Jump to content

need to remove svchost.exe virus,please help!


Recommended Posts

this is the protection-log-2013-06-23.txt

2013/06/23 08:29:24 +0800    JUDY-PC    judy    MESSAGE    Executing scheduled update:  Daily
2013/06/23 08:29:26 +0800    JUDY-PC    judy    ERROR    Scheduled update failed:  Host not found failed with error code 0
2013/06/23 08:29:30 +0800    JUDY-PC    judy    MESSAGE    Starting protection
2013/06/23 08:29:30 +0800    JUDY-PC    judy    MESSAGE    Protection started successfully
2013/06/23 08:29:30 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/23 08:29:33 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/23 08:30:58 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.8 (Type: incoming, Port: 6668, Process: svchost.exe)
2013/06/23 08:37:09 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 08:38:16 +0800    JUDY-PC    judy    MESSAGE    Starting database refresh
2013/06/23 08:38:16 +0800    JUDY-PC    judy    MESSAGE    Stopping IP protection
2013/06/23 08:38:18 +0800    JUDY-PC    judy    MESSAGE    IP Protection stopped successfully
2013/06/23 08:38:32 +0800    JUDY-PC    judy    MESSAGE    Database refreshed successfully
2013/06/23 08:38:32 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/23 08:38:36 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/23 09:20:30 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 09:40:26 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/06/23 09:55:10 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 10:01:43 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.84 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 10:21:15 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 10:29:57 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 10:35:35 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.239 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 10:36:15 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.93 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 10:57:02 +0800    JUDY-PC    judy    IP-BLOCK    211.95.79.137 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/06/23 10:57:26 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 11:03:37 +0800    JUDY-PC    judy    IP-BLOCK    121.10.133.196 (Type: incoming, Port: 39507, Process: svchost.exe)
2013/06/23 11:03:45 +0800    JUDY-PC    judy    IP-BLOCK    121.10.133.196 (Type: incoming, Port: 18707, Process: svchost.exe)
2013/06/23 11:03:45 +0800    JUDY-PC    judy    IP-BLOCK    121.10.133.196 (Type: incoming, Port: 39507, Process: svchost.exe)
2013/06/23 11:04:01 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.84 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 11:18:26 +0800    JUDY-PC    judy    IP-BLOCK    58.241.131.198 (Type: incoming, Port: 4306, Process: svchost.exe)
2013/06/23 11:32:22 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.89 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 11:38:14 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.238 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 11:39:19 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 11:44:55 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 12:06:32 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.247 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 12:07:05 +0800    JUDY-PC    judy    IP-BLOCK    89.248.171.125 (Type: incoming, Port: 53, Process: svchost.exe)
2013/06/23 12:14:05 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 12:34:41 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.248 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 12:40:04 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 12:40:45 +0800    JUDY-PC    judy    IP-BLOCK    220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)
2013/06/23 12:40:45 +0800    JUDY-PC    judy    IP-BLOCK    220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)
2013/06/23 12:40:53 +0800    JUDY-PC    judy    IP-BLOCK    220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)
2013/06/23 12:40:53 +0800    JUDY-PC    judy    IP-BLOCK    220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)
2013/06/23 12:40:53 +0800    JUDY-PC    judy    IP-BLOCK    220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)
2013/06/23 12:41:01 +0800    JUDY-PC    judy    IP-BLOCK    220.248.166.2 (Type: incoming, Port: 14433, Process: svchost.exe)
2013/06/23 12:48:44 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 12:48:44 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 13:08:48 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.238 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 13:23:28 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 15:24:16 +0800    JUDY-PC    judy    MESSAGE    Starting protection
2013/06/23 15:24:16 +0800    JUDY-PC    judy    MESSAGE    Protection started successfully
2013/06/23 15:24:16 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/23 15:24:20 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/23 15:38:07 +0800    JUDY-PC    judy    IP-BLOCK    60.173.10.107 (Type: incoming, Port: 6667, Process: svchost.exe)
2013/06/23 15:38:07 +0800    JUDY-PC    judy    IP-BLOCK    60.173.10.107 (Type: incoming, Port: 8909, Process: svchost.exe)
2013/06/23 15:45:37 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 15:53:39 +0800    JUDY-PC    judy    MESSAGE    Starting protection
2013/06/23 15:53:39 +0800    JUDY-PC    judy    MESSAGE    Protection started successfully
2013/06/23 15:53:39 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/23 15:53:42 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/23 16:02:21 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.238 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 16:15:50 +0800    JUDY-PC    judy    IP-BLOCK    222.186.31.6 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/06/23 16:52:33 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 16:59:05 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.248 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 20:43:59 +0800    JUDY-PC    judy    MESSAGE    Starting protection
2013/06/23 20:43:59 +0800    JUDY-PC    judy    MESSAGE    Protection started successfully
2013/06/23 20:43:59 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/23 20:44:03 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/23 21:20:37 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 21:55:21 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 22:07:54 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.80 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/23 22:08:18 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.77 (Type: incoming, Port: 6670, Process: svchost.exe)
2013/06/23 22:21:23 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.12 (Type: incoming, Port: 6666, Process: svchost.exe)
 

Link to post
Share on other sites

Hello fxjudy and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

ContinueToSave 1.74

continuetosiavee

easyMule

Yontoo Layers Runtime 1.10.01

μTorrent

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log
Link to post
Share on other sites

Please take a look at my instructions:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Post the contents of JRT.txt into your next message.

Please post the content of that logfile with your next answer.

Copy&Paste the entire report in your next reply.

In your next reply, post the following log files:

Link to post
Share on other sites

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Basic x86
Ran by judy on 2013/06/24 周一 at 10:17:05.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduituninstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduituninstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3174398
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\judy\AppData\Roaming\babylon"
Failed to delete: [Folder] "C:\Users\judy\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\judy\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\judy\AppData\Roaming\tencent"
Successfully deleted: [Folder] "C:\Users\judy\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\judy\appdata\local\baidu"
Successfully deleted: [Folder] "C:\Users\judy\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\judy\appdata\local\tencent"
Successfully deleted: [Folder] "C:\Users\judy\appdata\locallow\baidu"
Successfully deleted: [Folder] "C:\Users\judy\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\judy\appdata\locallow\tencent"
Successfully deleted: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\tencent"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\Program Files\ask.com"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013/06/24 周一 at 10:18:43.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 10:23:55
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)
# User : judy - JUDY-PC
# Boot Mode : Normal
# Running from : D:\download\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\continuetosiavee
Folder Deleted : C:\Users\judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\doejkibmjpgjmfddphnakbfhjfcbgknk
Folder Deleted : C:\Users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\judy\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\judy\Documents\Tencent

***** [Registry] *****

Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AppDataLow\TENCENT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{49544940-E4F9-CEBD-693C-48E11C1BF6BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49544940-E4F9-CEBD-693C-48E11C1BF6BD}
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\TENCENT

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (zh-CN)

File : C:\Users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\prefs.js

C:\Users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.5183bd47b7a72.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\judy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [unable to get version]

File : C:\Users\judy\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3778 octets] - [24/06/2013 10:23:16]
AdwCleaner[s1].txt - [3884 octets] - [24/06/2013 10:23:55]

########## EOF - C:\AdwCleaner[s1].txt - [3944 octets] ##########

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

数据库版本 v2013.06.23.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 浏览器 10.0.9200.16618
judy :: JUDY-PC [管理员]

防护: 已启用

2013/6/24 10:31:36
mbam-log-2013-06-24 (10-31-36).txt

扫描类型: 快速扫描
启用扫描选项: 内存 | 启动项 | 注册表 | 文件系统 | 启发式/附加 | 启发式/Shuriken 引擎 | PUP | PUM
禁用扫描选项: P2P
扫描项目: 227080
扫描用时 8 分钟, 14 秒

被感染内存进程数目 0
(未发现有害项目

被感染内存模块数目 0
(未发现有害项目

被感染注册表项数目 0
(未发现有害项目

被感染注册表值数目 0
(未发现有害项目

被感染注册表数据项数目 0
(未发现有害项目

被感染文件夹数目 0
(未发现有害项目

被感染文件数目 0
(未发现有害项目

(结束)

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.7.2
Run by judy at 10:41:41 on 2013-06-24
Microsoft Windows 7 家庭普通版   6.1.7601.1.936.86.2052.18.2037.1155 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
D:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files\Common Files\Microsoft Shared\IME14WR\SHARED\IMEDICTUPDATE.EXE
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\vmnat.exe
D:\Program Files\Genie9\Zoolz2\ZoolzService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\NOTEPAD.EXE
D:\Program Files\vmware\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = socks=127.0.0.1:30000
uProxyOverride = local
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: 迅雷下载支持: {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\program files\thunder network\minithunder\bho\XunleiBHO7.1.7.2248.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\judy\appdata\roaming\flashgetbho\FlashGetBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - d:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ICBC Anti-Phishing class: {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\Icbc_AntiPhishing.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: icbc.com.cn
Trusted Zone: taobao.com
Trusted Zone: taobao.com
Trusted Zone: twitter.com




TCP: Interfaces\{0E9C1ED3-F3C1-4FA3-9127-040F6E3269CC} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{341D0DAC-33D1-4A64-8D9D-43E4103AB40A} : NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E988ABA6-A6D6-4FBD-A040-7C2A38834C0C} : NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: DfLogon - LogonDll.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\judy\appdata\roaming\mozilla\firefox\profiles\ofugp520.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 30000
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\judy\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\judy\appdata\roaming\alipay\cf\npalicdo.dll
FF - plugin: c:\windows\downloaded program files\21293574\npxbdsetup.dll
FF - plugin: c:\windows\system32\itruscert\NPComBrg701.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npaliedit\1.3.0.6\npaliedit.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: d:\progra~2\micros~1\office14\NPAUTHZ.DLL
FF - plugin: d:\progra~2\micros~1\office14\NPSPWRAP.DLL
FF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npBDSetupDone.dll
FF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npBDSetupDoneReg.dll
FF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npibdyy.dll
FF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\NPSWF32.dll
FF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npxbdyy.dll
FF - plugin: d:\program files\baiduplayerbrowser\2.5.1.49_1\plugins\npxbdyyreg.dll
FF - ExtSQL: 2013-05-08 19:18; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\judy\appdata\roaming\mozilla\firefox\profiles\ofugp520.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 tpsacpi;TPS Firmware Extension Device Driver;c:\windows\system32\drivers\tpsacpi.sys [2007-7-13 6912]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-12-7 61464]
R1 MpKsledc3622e;MpKsledc3622e;c:\programdata\microsoft\microsoft antimalware\definition updates\{d3a15deb-f6ce-4fa3-bc20-dde86286cf4e}\MpKsledc3622e.sys [2013-6-24 29904]
R2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\IcbcDaemon.exe [2011-12-26 430720]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-10-20 59760]
R2 ImeDictUpdateServiceWR;Microsoft IME Dictionary Update For Web Release;c:\program files\common files\microsoft shared\ime14wr\shared\IMEDICTUPDATE.EXE [2010-2-1 60208]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-19 418376]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-19 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
R2 PassGuard;PassGuard;c:\windows\system32\drivers\PassGuard.sys [2012-10-1 425368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]
R2 Zoolz 2 Service;Zoolz Service;d:\program files\genie9\zoolz2\ZoolzService.exe [2013-4-17 453136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-19 22856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2011-5-31 22016]
R3 NisSrv;Microsoft 网络检查;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-12 230912]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2012-8-26 157776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2011-5-31 22016]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-12-1 27192]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-2-22 37064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="d:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="d:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-24 02:27:05    29904    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{d3a15deb-f6ce-4fa3-bc20-dde86286cf4e}\MpKsledc3622e.sys
2013-06-24 02:17:02    --------    d-----w-    c:\windows\ERUNT
2013-06-24 02:16:55    --------    d-----w-    C:\JRT
2013-06-23 07:38:56    --------    d-----w-    c:\users\judy\appdata\local\SvchostViewer
2013-06-23 07:36:28    7068072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{d3a15deb-f6ce-4fa3-bc20-dde86286cf4e}\mpengine.dll
2013-06-23 04:27:45    --------    d-----w-    c:\programdata\kingsoft
2013-06-22 08:47:00    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-22 01:11:35    7068072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-21 00:40:07    724464    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{5503ed4c-1a13-465e-83ae-090b9ce04942}\gapaengine.dll
2013-06-19 02:25:32    --------    d-----w-    c:\users\judy\appdata\roaming\Malwarebytes
2013-06-19 02:25:14    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-19 02:25:11    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-16 13:26:44    --------    d-----w-    c:\users\judy\appdata\local\Jolinco_LLC
2013-06-12 15:39:08    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-12 15:39:07    218112    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-06-12 07:53:46    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2013-06-12 07:53:42    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-12 07:53:40    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-12 07:53:37    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-06-12 07:53:37    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-06-12 07:53:37    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-12 07:53:37    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-12 07:53:37    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-12 07:53:34    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-06-12 07:53:33    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-12 07:53:32    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-12 07:53:31    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-06-12 08:33:57    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 08:33:57    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-17 01:25:57    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06    2347520    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 10:42:51.61 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 家庭普通版
Boot Device: \Device\HarddiskVolume1
Install Date: 2011/2/23 10:48:02
System Uptime: 2013/6/24 10:26:26 (0 hours ago)
.
Motherboard: Render |  | C02
Processor: Intel® Pentium® CPU        P6200  @ 2.13GHz | CPU 1 | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 5.062 GiB free.
D: is FIXED (NTFS) - 80 GiB total, 30.517 GiB free.
E: is FIXED (NTFS) - 80 GiB total, 16.786 GiB free.
F: is FIXED (NTFS) - 99 GiB total, 28.237 GiB free.
G: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR9285 Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&EDEF54E&0&00E1
Manufacturer: Atheros Communications Inc.
Name: Atheros AR9285 Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&EDEF54E&0&00E1
Service: athr
.
==== System Restore Points ===================
.
RP455: 2013/6/21 16:08:29 - Installed Amz Treasure Hunter 2.0 Standard
RP456: 2013/6/23 9:49:24 - 已除去 Rnotify
RP457: 2013/6/23 15:36:07 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
A1 Website Download
ActivePerl 5.14.2 Build 1402
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.7) - Chinese Simplified
Adobe Widget Browser
Amz Treasure Hunter 2.0 Standard
Android SDK Tools
Applian FLV and Media Player 3.1.1.12
Atheros Client Installation Program
Auto Blog Samurai
Azon Product Inspector
Belarc Advisor 8.3
Captcha Sniper
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Elite Proxy Switcher 1.21
ExamXMLPro
FaceDominator
Feedback Tool
FileSeek 2.1.3
FileZilla Client 3.5.3
FlashGet3.7
Google App Engine
Google Chrome
Google Update Helper
IE搜索助手
ImageMagick 6.7.0-0 Q16 (2011-06-01)
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Keyword Optimizer Pro 2
Lingoes 2.7.1
LongTailPro - Version 2.1.6
Malwarebytes Anti-Malware 版本 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CHS Language Pack
Microsoft .NET Framework 4 Client Profile 简体中文语言包
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended CHS Language Pack
Microsoft .NET Framework 4 Extended 简体中文语言包
Microsoft Antimalware Service ZH-CN Language Pack
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Chinese (Simplified)) 2010
Microsoft Office Excel MUI (Chinese (Simplified)) 2010
Microsoft Office Groove MUI (Chinese (Simplified)) 2010
Microsoft Office IME (Chinese (Simplified)) 2010
Microsoft Office IMESS (Chinese (Simplified)) 2010
Microsoft Office InfoPath MUI (Chinese (Simplified)) 2010
Microsoft Office Language Pack 2010 - Chinese (PRC)/中文(简体)
Microsoft Office O MUI (Chinese (Simplified)) 2010
Microsoft Office OneNote MUI (Chinese (Simplified)) 2010
Microsoft Office Outlook MUI (Chinese (Simplified)) 2010
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Chinese (Simplified)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Simplified)) 2010
Microsoft Office Publisher MUI (Chinese (Simplified)) 2010
Microsoft Office ScreenTip Language 2010 - 简体中文
Microsoft Office Shared MUI (Chinese (Simplified)) 2010
Microsoft Office SharePoint Designer MUI (Chinese (Simplified)) 2010
Microsoft Office Word MUI (Chinese (Simplified)) 2010
Microsoft Office X MUI (Chinese (Simplified)) 2010
Microsoft Security Client
Microsoft Security Client ZH-CN Language Pack
Microsoft Security Essentials
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 21.0 (x86 zh-CN)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewsTweets version 1.0
NVIDIA 3D Vision 控制器驱动程序 306.23
NVIDIA 3D Vision 驱动程序 306.23
NVIDIA HD 音频驱动程序 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX 系统软件 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
NVIDIA 更新 1.10.8
NVIDIA 控制面板 306.23
NVIDIA 图形驱动程序 306.23
OANDA - MetaTrader 4.00
Opera 11.01
Opera Mobile Emulator
PDF Settings CS5
Poedit
PPS影音2.7.0.1392
Proxifier version 3.21
ProxyChecker (remove only)
Python 2.5.2
Python 2.7.2
QQ概念版
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Registry Trash Keys Finder (Freeware)
Revo Uninstaller Pro 2.5.9
RSS Feeds Submit
Sandboxie 3.74 (32-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile 简体中文语言包 (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile 简体中文语言包 (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Synaptics Pointing Device Driver
System Requirements Lab
tools-windows
TortoiseSVN 1.7.1.22161 (32 bit)
TweetAttacks
UltraISO Premium V9.36
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update or Uninstall SENukeX
VBRunALL
VMware Player
Windows Media Player Firefox Plugin
WinHTTrack Website Copier 3.46-1
WinMerge 2.12.4
WinRAR 压缩文件管理器
XAMPP 1.4.13
Zoolz2
百度影音浏览器
工行网银助手
网赢网站发布平台
微软拼音输入法 2010
银联在线支付安全控件IE版 1.0.0.4
支付宝安全插件 1.3.0.6
支付宝数字证书组件 2.0.0.6
中国工商银行防钓鱼软件
.
==== End Of File ===========================





 

Link to post
Share on other sites

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

Hi,

Thank you for your help!

the software show:

congratulations, no cleanup is required!

san finished: no malware found!

