ok20:01:10.0777 3320 [ 5845B1C54380FB980F68024B3A8B1E66 ] C:\Windows\System32\vpnikeapi.dll20:01:10.0777 3320 C:\Windows\System32\vpnikeapi.dll - ok20:01:10.0777 3320 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll20:01:10.0777 3320 C:\Windows\System32\TSChannel.dll - ok20:01:10.0777 3320 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe20:01:10.0777 3320 C:\Program Files\Google\Update\GoogleUpdate.exe - ok20:01:10.0793 3320 [ C369D1EEE8EBEA7CB60293C8E1AEA845 ] D:\Program Files\Genie9\Zoolz2\GSLogging.dll20:01:10.0793 3320 D:\Program Files\Genie9\Zoolz2\GSLogging.dll - ok20:01:10.0793 3320 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll20:01:10.0793 3320 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok20:01:10.0793 3320 [ 3C4C6BE926A2EF0293315BBC014E477F ] C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll20:01:10.0793 3320 C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll - ok20:01:10.0808 3320 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll20:01:10.0808 3320 C:\Windows\System32\msi.dll - ok20:01:10.0808 3320 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll20:01:10.0808 3320 C:\Windows\System32\cscapi.dll - ok20:01:10.0824 3320 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe20:01:10.0824 3320 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok20:01:10.0824 3320 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll20:01:10.0824 3320 C:\Windows\System32\dbghelp.dll - ok20:01:10.0824 3320 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll20:01:10.0824 3320 C:\Windows\System32\mstask.dll - ok20:01:10.0839 3320 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll20:01:10.0839 3320 C:\Windows\System32\msxml3.dll - ok20:01:10.0839 3320 [ 62377E616A4850C6B46FF748917D7064 ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll20:01:10.0839 3320 C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll - ok20:01:10.0839 3320 [ 95689A138E6E288AFC0C0FCB04C30473 ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVer.dll20:01:10.0839 3320 C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVer.dll - ok20:01:10.0855 3320 [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll20:01:10.0855 3320 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok20:01:10.0855 3320 [ 5C22C4AD546102A455A0CC4885F5601E ] D:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll20:01:10.0855 3320 D:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll - ok20:01:10.0871 3320 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll20:01:10.0871 3320 C:\Windows\System32\provsvc.dll - ok20:01:10.0871 3320 [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll20:01:10.0871 3320 C:\Windows\System32\sstpsvc.dll - ok20:01:10.0871 3320 [ 65085456FD9A74D7F1A999520C299ECB ] D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe20:01:10.0871 3320 D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok20:01:10.0886 3320 [ EF39CCCC9AD927A25334AE0B41A8A343 ] D:\Program Files\Malwarebytes' Anti-Malware\mbam.dll20:01:10.0886 3320 D:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok20:01:10.0886 3320 [ 1CC9F4BB5ACC9A99DB25A72EB0E6D7F4 ] D:\Program Files\TortoiseSVN\bin\TortoiseSVN32.dll20:01:10.0886 3320 D:\Program Files\TortoiseSVN\bin\TortoiseSVN32.dll - ok20:01:10.0886 3320 [ B1B17BF2EC8D15774A749CBAAB6DF24D ] D:\Program Files\TortoiseSVN\bin\libsvn_tsvn32.dll20:01:10.0886 3320 D:\Program Files\TortoiseSVN\bin\libsvn_tsvn32.dll - ok20:01:10.0902 3320 [ 9275F02BEA644F43A459E316A932658F ] D:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll20:01:10.0902 3320 D:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok20:01:10.0902 3320 [ 248A8C84E043F2BC2CC0C6C4E151010D ] D:\Program Files\TortoiseSVN\bin\libapr_tsvn32.dll20:01:10.0902 3320 D:\Program Files\TortoiseSVN\bin\libapr_tsvn32.dll - ok20:01:10.0917 3320 [ 0F8459942A1A6D054ADD3812366462AF ] D:\Program Files\TortoiseSVN\bin\libaprutil_tsvn32.dll20:01:10.0917 3320 D:\Program Files\TortoiseSVN\bin\libaprutil_tsvn32.dll - ok20:01:10.0917 3320 [ 18080469E2360A432D71E21B701C4F0D ] D:\Program Files\TortoiseSVN\bin\intl3_tsvn32.dll20:01:10.0917 3320 D:\Program Files\TortoiseSVN\bin\intl3_tsvn32.dll - ok20:01:10.0917 3320 [ D1C4FEA301DEE43EFD93F35C34CBBC90 ] D:\Program Files\TortoiseSVN\bin\libsasl32.dll20:01:10.0917 3320 D:\Program Files\TortoiseSVN\bin\libsasl32.dll - ok20:01:10.0933 3320 [ 58932F2AA934FE62C28A21F9150204A0 ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVerPS.dll20:01:10.0933 3320 C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVerPS.dll - ok20:01:10.0933 3320 [ FFD5E5C32C03016FC7D84B25EB8C95E3 ] D:\Program Files\TortoiseSVN\Languages\TortoiseProc2052.dll20:01:10.0933 3320 D:\Program Files\TortoiseSVN\Languages\TortoiseProc2052.dll - ok20:01:10.0933 3320 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe20:01:10.0933 3320 D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok20:01:10.0949 3320 [ D1F4EF194A129726FBF30E2F514824AA ] C:\Users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll20:01:10.0949 3320 C:\Users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll - ok20:01:10.0949 3320 [ 80D8679BF84A9383BFF33E07D5D9FC35 ] D:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll20:01:10.0949 3320 D:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok20:01:10.0964 3320 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll20:01:10.0964 3320 C:\Windows\System32\IconCodecService.dll - ok20:01:10.0964 3320 [ 832E098BCA8235436FE2D8AE50AC3718 ] C:\Windows\System32\drivers\NisDrvWFP.sys20:01:10.0964 3320 C:\Windows\System32\drivers\NisDrvWFP.sys - ok20:01:10.0964 3320 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll20:01:10.0964 3320 C:\Windows\System32\netman.dll - ok20:01:10.0980 3320 [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll20:01:10.0980 3320 C:\Windows\System32\nlasvc.dll - ok20:01:10.0980 3320 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll20:01:10.0980 3320 C:\Windows\System32\ncsi.dll - ok20:01:10.0980 3320 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll20:01:10.0980 3320 C:\Windows\System32\winhttp.dll - ok20:01:10.0995 3320 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll20:01:10.0995 3320 C:\Windows\System32\ssdpapi.dll - ok20:01:10.0995 3320 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll20:01:10.0995 3320 C:\Windows\System32\webio.dll - ok20:01:10.0995 3320 [ D1D5DAB39DCB4BE0359943738D87409B ] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe20:01:10.0995 3320 D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok20:01:11.0011 3320 [ E1ACE17DDAF078458E2FF063C8457E8C ] C:\Windows\System32\drivers\PassGuard.sys20:01:11.0011 3320 C:\Windows\System32\drivers\PassGuard.sys - ok20:01:11.0011 3320 [ 1319CD4619E96B156911CA3897563EBC ] C:\Windows\System32\ci.dll20:01:11.0011 3320 C:\Windows\System32\ci.dll - ok20:01:11.0011 3320 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys20:01:11.0011 3320 C:\Windows\System32\drivers\PEAuth.sys - ok20:01:11.0027 3320 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys20:01:11.0027 3320 C:\Windows\System32\drivers\secdrv.sys - ok20:01:11.0027 3320 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys20:01:11.0027 3320 C:\Windows\System32\drivers\srvnet.sys - ok20:01:11.0042 3320 [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll20:01:11.0042 3320 C:\Windows\System32\seclogon.dll - ok20:01:11.0042 3320 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys20:01:11.0042 3320 C:\Windows\System32\drivers\tcpipreg.sys - ok20:01:11.0042 3320 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll20:01:11.0042 3320 C:\Windows\System32\httpapi.dll - ok20:01:11.0058 3320 [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll20:01:11.0058 3320 C:\Windows\System32\sysmain.dll - ok20:01:11.0058 3320 [ 613BF4820361543956909043A265C6AC ] C:\Windows\System32\tapisrv.dll20:01:11.0058 3320 C:\Windows\System32\tapisrv.dll - ok20:01:11.0058 3320 [ 4214CE8AC6E4E2667E71B9A5E973D590 ] C:\Windows\System32\drivers\vmnetuserif.sys20:01:11.0058 3320 C:\Windows\System32\drivers\vmnetuserif.sys - ok20:01:11.0073 3320 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll20:01:11.0073 3320 C:\Windows\System32\trkwks.dll - ok20:01:11.0073 3320 [ 709B9008BCC9E0375D0A45B08F4C48ED ] C:\Windows\System32\vmnat.exe20:01:11.0073 3320 C:\Windows\System32\vmnat.exe - ok20:01:11.0073 3320 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll20:01:11.0073 3320 C:\Windows\System32\shfolder.dll - ok20:01:11.0089 3320 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll20:01:11.0089 3320 C:\Windows\System32\wbemcomn.dll - ok20:01:11.0089 3320 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll20:01:11.0089 3320 C:\Windows\System32\wbem\WMIsvc.dll - ok20:01:11.0089 3320 [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll20:01:11.0089 3320 C:\Windows\System32\wbem\WmiDcPrv.dll - ok20:01:11.0105 3320 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll20:01:11.0105 3320 C:\Windows\System32\wbem\WinMgmtR.dll - ok20:01:11.0105 3320 [ 0DAAEBED3A2A3A86D2766C2B7163EB47 ] D:\Program Files\Genie9\Zoolz2\ZoolzService.exe20:01:11.0105 3320 D:\Program Files\Genie9\Zoolz2\ZoolzService.exe - ok20:01:11.0120 3320 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll20:01:11.0120 3320 C:\Windows\System32\mscoree.dll - ok20:01:11.0120 3320 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll20:01:11.0120 3320 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok20:01:11.0120 3320 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll20:01:11.0120 3320 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok20:01:11.0136 3320 [ 5FF5E12F28725D14CAA3B408848ADFFC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll20:01:11.0136 3320 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll - ok20:01:11.0136 3320 [ C3E39FB1398EEE8E612C2FE53A9192EF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll20:01:11.0136 3320 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll - ok20:01:11.0136 3320 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll20:01:11.0136 3320 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok20:01:11.0151 3320 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll20:01:11.0151 3320 C:\Windows\System32\riched20.dll - ok20:01:11.0151 3320 