 

I only found system-log.txt in folder,paste it below:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.133000 GHz
Memory total: 2135486464, free: 1249083392

Downloaded database version: v2013.06.25.03
Initializing...
------------ Kernel report ------------
     06/25/2013 19:58:37
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tpsacpi.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\D:\Program Files\UltraISO\drivers\ISODrive.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\ndisrd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\D:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\Drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\PassGuard.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64C21C9C-16E2-4AA5-92EE-B32B26B71F42}\MpKsl73ca3388.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87a8d948
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff87990908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87a8d948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87a8d628, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87a8d948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87990908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 29A329A2

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 81979632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81979695  Numsec = 543157650

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Scan finished
 

Link to post
Share on other sites

Yes,I still have problem with IP blocking,this is today's protection-log-2013-06-25.txt

 

2013/06/25 09:25:13 +0800    JUDY-PC    judy    MESSAGE    Starting protection
2013/06/25 09:25:13 +0800    JUDY-PC    judy    MESSAGE    Protection started successfully
2013/06/25 09:25:13 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/25 09:25:16 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/25 09:33:32 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.248 (Type: incoming, Port: 8080, Process: svchost.exe)
2013/06/25 09:40:03 +0800    JUDY-PC    judy    MESSAGE    Executing scheduled update:  Daily
2013/06/25 09:40:25 +0800    JUDY-PC    judy    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.06.23.06 to version v2013.06.25.01
2013/06/25 09:40:25 +0800    JUDY-PC    judy    MESSAGE    Starting database refresh
2013/06/25 09:40:26 +0800    JUDY-PC    judy    MESSAGE    Stopping IP protection
2013/06/25 09:40:26 +0800    JUDY-PC    judy    MESSAGE    IP Protection stopped successfully
2013/06/25 09:40:29 +0800    JUDY-PC    judy    MESSAGE    Database refreshed successfully
2013/06/25 09:40:29 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/25 09:40:32 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/25 10:29:58 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.247 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/25 11:34:21 +0800    JUDY-PC    judy    IP-BLOCK    222.186.63.186 (Type: incoming, Port: 8083, Process: svchost.exe)
2013/06/25 12:15:13 +0800    JUDY-PC    judy    IP-BLOCK    109.236.82.186 (Type: outgoing, Port: 53137, Process: firefox.exe)
2013/06/25 12:15:13 +0800    JUDY-PC    judy    IP-BLOCK    94.242.251.103 (Type: outgoing, Port: 53138, Process: firefox.exe)
2013/06/25 12:15:13 +0800    JUDY-PC    judy    IP-BLOCK    109.236.82.186 (Type: outgoing, Port: 53145, Process: firefox.exe)
2013/06/25 12:15:13 +0800    JUDY-PC    judy    IP-BLOCK    94.242.251.103 (Type: outgoing, Port: 53146, Process: firefox.exe)
2013/06/25 12:17:21 +0800    JUDY-PC    judy    IP-BLOCK    222.186.26.31 (Type: incoming, Port: 8088, Process: svchost.exe)
2013/06/25 12:24:42 +0800    JUDY-PC    judy    IP-BLOCK    219.235.3.92 (Type: incoming, Port: 3306, Process: svchost.exe)
2013/06/25 12:53:01 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.248 (Type: incoming, Port: 80, Process: svchost.exe)
2013/06/25 15:21:42 +0800    JUDY-PC    judy    MESSAGE    Starting protection
2013/06/25 15:21:44 +0800    JUDY-PC    judy    MESSAGE    Protection started successfully
2013/06/25 15:21:44 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/25 15:21:48 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/25 15:29:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.240 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/25 15:29:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.240 (Type: incoming, Port: 8000, Process: svchost.exe)
2013/06/25 15:29:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.240 (Type: incoming, Port: 8080, Process: svchost.exe)
2013/06/25 15:29:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.240 (Type: incoming, Port: 9000, Process: svchost.exe)
2013/06/25 15:29:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.240 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/25 15:29:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.240 (Type: incoming, Port: 8088, Process: svchost.exe)
2013/06/25 15:30:19 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.238 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/25 15:43:24 +0800    JUDY-PC    judy    IP-BLOCK    222.186.63.186 (Type: incoming, Port: 8083, Process: svchost.exe)
2013/06/25 15:44:21 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/25 15:44:37 +0800    JUDY-PC    judy    IP-BLOCK    222.186.63.186 (Type: incoming, Port: 8099, Process: svchost.exe)
2013/06/25 16:05:13 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.149 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/25 16:12:18 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.149 (Type: incoming, Port: 6675, Process: svchost.exe)
2013/06/25 16:18:35 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 6675, Process: svchost.exe)
2013/06/25 16:18:35 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 9000, Process: svchost.exe)
2013/06/25 16:18:35 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 443, Process: svchost.exe)
2013/06/25 16:18:35 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/25 16:33:33 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.239 (Type: incoming, Port: 8080, Process: svchost.exe)
2013/06/25 17:08:44 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.91 (Type: incoming, Port: 8080, Process: svchost.exe)
2013/06/25 19:52:24 +0800    JUDY-PC    judy    MESSAGE    Starting protection
2013/06/25 19:52:24 +0800    JUDY-PC    judy    MESSAGE    Protection started successfully
2013/06/25 19:52:24 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/25 19:52:28 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/25 19:58:01 +0800    JUDY-PC    judy    MESSAGE    Starting database refresh
2013/06/25 19:58:01 +0800    JUDY-PC    judy    MESSAGE    Stopping IP protection
2013/06/25 19:58:01 +0800    JUDY-PC    judy    MESSAGE    IP Protection stopped successfully
2013/06/25 19:58:05 +0800    JUDY-PC    judy    MESSAGE    Database refreshed successfully
2013/06/25 19:58:05 +0800    JUDY-PC    judy    MESSAGE    Starting IP protection
2013/06/25 19:58:07 +0800    JUDY-PC    judy    MESSAGE    IP Protection started successfully
2013/06/25 20:27:49 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.233 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/25 20:55:55 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 6675, Process: svchost.exe)
2013/06/25 20:55:55 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 9000, Process: svchost.exe)
2013/06/25 20:55:55 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/25 20:55:55 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 443, Process: svchost.exe)
2013/06/25 21:09:59 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.8 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/25 21:09:59 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.8 (Type: incoming, Port: 3128, Process: svchost.exe)
2013/06/25 21:09:59 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.8 (Type: incoming, Port: 6675, Process: svchost.exe)
2013/06/25 21:10:31 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.80 (Type: incoming, Port: 6666, Process: svchost.exe)
 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Thank you for your help,this is the log,still have problem with IP blocking after run this.

 

ComboFix 13-06-25.01 - judy 3/06/26 周三   9:58.1.2 - x86
Microsoft Windows 7 家庭普通版   6.1.7601.1.936.86.2052.18.2037.1302 [GMT 8:00]
执行位置: d:\download\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功创造新还原点
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
C:\menu.lst
c:\users\Default\AppData\Local\Temp
c:\users\Default\AppData\Local\Temp\Temppc.bak
c:\users\judy\AppData\Roaming\Vvtbrse
c:\users\judy\AppData\Roaming\Vvtbrse\Brsplus\profiles.ini
c:\windows\Downloaded Program Files\15428374
c:\windows\Downloaded Program Files\15428374\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\15428374\npxbdsetup.dll
c:\windows\Downloaded Program Files\21293574
c:\windows\Downloaded Program Files\21293574\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\21293574\npxbdsetup.dll
c:\windows\Downloaded Program Files\3845596
c:\windows\Downloaded Program Files\3845596\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\3845596\npxbdsetup.dll
c:\windows\system32\drivers\etc\hosts.ics
e:\favoritevideo\InvisibleFolder
e:\favoritevideo\InvisibleFolder\20120530101828_zhucevip120530chabo.jpg
e:\favoritevideo\InvisibleFolder\20120820111559_tongyisucaie120820zhuzt.swf
e:\favoritevideo\InvisibleFolder\20120823150132_tongyisucaif120824zhuhc.swf
e:\favoritevideo\InvisibleFolder\20120823150242_tongyisucaif120824zhuzt.swf
e:\favoritevideo\InvisibleFolder\20120824170818_tongyisucaig120826zhuzt.swf
e:\favoritevideo\InvisibleFolder\20120827104618_mabao120827zhuzt.swf
e:\favoritevideo\InvisibleFolder\20120827155611_mabao120827zhuhc.swf
e:\favoritevideo\InvisibleFolder\20120903160254_kangshifu120903zanting.swf
e:\favoritevideo\InvisibleFolder\20120914170330_tongyisucaiJ120914zt.swf
e:\favoritevideo\InvisibleFolder\20120925121027_tongyisucaiM120925zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121009120031_tongyisucain121010zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121101104922_1111.jpg
e:\favoritevideo\InvisibleFolder\20121108160758_tongyisucaio121108zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121119175759_wuxianji121119zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121121163406_jianeng121121fuceng.swf
e:\favoritevideo\InvisibleFolder\20121123110658_yayao121123zhufuceng.swf
e:\favoritevideo\InvisibleFolder\20121123165049_yanchanghui121123zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121127101620_liantong121127fuceng.swf
e:\favoritevideo\InvisibleFolder\20121127101717_liantong121127qipao.swf
e:\favoritevideo\InvisibleFolder\20121128104550_huiyuantiyan121128zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121128133559_chuanyuesanguo121128qipao2.swf
e:\favoritevideo\InvisibleFolder\20121130095659_kasadi121130zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121130104052_zhanzheng121130zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121130104420_zhanzheng121130zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121130145846_rexuesanguo121130qipao1.swf
e:\favoritevideo\InvisibleFolder\20121130153002_liehuozhanshen121130qipao1.swf
e:\favoritevideo\InvisibleFolder\20121130153313_liehuozhanshen121130qipao2.swf
e:\favoritevideo\InvisibleFolder\20121130155857_tengxunCF121130zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121130161339_jianeng121130zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121130161339_jianeng121130zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121130162114_CF121130zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121130162253_CF121130zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121130171152_olay121201zhuztporx.swf
e:\favoritevideo\InvisibleFolder\20121130172636_olay121201zhuztrg.swf
e:\favoritevideo\InvisibleFolder\20121130175403_olay121201zhuztte.swf
e:\favoritevideo\InvisibleFolder\20121130184045_qiya121130zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121130185625_olay121201zhuztnw.swf
e:\favoritevideo\InvisibleFolder\20121203111129_yingchao121203zhujiaobiao.swf
e:\favoritevideo\InvisibleFolder\20121203111708_yingchao121203zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121203112035_yingchao121203biaotilanguanggao.swf
e:\favoritevideo\InvisibleFolder\20121203142006_huawei121203zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121203154124_daxingren121203zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121203171111_CF121103zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121203171342_CF121203zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121204141816_kutingwang121204zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121204152918_huawei121204zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121204153810_tulong121204qipao1.swf
e:\favoritevideo\InvisibleFolder\20121204153839_tulong121204qipao2.swf
e:\favoritevideo\InvisibleFolder\20121204153905_tulong121204qipao3.swf
e:\favoritevideo\InvisibleFolder\20121204161103_400X300.swf
e:\favoritevideo\InvisibleFolder\20121204174720_jilieyingchao121204zhufuceng.swf
e:\favoritevideo\InvisibleFolder\20121205114431_shengda121205newzhuhc.swf
e:\favoritevideo\InvisibleFolder\20121205173139_shijitiancheng121205zhuqipao.swf
e:\favoritevideo\InvisibleFolder\20121206114932_qingshi121206qipao1.swf
e:\favoritevideo\InvisibleFolder\20121206114950_qingshi121206qipao2.swf
e:\favoritevideo\InvisibleFolder\20121206115011_qingshi121206qipao3.swf
e:\favoritevideo\InvisibleFolder\20121206221610_tea.swf
e:\favoritevideo\InvisibleFolder\20121206222345_uoohe.jpg
e:\favoritevideo\InvisibleFolder\20121207145807_51wan121207zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121207164032_sanguoyanyi121207yixingqipao1.swf
e:\favoritevideo\InvisibleFolder\20121207164140_sanguoyanyi121207yixingqipao2.swf
e:\favoritevideo\InvisibleFolder\20121207164240_sanguoyanyi121207yixingqipao3.swf
e:\favoritevideo\InvisibleFolder\20121207165549_zuixiyou121207yixingqipao2.swf
e:\favoritevideo\InvisibleFolder\20121207165622_zuixiyou121207yixingqipao3.swf
e:\favoritevideo\InvisibleFolder\20121207170016_zuixiyou121207yixingqipao1.swf
e:\favoritevideo\InvisibleFolder\20121207201943_jijia121208zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121207202137_jijia121208zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121207203701_1203.swf
e:\favoritevideo\InvisibleFolder\20121210100101_jianeng121210zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121210100212_jianeng121210zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121210104732_qiya121210zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121210152922_yaowan121210zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121210154248_yaowan121210zhuqipaohanbaoguang.swf
e:\favoritevideo\InvisibleFolder\20121210171951_DNF121210zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121210172110_DNF121210zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121211125959_lianxiang121211zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121211130147_lianxiang121211zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121211130850_neibuceshi121211zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121213100314_tengxun121213zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121213141154_dingchengchuanmei121213zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121213142306_liehuo121213qipao2.swf
e:\favoritevideo\InvisibleFolder\20121213142333_liehuo121213qipao3.swf
e:\favoritevideo\InvisibleFolder\20121213163325_tengxun121213zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121213163612_tengxun121213zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121213181113_bilang121213zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121214104714_zhongguodianxin121214zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121214111705_oppo121214zhujiaobiao.swf
e:\favoritevideo\InvisibleFolder\20121214112756_fanren121214qipao1.swf
e:\favoritevideo\InvisibleFolder\20121214112812_fanren121214qipao2.swf
e:\favoritevideo\InvisibleFolder\20121214112831_fanren121214qipao3.swf
e:\favoritevideo\InvisibleFolder\20121214150203_shanghaishiguang121214zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121214154214_qunaer121214zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121214161248_shenqu121214qipao1.swf
e:\favoritevideo\InvisibleFolder\20121214161304_shenqu121214qipao2.swf
e:\favoritevideo\InvisibleFolder\20121214161324_shenqu121214qipao3.swf
e:\favoritevideo\InvisibleFolder\20121214162917_nizhan121214zhuhuanchong15s.swf
e:\favoritevideo\InvisibleFolder\20121214163014_nizhan121214zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121214163102_480360zishengtang121214zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121214163209_50560zishengtang121214fuceng.swf
e:\favoritevideo\InvisibleFolder\20121214163239_400300zishengtang121214zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121214171005_xizangliantong121214zhufuceng.swf
e:\favoritevideo\InvisibleFolder\20121214223845_400300.swf
e:\favoritevideo\InvisibleFolder\20121217101318_zuanshishijia121217zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121217143424_jiangshen121217qipao1.swf
e:\favoritevideo\InvisibleFolder\20121217143448_jiangshen121217qipao2.swf
e:\favoritevideo\InvisibleFolder\20121217143512_jiangshen121217qipao3.swf
e:\favoritevideo\InvisibleFolder\20121217163224_tengxundaojian121217zhuztnew.swf
e:\favoritevideo\InvisibleFolder\20121218102015_yaowan121218zhuqipao.swf
e:\favoritevideo\InvisibleFolder\20121218104941_fankemingxieku121218zhufuceng.swf
e:\favoritevideo\InvisibleFolder\20121218151303_pptvlogo.jpg
e:\favoritevideo\InvisibleFolder\20121218153939_dajiangjun121218qipao1.swf
e:\favoritevideo\InvisibleFolder\20121218153955_dajiangjun121218qipao2.swf
e:\favoritevideo\InvisibleFolder\20121218154010_dajiangjun121218qipao3.swf
e:\favoritevideo\InvisibleFolder\20121218164929_chuanyuehuoxian121218zhuch.swf
e:\favoritevideo\InvisibleFolder\20121218165248_chuanyuehuoxian121218zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121218165748_QQfeiche121218zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121218175949_LOL121218zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121218180004_LOL121218zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121219093951_daojian121220zhu15s.swf
e:\favoritevideo\InvisibleFolder\20121219094121_daojian121220zanting.swf
e:\favoritevideo\InvisibleFolder\20121219115958_oppo121219ikanjiaobiao.swf
e:\favoritevideo\InvisibleFolder\20121219171851_zhongguoliantong121219fuceng.swf
e:\favoritevideo\InvisibleFolder\20121219172020_zhongguoliantong121219yixingqipao.swf
e:\favoritevideo\InvisibleFolder\20121220111020_aili121220zhuhuanchong15s.swf
e:\favoritevideo\InvisibleFolder\20121220120046_suning121220zhuhc1.swf
e:\favoritevideo\InvisibleFolder\20121220122042_kutingwang121220zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121220152225_zhengtu121220zhuqipao.swf
e:\favoritevideo\InvisibleFolder\20121220172430_guomei121220zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121220190110_281.swf
e:\favoritevideo\InvisibleFolder\20121221095204_QQfeiche121221zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121221095551_tengxunLOL121221zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121221095808_tengxunLOL121221zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121221102041_tengxunNBA121221zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121221102502_tengxunNBA121221zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121221113140_neibu121221zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121221134628_zhanshen121221qipao2.swf
e:\favoritevideo\InvisibleFolder\20121221134645_zhanshen121221qipao3.swf
e:\favoritevideo\InvisibleFolder\20121221140923_zishengtang121221zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121221140957_zishengtang121221fuceng.swf
e:\favoritevideo\InvisibleFolder\20121221141013_zishengtang121221zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121221154507_S3121221zhufuceng.swf
e:\favoritevideo\InvisibleFolder\20121224104337_haierbingxiang121224zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121224134746_neibumori121224zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121224140737_qiya121224zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121225100709_suning121225zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121225151219_LOL121225zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121225162013_chuanyuehuoxian121225zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121226001906_400300.swf
e:\favoritevideo\InvisibleFolder\20121226115236_yaowanwang121226zhuqipao.swf
e:\favoritevideo\InvisibleFolder\20121226115333_yaowanwang121226zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121226145333_duguqiubai121226zhuhc27hao.swf
e:\favoritevideo\InvisibleFolder\20121226155814_wuxiaozhen121226zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121226155820_sanguo121226qipao1.swf
e:\favoritevideo\InvisibleFolder\20121226155836_sanguo121226qipao2.swf
e:\favoritevideo\InvisibleFolder\20121226162012_diaoyan121226zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121226171240_tengxunLOL121226zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121227100845_ruilan121227zhuhc.swf
e:\favoritevideo\InvisibleFolder\20121227101254_ruilan121227zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121227103454_480360.jpg
e:\favoritevideo\InvisibleFolder\20121227150119_gaoquwang121227zhuzt.swf
e:\favoritevideo\InvisibleFolder\20121227171942_xizangdianxin121227zhufuceng.swf
e:\favoritevideo\InvisibleFolder\peer.dll
F:\ghos
f:\ghos\giex
.
.
(((((((((((((((((((((((((((((((((((((((   驱动/服务   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XUETR
.
.
(((((((((((((((((((((((((  2013-05-26 至 2013-06-26 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-06-26 02:04 . 2013-06-26 02:04    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-06-26 01:16 . 2013-06-26 01:16    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CF9AF3B-FA3F-4F88-8709-E98C1237A15B}\MpKsl0242ce58.sys
2013-06-25 15:27 . 2013-06-25 15:28    --------    d-----w-    c:\users\judy\AppData\Roaming\Tencent
2013-06-25 15:27 . 2013-06-25 15:27    --------    d-----w-    c:\users\judy\AppData\Local\Tencent
2013-06-25 12:54 . 2013-06-25 12:54    --------    d-----w-    c:\users\judy\AppData\Roaming\com.pageone.Kudani
2013-06-25 12:05 . 2013-06-12 04:18    7068072    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CF9AF3B-FA3F-4F88-8709-E98C1237A15B}\mpengine.dll
2013-06-25 08:38 . 2013-06-25 08:38    --------    d-----w-    c:\users\judy\AppData\Roaming\com.ideaincubatorlp.crystl
2013-06-24 11:33 . 2013-06-12 04:18    7068072    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-24 02:17 . 2013-06-24 02:17    --------    d-----w-    c:\windows\ERUNT
2013-06-24 02:16 . 2013-06-24 02:16    --------    d-----w-    C:\JRT
2013-06-23 07:38 . 2013-06-23 07:48    --------    d-----w-    c:\users\judy\AppData\Local\SvchostViewer
2013-06-23 04:27 . 2013-06-23 04:27    --------    d-----w-    c:\programdata\kingsoft
2013-06-22 08:47 . 2013-06-25 13:05    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-21 00:40 . 2013-06-21 00:39    724464    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\gapaengine.dll
2013-06-19 02:25 . 2013-06-19 02:25    --------    d-----w-    c:\users\judy\AppData\Roaming\Malwarebytes
2013-06-19 02:25 . 2013-06-19 02:25    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-19 02:25 . 2013-04-04 06:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-16 13:26 . 2013-06-16 13:26    --------    d-----w-    c:\users\judy\AppData\Local\Jolinco_LLC
2013-06-12 15:39 . 2013-06-08 11:13    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-12 15:39 . 2013-06-08 11:41    218112    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 07:53 . 2013-04-25 23:30    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2013-06-12 07:53 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-12 07:53 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-12 07:53 . 2013-05-13 04:45    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-12 07:53 . 2013-05-13 04:45    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-12 07:53 . 2013-05-13 04:45    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-12 07:53 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-06-12 07:53 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-06-12 07:53 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-06-12 07:53 . 2013-05-06 05:06    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-12 07:53 . 2013-05-06 05:06    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-12 07:53 . 2013-05-08 05:38    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 08:33 . 2012-04-05 01:00    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-12 08:33 . 2011-05-31 07:45    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-22 00:43 . 2013-03-12 06:49    724464    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:28 . 2011-02-23 03:10    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 07:57    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:57    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 00:25    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 07:57    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 07:57    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 07:57    2347520    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedupIcon]
@="{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56    148992    ----a-w-    d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedUpModifiedIcon]
@="{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56    148992    ----a-w-    d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-ColdStorageIcon]
@="{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56    148992    ----a-w-    d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-FolderInCloudIcon]
@="{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56    148992    ----a-w-    d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-NotBackedUpIcon]
@="{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56    148992    ----a-w-    d:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220804]
   IME File    REG_SZ             IMSC14.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804]
   IME File    REG_SZ             IMSCE14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OnlyWire.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OnlyWire.LNK
backup=c:\windows\pss\OnlyWire.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 屏幕剪辑程序和 Launcher.lnk]
path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 屏幕剪辑程序和 Launcher.lnk
backup=c:\windows\pss\OneNote 2010 屏幕剪辑程序和 Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^judy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk]
path=c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-09-19 23:27    444904    ----a-w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-11 23:08    1523360    ----a-w-    c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 06:54    91520    ----a-w-    d:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]
2012-03-15 02:05    3090056    ----a-w-    d:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-21 12:17    136176    ----atw-    c:\users\judy\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICBCEBankAssist]
2012-07-10 04:47    319184    ----a-w-    c:\program files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IME14 CHS Setup]
2012-03-13 20:54    81200    ----a-w-    c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IME14 CHS WR Setup]
2010-02-01 10:22    86832    ----a-w-    c:\progra~1\COMMON~1\MICROS~1\IME14WR\SHARED\IMEKLMG.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]
2010-07-23 08:39    2252800    ----a-w-    d:\program files\Lingoes\Translator2\Lingoes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 03:11    947152    ----a-w-    c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-20 13:03    719672    ----a-w-    d:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2011-12-15 07:55    436088    ----a-w-    c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-19 15:44    8546848    ------w-    c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-08-25 20:27    545552    ----a-w-    d:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SEnukeX]
2013-06-23 14:05    12569088    ----a-w-    c:\users\judy\AppData\Local\SENukeX\SENuke.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 01:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoolz Tray]
2013-04-17 07:14    389648    ----a-w-    d:\program files\Genie9\Zoolz2\ZoolzLauncher.exe
.
R3 IODRV;IODRV;f:\512m driver\IODrv.sys [x]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [2011-05-31 22016]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft 网络检查;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 37064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 tpsacpi;TPS Firmware Extension Device Driver;c:\windows\system32\DRIVERS\tpsacpi.SYS [2007-07-12 6912]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 61464]
S1 MpKsl0242ce58;MpKsl0242ce58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CF9AF3B-FA3F-4F88-8709-E98C1237A15B}\MpKsl0242ce58.sys [2013-06-26 29904]
S2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [2011-12-26 430720]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 59760]
S2 ImeDictUpdateServiceWR;Microsoft IME Dictionary Update For Web Release;c:\program files\Common Files\Microsoft Shared\IME14WR\SHARED\IMEDICTUPDATE.EXE [2010-02-01 60208]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PassGuard;PassGuard;c:\windows\system32\drivers\PassGuard.sys [2012-10-02 425368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-10-11 721048]
S2 Zoolz 2 Service;Zoolz Service;d:\program files\Genie9\Zoolz2\ZoolzService.exe [2013-04-17 453136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys [2011-05-31 22016]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
 ‘计划任务’ 文件夹 里的内容
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:33]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-14 10:43]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-14 10:43]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000Core.job
- c:\users\judy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 12:17]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000UA.job
- c:\users\judy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 12:17]
.
.
------- 而外的扫描 -------
.
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = socks=127.0.0.1:30000
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: facebook.com\login
Trusted Zone: google.com\mail
Trusted Zone: icbc.com.cn
Trusted Zone: taobao.com
Trusted Zone: twitter.com
TCP: Interfaces\{0E9C1ED3-F3C1-4FA3-9127-040F6E3269CC}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{341D0DAC-33D1-4A64-8D9D-43E4103AB40A}: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E988ABA6-A6D6-4FBD-A040-7C2A38834C0C}: NameServer = 8.8.8.8,8.8.4.4