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll20:01:11.0151 3320 C:\Windows\System32\SensApi.dll - ok20:01:11.0167 3320 [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll20:01:11.0167 3320 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok20:01:11.0167 3320 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll20:01:11.0167 3320 C:\Windows\System32\wbem\fastprox.dll - ok20:01:11.0167 3320 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll20:01:11.0167 3320 C:\Windows\System32\ntdsapi.dll - ok20:01:11.0183 3320 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll20:01:11.0183 3320 C:\Windows\System32\wbem\wbemprox.dll - ok20:01:11.0183 3320 [ 3518CB4E2D896CAB53D5386F15AC0566 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll20:01:11.0183 3320 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll - ok20:01:11.0198 3320 [ 7765680E25E329708CB034B180CF9FCD ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll20:01:11.0198 3320 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll - ok20:01:11.0198 3320 [ 7EC0743DBACC4F137BBAEF2E9DE05417 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll20:01:11.0198 3320 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll - ok20:01:11.0198 3320 [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll20:01:11.0198 3320 C:\Windows\System32\wbem\wbemcore.dll - ok20:01:11.0214 3320 [ 4B67F6B9F0BC9753FF566D08FB59D370 ] D:\Program Files\Genie9\Zoolz2\Settings.dll20:01:11.0214 3320 D:\Program Files\Genie9\Zoolz2\Settings.dll - ok20:01:11.0214 3320 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll20:01:11.0214 3320 C:\Windows\System32\wbem\esscli.dll - ok20:01:11.0214 3320 [ A2623E7425AF07134D4825AB9EAC09AD ] D:\Program Files\Genie9\Zoolz2\GenieLog.dll20:01:11.0214 3320 D:\Program Files\Genie9\Zoolz2\GenieLog.dll - ok20:01:11.0229 3320 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll20:01:11.0229 3320 C:\Windows\System32\wbem\wbemsvc.dll - ok20:01:11.0229 3320 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll20:01:11.0229 3320 C:\Windows\System32\wbem\wmiutils.dll - ok20:01:11.0229 3320 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll20:01:11.0229 3320 C:\Windows\System32\wbem\repdrvfs.dll - ok20:01:11.0245 3320 [ 871F7F32E3441580138E61A4AA072DF6 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll20:01:11.0245 3320 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll - ok20:01:11.0245 3320 [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll20:01:11.0245 3320 C:\Windows\System32\wbem\WmiPrvSD.dll - ok20:01:11.0261 3320 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll20:01:11.0261 3320 C:\Windows\System32\ncobjapi.dll - ok20:01:11.0261 3320 [ 98A335646C2FFC0DB78C856B5CA14F4D ] D:\Program Files\Genie9\Zoolz2\Ionic.Zip.dll20:01:11.0261 3320 D:\Program Files\Genie9\Zoolz2\Ionic.Zip.dll - ok20:01:11.0261 3320 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll20:01:11.0261 3320 C:\Windows\System32\wbem\wbemess.dll - ok20:01:11.0276 3320 [ 66F423BC6EC65C8C58DAE8ACD60C6ECF ] D:\Program Files\Genie9\Zoolz2\Ionic.BZip2.dll20:01:11.0276 3320 D:\Program Files\Genie9\Zoolz2\Ionic.BZip2.dll - ok20:01:11.0276 3320 [ 7FB07F0B74E05042958EC01B3DD3AB45 ] D:\Program Files\Genie9\Zoolz2\log4net.dll20:01:11.0276 3320 D:\Program Files\Genie9\Zoolz2\log4net.dll - ok20:01:11.0276 3320 [ C6458BF42FD8A9194EA4B2C81AA3B157 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll20:01:11.0276 3320 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll - ok20:01:11.0292 3320 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll20:01:11.0292 3320 C:\Windows\System32\NapiNSP.dll - ok20:01:11.0292 3320 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll20:01:11.0292 3320 C:\Windows\System32\pnrpnsp.dll - ok20:01:11.0292 3320 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll20:01:11.0292 3320 C:\Windows\System32\winrnr.dll - ok20:01:11.0307 3320 [ 51BD0DDD8F3A45135CBEEBEADF59CCCF ] C:\Windows\System32\PrxerNsp.dll20:01:11.0307 3320 C:\Windows\System32\PrxerNsp.dll - ok20:01:11.0307 3320 [ AF101D19EDD25AC27DD888F08B37D63C ] D:\Program Files\Genie9\Zoolz2\DevNetGlobalCache.dll20:01:11.0307 3320 D:\Program Files\Genie9\Zoolz2\DevNetGlobalCache.dll - ok20:01:11.0323 3320 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys20:01:11.0323 3320 C:\Windows\System32\drivers\srv2.sys - ok20:01:11.0323 3320 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll20:01:11.0323 3320 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok20:01:11.0323 3320 [ CB9E04DC05EACF5B9A36CA276D475006 ] C:\Windows\System32\rasmans.dll20:01:11.0323 3320 C:\Windows\System32\rasmans.dll - ok20:01:11.0339 3320 [ 57C33C343681C43EFF2518B9BDC70305 ] C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll20:01:11.0339 3320 C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll - ok20:01:11.0339 3320 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] C:\Windows\System32\iphlpsvc.dll20:01:11.0339 3320 C:\Windows\System32\iphlpsvc.dll - ok20:01:11.0339 3320 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll20:01:11.0339 3320 C:\Windows\System32\sqmapi.dll - ok20:01:11.0354 3320 [ A942813405C51998DD2C2B86A08394D5 ] D:\Program Files\vmware\vmware-authd.exe20:01:11.0354 3320 D:\Program Files\vmware\vmware-authd.exe - ok20:01:11.0354 3320 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll20:01:11.0354 3320 C:\Windows\System32\wdscore.dll - ok20:01:11.0354 3320 [ B2E1E4A16EDD02396F451F915FA3CBFA ] C:\Windows\System32\rastapi.dll20:01:11.0354 3320 C:\Windows\System32\rastapi.dll - ok20:01:11.0370 3320 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll20:01:11.0370 3320 C:\Windows\System32\tapi32.dll - ok20:01:11.0370 3320 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll20:01:11.0370 3320 C:\Windows\System32\netcfgx.dll - ok20:01:11.0370 3320 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll20:01:11.0370 3320 C:\Windows\System32\hnetcfg.dll - ok20:01:11.0385 3320 [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll20:01:11.0385 3320 C:\Windows\System32\nci.dll - ok20:01:11.0385 3320 [ 377F0C1DDBFA6A43CB7E7568BC0ECED0 ] C:\Windows\System32\unimdm.tsp20:01:11.0385 3320 C:\Windows\System32\unimdm.tsp - ok20:01:11.0401 3320 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll20:01:11.0401 3320 C:\Windows\System32\netprofm.dll - ok20:01:11.0401 3320 [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\System32\uniplat.dll20:01:11.0401 3320 C:\Windows\System32\uniplat.dll - ok20:01:11.0401 3320 [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\System32\kmddsp.tsp20:01:11.0401 3320 C:\Windows\System32\kmddsp.tsp - ok20:01:11.0417 3320 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll20:01:11.0417 3320 C:\Windows\System32\rasadhlp.dll - ok20:01:11.0417 3320 [ A8A6732FDDAA0B8207C9B7D706E971FB ] D:\Program Files\vmware\vmwarebase.dll20:01:11.0417 3320 D:\Program Files\vmware\vmwarebase.dll - ok20:01:11.0417 3320 [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\System32\ndptsp.tsp20:01:11.0417 3320 C:\Windows\System32\ndptsp.tsp - ok20:01:11.0432 3320 [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\System32\hidphone.tsp20:01:11.0432 3320 C:\Windows\System32\hidphone.tsp - ok20:01:11.0432 3320 [ 67F9B5C7E215B48F9256757E9CC09A7B ] C:\Windows\System32\rasppp.dll20:01:11.0432 3320 C:\Windows\System32\rasppp.dll - ok20:01:11.0432 3320 [ 80B562B5B59ED850C328DD75F964F3D8 ] C:\Windows\System32\vpnike.dll20:01:11.0432 3320 C:\Windows\System32\vpnike.dll - ok20:01:11.0448 3320 [ 9E28833FE115A8A243F8C4C7EC116AE3 ] D:\Program Files\vmware\libxml2.dll20:01:11.0448 3320 D:\Program Files\vmware\libxml2.dll - ok20:01:11.0448 3320 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll20:01:11.0448 3320 C:\Windows\System32\wsock32.dll - ok20:01:11.0463 3320 [ 207CF171B1C6B8AE50C1FBF87363EEBC ] C:\Windows\System32\raschap.dll20:01:11.0463 3320 C:\Windows\System32\raschap.dll - ok20:01:11.0463 3320 [ EA3D54E8FE48B55083CB51D5F85C4BDF ] D:\Program Files\vmware\iconv.dll20:01:11.0463 3320 D:\Program Files\vmware\iconv.dll - ok20:01:11.0463 3320 [ 4B686FE8BC6EC9E0B1823523D76310A3 ] D:\Program Files\vmware\amqp.dll20:01:11.0463 3320 D:\Program Files\vmware\amqp.dll - ok20:01:11.0479 3320 [ 40B34BF0BC649B0B822FDDA69CB5877E ] D:\Program Files\vmware\libeay32.dll20:01:11.0479 3320 D:\Program Files\vmware\libeay32.dll - ok20:01:11.0479 3320 [ 565BD093D46231EE1EE4D8A981E576E8 ] D:\Program Files\vmware\ssleay32.dll20:01:11.0479 3320 D:\Program Files\vmware\ssleay32.dll - ok20:01:11.0479 3320 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\System32\wbem\WmiPrvSE.exe20:01:11.0479 3320 C:\Windows\System32\wbem\WmiPrvSE.exe - ok20:01:11.0495 3320 [ CB67C2B94302DC94BC15ED6553A5C1C7 ] C:\Windows\System32\wbem\cimwin32.dll20:01:11.0495 3320 C:\Windows\System32\wbem\cimwin32.dll - ok20:01:11.0495 3320 [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\System32\framedynos.dll20:01:11.0495 3320 C:\Windows\System32\framedynos.dll - ok20:01:11.0495 3320 [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\System32\wmi.dll20:01:11.0495 3320 C:\Windows\System32\wmi.dll - ok20:01:11.0510 3320 [ 24521D99BF36F190BA10BB2BFDB17682 ] C:\Windows\System32\vmnetdhcp.exe20:01:11.0510 3320 C:\Windows\System32\vmnetdhcp.exe - ok20:01:11.0510 3320 [ 90B4CC5C515B52796E26F72F3EEAF643 ] C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe20:01:11.0510 3320 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe - ok20:01:11.0526 3320 [ D1A079A0DE2EA524513B6930C24527A2 ] C:\Windows\System32\ipnathlp.dll20:01:11.0526 3320 C:\Windows\System32\ipnathlp.dll - ok20:01:11.0526 3320 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys20:01:11.0526 3320 C:\Windows\System32\drivers\srv.sys - ok20:01:11.0526 3320 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll20:01:11.0526 3320 C:\Windows\System32\mprapi.dll - ok20:01:11.0541 3320 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll20:01:11.0541 3320 C:\Windows\System32\netshell.dll - ok20:01:11.0541 3320 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl20:01:11.0541 3320 C:\Windows\System32\bthprops.cpl - ok20:01:11.0541 3320 [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll20:01:11.0541 3320 C:\Windows\System32\srvsvc.dll - ok Link to post Share on other sites More sharing options...
fxjudy Posted June 27, 2013 Author ID:696151 Share Posted June 27, 2013 20:01:11.0557 3320 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll20:01:11.0557 3320 C:\Windows\System32\browser.dll - ok20:01:11.0557 3320 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll20:01:11.0557 3320 C:\Windows\System32\netmsg.dll - ok20:01:11.0557 3320 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll20:01:11.0557 3320 C:\Windows\System32\sscore.dll - ok20:01:11.0573 3320 [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll20:01:11.0573 3320 C:\Windows\System32\clusapi.dll - ok20:01:11.0573 3320 [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll20:01:11.0573 3320 C:\Windows\System32\resutils.dll - ok20:01:11.0573 3320 [ E570ECA850F30EB740C2E9699DF3D2BD ] C:\Program Files\Microsoft Security Client\NisSrv.exe20:01:11.0573 3320 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok20:01:11.0588 3320 [ EACFDF31921F51C097629F1F3C9129B4 ] C:\Windows\System32\appinfo.dll20:01:11.0588 3320 C:\Windows\System32\appinfo.dll - ok20:01:11.0588 3320 [ 0A3CCB2C4F603D99F34D742FC9544B97 ] C:\Windows\System32\pstorsvc.dll20:01:11.0588 3320 C:\Windows\System32\pstorsvc.dll - ok20:01:11.0588 3320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll20:01:11.0588 3320 C:\Windows\System32\wdi.dll - ok20:01:11.0604 3320 [ 274992D0945889A6B56D0E1BD4288A6E ] C:\Windows\System32\psbase.dll20:01:11.0604 3320 C:\Windows\System32\psbase.dll - ok20:01:11.0604 3320 [ 3E81E93CBAD69FD0112F88148913B5FC ] C:\Program Files\Microsoft Security Client\NisLog.dll20:01:11.0604 3320 C:\Program Files\Microsoft Security Client\NisLog.dll - ok20:01:11.0619 3320 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll20:01:11.0619 3320 C:\Windows\System32\npmproxy.dll - ok20:01:11.0619 3320 [ A69630D039C38018689190234F866D77 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\MpKslddfba513.sys20:01:11.0619 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\MpKslddfba513.sys - ok20:01:11.0619 3320 [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll20:01:11.0619 3320 C:\Windows\System32\wpdbusenum.dll - ok20:01:11.0635 3320 [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll20:01:11.0635 3320 C:\Windows\System32\diagperf.dll - ok20:01:11.0635 3320 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll20:01:11.0635 3320 C:\Windows\System32\PortableDeviceApi.dll - ok20:01:11.0635 3320 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll20:01:11.0635 3320 C:\Windows\System32\perftrack.dll - ok20:01:11.0651 3320 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll20:01:11.0651 3320 C:\Windows\System32\PortableDeviceConnectApi.dll - ok20:01:11.0651 3320 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll20:01:11.0651 3320 C:\Windows\System32\pnpts.dll - ok20:01:11.0666 3320 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll20:01:11.0666 3320 C:\Windows\System32\radardt.dll - ok20:01:11.0666 3320 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll20:01:11.0666 3320 C:\Windows\System32\wer.dll - ok20:01:11.0666 3320 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll20:01:11.0666 3320 C:\Windows\System32\dimsjob.dll - ok20:01:11.0682 3320 [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll20:01:11.0682 3320 C:\Windows\System32\wdiasqmmodule.dll - ok20:01:11.0682 3320 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll20:01:11.0682 3320 C:\Windows\System32\aepic.dll - ok20:01:11.0697 3320 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll20:01:11.0697 3320 C:\Windows\System32\sfc.dll - ok20:01:11.0697 3320 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll20:01:11.0697 3320 C:\Windows\System32\sfc_os.dll - ok20:01:11.0697 3320 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll20:01:11.0697 3320 C:\Windows\System32\pautoenr.dll - ok20:01:11.0713 3320 [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll20:01:11.0713 3320 C:\Windows\System32\certcli.dll - ok20:01:11.0713 3320 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe20:01:11.0713 3320 C:\Windows\System32\runonce.exe - ok20:01:11.0713 3320 [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll20:01:11.0713 3320 C:\Windows\System32\CertEnroll.dll - ok20:01:11.0729 3320 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll20:01:11.0729 3320 C:\Windows\System32\Apphlpdm.dll - ok20:01:11.0729 3320 [ 1BFAE531CB5DD89A0D1A935E307CC7F2 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\gapaengine.dll20:01:11.0729 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\gapaengine.dll - ok20:01:11.0729 3320 [ 2F50B262AF349C3B6F8D659C15241E26 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\nisfull.vdm20:01:11.0729 3320 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\nisfull.vdm - ok20:01:11.0744 3320 [ 660C8E78B94F483E44B0243A774A4746 ] D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL20:01:11.0744 3320 D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - ok20:01:11.0744 3320 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll20:01:11.0744 3320 C:\Program Files\Windows Defender\MpClient.dll - ok20:01:11.0760 3320 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll20:01:11.0760 3320 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok20:01:11.0760 3320 [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF20:01:11.0760 3320 C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF - ok20:01:11.0760 3320 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe20:01:11.0760 3320 C:\Windows\System32\cmd.exe - ok20:01:11.0775 3320 [ FCA0837B2739C044EEC00AF0DDD73FFC ] C:\Windows\System32\ieframe.dll20:01:11.0775 3320 C:\Windows\System32\ieframe.dll - ok20:01:11.0775 3320 [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll20:01:11.0775 3320 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok20:01:11.0775 3320 [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll20:01:11.0775 3320 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok20:01:11.0791 3320 [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\System32\shdocvw.dll20:01:11.0791 3320 C:\Windows\System32\shdocvw.dll - ok20:01:11.0791 3320 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\System32\perfos.dll20:01:11.0791 3320 C:\Windows\System32\perfos.dll - ok20:01:11.0791 3320 [ 752F8E96BAB993517838315508FB82CB ] C:\Windows\System32\perfproc.dll20:01:11.0791 3320 C:\Windows\System32\perfproc.dll - ok20:01:11.0807 3320 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll20:01:11.0807 3320 C:\Windows\System32\aelupsvc.dll - ok20:01:11.0807 3320 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\judy\AppData\Local\Temp\6A9CE52B-A7A9-4B60-95C1-3CEB7A17ADDA.exe20:01:11.0807 3320 C:\Users\judy\AppData\Local\Temp\6A9CE52B-A7A9-4B60-95C1-3CEB7A17ADDA.exe - ok20:01:11.0822 3320 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll20:01:11.0822 3320 C:\Windows\System32\EhStorShell.dll - ok20:01:11.0822 3320 [ 548AC193C7430B924CA907B292DA17B6 ] D:\Program Files\Microsoft Office\Office14\2052\GrooveIntlResource.dll20:01:11.0822 3320 D:\Program Files\Microsoft Office\Office14\2052\GrooveIntlResource.dll - ok20:01:11.0822 3320 [ 5A1BC68A5B6CA1E48C3B190BA98D2513 ] C:\Program Files\NVIDIA Corporation\Display\nvsmartmax.dll20:01:11.0822 3320 C:\Program Files\NVIDIA Corporation\Display\nvsmartmax.dll - ok20:01:11.0838 3320 [ 311CCA642D0BFAF29EBC2C0D71CBB286 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe20:01:11.0838 3320 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok20:01:11.0838 3320 [ 335C3C737E2C28EEE4055F99AB25E915 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll20:01:11.0838 3320 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok20:01:11.0838 3320 [ 3051A958B6280BB39880F667F2196F00 ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll20:01:11.0838 3320 C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok20:01:11.0853 3320 [ 8D923A2AC0B83E741A167F0AC0C518A7 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll20:01:11.0853 3320 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok20:01:11.0853 3320 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl20:01:11.0853 3320 C:\Windows\System32\timedate.cpl - ok20:01:11.0869 3320 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll20:01:11.0869 3320 C:\Windows\System32\actxprxy.dll - ok20:01:11.0869 3320 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll20:01:11.0869 3320 C:\Windows\System32\aeevts.dll - ok20:01:11.0869 3320 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll20:01:11.0869 3320 C:\Windows\System32\linkinfo.dll - ok20:01:11.0885 3320 [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\System32\gameux.dll20:01:11.0885 3320 C:\Windows\System32\gameux.dll - ok20:01:11.0885 3320 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll20:01:11.0885 3320 C:\Windows\System32\msftedit.dll - ok20:01:11.0885 3320 [ C225E5307D8D4982A1687F2702C37C78 ] C:\Windows\System32\msls31.dll20:01:11.0885 3320 C:\Windows\System32\msls31.dll - ok20:01:11.0900 3320 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll20:01:11.0900 3320 C:\Windows\System32\msiltcfg.dll - ok20:01:11.0900 3320 [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll20:01:11.0900 3320 C:\Windows\System32\DeviceCenter.dll - ok20:01:11.0900 3320 [ 6581B52E133CC6D00661C58968C7E212 ] C:\Windows\System32\SearchFolder.dll20:01:11.0900 3320 C:\Windows\System32\SearchFolder.dll - ok20:01:11.0916 3320 [ 8895BE670D1D4BD478B16DD311273F4A ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe20:01:11.0916 3320 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok20:01:11.0916 3320 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll20:01:11.0916 3320 C:\Windows\System32\thumbcache.dll - ok20:01:11.0916 3320 [ 4D2F7561D8A840450AABFAD3740B0E6B ] C:\Program Files\Microsoft Security Client\msseces.exe20:01:11.0916 3320 C:\Program Files\Microsoft Security Client\msseces.exe - ok20:01:11.0931 3320 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll20:01:11.0931 3320 C:\Windows\System32\networkexplorer.dll - ok20:01:11.0931 3320 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv20:01:11.0931 3320 C:\Windows\System32\wdmaud.drv - ok20:01:11.0947 3320 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll20:01:11.0947 3320 C:\Windows\System32\ksuser.dll - ok20:01:11.0947 3320 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll20:01:11.0947 3320 C:\Windows\System32\ntshrui.dll - ok20:01:11.0947 3320 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll20:01:11.0947 3320 C:\Windows\System32\AudioSes.dll - ok20:01:11.0963 3320 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv20:01:11.0963 3320 C:\Windows\System32\msacm32.drv - ok20:01:11.0963 3320 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll20:01:11.0963 3320 C:\Windows\System32\msacm32.dll - ok20:01:11.0963 3320 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll20:01:11.0963 3320 C:\Windows\System32\midimap.dll - ok20:01:11.0978 3320 [ FE7F40938B38298BB198CB08AA5B9CEA ] D:\Program Files\FaceDominator\FaceDominator\LicensingManager.exe20:01:11.0978 3320 D:\Program Files\FaceDominator\FaceDominator\LicensingManager.exe - ok20:01:11.0978 3320 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll20:01:11.0978 3320 C:\Windows\System32\AudioEng.dll - ok20:01:11.0994 3320 [ 420AFC51EE8797F7704912C79F116FC5 ] D:\Program Files\TortoiseSVN\bin\TSVNCache.exe20:01:11.0994 3320 D:\Program Files\TortoiseSVN\bin\TSVNCache.exe - ok20:01:11.0994 3320 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\14229326.sys20:01:11.0994 3320 C:\Windows\System32\drivers\14229326.sys - ok20:01:11.0994 3320 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll20:01:11.0994 3320 C:\Windows\System32\AUDIOKSE.dll - ok20:01:12.0009 3320 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\System32\apisetschema.dll20:01:12.0009 3320 C:\Windows\System32\apisetschema.dll - ok20:01:12.0009 3320 [ 29B671495C7AE90D058A30566B6DCB30 ] C:\Windows\System32\RtkAPO.dll20:01:12.0009 3320 C:\Windows\System32\RtkAPO.dll - ok20:01:12.0009 3320 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll20:01:12.0009 3320 C:\Windows\System32\WMALFXGFXDSP.dll - ok20:01:12.0025 3320 [ F495504BA51496A72635C7E9B3041660 ] C:\Windows\System32\SynCOM.dll20:01:12.0025 