FF - ProfilePath - c:\users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 30000
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-08 19:18; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\judy\AppData\Roaming\Mozilla\Firefox\Profiles\ofugp520.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{78CC40BF-8737-4686-9C71-0CDFD73EA47C} - (no file)
Notify-DfLogon - LogonDll.dll
SafeBoot-DFServ
MSConfigStartUp-BaofengPlatform - d:\program files\Baofeng\StormPlayer\BaofengPlatform.exe
MSConfigStartUp-COMODO Internet Security - d:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-IDMan - d:\program files\Internet Download Manager\IDMan.exe
MSConfigStartUp-PPS Accelerator - d:\pps.tv\PPStream\ppsap.exe
MSConfigStartUp-QvodTerminal - d:\program files\QvodPlayer\QvodTerminal.exe
AddRemove-{DC85E68F-B526-450C-DB42-DC038A5059C4} - c:\progra~2\INSTAL~1\{BCF00~1\Setup.exe
AddRemove-{DC9D4DE9-5DF6-1A2A-43E6-B4570D80F59B} - c:\progra~2\INSTAL~1\{9D8C5~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Office\14.0\Common\Open Find\Microsoft Excel\Settings\Sb*_]
"ClientGUID"=hex:a1,b6,a9,7c,a9,14,86,46,a9,c6,2b,1f,4f,8e,a8,b7
.
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Office\14.0\Common\Open Find\Microsoft OneNote\Settings\Sb*_{皨,g]
"ClientGUID"=hex:af,5f,0d,cb,ab,5c,3b,4e,8b,f9,c4,a2,97,d4,2e,4c
.
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{411f79cf-b24e-47dc-8874-23ff70599cdf}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000016b
"Therad"=dword:00000014
.
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):66,c1,90,1b,c5,12,7b,ac,ba,08,8a,2a,04,4b,87,c0,73,a3,36,85,89,
   df,df,0a,2c,88,72,63,3c,02,3c,1d,10,e1,f0,c3,e2,e5,31,70,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b1,a5,42,91,11,8f,3e,ba,30,88,ef,18,12,1a,b5,8f,6e,ab,f1,b3,39,
   9b,95,a9,7d,c0,22,5e,50,76,5a,be,3c,b2,76,3a,75,b4,fb,74,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000_Classes\CLSID\{cbcf6953-f54a-45c1-bcf4-d15cea32d59f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000041
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'Explorer.exe'(2944)
d:\program files\Genie9\Zoolz2\GSLogging.dll
c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
d:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conhost.exe
d:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
完成时间: 2013-06-26  10:13:47 - 电脑已重新启动
ComboFix-quarantined-files.txt  2013-06-26 02:13
.
Pre-Run: 5,290,237,952 可用字节
Post-Run: 4,875,739,136 可用字节
.
- - End Of File - - 15C3ABC292D2FA97BAA3C3F5601A7DA9
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
In your next reply, post the following log files:
  • TDSSKiller log
  • ESET Online Scanner log
Link to post
Share on other sites

Thank you for the help!

TDSSKiller.2.8.16.0_26.06.2013_19.58.02_log  Cure is not available, I choose Skip instead.

19:58:02.0207 1696  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:58:03.0205 1696  ============================================================
19:58:03.0205 1696  Current date / time: 2013/06/26 19:58:03.0205
19:58:03.0221 1696  SystemInfo:
19:58:03.0221 1696  
19:58:03.0221 1696  OS Version: 6.1.7601 ServicePack: 1.0
19:58:03.0221 1696  Product type: Workstation
19:58:03.0221 1696  ComputerName: JUDY-PC
19:58:03.0221 1696  UserName: judy
19:58:03.0221 1696  Windows directory: C:\Windows
19:58:03.0221 1696  System windows directory: C:\Windows
19:58:03.0221 1696  Processor architecture: Intel x86
19:58:03.0221 1696  Number of processors: 2
19:58:03.0221 1696  Page size: 0x1000
19:58:03.0221 1696  Boot type: Normal boot
19:58:03.0221 1696  ============================================================
19:58:05.0062 1696  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:58:05.0062 1696  ============================================================
19:58:05.0062 1696  \Device\Harddisk0\DR0:
19:58:05.0062 1696  MBR partitions:
19:58:05.0062 1696  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E2E8F0
19:58:05.0077 1696  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E2E96E, BlocksNum 0xA016352
19:58:05.0093 1696  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEE44CFF, BlocksNum 0xA016352
19:58:05.0109 1696  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x18E5B090, BlocksNum 0xC5D2631
19:58:05.0109 1696  ============================================================
19:58:05.0218 1696  C: <-> \Device\Harddisk0\DR0\Partition1
19:58:05.0249 1696  D: <-> \Device\Harddisk0\DR0\Partition2
19:58:05.0280 1696  E: <-> \Device\Harddisk0\DR0\Partition3
19:58:05.0436 1696  F: <-> \Device\Harddisk0\DR0\Partition4
19:58:05.0436 1696  ============================================================
19:58:05.0436 1696  Initialize success
19:58:05.0436 1696  ============================================================
19:58:34.0328 3408  Deinitialize success

 

ESET Online Scanner log

 

C:\Users\judy\AppData\Local\WPsBoxPro\storage\storage_398.html    HTML/ScrInject.B.Gen virus
D:\download\677260.zip.exe    Win32/InstalleRex.J application
D:\download\BaiduPlayerun_41043039.exe    a variant of Win32/Hao123.A application
D:\download\bs_Time_stopper.exe    multiple threats
D:\download\HmqF-v3.0.0.0.zip    a variant of Win32/Packed.VProtect.B application
D:\download\KeywordMapPro.1.70.rar    a variant of MSIL/Packed.Confuser.G application
D:\download\Proxy list free 07-05-2013 6821x_hackingway.net.rar(1).exe    Win32/InstalleRex.J application
D:\download\Proxy list free 07-05-2013 6821x_hackingway.net.rar.exe    Win32/InstalleRex.J application
D:\download\proxyhunter.zip    a variant of Win32/NetTool.ProxySwitcher.A application
D:\download\Tweet AutoPoster.7z    Win32/InstalleRex.J application
D:\download\Tweet AutoPoster.7z.exe    Win32/InstalleRex.J application
D:\download\wpppc-personal.zip    PHP/Obfuscated.F application
D:\download\YontooUninstaller.exe    Win32/Adware.Yontoo application
 

 

Link to post
Share on other sites

oh sorry!this is the rest.

 