3320 C:\Windows\System32\SynCOM.dll - ok20:01:12.0025 3320 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll20:01:12.0025 3320 C:\Windows\System32\mfplat.dll - ok20:01:12.0025 3320 [ 2DDC029DD444A2921C286357B5329B85 ] C:\Windows\System32\SynTPAPI.dll20:01:12.0025 3320 C:\Windows\System32\SynTPAPI.dll - ok20:01:12.0041 3320 [ 5FC4EFA0C060ADE51CBDB89AED40C6A6 ] C:\Windows\System32\zh-CN\crypt32.dll.mui20:01:12.0041 3320 C:\Windows\System32\zh-CN\crypt32.dll.mui - ok20:01:12.0041 3320 [ DBBA44BF503B20DF778AE376E0C9C13A ] C:\Windows\System32\zh-CN\propsys.dll.mui20:01:12.0041 3320 C:\Windows\System32\zh-CN\propsys.dll.mui - ok20:01:12.0041 3320 [ CC12322F4E1233F1E8BB1AC6EA4E18B5 ] C:\Windows\System32\zh-CN\setupapi.dll.mui20:01:12.0041 3320 C:\Windows\System32\zh-CN\setupapi.dll.mui - ok20:01:12.0056 3320 [ 08D2B47FB6389007E5C7FDE2DDE65542 ] C:\Windows\System32\zh-CN\KernelBase.dll.mui20:01:12.0056 3320 C:\Windows\System32\zh-CN\KernelBase.dll.mui - ok20:01:12.0056 3320 [ 43E45D66612C8B1E757F7A194104E7F3 ] C:\Program Files\Synaptics\SynTP\SynZMetr.exe20:01:12.0056 3320 C:\Program Files\Synaptics\SynTP\SynZMetr.exe - ok20:01:12.0072 3320 [ A45CB10FC8C4DCA23F96FE4D334F64FE ] C:\Windows\System32\msxml3r.dll20:01:12.0072 3320 C:\Windows\System32\msxml3r.dll - ok20:01:12.0072 3320 [ E12A3A6029F46D4B9D6F6A16EE10BFB3 ] C:\Program Files\Synaptics\SynTP\SynMood.exe20:01:12.0072 3320 C:\Program Files\Synaptics\SynTP\SynMood.exe - ok20:01:12.0072 3320 [ DC90506FDD895C96A0E2D05E9C5D93C4 ] C:\Windows\System32\zh-CN\urlmon.dll.mui20:01:12.0072 3320 C:\Windows\System32\zh-CN\urlmon.dll.mui - ok20:01:12.0087 3320 [ 564E468E1422FDD64A958A66B05B4D91 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll20:01:12.0087 3320 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok20:01:12.0087 3320 [ C3F16DEF61A1867E1E54311D080DB0F0 ] C:\Windows\System32\en-US\urlmon.dll.mui20:01:12.0087 3320 C:\Windows\System32\en-US\urlmon.dll.mui - ok20:01:12.0087 3320 [ 5705DAFA21D68005384267791AF21810 ] C:\Program Files\Microsoft Security Client\zh-cn\MsMpRes.dll.mui20:01:12.0087 3320 C:\Program Files\Microsoft Security Client\zh-cn\MsMpRes.dll.mui - ok20:01:12.0103 3320 [ DE8C5AB7EE56A7DA0166B2E2B0E496A2 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe20:01:12.0103 3320 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok20:01:12.0103 3320 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\SqmApi.dll20:01:12.0103 3320 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok20:01:12.0119 3320 [ D37616288561175CEDEA2E7DBF3FD38F ] C:\Windows\System32\zh-CN\msctf.dll.mui20:01:12.0119 3320 C:\Windows\System32\zh-CN\msctf.dll.mui - ok20:01:12.0119 3320 [ B0BC447C758FF055D53FC6831FDB0344 ] C:\Windows\System32\consent.exe20:01:12.0119 3320 C:\Windows\System32\consent.exe - ok20:01:12.0119 3320 [ AA90F062F1F19EA4381E378C890B070D ] C:\Windows\System32\zh-CN\consent.exe.mui20:01:12.0119 3320 C:\Windows\System32\zh-CN\consent.exe.mui - ok20:01:12.0134 3320 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll20:01:12.0134 3320 C:\Windows\System32\stobject.dll - ok20:01:12.0134 3320 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll20:01:12.0134 3320 C:\Windows\System32\batmeter.dll - ok20:01:12.0134 3320 [ 9B9A0802B4E34CC4D9DB04AB6ABFA8AE ] C:\Windows\System32\input.dll20:01:12.0134 3320 C:\Windows\System32\input.dll - ok20:01:12.0150 3320 [ 492002CD105AAF3815BB9B145783D57B ] C:\Windows\System32\zh-CN\input.dll.mui20:01:12.0150 3320 C:\Windows\System32\zh-CN\input.dll.mui - ok20:01:12.0150 3320 [ 731F8141A63D4D1283E8C9259FBEEBD5 ] C:\Program Files\Common Files\microsoft shared\IME14\IMESC\IMSCTIP.DLL20:01:12.0150 3320 C:\Program Files\Common Files\microsoft shared\IME14\IMESC\IMSCTIP.DLL - ok20:01:12.0150 3320 [ B69C709F91BCBA51C3AE53B84C83D5F5 ] C:\Program Files\Common Files\microsoft shared\IME14WR\IMESC\IMSCTIP.DLL20:01:12.0150 3320 C:\Program Files\Common Files\microsoft shared\IME14WR\IMESC\IMSCTIP.DLL - ok20:01:12.0165 3320 [ D629F73E88B2DA7F5BDA2C06466DCCC4 ] C:\Windows\IME\SPTIP.DLL20:01:12.0165 3320 C:\Windows\IME\SPTIP.DLL - ok20:01:12.0165 3320 [ 91DEDAD8D6498A1D720A25391BAC8002 ] C:\Windows\IME\zh-CN\SpTip.dll.mui20:01:12.0165 3320 C:\Windows\IME\zh-CN\SpTip.dll.mui - ok20:01:12.0181 3320 [ FCEBDCCD70A8E4EB4C44F6705B3EA777 ] C:\Program Files\Windows NT\TableTextService\TableTextService.dll20:01:12.0181 3320 C:\Program Files\Windows NT\TableTextService\TableTextService.dll - ok20:01:12.0181 3320 [ 085ADCB1BD717DB9F1C43ED9AF41BAA3 ] C:\Program Files\Windows NT\TableTextService\zh-CN\TableTextService.dll.mui20:01:12.0181 3320 C:\Program Files\Windows NT\TableTextService\zh-CN\TableTextService.dll.mui - ok20:01:12.0181 3320 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll20:01:12.0181 3320 C:\Windows\System32\prnfldr.dll - ok20:01:12.0197 3320 [ DAB8DE0D3BFDBF1054793A7AD1F1656D ] C:\Windows\System32\zh-CN\msutb.dll.mui20:01:12.0197 3320 C:\Windows\System32\zh-CN\msutb.dll.mui - ok20:01:12.0197 3320 [ 8B285BDAB7735FDFB18E6F7122923B77 ] C:\Windows\System32\UIAnimation.dll20:01:12.0197 3320 C:\Windows\System32\UIAnimation.dll - ok20:01:12.0197 3320 [ 08B2C116E280F7137F2E501ED6B10505 ] C:\Windows\System32\zh-CN\wdmaud.drv.mui20:01:12.0197 3320 C:\Windows\System32\zh-CN\wdmaud.drv.mui - ok20:01:12.0212 3320 [ 65958D3836B587E31FEB0BF02CF9400B ] C:\Windows\System32\zh-CN\authui.dll.mui20:01:12.0212 3320 C:\Windows\System32\zh-CN\authui.dll.mui - ok20:01:12.0212 3320 [ C8C9C971B5F59D184E01C4019C3D22B8 ] C:\Windows\System32\zh-CN\MMDevAPI.dll.mui20:01:12.0212 3320 C:\Windows\System32\zh-CN\MMDevAPI.dll.mui - ok20:01:12.0228 3320 [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll20:01:12.0228 3320 C:\Windows\System32\DXP.dll - ok20:01:12.0228 3320 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll20:01:12.0228 3320 C:\Windows\System32\Syncreg.dll - ok20:01:12.0228 3320 [ 5704351536FDEACEBC4291D570826F17 ] C:\Windows\System32\en-US\imageres.dll.mui20:01:12.0228 3320 C:\Windows\System32\en-US\imageres.dll.mui - ok20:01:12.0243 3320 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe20:01:12.0243 3320 C:\Windows\System32\rundll32.exe - ok20:01:12.0243 3320 [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll20:01:12.0243 3320 C:\Windows\AppPatch\AcLayers.dll - ok20:01:12.0243 3320 [ 54334C4FD3D2AECA130D8B5AF3406D34 ] C:\Windows\System32\zh-CN\rundll32.exe.mui20:01:12.0243 3320 C:\Windows\System32\zh-CN\rundll32.exe.mui - ok20:01:12.0259 3320 [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\System32\tzres.dll20:01:12.0259 3320 C:\Windows\System32\tzres.dll - ok20:01:12.0259 3320 [ 709B4F898B86044C3664589CACD49D7D ] C:\Windows\System32\zh-CN\tzres.dll.mui20:01:12.0259 3320 C:\Windows\System32\zh-CN\tzres.dll.mui - ok20:01:12.0259 3320 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll20:01:12.0259 3320 C:\Windows\System32\AltTab.dll - ok20:01:12.0275 3320 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll20:01:12.0275 3320 C:\Windows\System32\WPDShServiceObj.dll - ok20:01:12.0275 3320 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll20:01:12.0275 3320 C:\Windows\System32\PortableDeviceTypes.dll - ok20:01:12.0275 3320 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll20:01:12.0275 3320 C:\Windows\System32\pnidui.dll - ok20:01:12.0290 3320 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL20:01:12.0290 3320 C:\Windows\System32\QUTIL.DLL - ok20:01:12.0290 3320 [ 66AA43F07DEE7FE8F22D955E06A1FB0B ] D:\Program Files\FileZilla FTP Client\fzshellext.dll20:01:12.0290 3320 D:\Program Files\FileZilla FTP Client\fzshellext.dll - ok20:01:12.0290 3320 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll20:01:12.0290 3320 C:\Windows\System32\srchadmin.dll - ok20:01:12.0306 3320 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe20:01:12.0306 3320 C:\Windows\System32\SearchIndexer.exe - ok20:01:12.0306 3320 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll20:01:12.0306 3320 C:\Windows\System32\rasdlg.dll - ok20:01:12.0321 3320 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll20:01:12.0321 3320 C:\Windows\System32\dot3api.dll - ok20:01:12.0321 3320 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll20:01:12.0321 3320 C:\Windows\System32\wlanhlp.dll - ok20:01:12.0321 3320 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll20:01:12.0321 3320 C:\Windows\System32\wlanapi.dll - ok20:01:12.0337 3320 [ 9A39A2A5F443A756C568C6ED5748AFE4 ] C:\Windows\System32\ActionCenter.dll20:01:12.0337 3320 C:\Windows\System32\ActionCenter.dll - ok20:01:12.0337 3320 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll20:01:12.0337 3320 C:\Windows\System32\WWanAPI.dll - ok20:01:12.0337 3320 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll20:01:12.0337 3320 C:\Windows\System32\wwapi.dll - ok20:01:12.0353 3320 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll20:01:12.0353 3320 C:\Windows\System32\tquery.dll - ok20:01:12.0353 3320 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll20:01:12.0353 3320 C:\Windows\System32\mssrch.dll - ok20:01:12.0353 3320 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL20:01:12.0353 3320 C:\Windows\System32\QAGENT.DLL - ok20:01:12.0368 3320 [ 2BC8DC70DD268E0ED7FCDD4A30F4CBDD ] C:\Windows\System32\zh-CN\SearchIndexer.exe.mui20:01:12.0368 3320 C:\Windows\System32\zh-CN\SearchIndexer.exe.mui - ok20:01:12.0368 3320 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll20:01:12.0368 3320 C:\Windows\System32\msidle.dll - ok20:01:12.0368 3320 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll20:01:12.0368 3320 C:\Windows\System32\mssprxy.dll - ok20:01:12.0384 3320 [ D226B47A7C5DF5403A5829F8F2887AEF ] C:\Windows\System32\zh-CN\tquery.dll.mui20:01:12.0384 3320 C:\Windows\System32\zh-CN\tquery.dll.mui - ok20:01:12.0384 3320 [ 108BC4AAB7A614F511C79D13C7AAED76 ] C:\Windows\System32\zh-CN\ESENT.dll.mui20:01:12.0384 3320 C:\Windows\System32\zh-CN\ESENT.dll.mui - ok20:01:12.0399 3320 [ E1A4539DF3CA07E7AF643666FA79437F ] C:\Windows\System32\zh-CN\vsstrace.dll.mui20:01:12.0399 3320 C:\Windows\System32\zh-CN\vsstrace.dll.mui - ok20:01:12.0399 3320 [ D53519D8BB92559350125447991DCFA8 ] C:\Windows\System32\mssitlb.dll20:01:12.0399 3320 C:\Windows\System32\mssitlb.dll - ok20:01:12.0399 3320 [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\System32\stdole2.tlb20:01:12.0399 3320 C:\Windows\System32\stdole2.tlb - ok20:01:12.0415 3320 [ 9DF7A7C74D8632CB5EBD37E3A374825E ] C:\Windows\System32\webcheck.dll20:01:12.0415 3320 C:\Windows\System32\webcheck.dll - ok20:01:12.0415 3320 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll20:01:12.0415 3320 C:\Windows\System32\mlang.dll - ok20:01:12.0415 3320 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll20:01:12.0415 3320 C:\Windows\System32\SyncCenter.dll - ok20:01:12.0415 3320 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll20:01:12.0415 3320 C:\Windows\System32\imapi2.dll - ok20:01:12.0431 3320 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll20:01:12.0431 3320 C:\Windows\System32\hgcpl.dll - ok20:01:12.0431 3320 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll20:01:12.0431 3320 C:\Windows\System32\FXSST.dll - ok20:01:12.0431 3320 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll20:01:12.0431 3320 C:\Windows\System32\FXSAPI.dll - ok20:01:12.0446 3320 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll20:01:12.0446 3320 C:\Windows\System32\FXSRESM.dll - ok20:01:12.0446 3320 [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe20:01:12.0446 3320 C:\Windows\System32\FXSSVC.exe - ok20:01:12.0446 3320 ============================================================20:01:12.0446 3320 Scan finished20:01:12.0446 3320 ============================================================20:01:12.0462 3312 Detected object count: 220:01:12.0462 3312 Actual detected object count: 220:03:19.0915 3312 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user20:03:19.0915 3312 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip20:03:19.0915 3312 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user20:03:19.0915 3312 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip20:05:59.0956 0760 Deinitialize success Link to post Share on other sites More sharing options...
Maniac Posted June 27, 2013 ID:696153 Share Posted June 27, 2013 Thank you! How are things now? Link to post Share on other sites More sharing options...
fxjudy Posted June 28, 2013 Author ID:696484 Share Posted June 28, 2013 Hi,still have problem with ip block.the problem is I don't know which service cause this,I have 9 svchost.exe running at the same time.can I just stop some service or close some port?how to do?thank you.2013/06/28 09:48:53 +0800 JUDY-PC judy IP-BLOCK 220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)2013/06/28 09:56:54 +0800 JUDY-PC judy IP-BLOCK 220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)2013/06/28 09:56:55 +0800 JUDY-PC judy IP-BLOCK 220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)2013/06/28 09:56:55 +0800 JUDY-PC judy IP-BLOCK 220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)2013/06/28 09:56:55 +0800 JUDY-PC judy IP-BLOCK 220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)2013/06/28 09:57:51 +0800 JUDY-PC judy IP-BLOCK 60.173.8.246 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 09:57:51 +0800 JUDY-PC judy IP-BLOCK 60.173.8.246 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 10:34:10 +0800 JUDY-PC judy IP-BLOCK 60.173.8.248 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 10:34:43 +0800 JUDY-PC judy IP-BLOCK 60.173.12.39 (Type: incoming, Port: 8080, Process: svchost.exe)2013/06/28 10:39:08 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 10:39:08 +0800 JUDY-PC judy IP-BLOCK 222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 10:39:16 +0800 JUDY-PC judy IP-BLOCK 222.186.34.77 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 10:39:16 +0800 JUDY-PC judy IP-BLOCK 222.186.34.77 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 10:39:24 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 10:39:24 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 10:41:25 +0800 JUDY-PC judy IP-BLOCK 60.173.8.247 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 10:45:26 +0800 JUDY-PC judy IP-BLOCK 222.186.25.3 (Type: incoming, Port: 22, Process: svchost.exe)2013/06/28 10:45:26 +0800 JUDY-PC judy IP-BLOCK 222.186.25.3 (Type: incoming, Port: 22, Process: svchost.exe)2013/06/28 10:48:38 +0800 JUDY-PC judy IP-BLOCK 60.173.8.246 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 10:51:50 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 10:51:50 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 10:53:50 +0800 JUDY-PC judy IP-BLOCK 60.173.12.39 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 10:55:34 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 10:58:30 +0800 JUDY-PC judy IP-BLOCK 222.186.26.31 (Type: incoming, Port: 808, Process: svchost.exe)2013/06/28 10:58:30 +0800 JUDY-PC judy IP-BLOCK 222.186.26.31 (Type: incoming, Port: 808, Process: svchost.exe)2013/06/28 10:59:59 +0800 JUDY-PC judy IP-BLOCK 222.186.27.102 (Type: incoming, Port: 1433, Process: svchost.exe)2013/06/28 11:01:03 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:11:11 +0800 JUDY-PC judy IP-BLOCK 89.248.171.125 (Type: incoming, Port: 19, Process: svchost.exe)2013/06/28 11:11:11 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:12:15 +0800 JUDY-PC judy IP-BLOCK 222.186.25.4 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 11:12:16 +0800 JUDY-PC judy IP-BLOCK 222.186.25.4 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 11:17:52 +0800 JUDY-PC judy IP-BLOCK 60.173.8.239 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 11:20:48 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:20:48 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:40:17 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:40:17 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:44:25 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:47:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.248 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 11:47:06 +0800 JUDY-PC judy IP-BLOCK 60.173.8.248 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 11:49:54 +0800 JUDY-PC judy IP-BLOCK 60.173.11.151 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 11:51:06 +0800 JUDY-PC judy IP-BLOCK 93.174.93.99 (Type: incoming, Port: 8443, Process: svchost.exe)2013/06/28 11:54:26 +0800 JUDY-PC judy IP-BLOCK 60.173.8.233 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 11:54:26 +0800 JUDY-PC judy IP-BLOCK 60.173.8.233 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 11:56:18 +0800 JUDY-PC judy IP-BLOCK 60.173.12.113 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 11:58:02 +0800 JUDY-PC judy IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)2013/06/28 12:00:02 +0800 JUDY-PC judy IP-BLOCK 60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)2013/06/28 12:01:38 +0800 JUDY-PC judy IP-BLOCK 60.173.8.238 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 12:01:39 +0800 JUDY-PC judy IP-BLOCK 60.173.8.238 (Type: incoming, Port: 8888, Process: svchost.exe)2013/06/28 12:04:35 +0800 JUDY-PC judy IP-BLOCK 60.173.12.112 (Type: incoming, Port: 9000, Process: svchost.exe)2013/06/28 12:05:31 +0800 JUDY-PC judy IP-BLOCK 222.186.26.31 (Type: incoming, Port: 8080, Process: svchost.exe)2013/06/28 12:06:35 +0800 JUDY-PC judy IP-BLOCK 60.173.12.39 (Type: incoming, Port: 8080, Process: svchost.exe)2013/06/28 12:11:55 +0800 JUDY-PC judy IP-BLOCK 60.173.12.113 (Type: incoming, Port: 9000, Process: svchost.exe)2013/06/28 12:19:00 +0800 JUDY-PC judy IP-BLOCK 222.186.63.186 (Type: incoming, Port: 8099, Process: svchost.exe)2013/06/28 12:20:20 +0800 JUDY-PC judy IP-BLOCK 222.186.34.85 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 12:20:44 +0800 JUDY-PC judy IP-BLOCK 222.186.34.93 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 12:20:44 +0800 JUDY-PC judy IP-BLOCK 222.186.34.93 (Type: incoming, Port: 6666, Process: svchost.exe)2013/06/28 12:27:01 +0800 JUDY-PC judy IP-BLOCK 89.248.171.125 (Type: incoming, Port: 19, Process: svchost.exe)2013/06/28 12:34:21 +0800 JUDY-PC judy IP-BLOCK 60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe) Link to post Share on other sites More sharing options...
Maniac Posted June 28, 2013 ID:696485 Share Posted June 28, 2013 You don't have to close svchost.exe . This is normal. It's the way Windows works. http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/ Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
fxjudy Posted June 28, 2013 Author ID:696558 Share Posted June 28, 2013 OTL Extras logfile created on: 2013/6/28 21:11:42 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = D:\download Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d 1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.70% Memory free3.98 Gb Paging File | 3.10 Gb Available in Paging File | 77.82% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 39.09 Gb Total Space | 6.75 Gb Free Space | 17.27% Space Free | Partition Type: NTFSDrive D: | 80.04 Gb Total Space | 48.64 Gb Free Space | 60.77% Space Free | Partition Type: NTFSDrive E: | 80.04 Gb Total Space | 67.55 Gb Free Space | 84.39% Space Free | Partition Type: NTFSDrive F: | 98.91 Gb Total Space | 57.40 Gb Free Space | 58.03% Space Free | Partition Type: NTFS Computer Name: JUDY-PC | User Name: judy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).html [@ = BaiduPlayerBrowserHTML] -- D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\baiduplayerbrowser.exe (BaiduPlayerBrowser) [HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)htmlfile [edit] -- Reg Error: Key error.https [open] -- "D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\baiduplayerbrowser.exe" -- "%1" (BaiduPlayerBrowser)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()Directory [bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = Reg Error: Unknown registry data type -- File not found"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{1B9CBFF3-5AD3-4E14-A141-EB7E5909D99B}" = rport=139 | protocol=6 | dir=out | app=system |"{1CDFB217-3CB4-457E-AE51-4E38B331E14C}" = lport=137 | protocol=17 | dir=in | app=system |"{7065FA99-F01B-44EF-BFC6-95E9E7CE7D2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{7309DC4E-6E9C-4693-8993-7100D1610EDB}" = lport=139 | protocol=6 | dir=in | app=system |"{86D6B027-6A70-4ACA-AE71-D820A5A5B58F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{8A0984CB-2031-4EBF-A3A0-CAC626967F5C}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe |"{8A671555-EF8E-4280-A1A7-54793EEA4F13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{8CF6D163-7CAB-4F4D-A599-BEB22EA91B3D}" = rport=445 | protocol=6 | dir=out | app=system |"{9FCB8B4C-BB0E-4BD6-83CE-D9F5D44CF808}" = rport=138 | protocol=17 | dir=out | app=system |"{AD2F0A8D-D58A-4923-9CF7-C2002AE54CCD}" = rport=137 | protocol=17 | dir=out | app=system |"{D93EF6D3-5A06-49D6-8415-25E5598A7CE4}" = lport=138 | protocol=17 | dir=in | app=system |"{E26F8220-E7C2-427E-8F8E-B971A3D86B59}" = lport=445 | protocol=6 | dir=in | app=system |"{FD409D5D-CC04-47B6-AD03-5CEF22E9C9FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{044E32A6-3E46-4F7B-9AF0-3DCC074E5849}" = protocol=6 | dir=in | app=d:\download\baiduplayernetsetup_49059037.exe |"{04DFDB52-A531-48BB-976E-3909C4F3322B}" = dir=in | app=d:\pps.tv\ppsgame\updatermini.exe |"{18ED3CB8-CE7D-4C47-A403-4F4AA1642736}" = dir=in | app=d:\program files\baiduplayerbrowser\2.5.1.49_1\statreport.exe |"{19A8A881-5239-4F0B-882A-69F91F746163}" = protocol=17 | dir=in | app=d:\program files\thunder network\minithunder\bin\thundermini.exe |"{1CB6DF1C-4E33-464C-BC1F-B888EB600736}" = protocol=17 | dir=in | app=d:\programfile\opera\opera.exe |"{1DD3B215-9A7D-4DE2-AEE8-5D5A115B51F9}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\onenote.exe |"{397041A1-40C0-4418-A50B-CB0E1144F841}" = protocol=6 | dir=in | app=d:\download\baiduplayernetsetup_490590373.exe |"{4441BF9F-98CC-4FD6-AB84-8DDD023110AD}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\onenote.exe |"{4ABD19EC-DB0C-4CC8-85F4-E3285E5CF733}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe |"{4D769F55-CD8E-403D-9E56-B254291F5C63}" = protocol=6 | dir=in | app=d:\download\baiduplayernetsetup_490590373(1).exe |"{56C687C2-A7E6-4AB2-A10E-8558D8D0A99D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{6035E53B-18AD-4FC7-B7FB-42358CCBFED5}" = dir=in | app=d:\program files\baiduplayerbrowser\2.5.1.49_1\baidup2pservice.exe |"{669E054D-9CD9-41C3-A27F-D736EBD3B792}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |"{69D98314-124E-4EA6-B628-7ECF2ABAD485}" = dir=in | app=d:\program files\vmware\vmware-authd.exe |"{6D8970BD-B6AC-4D80-9EE9-A1045E3D70BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{7851F50C-B72C-4D44-A4B7-5B3B68ABB220}" = dir=in | app=d:\program files\vmware\vmware-authd.exe |"{78AF400A-8978-4AE3-9DFB-6B1DD78F4812}" = dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |"{7B2E0F4B-ABD1-4FF5-88AC-CEE46C461F5A}" = dir=in | app=d:\pps.tv\ppsgame\ppswebclientgame.exe |"{7E262C70-77E7-473C-A0B1-1FFC4087DB1E}" = dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |"{86B32D18-C231-4D83-880B-300D6901A932}" = protocol=6 | dir=in | app=d:\programfile\opera\opera.exe |"{87B96E00-EF43-42A0-B72E-9D6B8DB83590}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{A2658727-D909-468F-8D17-E4B4685A0848}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |"{B2C4DC66-D89B-4972-8302-A4456225915B}" = dir=in | app=d:\pps.tv\ppstream\ppsprotect.exe |"{C1943518-9F9D-4C46-A140-0CDE32EF6DE4}" = protocol=17 | dir=in | app=c:\users\judy\appdata\roaming\dropbox\bin\dropbox.exe |"{C198E838-6CC0-4CA2-8152-0D2A10F6616C}" = protocol=17 | dir=in | app=d:\download\baiduplayernetsetup_490590373.exe |"{C72A7C1E-6EDF-4895-AD00-1D7E9B624D03}" = protocol=17 | dir=in | app=d:\download\baiduplayernetsetup_490590373(1).exe |"{C785EC36-1577-45AF-A21B-77B3CEAF09AB}" = protocol=17 | dir=in | app=d:\download\baiduplayernetsetup_49059037.exe |"{D4E23259-2830-4681-886A-8D8A9D45BDF0}" = dir=in | app=d:\program files\baiduplayerbrowser\2.5.1.49_1\player\hs4x.exe |"{D8019FDE-59E5-4B3F-A137-AFCA617F9288}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{EB19DF3C-DC2E-4083-830D-16CC15B10A5A}" = protocol=6 | dir=in | app=d:\program files\thunder network\minithunder\bin\thundermini.exe |"{EB560943-96CB-4136-9C01-1E2B5AECB54F}" = dir=in | app=c:\users\judy\appdata\roaming\ppstream\ppsupdate.exe |"{F80F9826-7937-4255-A11C-DDFA770CEE9A}" = protocol=6 | dir=in | app=c:\users\judy\appdata\roaming\dropbox\bin\dropbox.exe |"TCP Query