20:00:08.0723 3728  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:00:08.0864 3728  ============================================================
20:00:08.0864 3728  Current date / time: 2013/06/26 20:00:08.0864
20:00:08.0864 3728  SystemInfo:
20:00:08.0864 3728  
20:00:08.0864 3728  OS Version: 6.1.7601 ServicePack: 1.0
20:00:08.0864 3728  Product type: Workstation
20:00:08.0864 3728  ComputerName: JUDY-PC
20:00:08.0864 3728  UserName: judy
20:00:08.0864 3728  Windows directory: C:\Windows
20:00:08.0864 3728  System windows directory: C:\Windows
20:00:08.0864 3728  Processor architecture: Intel x86
20:00:08.0864 3728  Number of processors: 2
20:00:08.0864 3728  Page size: 0x1000
20:00:08.0864 3728  Boot type: Normal boot
20:00:08.0864 3728  ============================================================
20:00:11.0453 3728  BG loaded
20:00:12.0093 3728  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:00:12.0124 3728  ============================================================
20:00:12.0124 3728  \Device\Harddisk0\DR0:
20:00:12.0124 3728  MBR partitions:
20:00:12.0124 3728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E2E8F0
20:00:12.0140 3728  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E2E96E, BlocksNum 0xA016352
20:00:12.0155 3728  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEE44CFF, BlocksNum 0xA016352
20:00:12.0218 3728  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x18E5B090, BlocksNum 0xC5D2631
20:00:12.0218 3728  ============================================================
20:00:12.0389 3728  C: <-> \Device\Harddisk0\DR0\Partition1
20:00:12.0405 3728  D: <-> \Device\Harddisk0\DR0\Partition2
20:00:12.0436 3728  E: <-> \Device\Harddisk0\DR0\Partition3
20:00:12.0514 3728  F: <-> \Device\Harddisk0\DR0\Partition4
20:00:12.0514 3728  ============================================================
20:00:12.0514 3728  Initialize success
20:00:12.0514 3728  ============================================================
20:00:28.0189 3320  ============================================================
20:00:28.0189 3320  Scan started
20:00:28.0189 3320  Mode: Manual; SigCheck; TDLFS;
20:00:28.0189 3320  ============================================================
20:00:30.0311 3320  ================ Scan system memory ========================
20:00:30.0311 3320  System memory - ok
20:00:30.0311 3320  ================ Scan services =============================
20:00:30.0482 3320  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:00:30.0591 3320  1394ohci - ok
20:00:30.0623 3320  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:00:30.0654 3320  ACPI - ok
20:00:30.0732 3320  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:00:30.0794 3320  AcpiPmi - ok
20:00:30.0966 3320  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:00:30.0981 3320  AdobeARMservice - ok
20:00:31.0091 3320  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:31.0106 3320  AdobeFlashPlayerUpdateSvc - ok
20:00:31.0169 3320  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:00:31.0200 3320  adp94xx - ok
20:00:31.0200 3320  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:00:31.0215 3320  adpahci - ok
20:00:31.0247 3320  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:00:31.0262 3320  adpu320 - ok
20:00:31.0309 3320  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:00:31.0434 3320  AeLookupSvc - ok
20:00:31.0496 3320  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
20:00:31.0543 3320  AFD - ok
20:00:31.0574 3320  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:00:31.0574 3320  agp440 - ok
20:00:31.0621 3320  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:00:31.0637 3320  aic78xx - ok
20:00:31.0699 3320  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
20:00:31.0730 3320  ALG - ok
20:00:31.0777 3320  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:00:31.0793 3320  aliide - ok
20:00:31.0824 3320  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:00:31.0824 3320  amdagp - ok
20:00:31.0855 3320  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:00:31.0855 3320  amdide - ok
20:00:31.0917 3320  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:00:31.0933 3320  AmdK8 - ok
20:00:31.0933 3320  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:00:31.0964 3320  AmdPPM - ok
20:00:32.0011 3320  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:00:32.0027 3320  amdsata - ok
20:00:32.0073 3320  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:00:32.0089 3320  amdsbs - ok
20:00:32.0105 3320  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:00:32.0120 3320  amdxata - ok
20:00:32.0151 3320  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
20:00:32.0198 3320  AppID - ok
20:00:32.0229 3320  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:00:32.0292 3320  AppIDSvc - ok
20:00:32.0339 3320  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
20:00:32.0385 3320  Appinfo - ok
20:00:32.0479 3320  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:00:32.0495 3320  arc - ok
20:00:32.0510 3320  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:00:32.0526 3320  arcsas - ok
20:00:32.0666 3320  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:00:32.0713 3320  aspnet_state - ok
20:00:32.0760 3320  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:32.0885 3320  AsyncMac - ok
20:00:32.0916 3320  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
20:00:32.0931 3320  atapi - ok
20:00:32.0978 3320  [ B01751CC563AECAC09BBE36AAA21FBEF ] athr            C:\Windows\system32\DRIVERS\athr.sys
20:00:33.0072 3320  athr - ok
20:00:33.0119 3320  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:00:33.0165 3320  AudioEndpointBuilder - ok
20:00:33.0197 3320  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:00:33.0228 3320  Audiosrv - ok
20:00:33.0290 3320  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:00:33.0368 3320  AxInstSV - ok
20:00:33.0431 3320  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:00:33.0477 3320  b06bdrv - ok
20:00:33.0540 3320  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:00:33.0571 3320  b57nd60x - ok
20:00:33.0633 3320  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:00:33.0696 3320  BDESVC - ok
20:00:33.0727 3320  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:00:33.0821 3320  Beep - ok
20:00:33.0867 3320  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
20:00:33.0930 3320  BFE - ok
20:00:33.0977 3320  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
20:00:34.0039 3320  BITS - ok
20:00:34.0055 3320  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:00:34.0070 3320  blbdrive - ok
20:00:34.0101 3320  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:00:34.0148 3320  bowser - ok
20:00:34.0195 3320  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:00:34.0257 3320  BrFiltLo - ok
20:00:34.0257 3320  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:00:34.0320 3320  BrFiltUp - ok
20:00:34.0351 3320  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:00:34.0413 3320  BridgeMP - ok
20:00:34.0429 3320  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
20:00:34.0476 3320  Browser - ok
20:00:34.0507 3320  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:00:34.0554 3320  Brserid - ok
20:00:34.0569 3320  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:00:34.0616 3320  BrSerWdm - ok
20:00:34.0616 3320  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:00:34.0632 3320  BrUsbMdm - ok
20:00:34.0647 3320  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:00:34.0679 3320  BrUsbSer - ok
20:00:34.0679 3320  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:00:34.0710 3320  BTHMODEM - ok
20:00:34.0757 3320  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
20:00:34.0803 3320  bthserv - ok
20:00:34.0959 3320  catchme - ok
20:00:34.0991 3320  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:00:35.0037 3320  cdfs - ok
20:00:35.0084 3320  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:00:35.0115 3320  cdrom - ok
20:00:35.0147 3320  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:00:35.0193 3320  CertPropSvc - ok
20:00:35.0225 3320  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:00:35.0240 3320  circlass - ok
20:00:35.0271 3320  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
20:00:35.0287 3320  CLFS - ok
20:00:35.0381 3320  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:35.0396 3320  clr_optimization_v2.0.50727_32 - ok
20:00:35.0443 3320  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:35.0552 3320  clr_optimization_v4.0.30319_32 - ok
20:00:35.0568 3320  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:00:35.0583 3320  CmBatt - ok
20:00:35.0615 3320  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:00:35.0630 3320  cmdide - ok
20:00:35.0708 3320  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:00:35.0739 3320  CNG - ok
20:00:35.0755 3320  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:00:35.0771 3320  Compbatt - ok
20:00:35.0817 3320  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:00:35.0849 3320  CompositeBus - ok
20:00:35.0864 3320  COMSysApp - ok
20:00:35.0895 3320  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:00:35.0911 3320  crcdisk - ok
20:00:35.0942 3320  [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:00:35.0989 3320  CryptSvc - ok
20:00:36.0051 3320  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:00:36.0114 3320  DcomLaunch - ok
20:00:36.0145 3320  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:00:36.0192 3320  defragsvc - ok
20:00:36.0207 3320  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:00:36.0254 3320  DfsC - ok
20:00:36.0301 3320  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:00:36.0332 3320  Dhcp - ok
20:00:36.0363 3320  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
20:00:36.0410 3320  discache - ok
20:00:36.0441 3320  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:00:36.0441 3320  Disk - ok
20:00:36.0488 3320  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:00:36.0535 3320  Dnscache - ok
20:00:36.0566 3320  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:00:36.0613 3320  dot3svc - ok
20:00:36.0660 3320  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
20:00:36.0707 3320  DPS - ok
20:00:36.0753 3320  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:00:36.0769 3320  drmkaud - ok
20:00:36.0800 3320  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:00:36.0816 3320  DXGKrnl - ok
20:00:36.0863 3320  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
20:00:36.0909 3320  EapHost - ok
20:00:37.0019 3320  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:00:37.0128 3320  ebdrv - ok
20:00:37.0175 3320  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
20:00:37.0221 3320  EFS - ok
20:00:37.0268 3320  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:00:37.0299 3320  elxstor - ok
20:00:37.0331 3320  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:00:37.0362 3320  ErrDev - ok
20:00:37.0424 3320  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
20:00:37.0471 3320  EventSystem - ok
20:00:37.0502 3320  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
20:00:37.0533 3320  exfat - ok
20:00:37.0580 3320  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:00:37.0611 3320  fastfat - ok
20:00:37.0674 3320  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
20:00:37.0721 3320  Fax - ok
20:00:37.0736 3320  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:00:37.0767 3320  fdc - ok
20:00:37.0799 3320  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
20:00:37.0845 3320  fdPHost - ok
20:00:37.0861 3320  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
20:00:37.0908 3320  FDResPub - ok
20:00:37.0939 3320  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:00:37.0955 3320  FileInfo - ok
20:00:37.0955 3320  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:00:37.0986 3320  Filetrace - ok
20:00:38.0001 3320  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:38.0033 3320  flpydisk - ok
20:00:38.0064 3320  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:00:38.0079 3320  FltMgr - ok
20:00:38.0142 3320  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
20:00:38.0189 3320  FontCache - ok
20:00:38.0267 3320  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:00:38.0282 3320  FontCache3.0.0.0 - ok
20:00:38.0298 3320  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:00:38.0313 3320  FsDepends - ok
20:00:38.0329 3320  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:00:38.0345 3320  Fs_Rec - ok
20:00:38.0391 3320  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:00:38.0407 3320  fvevol - ok
20:00:38.0438 3320  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:00:38.0454 3320  gagp30kx - ok
20:00:38.0501 3320  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:00:38.0532 3320  gpsvc - ok
20:00:38.0610 3320  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:38.0625 3320  gupdate - ok
20:00:38.0625 3320  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:38.0641 3320  gupdatem - ok
20:00:38.0703 3320  [ B6F5AC88A1A1FDD802CB689721D640FE ] hcmon           C:\Windows\system32\drivers\hcmon.sys
20:00:38.0735 3320  hcmon - ok
20:00:38.0750 3320  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:00:38.0797 3320  hcw85cir - ok
20:00:38.0844 3320  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:00:38.0859 3320  HdAudAddService - ok
20:00:38.0906 3320  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:00:38.0937 3320  HDAudBus - ok
20:00:38.0953 3320  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:00:38.0969 3320  HidBatt - ok
20:00:38.0984 3320  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:00:39.0015 3320  HidBth - ok
20:00:39.0047 3320  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:00:39.0078 3320  HidIr - ok
20:00:39.0109 3320  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
20:00:39.0156 3320  hidserv - ok
20:00:39.0171 3320  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:00:39.0203 3320  HidUsb - ok
20:00:39.0218 3320  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:00:39.0265 3320  hkmsvc - ok
20:00:39.0296 3320  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:00:39.0359 3320  HomeGroupListener - ok
20:00:39.0390 3320  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:00:39.0421 3320  HomeGroupProvider - ok
20:00:39.0452 3320  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:00:39.0468 3320  HpSAMD - ok
20:00:39.0499 3320  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:00:39.0530 3320  HTTP - ok
20:00:39.0561 3320  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:00:39.0577 3320  hwpolicy - ok
20:00:39.0624 3320  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:00:39.0639 3320  i8042prt - ok
20:00:39.0686 3320  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:00:39.0717 3320  iaStorV - ok
20:00:39.0873 3320  [ 645B2E8D38F937DAB5A735B12922446E ] ICBC Daemon Service C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
20:00:39.0889 3320  ICBC Daemon Service - ok
20:00:40.0014 3320  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:00:40.0076 3320  idsvc - ok
20:00:40.0107 3320  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:00:40.0123 3320  iirsp - ok
20:00:40.0170 3320  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:00:40.0217 3320  IKEEXT - ok
20:00:40.0310 3320  [ 91AB587F7EA44B0DEB0522F71AD7B2DC ] ImeDictUpdateService C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
20:00:40.0310 3320  ImeDictUpdateService - ok
20:00:40.0388 3320  [ 15D52DA93B328A3E7CAF9AAEE5E988C1 ] ImeDictUpdateServiceWR C:\Program Files\Common Files\Microsoft Shared\IME14WR\SHARED\IMEDICTUPDATE.EXE
20:00:40.0388 3320  ImeDictUpdateServiceWR - ok
20:00:40.0497 3320  [ 8DB43F2E5ABD24702D1DA1B1BCAD1B93 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:00:40.0575 3320  IntcAzAudAddService - ok
20:00:40.0607 3320  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:00:40.0622 3320  intelide - ok
20:00:40.0669 3320  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:00:40.0700 3320  intelppm - ok
20:00:40.0731 3320  IODRV - ok
20:00:40.0747 3320  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:00:40.0809 3320  IPBusEnum - ok
20:00:40.0841 3320  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:40.0887 3320  IpFilterDriver - ok
20:00:40.0950 3320  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:00:40.0981 3320  iphlpsvc - ok
20:00:40.0997 3320  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:00:41.0028 3320  IPMIDRV - ok
20:00:41.0028 3320  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:00:41.0075 3320  IPNAT - ok
20:00:41.0121 3320  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:00:41.0137 3320  IRENUM - ok
20:00:41.0153 3320  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:00:41.0168 3320  isapnp - ok
20:00:41.0199 3320  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:00:41.0215 3320  iScsiPrt - ok
20:00:41.0340 3320  [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive        D:\Program Files\UltraISO\drivers\ISODrive.sys
20:00:41.0402 3320  ISODrive - ok
20:00:41.0433 3320  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:00:41.0449 3320  kbdclass - ok
20:00:41.0480 3320  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:00:41.0511 3320  kbdhid - ok
20:00:41.0527 3320  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
20:00:41.0527 3320  KeyIso - ok
20:00:41.0558 3320  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:00:41.0574 3320  KSecDD - ok
20:00:41.0589 3320  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:00:41.0605 3320  KSecPkg - ok
20:00:41.0636 3320  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:00:41.0683 3320  KtmRm - ok