User{1A86D655-B387-4941-8E67-15A5F47D66D4}D:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=d:\program files\filezilla ftp client\filezilla.exe |"TCP Query User{3F71BC5C-CBD4-4796-8B20-29518A8B5364}D:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=d:\program files\flashget network\flashget 3\flashget3.exe |"TCP Query User{5D536A3E-78E6-4C68-809E-9555C1798664}D:\program files\perl\bin\perl.exe" = protocol=6 | dir=in | app=d:\program files\perl\bin\perl.exe |"TCP Query User{5E2FE80A-E67A-4DBF-9366-DF58E0F046E3}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |"TCP Query User{6CFE9F01-8893-41F6-9263-B529C6FE217B}D:\program files\captcha sniper\csse.exe" = protocol=6 | dir=in | app=d:\program files\captcha sniper\csse.exe |"TCP Query User{B90A42E6-A23D-4177-B07F-27FFF4D5F7C8}D:\python25\pythonw.exe" = protocol=6 | dir=in | app=d:\python25\pythonw.exe |"TCP Query User{CC31DDFA-9BA6-4EDA-8D2E-7334D4F32393}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |"TCP Query User{E1636DCF-4F8A-4893-BD12-7B428F278B73}D:\program files\captcha sniper\captchasniper.exe" = protocol=6 | dir=in | app=d:\program files\captcha sniper\captchasniper.exe |"TCP Query User{F345EEC7-B855-4DCF-8FAA-5A582FEF10B9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |"UDP Query User{0C967479-9F76-4481-86E7-6FF0E640A8BE}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |"UDP Query User{20B73E2F-2B7B-4DD4-A677-442BA52C7759}D:\python25\pythonw.exe" = protocol=17 | dir=in | app=d:\python25\pythonw.exe |"UDP Query User{22439FFC-0A94-4276-9EA7-020404076F6F}D:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=d:\program files\flashget network\flashget 3\flashget3.exe |"UDP Query User{5D465619-34B6-4E42-93A8-0DEB74584D39}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |"UDP Query User{93438229-9EDF-41B7-BD98-CE5D34DD202A}D:\program files\captcha sniper\captchasniper.exe" = protocol=17 | dir=in | app=d:\program files\captcha sniper\captchasniper.exe |"UDP Query User{D0173D7F-84C1-407C-8738-11121CA078D1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |"UDP Query User{D1BBE7C6-99F9-4D9C-8720-0C46DB6F9E71}D:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=d:\program files\filezilla ftp client\filezilla.exe |"UDP Query User{E6F93D3D-C422-4E7A-B760-54A808D1AAE7}D:\program files\captcha sniper\csse.exe" = protocol=17 | dir=in | app=d:\program files\captcha sniper\csse.exe |"UDP Query User{FE26B864-5530-4145-8D0B-F0D64466D24A}D:\program files\perl\bin\perl.exe" = protocol=17 | dir=in | app=d:\program files\perl\bin\perl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{0641E784-F9EE-465D-AF4B-5C6F5B450E8F}" = 中国工商银行防钓鱼软件"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended"{0A82D6D7-68AB-46CB-B3A7-1F234892F314}" = TweetAttacks"{0CBE3360-682E-4108-896C-A31CA647C6B0}_is1" = NewsTweets version 1.0"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool"{17544ACA-6428-424B-926B-8751610836AE}" = TortoiseSVN 1.7.1.22161 (32 bit)"{1826D0CA-F479-4430-9EFE-86E8E783505B}_is1" = Opera Mobile Emulator"{1A915DE2-F485-4F04-9DC8-E335B5DA61FD}" = 工行网银助手"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{243B02B2-44A3-B2BD-5184-B2A9EA318375}" = Kudani"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program"{2DFBF311-4838-345F-A353-647185AA4DA1}" = Microsoft .NET Framework 4 Client Profile CHS Language Pack"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX"{30BA50ED-0F32-421B-BC6A-132A03EFF299}" = VBRunALL"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = OANDA - MetaTrader 4.00"{46B48F0B-F44C-4988-B497-FB0C44AF0ED5}" = Amz Treasure Hunter 2.0 Standard"{48EC3A4C-DDE9-462F-9402-8BE411BBB934}" = QQ概念版"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client ZH-CN Language Pack"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8EC62E00-7895-3B72-A044-42F005CB6EF2}" = Microsoft .NET Framework 4 Extended CHS Language Pack"{90140000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2010"{90140000-0015-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2010"{90140000-0016-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0017-0804-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Chinese (Simplified)) 2010"{90140000-0017-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{AA2EEDEA-84E6-4494-9168-D07DEF2E19CA}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)"{90140000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010"{90140000-0018-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2010"{90140000-0019-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2010"{90140000-001A-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2010"{90140000-001B-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010"{90140000-001F-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{A620ACD4-585E-40D3-80B9-FD31766D1E2A}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010"{90140000-0028-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{394CF546-9CD3-4C0A-B380-F4CCFD44C873}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0028-0804-0001-0FFF000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010"{90140000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2010"{90140000-002C-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{00EB89C1-EB14-40EE-89F8-A5A5D97B4F30}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0804-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Simplified)) 2010"{90140000-0044-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2010"{90140000-006E-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{C12630E0-EBCC-48F1-A0D3-BB8C05AC7306}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0804-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Simplified)) 2010"{90140000-00A1-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0804-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Chinese (Simplified)) 2010"{90140000-00BA-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BD-0804-0000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - 简体中文"{90140000-0100-0804-0000-0000000FF1CE}" = Microsoft Office O MUI (Chinese (Simplified)) 2010"{90140000-0100-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{0D023A94-08DA-4B07-B878-B213433CF716}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)"{90140000-0101-0804-0000-0000000FF1CE}" = Microsoft Office X MUI (Chinese (Simplified)) 2010"{90140000-0101-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{0799CC5C-199F-463F-81A0-671AF0F25D85}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)"{90140000-0121-0804-0001-0FFF000FF1CE}" = Microsoft Office IMESS (Chinese (Simplified)) 2010"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9DF21474-61E3-428B-8D7B-833EA2D0FAAB}" = Microsoft Antimalware Service ZH-CN Language Pack"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-2052-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Chinese Simplified"{AE010600-007D-11DD-A3C1-001636EEECBD}" = Google App Engine"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision 驱动程序 306.23"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA 控制面板 306.23"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA 图形驱动程序 306.23"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision 控制器驱动程序 306.23"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX 系统软件 9.12.0604"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA 更新 1.10.8"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD 音频驱动程序 1.3.18.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser"{C619A1DC-8EE4-4BD2-82AB-D9424A23E42A}" = Auto Blog Samurai"{D0942B33-E04A-B63A-2D04-9B41313C9BC5}" = LongTailPro - Version 2.1.6"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D683BE08-CF48-4555-9D3A-40945287A11E}" = 网赢网站发布平台"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows"44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1" = FileSeek 2.1.3"7-Zip" = 7-Zip 9.20"A21C8DB81A474239909E6CB8B8DFC590_is1" = A1 Website Download"Addr201305" = Addr"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Alipay security plugin_is1" = 支付宝安全插件 1.3.0.6"Android SDK Tools" = Android SDK Tools"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12"Azon Product Inspector1.0.1.9" = Azon Product Inspector"BaiduPlayer2" = 百度影音浏览器"Belarc Advisor" = Belarc Advisor 8.3"CCleaner" = CCleaner"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser"com.longtailpro.LongTailPro" = LongTailPro - Version 2.1.6"com.pageone.Kudani" = Kudani"ExamXMLPro" = ExamXMLPro"FileZilla Client" = FileZilla Client 3.5.3"FlashGet3.7" = FlashGet3.7"ImageMagick 6.7.0 Q16_is1" = ImageMagick 6.7.0-0 Q16 (2011-06-01)"IME14SS.2052" = 微软拼音输入法 2010"Keyword Optimizer Pro 22.0.1.5" = Keyword Optimizer Pro 2"Lingoes Translator_is1" = Lingoes 2.7.1"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware 版本 1.75.0.1300"Microsoft Security Client" = Microsoft Security Essentials"Mozilla Firefox 21.0 (x86 zh-CN)" = Mozilla Firefox 21.0 (x86 zh-CN)"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Office14.OMUI.zh-cn" = Microsoft Office Language Pack 2010 - Chinese (PRC)/中文(简体)"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010"Opera 11.01.1190" = Opera 11.01"PPSGame" = PPS游戏 V1.2.2.6"PPStream" = PPS影音 V3.1.0.1068 正式版"Proxifier_is1" = Proxifier version 3.21"ProxyChecker" = ProxyChecker (remove only)"Registry Trash Keys Finder" = Registry Trash Keys Finder (Freeware)"RSS Feeds Submit_is1" = RSS Feeds Submit"Sandboxie" = Sandboxie 3.74 (32-bit)"SynTPDeinstKey" = Synaptics Pointing Device Driver"SystemRequirementsLab" = System Requirements Lab"UltraISO_is1" = UltraISO Premium V9.36"VMware_Player" = VMware Player"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1"WinMerge_is1" = WinMerge 2.12.4"WinRAR archiver" = WinRAR 压缩文件管理器"xampp" = XAMPP 1.4.13"Zoolz2" = Zoolz2"银联在线支付安全控件IE版" = 银联在线支付安全控件IE版 1.0.0.4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"a10c648895c21ba6" = Update or Uninstall SENukeX"AlipayCert" = 支付宝数字证书组件 2.0.0.6"Dropbox" = Dropbox"Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 7040Description = Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 7042Description = Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 9002Description = Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3029Description = Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3029Description = Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3028Description = Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3058Description = Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 7010Description = Error - 2013/6/27 0:59:35 | Computer Name = judy-PC | Source = Application Error | ID = 1000Description = 错误应用程序名称: OnlineScannerApp.exe,版本: 1.0.0.1,时间戳: 0x510236a0 错误模块名称:ONLINE~1.OCX,版本: 1.0.0.6920,时间戳: 0x510236ce 异常代码: 0xc000000d 错误偏移量: 0x00085a9e 错误进程 ID: 0x3c8 错误应用程序启动时间: 0x01ce72d0fa448c3c 错误应用程序路径: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe 错误模块路径: C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX 报告 ID: 5c40f10e-dee6-11e2-b1a7-005056c00008 Error - 2013/6/27 3:27:06 | Computer Name = judy-PC | Source = MsiInstaller | ID = 11730Description = [ System Events ]Error - 2013/6/28 3:27:39 | Computer Name = judy-PC | Source = volmgr | ID = 262190Description = 故障转储初始化未成功 Error - 2013/6/28 3:27:39 | Computer Name = judy-PC | Source = volmgr | ID = 262190Description = 故障转储初始化未成功 Error - 2013/6/28 3:27:49 | Computer Name = judy-PC | Source = volmgr | ID = 262190Description = 故障转储初始化未成功 Error - 2013/6/28 3:30:27 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7038Description = nvUpdatusService 服务无法使用当前配置的密码以 .\UpdatusUser 身份登录,错误原因如下: %%1330 要确保服务配置正确,请使用 Microsoft 管理控制台(MMC)中的服务管理单元。 Error - 2013/6/28 3:30:27 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7000Description = 由于下列错误,NVIDIA Update Service Daemon 服务启动失败: %%1069 Error - 2013/6/28 8:46:14 | Computer Name = judy-PC | Source = volmgr | ID = 262190Description = 故障转储初始化未成功 Error - 2013/6/28 8:46:14 | Computer Name = judy-PC | Source = volmgr | ID = 262190Description = 故障转储初始化未成功 Error - 2013/6/28 8:46:24 | Computer Name = judy-PC | Source = volmgr | ID = 262190Description = 故障转储初始化未成功 Error - 2013/6/28 8:49:08 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7038Description = nvUpdatusService 服务无法使用当前配置的密码以 .\UpdatusUser 身份登录,错误原因如下: %%1330 要确保服务配置正确,请使用 Microsoft 管理控制台(MMC)中的服务管理单元。 Error - 2013/6/28 8:49:08 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7000Description = 由于下列错误,NVIDIA Update Service Daemon 服务启动失败: %%1069 < End of report > Link to post Share on other sites More sharing options...
fxjudy Posted June 28, 2013 Author ID:696559 Share Posted June 28, 2013 OTL logfile created on: 2013/6/28 21:11:42 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = D:\download Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d 1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.70% Memory free3.98 Gb Paging File | 3.10 Gb Available in Paging File | 77.82% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 39.09 Gb Total Space | 6.75 Gb Free Space | 17.27% Space Free | Partition Type: NTFSDrive D: | 80.04 Gb Total Space | 48.64 Gb Free Space | 60.77% Space Free | Partition Type: NTFSDrive E: | 80.04 Gb Total Space | 67.55 Gb Free Space | 84.39% Space Free | Partition Type: NTFSDrive F: | 98.91 Gb Total Space | 57.40 Gb Free Space | 58.03% Space Free | Partition Type: NTFS Computer Name: JUDY-PC | User Name: judy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/28 21:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\download\OTL.exePRC - [2013/06/18 12:12:16 | 004,000,120 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSKernel.exePRC - [2013/06/07 18:01:02 | 004,144,504 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSProtect.exePRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/17 15:14:42 | 000,453,136 | ---- | M] (Genie9) -- D:\Program Files\Genie9\Zoolz2\ZoolzService.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exePRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exePRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exePRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2012/11/01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exePRC - [2012/11/01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exePRC - [2012/11/01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- D:\Program Files\vmware\vmware-authd.exePRC - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exePRC - [2012/08/30 23:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exePRC - [2012/08/30 23:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exePRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2012/08/26 04:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- D:\Program Files\Sandboxie\SbieSvc.exePRC - [2011/12/26 16:48:36 | 000,430,720 | ---- | M] () -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exePRC - [2011/10/22 10:16:38 | 000,273,688 | ---- | M] (http://tortoisesvn.net) -- D:\Program Files\TortoiseSVN\bin\TSVNCache.exePRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013/03/14 16:38:26 | 000,073,728 | ---- | M] () -- D:\Program Files\Genie9\Zoolz2\Communicator.dllMOD - [2012/12/31 17:56:26 | 000,148,992 | ---- | M] () -- D:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dllMOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\System32\PrxerNsp.dllMOD - [2012/11/14 21:06:14 | 000,038,400 | ---- | M] () -- D:\Program Files\Genie9\Zoolz2\GSLogging.dllMOD - [2012/01/08 21:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dllMOD - [2011/10/22 10:16:18 | 000,070,424 | ---- | M] () -- D:\Program Files\TortoiseSVN\bin\libsasl32.dll ========== Services (SafeList) ========== SRV - [2013/06/12 16:33:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/17 15:14:42 | 000,453,136 | ---- | M] (Genie9) [Auto | Running] -- D:\Program Files\Genie9\Zoolz2\ZoolzService.exe -- (Zoolz 2 Service)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV - [2012/11/01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)SRV - [2012/11/01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)SRV - [2012/11/01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\Program Files\vmware\vmware-authd.exe -- (VMAuthdService)SRV - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)SRV - [2012/08/31 03:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/08/26 04:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)SRV - [2011/12/26 16:48:36 | 000,430,720 | ---- | M] () [Auto | Running] -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe -- (ICBC Daemon Service)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:\512M Driver\IODrv.sys -- (IODRV)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\judy\AppData\Local\Temp\catchme.sys -- (catchme)DRV - [2013/06/28 20:46:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63A45C40-2067-46D9-A5A9-0D1A4FD2E9EC}\MpKsl19f049f8.sys -- (MpKsl19f049f8)DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)DRV - [2012/11/01 02:35:14 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)DRV - [2012/11/01 02:34:52 | 000,061,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)DRV - [2012/11/01 02:34:08 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)DRV - [2012/11/01 02:34:08 | 000,025,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)DRV - [2012/11/01 02:34:08 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)DRV - [2012/10/24 14:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)DRV - [2012/10/24 14:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)DRV - [2012/10/11 17:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)DRV - [2012/10/02 09:01:09 | 000,425,368 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PassGuard.sys -- (PassGuard)DRV - [2012/08/31 03:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2012/08/26 04:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)DRV - [2012/07/03 23:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)DRV - [2011/05/31 15:49:42 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)DRV - [2011/05/31 15:49:42 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2007/07/13 00:35:46 | 000,006,912 | ---- | M] (TPS Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tpsacpi.sys -- (tpsacpi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cn.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CNIE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 AC BE 2B D1 73 CE 01 [binary data]IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=ppsbaibu_oem_dg&ch=33IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localIE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:30000 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: ""FF - prefs.js..browser.search.defaultenginename,S: S", ""FF - prefs.js..browser.search.defaultthis.engineName: ""FF - prefs.js..browser.search.defaulturl: ""FF - prefs.js..browser.search.order.1: ""FF - prefs.js..browser.search.order.1,S: S", ""FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.selectedEngine,S: S", ""FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"FF - prefs.js..extensions.enabledAddons: eliteproxyswitcher%40my-proxy.com:1.2.0.2FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9FF - prefs.js..extensions.enabledAddons: jiathis%40jiathis.com:1.0.2.2FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0FF - prefs.js..network.proxy.socks: "127.0.0.1"FF - prefs.js..network.proxy.socks_port: 30000FF - prefs.js..network.proxy.socks_remote_dns: trueFF - prefs.js..network.proxy.type: 0FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@alipay.com/npaliedit: C:\Windows\system32\npaliedit\1.3.0.6\npaliedit.dll (Alipay.com co.,ltd)FF - HKLM\Software\MozillaPlugins\@alipay.com/NPComBrg701,version=1.0.2011.701: C:\Windows\system32\itruscert\NPComBrg701.dll (iTrusChina)FF - HKLM\Software\MozillaPlugins\@baidu.com/npsetupdone: D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\plugins\npBDSetupDone.dll ()FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\Windows\Downloaded Program Files\21293574\npxbdsetup.dll File not foundFF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\plugins\npxbdyy.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF - HKCU\Software\MozillaPlugins\@alipay.com/npalicert: C:\Users\judy\AppData\Roaming\alipay\cf\npalicdo.dll (alipay.com)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\judy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\judy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/12/20 08:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\Extensions[2013/06/24 10:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions[2013/05/08 19:18:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}[2013/01/28 09:40:02 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}[2013/05/23 10:01:16 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions\wappalyzer@crunchlabz.com[2012/12/20 09:03:52 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\eliteproxyswitcher@my-proxy.com.xpi[2013/05/25 10:01:41 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\firebug@software.joehewitt.com.xpi[2013/01/04 21:57:42 | 000,101,265 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\jiathis@jiathis.com.xpi[2013/02/03 11:39:45 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\yslow@yahoo-inc.com.xpi[2012/12/20 09:20:47 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi[2013/02/25 10:33:56 | 000,240,732 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi ========== Chrome ========== CHR - homepage: http://isearch.babylon.com/?affID=116637&tt=5112_8&babsrc=HP_ss&mntrId=12fb25b5000000000000000000000000 O1 HOSTS File: ([2013/06/26 10:10:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (7B3FDA4D-DAE0-EBA3-AFAF-36020A742438 Class) - {7B3FDA4D-DAE0-EBA3-AFAF-36020A742438} - C:\Program Files\addr\{7B3FDA4D-DAE0-EBA3-AFAF-36020A742438}\AddressBar.dll ()O2 - BHO: (迅雷下载支持) - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\MiniThunder\bho\XunleiBHO7.1.7.2248.dll (Xunlei Tech Network)O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\judy\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKU\.DEFAULT..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)O4 - HKU\S-1-5-18..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)O4 - HKU\S-1-5-19..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)O4 - HKU\S-1-5-20..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)O4 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra 'Tools' menuitem : Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not foundO9 - Extra Button: 发送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : 发送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote 链接笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote 链接笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ()O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\PrxerDrv.dll (Initex)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\PrxerDrv.dll (Initex)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\PrxerDrv.dll (Initex)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\PrxerDrv.dll (Initex)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alipay.com ([]http in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alipay.com ([]https in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alisoft.com ([]http in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alisoft.com ([]https in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: facebook.com ([login] https in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: google.com ([mail] https in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: icbc.com.cn ([]https in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: taobao.com ([]http in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: taobao.com ([]https in 受信任的站点)O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: twitter.com ([]https in 受信任的站点)O16 - DPF: {0E48410F-D1B8-472A-85DB-27F3D77284CE} https://unionpaysecure.com/upe/UPEditor.cab (UPEditorCtrl Class)O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll (InfoSecICBCNetSign Class)O16 - DPF: {BC878AFA-767A-47D8-B61E-AD96F210833A} https://mybank.icbc.com.cn/icbc/newperbank/icbcEnvCtrl.cab (AxEnvSet Class)O16 - DPF: {BF6B2647-9A97-4258-AC3F-7CC8EA20D422} https://mybank.icbc.com.cn/icbc/icbc_gemplusdv.dll (Icbc_gemplusdv Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9C1ED3-F3C1-4FA3-9127-040F6E3269CC}: NameServer = 8.26.56.26,156.154.70.22O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{341D0DAC-33D1-4A64-8D9D-43E4103AB40A}: NameServer = 8.8.8.8 8.8.4.4O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E988ABA6-A6D6-4FBD-A040-7C2A38834C0C}: NameServer = 8.8.8.8,8.8.4.4O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/27 22:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu[2013/06/27 22:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\addr[2013/06/27 22:46:20 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\idevice[2013/06/27 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ppstream[2013/06/27 22:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPStream[2013/06/27 22:45:16 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\PPStream[2013/06/27 15:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageOneTraffic[2013/06/26 15:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/06/26 09:40:53 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/06/26 09:40:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/06/25 23:27:43 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\Tencent[2013/06/25 23:27:42 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\Tencent[2013/06/25 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\Tencent[2013/06/25 21:03:54 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\kudani[2013/06/25 21:03:54 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\__MACOSX[2013/06/25 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\com.pageone.Kudani[2013/06/25 16:38:58 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\com.ideaincubatorlp.crystl[2013/06/24 10:17:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/06/24 10:16:55 | 000,000,000 | ---D | C] -- C:\JRT[2013/06/23 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\SvchostViewer[2013/06/23 12:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft[2013/06/22 16:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/06/21 16:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Treasure Hunter[2013/06/20 19:52:04 | 000,000,000 | ---D | C] -- C:\Users\judy\Desktop\RK_Quarantine[2013/06/19 10:25:32 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\Malwarebytes[2013/06/19 10:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/06/19 10:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/06/19 10:25:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2013/06/18 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Blog Samurai[2013/06/16 21:26:50 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\BlogProfitPro[2013/06/16 21:26:44 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\Jolinco_LLC[2013/06/07 11:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsTweets ========== Files - Modified Within 30 Days ========== [2013/06/28 21:11:39 | 000,000,600 | ---- | M] () -- C:\Users\judy\PUTTY.RND[2013/06/28 21:06:02 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000UA.job[2013/06/28 20:54:11 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/06/28 20:54:11 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/06/28 20:48:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/06/28 20:48:11 | 000,000,246 | ---- | M] () -- C:\Windows\tasks\PPSProtect.job[2013/06/28 20:46:45 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/06/28 20:46:44 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl[2013/06/28 20:46:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/06/28 20:46:18 | 1601,613,824 | -HS- | M] () -- C:\hiberfil.sys[2013/06/28 17:31:00 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/06/28 17:06:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000Core.job[2013/06/27 22:46:07 | 000,000,691 | ---- | M] () -- C:\Users\Public\Desktop\PPS影音.lnk[2013/06/27 22:46:07 | 000,000,691 | ---- | M] () -- C:\Users\judy\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk[2013/06/27 22:08:10 | 000,001,042 | ---- | M] () -- C:\Users\judy\AppData\Roaming\coreavc.ini[2013/06/27 20:34:47 | 003,799,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2013/06/27 15:49:52 | 000,130,210 | ---- | M] () -- C:\Users\judy\Documents\feedsList.xml[2013/06/27 15:48:54 | 000,130,210 | ---- | M] () -- C:\Users\judy\Desktop\feedsList.xml[2013/06/27 15:27:45 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\Kudani.lnk[2013/06/27 12:43:09 | 000,034,968 | ---- | M] () -- C:\Users\judy\Documents\cc_20130627_124301.reg[2013/06/27 10:24:19 | 000,008,118 | ---- | M] () -- C:\Users\judy\Documents\cc_20130627_102358.reg[2013/06/26 10:10:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts[2013/06/25 20:56:56 | 013,636,983 | ---- | M] () -- C:\Users\judy\Documents\kudani-images.zip[2013/06/25 15:58:57 | 000,001,163 | ---- | M] () -- C:\Users\judy\Documents\addmefastprofile.csv-profile.csv[2013/06/25 10:14:42 | 000,001,988 | ---- | M] () -- C:\Users\judy\Desktop\SEnukeXCr.lnk[2013/06/24 19:29:46 | 000,017,798 | ---- | M] () -- C:\Users\judy\Documents\cc_20130624_192937.reg[2013/06/24 09:47:32 | 000,000,859 | ---- | M] () -- C:\Users\judy\Desktop\AddMeFastBot - 1.0.33 - 快捷方式.lnk[2013/06/22 21:10:08 | 000,000,132 | ---- | M] () -- C:\Users\judy\AppData\Roaming\Adobe PNG Format CS5 Prefs[2013/06/21 16:08:49 | 000,002,637 | ---- | M] () -- C:\Users\Public\Desktop\Amz Treasure Hunter.lnk[2013/06/21 11:25:30 | 007,703,015 | ---- | M] () -- C:\Users\judy\Documents\Killing-It-With-Amazon.pdf[2013/06/20 19:51:27 | 000,014,768 | ---- | M] () -- C:\Users\judy\Documents\cc_20130620_195120.reg[2013/06/19 22:08:47 | 000,000,138 | ---- | M] () -- C:\Windows\vsfilter.INI[2013/06/19 10:25:22 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/06/18 20:44:50 | 000,003,035 | ---- | M] () -- C:\Users\judy\Desktop\Auto Blog Samurai.lnk[2013/06/17 09:32:21 | 000,013,304 | ---- | M] () -- C:\Users\judy\Documents\cc_20130617_093215.reg[2013/06/17 09:21:51 | 000,000,845 | ---- | M] () -- C:\Users\judy\Desktop\AddMeFastBot1.0.3.2 - 快捷方式.lnk[2013/06/16 09:51:18 | 000,007,002 | ---- | M] () -- C:\Users\judy\Documents\account.csv[2013/06/14 22:09:32 | 000,001,014 | ---- | M] () -- C:\Users\judy\Desktop\百度影音浏览器.lnk[2013/06/14 22:07:26 | 000,000,598 | ---- | M] () -- C:\Windows\System32\bdsecushr.dat[2013/06/07 11:47:51 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\NewsTweets.lnk[2013/06/05 09:48:44 | 000,000,843 | ---- | M] () -- C:\Users\judy\Desktop\AddMeFastBot Update - 快捷方式 (2).lnk[2013/06/05 09:29:28 | 000,001,167 | ---- | M] () -- C:\Users\judy\Documents\addmefast-profile2.csv-profile.csv-profile.csv[2013/06/05 08:56:04 | 000,005,180 | ---- | M] () -- C:\Users\judy\Documents\cc_20130605_085558.reg[2013/06/05 08:46:01 | 000,001,158 | ---- | M] () -- C:\Users\judy\Documents\addmefast-profile1.csv-profile.csv-profile.csv[2013/06/04 12:38:10 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf ========== Files Created - No Company Name ========== [2013/06/27 22:46:13 | 000,000,691 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPS 影音.lnk[2013/06/27 22:46:13 | 000,000,246 | ---- | C] () -- C:\Windows\tasks\PPSProtect.job[2013/06/27 22:46:07 | 000,000,691 | ---- | C] () -- C:\Users\Public\Desktop\PPS影音.lnk[2013/06/27 22:46:07 | 000,000,691 | ---- | C] () -- C:\Users\judy\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk[2013/06/27 20:34:22 | 003,799,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2013/06/27 15:49:52 | 000,130,210 | ---- | C] () -- C:\Users\judy\Documents\feedsList.xml[2013/06/27 15:48:53 | 000,130,210 | ---- | C] () -- C:\Users\judy\Desktop\feedsList.xml[2013/06/27 12:43:05 | 000,034,968 | ---- | C] () -- C:\Users\judy\Documents\cc_20130627_124301.reg[2013/06/27 10:24:12 | 000,008,118 | ---- | C] () -- C:\Users\judy\Documents\cc_20130627_102358.reg[2013/06/26 15:52:57 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\Kudani.lnk[2013/06/25 21:02:27 | 013,636,983 | ---- | C] () -- C:\Users\judy\Documents\kudani-images.zip[2013/06/24 19:29:41 | 000,017,798 | ---- | C] () -- C:\Users\judy\Documents\cc_20130624_192937.reg[2013/06/24 09:47:32 | 000,000,859 | ---- | C] () -- C:\Users\judy\Desktop\AddMeFastBot - 1.0.33 - 快捷方式.lnk[2013/06/21 16:08:49 | 000,002,637 | ---- | C] () -- C:\Users\Public\Desktop\Amz Treasure Hunter.lnk[2013/06/21 11:21:15 | 007,703,015 | ---- | C] () -- C:\Users\judy\Documents\Killing-It-With-Amazon.pdf[2013/06/20 19:51:24 | 000,014,768 | ---- | C] () -- C:\Users\judy\Documents\cc_20130620_195120.reg[2013/06/19 10:25:22 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/06/18 20:44:50 | 000,003,035 | ---- | C] () -- C:\Users\judy\Desktop\Auto Blog Samurai.lnk[2013/06/17 09:32:19 | 000,013,304 | ---- | C] () -- C:\Users\judy\Documents\cc_20130617_093215.reg[2013/06/14 22:09:32 | 000,001,014 | ---- | C] () -- C:\Users\judy\Desktop\百度影音浏览器.lnk[2013/06/10 17:20:37 | 000,000,845 | ---- | C] () -- C:\Users\judy\Desktop\AddMeFastBot1.0.3.2 - 快捷方式.lnk[2013/06/08 20:47:14 | 000,001,163 | ---- | C] () -- C:\Users\judy\Documents\addmefastprofile.csv-profile.csv[2013/06/07 11:47:51 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\NewsTweets.lnk[2013/06/05 09:48:44 | 000,000,843 | ---- | C] () -- C:\Users\judy\Desktop\AddMeFastBot Update - 快捷方式 (2).lnk[2013/06/05 09:29:28 | 000,001,167 | ---- | C] () -- C:\Users\judy\Documents\addmefast-profile2.csv-profile.csv-profile.csv[2013/06/05 08:56:01 | 000,005,180 | ---- | C] () -- C:\Users\judy\Documents\cc_20130605_085558.reg[2013/06/04 12:38:10 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf[2013/04/10 19:50:19 | 000,000,598 | ---- | C] () -- C:\Windows\System32\bdsecushr.dat[2013/03/30 20:58:24 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI[2013/03/22 11:29:03 | 000,201,216 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat[2013/03/19 10:12:17 | 000,056,424 | ---- | C] () -- C:\Windows\System32\PrxerNsp.dll[2013/03/04 17:12:10 | 000,000,088 | ---- | C] () -- C:\Users\judy\.c79792229cdae4d8fe4e261fc4d6976b.key[2013/03/04 17:08:10 | 000,000,088 | ---- | C] () -- C:\Users\judy\.95d691779473f3e03bc4b4e56319d74c.key[2012/12/26 15:42:54 | 000,007,602 | ---- | C] () -- C:\Users\judy\AppData\Local\Resmon.ResmonCfg[2012/12/06 23:20:36 | 000,001,670 | ---- | C] () -- C:\Windows\Sandboxie.ini[2012/12/06 22:30:20 | 000,005,078 | ---- | C] () -- C:\ProgramData\zjyopzph.wxh[2012/11/08 13:02:40 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat[2012/11/08 12:56:43 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI[2012/11/05 22:41:49 | 000,000,132 | ---- | C] () -- C:\Users\judy\AppData\Roaming\Adobe IllExport Filter CS5 Prefs[2012/10/01 22:30:34 | 000,425,368 | ---- | C] () -- C:\Windows\System32\drivers\PassGuard.sys[2012/09/20 15:40:00 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe[2012/08/26 21:41:57 | 000,000,031 | ---- | C] () -- C:\Windows\pdf2word.ini[2012/08/26 10:45:03 | 000,184,294 | ---- | C] () -- C:\Users\judy\AppData\Local\BlackToText907.tif[2012/06/05 21:59:35 | 000,001,042 | ---- | C] () -- C:\Users\judy\AppData\Roaming\coreavc.ini[2012/05/28 09:37:34 | 000,000,132 | ---- | C] () -- C:\Users\judy\AppData\Roaming\Adobe GIF Format CS5 Prefs[2012/05/20 08:55:14 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll[2012/03/15 17:52:32 | 000,069,632 | ---- | C] () -- C:\Windows\System32\csExWBDLMan.dll[2012/02/17 11:22:19 | 000,000,073 | ---- | C] () -- C:\Windows\jg.INI[2011/12/26 14:10:46 | 000,174,208 | ---- | C] () -- C:\Windows\System32\icbcclean.dll[2011/12/26 14:10:46 | 000,113,792 | ---- | C] () -- C:\Windows\System32\EditControl.dll[2011/12/26 14:10:46 | 000,072,832 | ---- | C] () -- C:\Windows\System32\UploadControl.dll[2011/11/11 09:54:48 | 000,000,720 | ---- | C] () -- C:\Users\judy\.appcfg_cookies[2011/10/16 10:28:11 | 000,001,456 | ---- | C] () -- C:\Users\judy\AppData\Local\Adobe Save for Web 12.0 Prefs[2011/10/16 09:47:42 | 000,000,132 | ---- | C] () -- C:\Users\judy\AppData\Roaming\Adobe PNG Format CS5 Prefs[2011/06/28 09:59:06 | 000,000,600 | ---- | C] () -- C:\Users\judy\PUTTY.RND ========== ZeroAccess Check ========== [2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42ae
Recommended Posts