20:00:41.0714 3320  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:00:41.0745 3320  LanmanServer - ok
20:00:41.0777 3320  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:00:41.0792 3320  LanmanWorkstation - ok
20:00:41.0839 3320  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:00:41.0870 3320  lltdio - ok
20:00:41.0901 3320  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:00:41.0948 3320  lltdsvc - ok
20:00:41.0964 3320  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:00:42.0011 3320  lmhosts - ok
20:00:42.0042 3320  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:00:42.0057 3320  LSI_FC - ok
20:00:42.0057 3320  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:00:42.0073 3320  LSI_SAS - ok
20:00:42.0073 3320  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:00:42.0089 3320  LSI_SAS2 - ok
20:00:42.0104 3320  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:00:42.0120 3320  LSI_SCSI - ok
20:00:42.0135 3320  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
20:00:42.0182 3320  luafv - ok
20:00:42.0229 3320  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:00:42.0245 3320  MBAMProtector - ok
20:00:42.0323 3320  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:00:42.0416 3320  MBAMScheduler - ok
20:00:42.0603 3320  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:00:42.0728 3320  MBAMService - ok
20:00:42.0791 3320  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:00:42.0806 3320  megasas - ok
20:00:42.0853 3320  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:00:42.0884 3320  MegaSR - ok
20:00:42.0993 3320  Microsoft SharePoint Workspace Audit Service - ok
20:00:43.0040 3320  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
20:00:43.0149 3320  MMCSS - ok
20:00:43.0149 3320  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
20:00:43.0212 3320  Modem - ok
20:00:43.0243 3320  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:00:43.0274 3320  monitor - ok
20:00:43.0305 3320  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
20:00:43.0321 3320  mouclass - ok
20:00:43.0352 3320  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:00:43.0399 3320  mouhid - ok
20:00:43.0430 3320  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:00:43.0446 3320  mountmgr - ok
20:00:43.0508 3320  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:00:43.0539 3320  MpFilter - ok
20:00:43.0555 3320  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:00:43.0571 3320  mpio - ok
20:00:43.0789 3320  [ A69630D039C38018689190234F866D77 ] MpKslddfba513   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\MpKslddfba513.sys
20:00:43.0836 3320  MpKslddfba513 - ok
20:00:43.0867 3320  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:00:43.0898 3320  mpsdrv - ok
20:00:43.0992 3320  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:00:44.0101 3320  MpsSvc - ok
20:00:44.0132 3320  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:00:44.0210 3320  MRxDAV - ok
20:00:44.0241 3320  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:44.0304 3320  mrxsmb - ok
20:00:44.0366 3320  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:44.0382 3320  mrxsmb10 - ok
20:00:44.0429 3320  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:44.0444 3320  mrxsmb20 - ok
20:00:44.0475 3320  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
20:00:44.0491 3320  msahci - ok
20:00:44.0507 3320  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:00:44.0538 3320  msdsm - ok
20:00:44.0569 3320  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
20:00:44.0600 3320  MSDTC - ok
20:00:44.0647 3320  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:00:44.0678 3320  Msfs - ok
20:00:44.0694 3320  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:00:44.0725 3320  mshidkmdf - ok
20:00:44.0741 3320  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:00:44.0756 3320  msisadrv - ok
20:00:44.0803 3320  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:00:44.0865 3320  MSiSCSI - ok
20:00:44.0881 3320  msiserver - ok
20:00:44.0912 3320  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:00:44.0943 3320  MSKSSRV - ok
20:00:45.0006 3320  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:00:45.0037 3320  MsMpSvc - ok
20:00:45.0068 3320  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:45.0115 3320  MSPCLOCK - ok
20:00:45.0131 3320  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:00:45.0177 3320  MSPQM - ok
20:00:45.0209 3320  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:00:45.0255 3320  MsRPC - ok
20:00:45.0287 3320  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:00:45.0287 3320  mssmbios - ok
20:00:45.0318 3320  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:00:45.0349 3320  MSTEE - ok
20:00:45.0349 3320  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:00:45.0365 3320  MTConfig - ok
20:00:45.0365 3320  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:00:45.0380 3320  Mup - ok
20:00:45.0427 3320  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
20:00:45.0489 3320  napagent - ok
20:00:45.0536 3320  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:00:45.0567 3320  NativeWifiP - ok
20:00:45.0599 3320  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:00:45.0645 3320  NDIS - ok
20:00:45.0677 3320  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:00:45.0723 3320  NdisCap - ok
20:00:45.0755 3320  [ EF6574A4A8359379CAF7092850FE4C81 ] Ndisrd          C:\Windows\system32\DRIVERS\ndisrd.sys
20:00:45.0833 3320  Ndisrd - ok
20:00:45.0833 3320  [ EF6574A4A8359379CAF7092850FE4C81 ] NdisrdMP        C:\Windows\system32\DRIVERS\ndisrd.sys
20:00:45.0864 3320  NdisrdMP - ok
20:00:45.0895 3320  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:00:45.0942 3320  NdisTapi - ok
20:00:46.0020 3320  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:00:46.0067 3320  Ndisuio - ok
20:00:46.0098 3320  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:00:46.0113 3320  NdisWan - ok
20:00:46.0160 3320  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:00:46.0207 3320  NDProxy - ok
20:00:46.0254 3320  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:00:46.0301 3320  NetBIOS - ok
20:00:46.0363 3320  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:00:46.0457 3320  NetBT - ok
20:00:46.0488 3320  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
20:00:46.0503 3320  Netlogon - ok
20:00:46.0550 3320  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
20:00:46.0597 3320  Netman - ok
20:00:46.0644 3320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:00:46.0706 3320  NetMsmqActivator - ok
20:00:46.0722 3320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:00:46.0722 3320  NetPipeActivator - ok
20:00:46.0769 3320  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
20:00:46.0800 3320  netprofm - ok
20:00:46.0800 3320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:00:46.0815 3320  NetTcpActivator - ok
20:00:46.0815 3320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:00:46.0831 3320  NetTcpPortSharing - ok
20:00:46.0878 3320  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:00:47.0018 3320  nfrd960 - ok
20:00:47.0049 3320  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:00:47.0081 3320  NisDrv - ok
20:00:47.0127 3320  [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
20:00:47.0143 3320  NisSrv - ok
20:00:47.0205 3320  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:00:47.0252 3320  NlaSvc - ok
20:00:47.0268 3320  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:00:47.0315 3320  Npfs - ok
20:00:47.0361 3320  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
20:00:47.0393 3320  nsi - ok
20:00:47.0408 3320  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:00:47.0455 3320  nsiproxy - ok
20:00:47.0533 3320  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:00:47.0627 3320  Ntfs - ok
20:00:47.0642 3320  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
20:00:47.0673 3320  Null - ok
20:00:47.0720 3320  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
20:00:47.0736 3320  NVHDA - ok
20:00:48.0563 3320  [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:00:48.0781 3320  nvlddmkm - ok
20:00:48.0843 3320  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:00:48.0875 3320  nvraid - ok
20:00:48.0921 3320  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:00:48.0953 3320  nvstor - ok
20:00:49.0015 3320  [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:00:49.0062 3320  nvsvc - ok
20:00:49.0171 3320  [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:00:49.0249 3320  nvUpdatusService - ok
20:00:49.0296 3320  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:00:49.0327 3320  nv_agp - ok
20:00:49.0358 3320  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:00:49.0389 3320  ohci1394 - ok
20:00:49.0436 3320  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:00:49.0467 3320  ose - ok
20:00:49.0826 3320  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:00:50.0013 3320  osppsvc - ok
20:00:50.0091 3320  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:00:50.0154 3320  p2pimsvc - ok
20:00:50.0185 3320  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:00:50.0201 3320  p2psvc - ok
20:00:50.0232 3320  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:00:50.0232 3320  Parport - ok
20:00:50.0263 3320  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:00:50.0279 3320  partmgr - ok
20:00:50.0294 3320  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:00:50.0325 3320  Parvdm - ok
20:00:50.0372 3320  [ E1ACE17DDAF078458E2FF063C8457E8C ] PassGuard       C:\Windows\system32\drivers\PassGuard.sys
20:00:51.0651 3320  PassGuard - ok
20:00:51.0698 3320  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:00:51.0729 3320  PcaSvc - ok
20:00:51.0776 3320  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
20:00:51.0823 3320  pci - ok
20:00:51.0823 3320  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
20:00:51.0839 3320  pciide - ok
20:00:51.0870 3320  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:00:51.0885 3320  pcmcia - ok
20:00:51.0901 3320  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
20:00:51.0932 3320  pcw - ok
20:00:51.0948 3320  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:00:51.0995 3320  PEAUTH - ok
20:00:52.0260 3320  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
20:00:52.0338 3320  pla - ok
20:00:52.0369 3320  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:00:52.0416 3320  PlugPlay - ok
20:00:52.0447 3320  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:00:52.0494 3320  PNRPAutoReg - ok
20:00:52.0509 3320  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:00:52.0525 3320  PNRPsvc - ok
20:00:52.0587 3320  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:00:52.0681 3320  PolicyAgent - ok
20:00:52.0712 3320  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
20:00:52.0759 3320  Power - ok
20:00:52.0790 3320  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:00:52.0837 3320  PptpMiniport - ok
20:00:52.0884 3320  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:00:52.0899 3320  Processor - ok
20:00:52.0931 3320  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
20:00:52.0946 3320  ProfSvc - ok
20:00:52.0977 3320  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:00:52.0993 3320  ProtectedStorage - ok
20:00:53.0024 3320  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:00:53.0055 3320  Psched - ok
20:00:53.0102 3320  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:00:53.0196 3320  ql2300 - ok
20:00:53.0196 3320  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:00:53.0211 3320  ql40xx - ok
20:00:53.0243 3320  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
20:00:53.0274 3320  QWAVE - ok
20:00:53.0289 3320  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:00:53.0305 3320  QWAVEdrv - ok
20:00:53.0305 3320  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:00:53.0352 3320  RasAcd - ok
20:00:53.0399 3320  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:00:53.0430 3320  RasAgileVpn - ok
20:00:53.0445 3320  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
20:00:53.0492 3320  RasAuto - ok
20:00:53.0523 3320  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:00:53.0570 3320  Rasl2tp - ok
20:00:53.0601 3320  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
20:00:53.0648 3320  RasMan - ok
20:00:53.0648 3320  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:00:53.0679 3320  RasPppoe - ok
20:00:53.0711 3320  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:00:53.0757 3320  RasSstp - ok
20:00:53.0789 3320  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:00:53.0835 3320  rdbss - ok
20:00:53.0867 3320  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:00:53.0898 3320  rdpbus - ok
20:00:53.0929 3320  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:00:53.0976 3320  RDPCDD - ok
20:00:54.0007 3320  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:00:54.0054 3320  RDPENCDD - ok
20:00:54.0054 3320  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:00:54.0101 3320  RDPREFMP - ok
20:00:54.0132 3320  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:00:54.0179 3320  RDPWD - ok
20:00:54.0225 3320  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:00:54.0257 3320  rdyboost - ok
20:00:54.0272 3320  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:00:54.0335 3320  RemoteAccess - ok
20:00:54.0366 3320  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:00:54.0413 3320  RemoteRegistry - ok
20:00:54.0459 3320  [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
20:00:54.0506 3320  Revoflt - ok
20:00:54.0537 3320  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:00:54.0584 3320  RpcEptMapper - ok
20:00:54.0615 3320  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
20:00:54.0647 3320  RpcLocator - ok
20:00:54.0709 3320  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
20:00:54.0771 3320  RpcSs - ok
20:00:54.0834 3320  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:00:54.0881 3320  rspndr - ok
20:00:54.0927 3320  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:00:55.0005 3320  RTL8167 - ok
20:00:55.0037 3320  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
20:00:55.0037 3320  SamSs - ok
20:00:55.0146 3320  [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv         D:\Program Files\Sandboxie\SbieDrv.sys
20:00:55.0255 3320  SbieDrv - ok
20:00:55.0302 3320  [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc         D:\Program Files\Sandboxie\SbieSvc.exe
20:00:55.0364 3320  SbieSvc - ok
20:00:55.0411 3320  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:00:55.0427 3320  sbp2port - ok
20:00:55.0458 3320  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:00:55.0489 3320  SCardSvr - ok
20:00:55.0520 3320  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:00:55.0551 3320  scfilter - ok
20:00:55.0629 3320  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
20:00:55.0676 3320  Schedule - ok
20:00:55.0692 3320  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:00:55.0723 3320  SCPolicySvc - ok
20:00:55.0754 3320  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:00:55.0801 3320  SDRSVC - ok
20:00:55.0848 3320  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:00:55.0879 3320  secdrv - ok
20:00:55.0895 3320  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
20:00:55.0957 3320  seclogon - ok
20:00:56.0004 3320  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
20:00:56.0035 3320  SENS - ok
20:00:56.0066 3320  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:00:56.0129 3320  SensrSvc - ok
20:00:56.0144 3320  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:00:56.0191 3320  Serenum - ok
20:00:56.0207 3320  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:00:56.0253 3320  Serial - ok
20:00:56.0269 3320  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:00:56.0300 3320  sermouse - ok
20:00:56.0347 3320  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:00:56.0394 3320  SessionEnv - ok
20:00:56.0409 3320  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:00:56.0425 3320  sffdisk - ok
20:00:56.0441 3320  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:00:56.0472 3320  sffp_mmc - ok
20:00:56.0487 3320  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:00:56.0503 3320  sffp_sd - ok
20:00:56.0534 3320  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:00:56.0581 3320  sfloppy - ok
20:00:56.0628 3320  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:00:56.0659 3320  SharedAccess - ok
20:00:56.0675 3320  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:00:56.0706 3320  ShellHWDetection - ok
20:00:56.0737 3320  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:00:56.0753 3320  sisagp - ok
20:00:56.0768 3320  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:00:56.0784 3320  SiSRaid2 - ok
20:00:56.0784 3320  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:00:56.0799 3320  SiSRaid4 - ok
20:00:56.0831 3320  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:00:56.0862 3320  Smb - ok
20:00:56.0877 3320  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:00:56.0893 3320  SNMPTRAP - ok
20:00:56.0909 3320  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:00:56.0924 3320  spldr - ok
20:00:56.0971 3320  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
20:00:57.0018 3320  Spooler - ok
20:00:57.0127 3320  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:00:57.0345 3320  sppsvc - ok
20:00:57.0392 3320  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:00:57.0455 3320  sppuinotify - ok
20:00:57.0486 3320  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:00:57.0533 3320  srv - ok

Link to post
Share on other sites

20:00:57.0579 3320  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:00:57.0626 3320  srv2 - ok
20:00:57.0657 3320  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:00:57.0673 3320  srvnet - ok
20:00:57.0720 3320  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:00:57.0782 3320  SSDPSRV - ok
20:00:57.0798 3320  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:00:57.0845 3320  SstpSvc - ok
20:00:57.0923 3320  [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:00:57.0969 3320  Stereo Service - ok
20:00:58.0016 3320  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:00:58.0047 3320  stexstor - ok
20:00:58.0110 3320  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:00:58.0157 3320  StiSvc - ok
20:00:58.0188 3320  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:00:58.0203 3320  swenum - ok
20:00:58.0344 3320  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:00:58.0391 3320  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:00:58.0391 3320  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
20:00:58.0469 3320  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
20:00:58.0547 3320  swprv - ok
20:00:58.0609 3320  [ 6BEF3ACD6EE22EEC55B68699E8AACE09 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:00:58.0656 3320  SynTP - ok
20:00:58.0703 3320  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
20:00:58.0749 3320  SysMain - ok
20:00:58.0796 3320  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:00:58.0859 3320  TabletInputService - ok
20:00:58.0890 3320  [ 5A5927C254DA9D76D66DE866E21C1058 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
20:00:58.0968 3320  tap0901 - ok
20:00:59.0015 3320  [ DEB7FA72F982C4881E633507C5265A3C ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
20:00:59.0046 3320  taphss6 - ok
20:00:59.0093 3320  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:00:59.0139 3320  TapiSrv - ok
20:00:59.0171 3320  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
20:00:59.0217 3320  TBS - ok
20:00:59.0280 3320  [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:00:59.0389 3320  Tcpip - ok
20:00:59.0436 3320  [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:00:59.0467 3320  TCPIP6 - ok
20:00:59.0498 3320  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:00:59.0529 3320  tcpipreg - ok
20:00:59.0561 3320  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:00:59.0607 3320  TDPIPE - ok
20:00:59.0639 3320  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:00:59.0654 3320  TDTCP - ok
20:00:59.0685 3320  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:00:59.0732 3320  tdx - ok
20:00:59.0763 3320  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:00:59.0763 3320  TermDD - ok
20:00:59.0795 3320  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
20:00:59.0857 3320  TermService - ok
20:00:59.0888 3320  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
20:00:59.0904 3320  Themes - ok
20:00:59.0935 3320  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:00:59.0966 3320  THREADORDER - ok
20:00:59.0997 3320  [ A3633E498ACD7869553F1E5F229A39B1 ] tpsacpi         C:\Windows\system32\DRIVERS\tpsacpi.SYS
20:01:00.0044 3320  tpsacpi - ok
20:01:00.0075 3320  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
20:01:00.0107 3320  TrkWks - ok
20:01:00.0216 3320  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:01:00.0341 3320  TrustedInstaller - ok
20:01:00.0356 3320  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:00.0403 3320  tssecsrv - ok
20:01:00.0450 3320  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:01:00.0481 3320  TsUsbFlt - ok
20:01:00.0528 3320  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:01:00.0575 3320  tunnel - ok
20:01:00.0637 3320  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:01:00.0699 3320  uagp35 - ok
20:01:00.0762 3320  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:01:00.0855 3320  udfs - ok
20:01:00.0902 3320  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:01:00.0949 3320  UI0Detect - ok
20:01:00.0980 3320  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:01:00.0996 3320  uliagpkx - ok
20:01:01.0011 3320  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
20:01:01.0027 3320  umbus - ok
20:01:01.0058 3320  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:01:01.0074 3320  UmPass - ok
20:01:01.0105 3320  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
20:01:01.0152 3320  upnphost - ok
20:01:01.0183 3320  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:01.0245 3320  usbccgp - ok
20:01:01.0308 3320  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:01:01.0355 3320  usbcir - ok
20:01:01.0386 3320  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:01:01.0401 3320  usbehci - ok
20:01:01.0448 3320  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:01:01.0495 3320  usbhub - ok
20:01:01.0542 3320  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:01:01.0604 3320  usbohci - ok
20:01:01.0635 3320  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:01:01.0682 3320  usbprint - ok
20:01:01.0698 3320  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:01.0745 3320  USBSTOR - ok
20:01:01.0760 3320  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:01:01.0760 3320  usbuhci - ok
20:01:01.0807 3320  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:01:01.0869 3320  usbvideo - ok
20:01:01.0901 3320  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
20:01:01.0963 3320  UxSms - ok
20:01:01.0979 3320  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
20:01:01.0994 3320  VaultSvc - ok
20:01:02.0025 3320  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:01:02.0041 3320  vdrvroot - ok
20:01:02.0088 3320  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
20:01:02.0150 3320  vds - ok
20:01:02.0181 3320  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:02.0197 3320  vga - ok
20:01:02.0228 3320  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:01:02.0244 3320  VgaSave - ok
20:01:02.0275 3320  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:01:02.0291 3320  vhdmp - ok
20:01:02.0306 3320  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:01:02.0322 3320  viaagp - ok
20:01:02.0337 3320  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:01:02.0353 3320  ViaC7 - ok
20:01:02.0369 3320  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
20:01:02.0384 3320  viaide - ok
20:01:02.0587 3320  [ A942813405C51998DD2C2B86A08394D5 ] VMAuthdService  D:\Program Files\vmware\vmware-authd.exe
20:01:02.0649 3320  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
20:01:02.0649 3320  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
20:01:02.0759 3320  [ 753BD0240B6586ABA0D67A70B3EF44A0 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
20:01:02.0805 3320  vmci - ok
20:01:02.0961 3320  [ 840EC98AD70C09F87E2F624320B9C3A3 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
20:01:02.0993 3320  vmkbd - ok
20:01:03.0039 3320  [ A267D2321ED281359D301BFEB8202652 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
20:01:03.0055 3320  VMnetAdapter - ok
20:01:03.0133 3320  [ 7A4BB278D7860551A716D46349492692 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
20:01:03.0180 3320  VMnetBridge - ok
20:01:03.0273 3320  [ 24521D99BF36F190BA10BB2BFDB17682 ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
20:01:03.0320 3320  VMnetDHCP - ok
20:01:03.0351 3320  [ 4214CE8AC6E4E2667E71B9A5E973D590 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
20:01:03.0367 3320  VMnetuserif - ok
20:01:03.0539 3320  [ 90B4CC5C515B52796E26F72F3EEAF643 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
20:01:03.0601 3320  VMUSBArbService - ok
20:01:03.0648 3320  [ 709B9008BCC9E0375D0A45B08F4C48ED ] VMware NAT Service C:\Windows\system32\vmnat.exe
20:01:03.0679 3320  VMware NAT Service - ok
20:01:03.0757 3320  [ 6B649BAAF488C8505C613A1159A8D05C ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
20:01:03.0788 3320  vmx86 - ok
20:01:03.0819 3320  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:01:03.0835 3320  volmgr - ok
20:01:03.0866 3320  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:01:03.0913 3320  volmgrx - ok
20:01:03.0944 3320  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:01:03.0960 3320  volsnap - ok
20:01:03.0991 3320  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:01:04.0007 3320  vsmraid - ok
20:01:04.0038 3320  [ 4B1B677FC0338C85E1C30BD6F1BFD584 ] vsock           C:\Windows\system32\drivers\vsock.sys
20:01:04.0085 3320  vsock - ok
20:01:04.0116 3320  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
20:01:04.0209 3320  VSS - ok
20:01:04.0225 3320  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:01:04.0256 3320  vwifibus - ok
20:01:04.0303 3320  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:01:04.0334 3320  vwififlt - ok
20:01:04.0350 3320  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:01:04.0365 3320  vwifimp - ok
20:01:04.0412 3320  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
20:01:04.0490 3320  W32Time - ok
20:01:04.0521 3320  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:01:04.0553 3320  WacomPen - ok
20:01:04.0568 3320  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:01:04.0615 3320  WANARP - ok
20:01:04.0615 3320  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:01:04.0646 3320  Wanarpv6 - ok
20:01:04.0693 3320  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
20:01:04.0787 3320  wbengine - ok
20:01:04.0818 3320  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:01:04.0880 3320  WbioSrvc - ok
20:01:04.0911 3320  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:01:04.0958 3320  wcncsvc - ok
20:01:04.0974 3320  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:01:05.0083 3320  WcsPlugInService - ok
20:01:05.0099 3320  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:01:05.0114 3320  Wd - ok
20:01:05.0161 3320  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:01:05.0192 3320  Wdf01000 - ok
20:01:05.0223 3320  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:01:05.0286 3320  WdiServiceHost - ok
20:01:05.0286 3320  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:01:05.0301 3320  WdiSystemHost - ok
20:01:05.0333 3320  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
20:01:05.0379 3320  WebClient - ok
20:01:05.0395 3320  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:01:05.0426 3320  Wecsvc - ok
20:01:05.0442 3320  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:01:05.0489 3320  wercplsupport - ok
20:01:05.0520 3320  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:01:05.0598 3320  WerSvc - ok
20:01:05.0645 3320  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:05.0691 3320  WfpLwf - ok
20:01:05.0691 3320  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:01:05.0707 3320  WIMMount - ok
20:01:05.0769 3320  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:01:05.0847 3320  WinDefend - ok
20:01:05.0863 3320  WinHttpAutoProxySvc - ok
20:01:05.0925 3320  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:01:05.0988 3320  Winmgmt - ok
20:01:06.0050 3320  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:01:06.0175 3320  WinRM - ok
20:01:06.0237 3320  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:01:06.0269 3320  Wlansvc - ok
20:01:06.0284 3320  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:01:06.0300 3320  WmiAcpi - ok
20:01:06.0315 3320  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:01:06.0425 3320  wmiApSrv - ok
20:01:06.0518 3320  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:01:06.0627 3320  WMPNetworkSvc - ok
20:01:06.0674 3320  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:01:06.0783 3320  WPCSvc - ok
20:01:06.0815 3320  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:01:06.0877 3320  WPDBusEnum - ok
20:01:06.0924 3320  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:01:06.0971 3320  ws2ifsl - ok
20:01:07.0002 3320  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
20:01:07.0033 3320  wscsvc - ok
20:01:07.0033 3320  WSearch - ok
20:01:07.0111 3320  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:01:07.0236 3320  wuauserv - ok
20:01:07.0267 3320  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:01:07.0283 3320  WudfPf - ok
20:01:07.0345 3320  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:07.0376 3320  WUDFRd - ok
20:01:07.0439 3320  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:01:07.0501 3320  wudfsvc - ok
20:01:07.0532 3320  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:01:07.0579 3320  WwanSvc - ok
20:01:07.0766 3320  [ 0DAAEBED3A2A3A86D2766C2B7163EB47 ] Zoolz 2 Service D:\Program Files\Genie9\Zoolz2\ZoolzService.exe
20:01:07.0829 3320  Zoolz 2 Service - ok
20:01:07.0891 3320  ================ Scan global ===============================
20:01:07.0922 3320  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:01:07.0953 3320  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:01:07.0985 3320  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:01:08.0016 3320  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:01:08.0063 3320  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:01:08.0063 3320  [Global] - ok
20:01:08.0063 3320  ================ Scan MBR ==================================
20:01:08.0078 3320  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:01:08.0437 3320  \Device\Harddisk0\DR0 - ok
20:01:08.0437 3320  ================ Scan VBR ==================================
20:01:08.0437 3320  [ 766DE370477BC05418C3BC1DE249BE7F ] \Device\Harddisk0\DR0\Partition1
20:01:08.0437 3320  \Device\Harddisk0\DR0\Partition1 - ok
20:01:08.0437 3320  [ FC9F26FFA8A214918C6B9E5998AE69B6 ] \Device\Harddisk0\DR0\Partition2
20:01:08.0453 3320  \Device\Harddisk0\DR0\Partition2 - ok
20:01:08.0468 3320  [ 724A68E23B96479490A6C0C96F3C5277 ] \Device\Harddisk0\DR0\Partition3
20:01:08.0468 3320  \Device\Harddisk0\DR0\Partition3 - ok
20:01:08.0499 3320  [ 19220EB45D081A4E079595C050D3B015 ] \Device\Harddisk0\DR0\Partition4
20:01:08.0499 3320  \Device\Harddisk0\DR0\Partition4 - ok
20:01:08.0499 3320  ================ Scan active images ========================
20:01:08.0499 3320  [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
20:01:08.0499 3320  C:\Windows\System32\drivers\crashdmp.sys - ok
20:01:08.0515 3320  [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
20:01:08.0515 3320  C:\Windows\System32\drivers\beep.sys - ok
20:01:08.0515 3320  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
20:01:08.0515 3320  C:\Windows\System32\drivers\cdrom.sys - ok
20:01:08.0515 3320  [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
20:01:08.0515 3320  C:\Windows\System32\drivers\null.sys - ok
20:01:08.0531 3320  [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
20:01:08.0531 3320  C:\Windows\System32\drivers\vga.sys - ok
20:01:08.0531 3320  [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
20:01:08.0531 3320  C:\Windows\System32\drivers\videoprt.sys - ok
20:01:08.0546 3320  [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
20:01:08.0546 3320  C:\Windows\System32\drivers\watchdog.sys - ok
20:01:08.0546 3320  [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
20:01:08.0546 3320  C:\Windows\System32\drivers\RDPCDD.sys - ok
20:01:08.0546 3320  [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
20:01:08.0546 3320  C:\Windows\System32\drivers\RDPENCDD.sys - ok
20:01:08.0562 3320  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
20:01:08.0562 3320  C:\Windows\System32\drivers\RDPREFMP.sys - ok
20:01:08.0562 3320  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
20:01:08.0562 3320  C:\Windows\System32\drivers\msfs.sys - ok
20:01:08.0562 3320  [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
20:01:08.0562 3320  C:\Windows\System32\drivers\npfs.sys - ok
20:01:08.0577 3320  [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
20:01:08.0577 3320  C:\Windows\System32\drivers\tdi.sys - ok
20:01:08.0577 3320  [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
20:01:08.0577 3320  C:\Windows\System32\drivers\tdx.sys - ok
20:01:08.0577 3320  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
20:01:08.0577 3320  C:\Windows\System32\drivers\afd.sys - ok
20:01:08.0593 3320  [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
20:01:08.0593 3320  C:\Windows\System32\drivers\netbt.sys - ok
20:01:08.0593 3320  [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
20:01:08.0593 3320  C:\Windows\System32\drivers\wfplwf.sys - ok
20:01:08.0609 3320  [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
20:01:08.0609 3320  C:\Windows\System32\drivers\ws2ifsl.sys - ok
20:01:08.0609 3320  [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
20:01:08.0609 3320  C:\Windows\System32\drivers\pacer.sys - ok
20:01:08.0609 3320  [ 7090D3436EEB4E7DA3373090A23448F7 ] C:\Windows\System32\drivers\vwififlt.sys
20:01:08.0609 3320  C:\Windows\System32\drivers\vwififlt.sys - ok
20:01:08.0624 3320  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
20:01:08.0624 3320  C:\Windows\System32\drivers\netbios.sys - ok
20:01:08.0624 3320  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
20:01:08.0624 3320  C:\Windows\System32\drivers\termdd.sys - ok
20:01:08.0624 3320  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys
20:01:08.0624 3320  C:\Windows\System32\drivers\wanarp.sys - ok
20:01:08.0640 3320  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
20:01:08.0640 3320  C:\Windows\System32\drivers\nsiproxy.sys - ok
20:01:08.0640 3320  [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
20:01:08.0640 3320  C:\Windows\System32\drivers\rdbss.sys - ok
20:01:08.0640 3320  [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
20:01:08.0640 3320  C:\Windows\System32\drivers\mssmbios.sys - ok
20:01:08.0655 3320  [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
20:01:08.0655 3320  C:\Windows\System32\drivers\blbdrive.sys - ok
20:01:08.0655 3320  [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
20:01:08.0655 3320  C:\Windows\System32\drivers\dfsc.sys - ok
20:01:08.0671 3320  [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
20:01:08.0671 3320  C:\Windows\System32\drivers\discache.sys - ok
20:01:08.0671 3320  [ 2F03CEB28307983F3B36216D35FFA5AA ] D:\Program Files\UltraISO\drivers\ISODrive.sys
20:01:08.0671 3320  D:\Program Files\UltraISO\drivers\ISODrive.sys - ok
20:01:08.0671 3320  [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
20:01:08.0671 3320  C:\Windows\System32\drivers\tunnel.sys - ok
20:01:08.0687 3320  [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
20:01:08.0687 3320  C:\Windows\System32\ntdll.dll - ok
20:01:08.0687 3320  [ DE91DCC7BC55E940979097E98F743205 ] C:\Windows\System32\smss.exe
20:01:08.0687 3320  C:\Windows\System32\smss.exe - ok
20:01:08.0687 3320  [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
20:01:08.0702 3320  C:\Windows\System32\autochk.exe - ok
20:01:08.0702 3320  [ D3F22DA8F670EFD15D348B5952769CEF ] C:\Windows\System32\drivers\nvlddmkm.sys
20:01:08.0702 3320  C:\Windows\System32\drivers\nvlddmkm.sys - ok
20:01:08.0702 3320  [ 16498EBC04AE9DD07049A8884B205C05 ] C:\Windows\System32\drivers\dxgkrnl.sys
20:01:08.0702 3320  C:\Windows\System32\drivers\dxgkrnl.sys - ok
20:01:08.0718 3320  [ E405328A0E38BF823E2361C413283F6D ] C:\Windows\System32\drivers\dxgmms1.sys
20:01:08.0718 3320  C:\Windows\System32\drivers\dxgmms1.sys - ok
20:01:08.0718 3320  [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
20:01:08.0718 3320  C:\Windows\System32\drivers\hdaudbus.sys - ok
20:01:08.0718 3320  [ BCEBD5D1AABCE4EFB7597635E347C44B ] C:\Windows\System32\drivers\Rt86win7.sys
20:01:08.0718 3320  C:\Windows\System32\drivers\Rt86win7.sys - ok
20:01:08.0733 3320  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
20:01:08.0733 3320  C:\Windows\System32\drivers\usbehci.sys - ok
20:01:08.0733 3320  [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
20:01:08.0733 3320  C:\Windows\System32\drivers\usbport.sys - ok
20:01:08.0733 3320  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys
20:01:08.0733 3320  C:\Windows\System32\drivers\i8042prt.sys - ok
20:01:08.0749 3320  [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
20:01:08.0749 3320  C:\Windows\System32\drivers\kbdclass.sys - ok
20:01:08.0749 3320  [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
20:01:08.0749 3320  C:\Windows\System32\drivers\usbd.sys - ok
20:01:08.0749 3320  [ 840EC98AD70C09F87E2F624320B9C3A3 ] C:\Windows\System32\drivers\VMkbd.sys
20:01:08.0749 3320  C:\Windows\System32\drivers\VMkbd.sys - ok
20:01:08.0765 3320  [ 6BEF3ACD6EE22EEC55B68699E8AACE09 ] C:\Windows\System32\drivers\SynTP.sys
20:01:08.0765 3320  C:\Windows\System32\drivers\SynTP.sys - ok
20:01:08.0765 3320  [ DEA805815E587DAD1DD2C502220B5616 ] C:\Windows\System32\drivers\CmBatt.sys
20:01:08.0765 3320  C:\Windows\System32\drivers\CmBatt.sys - ok
20:01:08.0780 3320  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
20:01:08.0780 3320  C:\Windows\System32\drivers\mouclass.sys - ok
20:01:08.0780 3320  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
20:01:08.0780 3320  C:\Windows\System32\drivers\CompositeBus.sys - ok
20:01:08.0780 3320  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
20:01:08.0780 3320  C:\Windows\System32\drivers\intelppm.sys - ok
20:01:08.0796 3320  [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
20:01:08.0796 3320  C:\Windows\System32\drivers\agilevpn.sys - ok
20:01:08.0796 3320  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
20:01:08.0796 3320  C:\Windows\System32\drivers\ndistapi.sys - ok
20:01:08.0796 3320  [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
20:01:08.0796 3320  C:\Windows\System32\drivers\ndiswan.sys - ok
20:01:08.0811 3320  [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
20:01:08.0811 3320  C:\Windows\System32\drivers\rasl2tp.sys - ok
20:01:08.0811 3320  [ EF6574A4A8359379CAF7092850FE4C81 ] C:\Windows\System32\drivers\Ndisrd.sys
20:01:08.0811 3320  C:\Windows\System32\drivers\Ndisrd.sys - ok
20:01:08.0827 3320  [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
20:01:08.0827 3320  C:\Windows\System32\drivers\raspppoe.sys - ok
20:01:08.0827 3320  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
20:01:08.0827 3320  C:\Windows\System32\drivers\raspptp.sys - ok
20:01:08.0827 3320  [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
20:01:08.0827 3320  C:\Windows\System32\drivers\rassstp.sys - ok
20:01:08.0843 3320  [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
20:01:08.0843 3320  C:\Windows\System32\drivers\ks.sys - ok
20:01:08.0843 3320  [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
20:01:08.0843 3320  C:\Windows\System32\drivers\swenum.sys - ok
20:01:08.0843 3320  [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
20:01:08.0843 3320  C:\Windows\System32\drivers\umbus.sys - ok
20:01:08.0858 3320  [ 70C73BF6EA125D0E4097A440D18A8463 ] C:\Windows\System32\drivers\vmnet.sys
20:01:08.0858 3320  C:\Windows\System32\drivers\vmnet.sys - ok
20:01:08.0858 3320  [ A267D2321ED281359D301BFEB8202652 ] C:\Windows\System32\drivers\vmnetadapter.sys
20:01:08.0858 3320  C:\Windows\System32\drivers\vmnetadapter.sys - ok
20:01:08.0858 3320  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
20:01:08.0858 3320  C:\Windows\System32\drivers\usbhub.sys - ok
20:01:08.0874 3320  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
20:01:08.0874 3320  C:\Windows\System32\drivers\ndproxy.sys - ok
20:01:08.0874 3320  [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
20:01:08.0874 3320  C:\Windows\System32\drivers\drmk.sys - ok
20:01:08.0874 3320  [ 77F9F9A199B87FE3F852E12F5419240B ] C:\Windows\System32\drivers\nvhda32v.sys
20:01:08.0874 3320  C:\Windows\System32\drivers\nvhda32v.sys - ok
20:01:08.0889 3320  [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
20:01:08.0889 3320  C:\Windows\System32\drivers\portcls.sys - ok
20:01:08.0889 3320  [ 8DB43F2E5ABD24702D1DA1B1BCAD1B93 ] C:\Windows\System32\drivers\RTKVHDA.sys
20:01:08.0889 3320  C:\Windows\System32\drivers\RTKVHDA.sys - ok
20:01:08.0905 3320  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
20:01:08.0905 3320  C:\Windows\System32\msvcrt.dll - ok
20:01:08.0905 3320  [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
20:01:08.0905 3320  C:\Windows\System32\gdi32.dll - ok
20:01:08.0905 3320  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
20:01:08.0905 3320  C:\Windows\System32\oleaut32.dll - ok
20:01:08.0921 3320  [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
20:01:08.0921 3320  C:\Windows\System32\clbcatq.dll - ok
20:01:08.0921 3320  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
20:01:08.0921 3320  C:\Windows\System32\nsi.dll - ok
20:01:08.0921 3320  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
20:01:08.0921 3320  C:\Windows\System32\shlwapi.dll - ok
20:01:08.0936 3320  [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
20:01:08.0936 3320  C:\Windows\System32\difxapi.dll - ok
20:01:08.0936 3320  [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
20:01:08.0936 3320  C:\Windows\System32\imm32.dll - ok
20:01:08.0936 3320  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
20:01:08.0936 3320  C:\Windows\System32\imagehlp.dll - ok
20:01:08.0952 3320  [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
20:01:08.0952 3320  C:\Windows\System32\comdlg32.dll - ok
20:01:08.0952 3320  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
20:01:08.0952 3320  C:\Windows\System32\sechost.dll - ok
20:01:08.0952 3320  [ 2473CA6595A2659D7039A4A89FECA269 ] C:\Windows\System32\wininet.dll
20:01:08.0952 3320  C:\Windows\System32\wininet.dll - ok
20:01:08.0967 3320  [ B3DC4D1658093C1E486CA9F22180BECF ] C:\Windows\System32\urlmon.dll
20:01:08.0967 3320  C:\Windows\System32\urlmon.dll - ok
20:01:08.0967 3320  [ AE09B85158C66E2C154C5C9B3C0027B3 ] C:\Windows\System32\kernel32.dll
20:01:08.0967 3320  C:\Windows\System32\kernel32.dll - ok
20:01:08.0983 3320  [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\System32\shell32.dll
20:01:08.0983 3320  C:\Windows\System32\shell32.dll - ok
20:01:08.0983 3320  [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
20:01:08.0983 3320  C:\Windows\System32\lpk.dll - ok
20:01:08.0983 3320  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
20:01:08.0983 3320  C:\Windows\System32\normaliz.dll - ok
20:01:08.0999 3320  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
20:01:08.0999 3320  C:\Windows\System32\psapi.dll - ok
20:01:08.0999 3320  [ F383B1AD5D7FDC1ACB0D900B50572F8D ] C:\Windows\System32\iertutil.dll
20:01:08.0999 3320  C:\Windows\System32\iertutil.dll - ok
20:01:08.0999 3320  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
20:01:08.0999 3320  C:\Windows\System32\setupapi.dll - ok
20:01:09.0014 3320  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\System32\usp10.dll
20:01:09.0014 3320  C:\Windows\System32\usp10.dll - ok
20:01:09.0014 3320  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
20:01:09.0014 3320  C:\Windows\System32\msctf.dll - ok
20:01:09.0014 3320  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
20:01:09.0014 3320  C:\Windows\System32\ole32.dll - ok
20:01:09.0030 3320  [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
20:01:09.0030 3320  C:\Windows\System32\user32.dll - ok
20:01:09.0030 3320  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
20:01:09.0030 3320  C:\Windows\System32\Wldap32.dll - ok
20:01:09.0030 3320  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
20:01:09.0030 3320  C:\Windows\System32\ws2_32.dll - ok
20:01:09.0045 3320  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
20:01:09.0045 3320  C:\Windows\System32\advapi32.dll - ok
20:01:09.0045 3320  [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
20:01:09.0045 3320  C:\Windows\System32\rpcrt4.dll - ok
20:01:09.0045 3320  [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
20:01:09.0045 3320  C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
20:01:09.0061 3320  [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
20:01:09.0061 3320  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
20:01:09.0061 3320  [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
20:01:09.0061 3320  C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
20:01:09.0077 3320  [ 92245C959E5BC378809D2CC5E9F6E9C7 ] C:\Windows\System32\crypt32.dll
20:01:09.0077 3320  C:\Windows\System32\crypt32.dll - ok
20:01:09.0077 3320  [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
20:01:09.0077 3320  C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
20:01:09.0077 3320  [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
20:01:09.0077 3320  C:\Windows\System32\devobj.dll - ok
20:01:09.0092 3320  [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
20:01:09.0092 3320  C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
20:01:09.0092 3320  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
20:01:09.0092 3320  C:\Windows\System32\comctl32.dll - ok
20:01:09.0092 3320  [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
20:01:09.0092 3320  C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
20:01:09.0108 3320  [ AD88D390C9417C959E08F8BF6F2B8154 ] C:\Windows\System32\KernelBase.dll
20:01:09.0108 3320  C:\Windows\System32\KernelBase.dll - ok
20:01:09.0108 3320  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
20:01:09.0108 3320  C:\Windows\System32\wintrust.dll - ok
20:01:09.0108 3320  [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
20:01:09.0108 3320  C:\Windows\System32\cfgmgr32.dll - ok
20:01:09.0123 3320  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
20:01:09.0123 3320  C:\Windows\System32\msasn1.dll - ok
20:01:09.0123 3320  [ BD9C55D7023C5DE374507ACC7A14E2AC ] C:\Windows\System32\drivers\usbccgp.sys
20:01:09.0123 3320  C:\Windows\System32\drivers\usbccgp.sys - ok
20:01:09.0123 3320  [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
20:01:09.0123 3320  C:\Windows\System32\drivers\dxapi.sys - ok
20:01:09.0139 3320  [ 52948A58E4E64427DC399A409EF1CAB5 ] C:\Windows\System32\win32k.sys
20:01:09.0139 3320  C:\Windows\System32\win32k.sys - ok
20:01:09.0139 3320  [ 23AB7E36551C6BA5370EF7F05142F0EB ] C:\Windows\System32\csrsrv.dll
20:01:09.0139 3320  C:\Windows\System32\csrsrv.dll - ok
20:01:09.0155 3320  [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
20:01:09.0155 3320  C:\Windows\System32\csrss.exe - ok
20:01:09.0155 3320  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
20:01:09.0155 3320  C:\Windows\System32\basesrv.dll - ok
20:01:09.0155 3320  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] C:\Windows\System32\drivers\usbvideo.sys
20:01:09.0155 3320  C:\Windows\System32\drivers\usbvideo.sys - ok
20:01:09.0170 3320  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\System32\winsrv.dll
20:01:09.0170 3320  C:\Windows\System32\winsrv.dll - ok
20:01:09.0170 3320  [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
20:01:09.0170 3320  C:\Windows\System32\drivers\monitor.sys - ok
20:01:09.0170 3320  [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
20:01:09.0170 3320  C:\Windows\System32\tsddd.dll - ok
20:01:09.0186 3320  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
20:01:09.0186 3320  C:\Windows\System32\profapi.dll - ok
20:01:09.0186 3320  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
20:01:09.0186 3320  C:\Windows\System32\sxssrv.dll - ok
20:01:09.0186 3320  [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
20:01:09.0186 3320  C:\Windows\System32\wininit.exe - ok
20:01:09.0201 3320  [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
20:01:09.0201 3320  C:\Windows\System32\KBDUS.DLL - ok
20:01:09.0201 3320  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
20:01:09.0201 3320  C:\Windows\System32\RpcRtRemote.dll - ok
20:01:09.0201 3320  [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
20:01:09.0201 3320  C:\Windows\System32\cdd.dll - ok
20:01:09.0217 3320  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
20:01:09.0217 3320  C:\Windows\System32\sxs.dll - ok
20:01:09.0217 3320  [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
20:01:09.0217 3320  C:\Windows\System32\WlS0WndH.dll - ok
20:01:09.0217 3320  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
20:01:09.0217 3320  C:\Windows\System32\cryptbase.dll - ok
20:01:09.0233 3320  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
20:01:09.0233 3320  C:\Windows\System32\apphelp.dll - ok
20:01:09.0233 3320  [ C95CA687D32DDAB1C91E1122E80D5E16 ] C:\Windows\System32\lsasrv.dll
20:01:09.0233 3320  C:\Windows\System32\lsasrv.dll - ok
20:01:09.0248 3320  [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
20:01:09.0248 3320  C:\Windows\System32\lsass.exe - ok
20:01:09.0248 3320  [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
20:01:09.0248 3320  C:\Windows\System32\lsm.exe - ok
20:01:09.0248 3320  [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
20:01:09.0248 3320  C:\Windows\System32\scext.dll - ok
20:01:09.0264 3320  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
20:01:09.0264 3320  C:\Windows\System32\services.exe - ok
20:01:09.0264 3320  [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
20:01:09.0264 3320  C:\Windows\System32\sspicli.dll - ok
20:01:09.0264 3320  [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
20:01:09.0264 3320  C:\Windows\System32\sspisrv.dll - ok
20:01:09.0279 3320  [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
20:01:09.0279 3320  C:\Windows\System32\sysntfy.dll - ok
20:01:09.0279 3320  [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
20:01:09.0279 3320  C:\Windows\System32\wmsgapi.dll - ok
20:01:09.0279 3320  [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
20:01:09.0279 3320  C:\Windows\System32\scesrv.dll - ok
20:01:09.0295 3320  [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
20:01:09.0295 3320  C:\Windows\System32\secur32.dll - ok
20:01:09.0295 3320  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
20:01:09.0295 3320  C:\Windows\System32\srvcli.dll - ok
20:01:09.0295 3320  [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
20:01:09.0295 3320  C:\Windows\System32\samsrv.dll - ok
20:01:09.0311 3320  [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
20:01:09.0311 3320  C:\Windows\System32\authz.dll - ok
20:01:09.0311 3320  [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
20:01:09.0311 3320  C:\Windows\System32\cngaudit.dll - ok
20:01:09.0311 3320  [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
20:01:09.0311 3320  C:\Windows\System32\cryptdll.dll - ok
20:01:09.0326 3320  [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
20:01:09.0326 3320  C:\Windows\System32\wevtapi.dll - ok
20:01:09.0326 3320  [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
20:01:09.0326 3320  C:\Windows\System32\bcrypt.dll - ok
20:01:09.0326 3320  [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
20:01:09.0326 3320  C:\Windows\System32\msprivs.dll - ok
20:01:09.0342 3320  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\System32\ncrypt.dll
20:01:09.0342 3320  C:\Windows\System32\ncrypt.dll - ok
20:01:09.0342 3320  [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
20:01:09.0342 3320  C:\Windows\System32\netjoin.dll - ok
20:01:09.0357 3320  [ FD1D6C73E6333BE727CBCC6054247654 ] C:\Windows\System32\drivers\TsUsbFlt.sys
20:01:09.0357 3320  C:\Windows\System32\drivers\TsUsbFlt.sys - ok
20:01:09.0357 3320  [ 5DAF8A6B7F127C4E70A5C1F707347859 ] C:\Windows\System32\atmfd.dll
20:01:09.0357 3320  C:\Windows\System32\atmfd.dll - ok
20:01:09.0357 3320  [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
20:01:09.0357 3320  C:\Windows\System32\kerberos.dll - ok
20:01:09.0373 3320  [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
20:01:09.0373 3320  C:\Windows\System32\negoexts.dll - ok
20:01:09.0373 3320  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
20:01:09.0373 3320  C:\Windows\System32\version.dll - ok
20:01:09.0373 3320  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
20:01:09.0373 3320  C:\Windows\System32\cryptsp.dll - ok
20:01:09.0389 3320  [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
20:01:09.0389 3320  C:\Windows\System32\msv1_0.dll - ok
20:01:09.0389 3320  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
20:01:09.0389 3320  C:\Windows\System32\mswsock.dll - ok
20:01:09.0389 3320  [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
20:01:09.0389 3320  C:\Windows\System32\netlogon.dll - ok
20:01:09.0404 3320  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
20:01:09.0404 3320  C:\Windows\System32\wship6.dll - ok
20:01:09.0404 3320  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
20:01:09.0404 3320  C:\Windows\System32\dnsapi.dll - ok
20:01:09.0404 3320  [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
20:01:09.0404 3320  C:\Windows\System32\logoncli.dll - ok
20:01:09.0420 3320  [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\System32\schannel.dll
20:01:09.0420 3320  C:\Windows\System32\schannel.dll - ok
20:01:09.0420 3320  [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
20:01:09.0420 3320  C:\Windows\System32\wdigest.dll - ok
20:01:09.0420 3320  [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
20:01:09.0420 3320  C:\Windows\System32\winlogon.exe - ok
20:01:09.0435 3320  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
20:01:09.0435 3320  C:\Windows\System32\bcryptprimitives.dll - ok
20:01:09.0435 3320  [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
20:01:09.0435 3320  C:\Windows\System32\pku2u.dll - ok
20:01:09.0451 3320  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
20:01:09.0451 3320  C:\Windows\System32\rsaenh.dll - ok
20:01:09.0451 3320  [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
20:01:09.0451 3320  C:\Windows\System32\TSpkg.dll - ok
20:01:09.0451 3320  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
20:01:09.0451 3320  C:\Windows\System32\winsta.dll - ok
20:01:09.0467 3320  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
20:01:09.0467 3320  C:\Windows\System32\credssp.dll - ok
20:01:09.0467 3320  [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
20:01:09.0467 3320  C:\Windows\System32\efslsaext.dll - ok
20:01:09.0467 3320  [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
20:01:09.0467 3320  C:\Windows\System32\ubpm.dll - ok
20:01:09.0482 3320  [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
20:01:09.0482 3320  C:\Windows\System32\scecli.dll - ok
20:01:09.0482 3320  [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
20:01:09.0482 3320  C:\Windows\System32\svchost.exe - ok
20:01:09.0498 3320  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
20:01:09.0498 3320  C:\Windows\System32\umpnpmgr.dll - ok
20:01:09.0498 3320  [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
20:01:09.0498 3320  C:\Windows\System32\devrtl.dll - ok
20:01:09.0498 3320  [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
20:01:09.0498 3320  C:\Windows\System32\SPInf.dll - ok
20:01:09.0513 3320  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
20:01:09.0513 3320  C:\Windows\System32\gpapi.dll - ok
20:01:09.0513 3320  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
20:01:09.0513 3320  C:\Windows\System32\userenv.dll - ok
20:01:09.0513 3320  [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
20:01:09.0513 3320  C:\Windows\System32\umpo.dll - ok
20:01:09.0529 3320  [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
20:01:09.0529 3320  C:\Windows\System32\pcwum.dll - ok
20:01:09.0529 3320  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
20:01:09.0529 3320  C:\Windows\System32\powrprof.dll - ok
20:01:09.0529 3320  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
20:01:09.0529 3320  C:\Windows\System32\drivers\luafv.sys - ok
20:01:09.0545 3320  [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\Windows\System32\drivers\mbam.sys
20:01:09.0545 3320  C:\Windows\System32\drivers\mbam.sys - ok
20:01:09.0545 3320  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
20:01:09.0545 3320  C:\Windows\System32\drivers\WUDFPf.sys - ok
20:01:09.0545 3320  [ A3B80E6B7CDE9660F639658739A5824E ] C:\Windows\System32\nvvsvc.exe
20:01:09.0545 3320  C:\Windows\System32\nvvsvc.exe - ok
20:01:09.0560 3320  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
20:01:09.0560 3320  C:\Windows\System32\wtsapi32.dll - ok
20:01:09.0560 3320  [ A766CCAD980235FF34E7F8089D3175A3 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:01:09.0560 3320  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
20:01:09.0576 3320  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
20:01:09.0576 3320  C:\Windows\System32\winspool.drv - ok
20:01:09.0576 3320  [ 91B82AFC372093C48D225CB358250325 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll
20:01:09.0576 3320  C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll - ok
20:01:09.0576 3320  [ 7FB76BB304C9CE38BDC398707E1EEE74 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll
20:01:09.0576 3320  C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll - ok
20:01:09.0591 3320  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
20:01:09.0591 3320  C:\Windows\System32\ntmarta.dll - ok
20:01:09.0591 3320  [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
20:01:09.0591 3320  C:\Windows\System32\rpcss.dll - ok
20:01:09.0591 3320  [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
20:01:09.0591 3320  C:\Windows\System32\RpcEpMap.dll - ok
20:01:09.0607 3320  [ 782BF54D15BCF6027DE9AA7192529FB7 ] C:\Windows\System32\PrxerDrv.dll
20:01:09.0607 3320  C:\Windows\System32\PrxerDrv.dll - ok
20:01:09.0607 3320  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
20:01:09.0607 3320  C:\Windows\System32\WSHTCPIP.DLL - ok
20:01:09.0607 3320  [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
20:01:09.0607 3320  C:\Windows\System32\wshqos.dll - ok
20:01:09.0623 3320  [ F556912E70B22D740C9C99E310E3C11F ] C:\Program Files\Microsoft Security Client\MpSvc.dll
20:01:09.0623 3320  C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
20:01:09.0623 3320  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:01:09.0623 3320  C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
20:01:09.0638 3320  [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
20:01:09.0638 3320  C:\Windows\System32\FirewallAPI.dll - ok
20:01:09.0638 3320  [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
20:01:09.0638 3320  C:\Windows\System32\LogonUI.exe - ok
20:01:09.0638 3320  [ 3D9381A332E4373F8811C71BA5078B31 ] C:\Program Files\Microsoft Security Client\MpClient.dll
20:01:09.0638 3320  C:\Program Files\Microsoft Security Client\MpClient.dll - ok
20:01:09.0654 3320  [ E904178851A6A44BFA97E064EF779E9D ] C:\Windows\System32\authui.dll
20:01:09.0654 3320  C:\Windows\System32\authui.dll - ok
20:01:09.0654 3320  [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
20:01:09.0654 3320  C:\Windows\System32\cryptui.dll - ok
20:01:09.0669 3320  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
20:01:09.0669 3320  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok

Link to post
Share on other sites

20:01:09.0669 3320  [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
20:01:09.0669 3320  C:\Windows\System32\shacct.dll - ok
20:01:09.0669 3320  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
20:01:09.0669 3320  C:\Windows\System32\propsys.dll - ok
20:01:09.0685 3320  [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
20:01:09.0685 3320  C:\Windows\System32\samlib.dll - ok
20:01:09.0685 3320  [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
20:01:09.0685 3320  C:\Windows\System32\uxtheme.dll - ok
20:01:09.0685 3320  [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
20:01:09.0685 3320  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
20:01:09.0701 3320  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
20:01:09.0701 3320  C:\Windows\System32\dui70.dll - ok
20:01:09.0701 3320  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
20:01:09.0701 3320  C:\Windows\System32\duser.dll - ok
20:01:09.0701 3320  [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
20:01:09.0701 3320  C:\Windows\System32\SndVolSSO.dll - ok
20:01:09.0716 3320  [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
20:01:09.0716 3320  C:\Windows\System32\hid.dll - ok
20:01:09.0716 3320  [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
20:01:09.0716 3320  C:\Windows\System32\MMDevAPI.dll - ok
20:01:09.0716 3320  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
20:01:09.0716 3320  C:\Windows\System32\dwmapi.dll - ok
20:01:09.0732 3320  [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
20:01:09.0732 3320  C:\Windows\System32\xmllite.dll - ok
20:01:09.0732 3320  [ 5B2E4E90C04FB9AE9F2C5E99FF59B283 ] C:\Windows\System32\WindowsCodecs.dll
20:01:09.0732 3320  C:\Windows\System32\WindowsCodecs.dll - ok
20:01:09.0747 3320  [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
20:01:09.0747 3320  C:\Windows\System32\VaultCredProvider.dll - ok
20:01:09.0747 3320  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
20:01:09.0747 3320  C:\Windows\System32\winbrand.dll - ok
20:01:09.0747 3320  [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
20:01:09.0747 3320  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
20:01:09.0763 3320  [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
20:01:09.0763 3320  C:\Windows\System32\BioCredProv.dll - ok
20:01:09.0763 3320  [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
20:01:09.0763 3320  C:\Windows\System32\credui.dll - ok
20:01:09.0763 3320  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
20:01:09.0763 3320  C:\Windows\System32\netapi32.dll - ok
20:01:09.0779 3320  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
20:01:09.0779 3320  C:\Windows\System32\netutils.dll - ok
20:01:09.0779 3320  [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
20:01:09.0779 3320  C:\Windows\System32\samcli.dll - ok
20:01:09.0779 3320  [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
20:01:09.0779 3320  C:\Windows\System32\vaultcli.dll - ok
20:01:09.0794 3320  [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
20:01:09.0794 3320  C:\Windows\System32\winbio.dll - ok
20:01:09.0794 3320  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
20:01:09.0794 3320  C:\Windows\System32\wkscli.dll - ok
20:01:09.0794 3320  [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
20:01:09.0794 3320  C:\Windows\System32\certCredProvider.dll - ok
20:01:09.0810 3320  [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
20:01:09.0810 3320  C:\Windows\System32\rasplap.dll - ok
20:01:09.0810 3320  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
20:01:09.0810 3320  C:\Windows\System32\rasapi32.dll - ok
20:01:09.0825 3320  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
20:01:09.0825 3320  C:\Windows\System32\rasman.dll - ok
20:01:09.0825 3320  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
20:01:09.0825 3320  C:\Windows\System32\rtutils.dll - ok
20:01:09.0825 3320  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
20:01:09.0825 3320  C:\Windows\System32\oleacc.dll - ok
20:01:09.0841 3320  [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\System32\UIAutomationCore.dll
20:01:09.0841 3320  C:\Windows\System32\UIAutomationCore.dll - ok
20:01:09.0841 3320  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
20:01:09.0841 3320  C:\Windows\System32\msimg32.dll - ok
20:01:09.0841 3320  [ 118D81523EA80B9E252CB840E94754C6 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
20:01:09.0841 3320  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
20:01:09.0857 3320  [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
20:01:09.0857 3320  C:\Windows\System32\wevtsvc.dll - ok
20:01:09.0857 3320  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
20:01:09.0857 3320  C:\Windows\System32\audiosrv.dll - ok
20:01:09.0872 3320  [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
20:01:09.0872 3320  C:\Windows\System32\profsvc.dll - ok
20:01:09.0872 3320  [ E12C4928B32ACE04610259647F072635 ] C:\Windows\System32\FntCache.dll
20:01:09.0872 3320  C:\Windows\System32\FntCache.dll - ok
20:01:09.0872 3320  [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
20:01:09.0872 3320  C:\Windows\System32\avrt.dll - ok
20:01:09.0888 3320  [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
20:01:09.0888 3320  C:\Windows\System32\mmcss.dll - ok
20:01:09.0888 3320  [ AA87D7709021503687326432DC59590D ] C:\Program Files\Microsoft Security Client\MpRTP.dll
20:01:09.0888 3320  C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
20:01:09.0888 3320  [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
20:01:09.0888 3320  C:\Windows\System32\fltLib.dll - ok
20:01:09.0903 3320  [ EE38212D3630819A6293A5BAE2D5C9A8 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
20:01:09.0903 3320  C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
20:01:09.0903 3320  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] C:\Windows\System32\drivers\MpFilter.sys
20:01:09.0903 3320  C:\Windows\System32\drivers\MpFilter.sys - ok
20:01:09.0903 3320  [ AC66A87B91D548D8DBDA58D00FA21547 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
20:01:09.0903 3320  C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
20:01:09.0919 3320  [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
20:01:09.0919 3320  C:\Windows\System32\audiodg.exe - ok
20:01:09.0919 3320  [ 3E4F7CEF4D814584D3E9E390CA59DE5F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpengine.dll
20:01:09.0919 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpengine.dll - ok
20:01:09.0919 3320  [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
20:01:09.0935 3320  C:\Windows\System32\gpsvc.dll - ok
20:01:09.0935 3320  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
20:01:09.0935 3320  C:\Windows\System32\atl.dll - ok
20:01:09.0935 3320  [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
20:01:09.0935 3320  C:\Windows\System32\dsrole.dll - ok
20:01:09.0950 3320  [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
20:01:09.0950 3320  C:\Windows\System32\es.dll - ok
20:01:09.0950 3320  [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll
20:01:09.0950 3320  C:\Windows\System32\nlaapi.dll - ok
20:01:09.0950 3320  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
20:01:09.0950 3320  C:\Windows\System32\themeservice.dll - ok
20:01:09.0966 3320  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
20:01:09.0966 3320  C:\Windows\System32\slc.dll - ok
20:01:09.0966 3320  [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
20:01:09.0966 3320  C:\Windows\System32\Sens.dll - ok
20:01:09.0966 3320  [ 3129023CEF1A2225665D44F9545DAED4 ] D:\Program Files\Sandboxie\SbieSvc.exe
20:01:09.0966 3320  D:\Program Files\Sandboxie\SbieSvc.exe - ok
20:01:09.0981 3320  [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
20:01:09.0981 3320  C:\Windows\System32\UXInit.dll - ok
20:01:09.0981 3320  [ 913311F5F69932ADC29B0FF3015494CD ] D:\Program Files\Sandboxie\SbieDll.dll
20:01:09.0981 3320  D:\Program Files\Sandboxie\SbieDll.dll - ok
20:01:09.0981 3320  [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
20:01:09.0981 3320  C:\Windows\System32\uxsms.dll - ok
20:01:09.0997 3320  [ 954CA32CB0E3CCD19956D900A4A9F3FC ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
20:01:09.0997 3320  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok
20:01:09.0997 3320  [ 26535C8F7105D7C2767C93FDFC49CF57 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasbase.vdm
20:01:09.0997 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasbase.vdm - ok
20:01:10.0013 3320  [ 0620AA2C0B176B89AC546C103FF2602C ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasdlta.vdm
20:01:10.0013 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpasdlta.vdm - ok
20:01:10.0013 3320  [ 00000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavbase.vdm
20:01:10.0013 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavbase.vdm - ok
20:01:10.0013 3320  [ 82F190DF81BD2624DFE01AFBED4DE075 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavdlta.vdm
20:01:10.0013 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\mpavdlta.vdm - ok
20:01:10.0028 3320  [ 56139C1B79B6EE0C6D02754F3F70892F ] C:\Windows\System32\nvsvc.dll
20:01:10.0028 3320  C:\Windows\System32\nvsvc.dll - ok
20:01:10.0028 3320  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
20:01:10.0028 3320  C:\Windows\System32\IPHLPAPI.DLL - ok
20:01:10.0028 3320  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
20:01:10.0028 3320  C:\Windows\System32\imageres.dll - ok
20:01:10.0044 3320  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
20:01:10.0044 3320  C:\Windows\System32\winnsi.dll - ok
20:01:10.0044 3320  [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
20:01:10.0044 3320  C:\Windows\System32\adtschema.dll - ok
20:01:10.0044 3320  [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
20:01:10.0044 3320  C:\Windows\System32\wlansvc.dll - ok
20:01:10.0059 3320  [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
20:01:10.0059 3320  C:\Windows\System32\mscms.dll - ok
20:01:10.0059 3320  [ 97F064EA7D1240ADA38657E249EB3C5B ] C:\Windows\System32\nvapi.dll
20:01:10.0059 3320  C:\Windows\System32\nvapi.dll - ok
20:01:10.0059 3320  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
20:01:10.0059 3320  C:\Windows\System32\winmm.dll - ok
20:01:10.0075 3320  [ 692A2ECA4ACB58BB337EE084E414B132 ] C:\Windows\System32\nvsvcr.dll
20:01:10.0075 3320  C:\Windows\System32\nvsvcr.dll - ok
20:01:10.0075 3320  [ 3CB15ED250A70B9FA3FF5AA125362A63 ] C:\Windows\System32\nvcpl.dll
20:01:10.0075 3320  C:\Windows\System32\nvcpl.dll - ok
20:01:10.0075 3320  [ B9ADA43CB3FFAF6669D34F432AA44A0F ] C:\Windows\System32\pstorec.dll
20:01:10.0075 3320  C:\Windows\System32\pstorec.dll - ok
20:01:10.0091 3320  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
20:01:10.0091 3320  C:\Windows\System32\WUDFSvc.dll - ok
20:01:10.0091 3320  [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
20:01:10.0091 3320  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
20:01:10.0106 3320  [ 224049C51E2C2D07B02B1BED262976A1 ] D:\Program Files\Sandboxie\SbieDrv.sys
20:01:10.0106 3320  D:\Program Files\Sandboxie\SbieDrv.sys - ok
20:01:10.0106 3320  [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
20:01:10.0106 3320  C:\Windows\System32\WUDFPlatform.dll - ok
20:01:10.0106 3320  [ 7A4BB278D7860551A716D46349492692 ] C:\Windows\System32\drivers\vmnetbridge.sys
20:01:10.0106 3320  C:\Windows\System32\drivers\vmnetbridge.sys - ok
20:01:10.0122 3320  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
20:01:10.0122 3320  C:\Windows\System32\drivers\lltdio.sys - ok
20:01:10.0122 3320  [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys
20:01:10.0122 3320  C:\Windows\System32\drivers\ndisuio.sys - ok
20:01:10.0137 3320  [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
20:01:10.0137 3320  C:\Windows\System32\drivers\nwifi.sys - ok
20:01:10.0137 3320  [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
20:01:10.0137 3320  C:\Windows\System32\drivers\rspndr.sys - ok
20:01:10.0137 3320  [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
20:01:10.0137 3320  C:\Windows\System32\keyiso.dll - ok
20:01:10.0153 3320  [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
20:01:10.0153 3320  C:\Windows\System32\lmhsvc.dll - ok
20:01:10.0153 3320  [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
20:01:10.0153 3320  C:\Windows\System32\nrpsrv.dll - ok
20:01:10.0153 3320  [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
20:01:10.0153 3320  C:\Windows\System32\nsisvc.dll - ok
20:01:10.0169 3320  [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
20:01:10.0169 3320  C:\Windows\System32\dhcpcore.dll - ok
20:01:10.0169 3320  [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
20:01:10.0169 3320  C:\Windows\System32\eapsvc.dll - ok
20:01:10.0169 3320  [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll
20:01:10.0169 3320  C:\Windows\System32\eapphost.dll - ok
20:01:10.0184 3320  [ A2B99C57E9ED69E432390C3966946910 ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
20:01:10.0184 3320  C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok
20:01:10.0184 3320  [ 85E57D87AF7AF2EECBE4548F8A54061F ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
20:01:10.0184 3320  C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok
20:01:10.0184 3320  [ 25D4EAFF936A6FA97DAD44D303741868 ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
20:01:10.0184 3320  C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
20:01:10.0200 3320  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
20:01:10.0200 3320  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
20:01:10.0200 3320  [ 82EC9AC48736E310F81C6F58F0D27FEF ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
20:01:10.0200 3320  C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok
20:01:10.0215 3320  [ C2D2270A85FE733BE9E606C67E43EC47 ] C:\Program Files\NVIDIA Corporation\Display\nvuir.dll
20:01:10.0215 3320  C:\Program Files\NVIDIA Corporation\Display\nvuir.dll - ok
20:01:10.0215 3320  [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
20:01:10.0215 3320  C:\Windows\System32\dnsrslvr.dll - ok
20:01:10.0215 3320  [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
20:01:10.0215 3320  C:\Windows\System32\comres.dll - ok
20:01:10.0231 3320  [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll
20:01:10.0231 3320  C:\Windows\System32\dhcpcore6.dll - ok
20:01:10.0231 3320  [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll
20:01:10.0231 3320  C:\Windows\System32\dhcpcsvc6.dll - ok
20:01:10.0231 3320  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
20:01:10.0231 3320  C:\Windows\System32\dhcpcsvc.dll - ok
20:01:10.0247 3320  [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
20:01:10.0247 3320  C:\Windows\System32\drivers\fltMgr.sys - ok
20:01:10.0247 3320  [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
20:01:10.0247 3320  C:\Windows\System32\PSHED.DLL - ok
20:01:10.0247 3320  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
20:01:10.0247 3320  C:\Windows\System32\dllhost.exe - ok
20:01:10.0262 3320  [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
20:01:10.0262 3320  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
20:01:10.0262 3320  [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
20:01:10.0262 3320  C:\Windows\System32\IDStore.dll - ok
20:01:10.0262 3320  [ F8CEA61598065D44E8E328C160D24E8F ] C:\Windows\System32\IMSC14.IME
20:01:10.0278 3320  C:\Windows\System32\IMSC14.IME - ok
20:01:10.0278 3320  [ 10097B86D9F9237E4628AD2AD19BDAB2 ] C:\Windows\System32\IMSCE14.IME
20:01:10.0278 3320  C:\Windows\System32\IMSCE14.IME - ok
20:01:10.0278 3320  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
20:01:10.0278 3320  C:\Windows\System32\mpr.dll - ok
20:01:10.0293 3320  [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
20:01:10.0293 3320  C:\Windows\System32\userinit.exe - ok
20:01:10.0293 3320  [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
20:01:10.0293 3320  C:\Windows\System32\dwm.exe - ok
20:01:10.0293 3320  [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
20:01:10.0293 3320  C:\Windows\System32\dwmcore.dll - ok
20:01:10.0309 3320  [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
20:01:10.0309 3320  C:\Windows\System32\dwmredir.dll - ok
20:01:10.0309 3320  [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
20:01:10.0309 3320  C:\Windows\System32\dnsext.dll - ok
20:01:10.0309 3320  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
20:01:10.0309 3320  C:\Windows\System32\FWPUCLNT.DLL - ok
20:01:10.0325 3320  [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
20:01:10.0325 3320  C:\Windows\System32\umb.dll - ok
20:01:10.0325 3320  [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll
20:01:10.0325 3320  C:\Windows\System32\wlanmsm.dll - ok
20:01:10.0325 3320  [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
20:01:10.0325 3320  C:\Windows\System32\wlansec.dll - ok
20:01:10.0340 3320  [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
20:01:10.0340 3320  C:\Windows\System32\eappcfg.dll - ok
20:01:10.0340 3320  [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
20:01:10.0340 3320  C:\Windows\System32\eappprxy.dll - ok
20:01:10.0340 3320  [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
20:01:10.0340 3320  C:\Windows\System32\l2gpstore.dll - ok
20:01:10.0356 3320  [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
20:01:10.0356 3320  C:\Windows\System32\onex.dll - ok
20:01:10.0356 3320  [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
20:01:10.0356 3320  C:\Windows\System32\wlgpclnt.dll - ok
20:01:10.0371 3320  [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
20:01:10.0371 3320  C:\Windows\explorer.exe - ok
20:01:10.0371 3320  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
20:01:10.0371 3320  C:\Windows\System32\ExplorerFrame.dll - ok
20:01:10.0371 3320  [ 3C1936A12C62254F914A01BBC6A8DC69 ] C:\Windows\System32\d3d10_1.dll
20:01:10.0371 3320  C:\Windows\System32\d3d10_1.dll - ok
20:01:10.0387 3320  [ 3FC5B80B2FA502DF3461AC3BD97E622E ] D:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll
20:01:10.0387 3320  D:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll - ok
20:01:10.0387 3320  [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\System32\msvcp100.dll
20:01:10.0387 3320  C:\Windows\System32\msvcp100.dll - ok
20:01:10.0387 3320  [ 8A79F691D739E565853EBFC542B2B123 ] D:\Program Files\Genie9\Zoolz2\Communicator.dll
20:01:10.0387 3320  D:\Program Files\Genie9\Zoolz2\Communicator.dll - ok
20:01:10.0403 3320  [ 983B356504D443E61B9012EA9F36496B ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
20:01:10.0403 3320  C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
20:01:10.0403 3320  [ CB6B671ED6D97F2E9F2274EADB7517B2 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
20:01:10.0403 3320  C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
20:01:10.0418 3320  [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
20:01:10.0418 3320  C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
20:01:10.0418 3320  [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
20:01:10.0418 3320  C:\Windows\System32\wscapi.dll - ok
20:01:10.0418 3320  [ D4212AB475A3B25EC4DF574536C3EDC5 ] C:\Windows\System32\d3d10_1core.dll
20:01:10.0418 3320  C:\Windows\System32\d3d10_1core.dll - ok
20:01:10.0434 3320  [ D4F264FE23F8953D840904418220C15E ] C:\Windows\System32\dxgi.dll
20:01:10.0434 3320  C:\Windows\System32\dxgi.dll - ok
20:01:10.0434 3320  [ 6DE66FE7C526637E74CD066461C7C871 ] C:\Windows\System32\d3d11.dll
20:01:10.0434 3320  C:\Windows\System32\d3d11.dll - ok
20:01:10.0434 3320  [ AD2B4A9C4ECFBC9BBD9F9A4B8C7510FF ] C:\Windows\System32\nvwgf2um.dll
20:01:10.0434 3320  C:\Windows\System32\nvwgf2um.dll - ok
20:01:10.0449 3320  [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
20:01:10.0449 3320  C:\Windows\System32\uDWM.dll - ok
20:01:10.0449 3320  [ 3FA214B377B8711D859F950FDFEFF739 ] C:\Windows\System32\conhost.exe
20:01:10.0449 3320  C:\Windows\System32\conhost.exe - ok
20:01:10.0449 3320  [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\System32\msxml6.dll
20:01:10.0449 3320  C:\Windows\System32\msxml6.dll - ok
20:01:10.0465 3320  [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
20:01:10.0465 3320  C:\Windows\System32\WinSCard.dll - ok
20:01:10.0465 3320  [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
20:01:10.0465 3320  C:\Windows\System32\wlanutil.dll - ok
20:01:10.0465 3320  [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
20:01:10.0465 3320  C:\Windows\System32\cabinet.dll - ok
20:01:10.0481 3320  [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
20:01:10.0481 3320  C:\Windows\System32\shsvcs.dll - ok
20:01:10.0481 3320  [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
20:01:10.0481 3320  C:\Windows\System32\schedsvc.dll - ok
20:01:10.0481 3320  [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
20:01:10.0481 3320  C:\Windows\System32\ktmw32.dll - ok
20:01:10.0496 3320  [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
20:01:10.0496 3320  C:\Windows\System32\fveapi.dll - ok
20:01:10.0496 3320  [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
20:01:10.0496 3320  C:\Windows\System32\p2pcollab.dll - ok
20:01:10.0496 3320  [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
20:01:10.0496 3320  C:\Windows\System32\fvecerts.dll - ok
20:01:10.0512 3320  [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
20:01:10.0512 3320  C:\Windows\System32\tbs.dll - ok
20:01:10.0512 3320  [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
20:01:10.0512 3320  C:\Windows\System32\taskcomp.dll - ok
20:01:10.0527 3320  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL
20:01:10.0527 3320  C:\Windows\System32\QAGENTRT.DLL - ok
20:01:10.0527 3320  [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
20:01:10.0527 3320  C:\Windows\System32\wiarpc.dll - ok
20:01:10.0527 3320  [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
20:01:10.0527 3320  C:\Windows\System32\fveui.dll - ok
20:01:10.0543 3320  [ 42DD9011D54C3A91F14BDBBF50791DA9 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
20:01:10.0543 3320  C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
20:01:10.0543 3320  [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll
20:01:10.0543 3320  C:\Windows\System32\slwga.dll - ok
20:01:10.0543 3320  [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll
20:01:10.0543 3320  C:\Windows\System32\sppc.dll - ok
20:01:10.0559 3320  [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\System32\msvcr100.dll
20:01:10.0559 3320  C:\Windows\System32\msvcr100.dll - ok
20:01:10.0559 3320  [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
20:01:10.0559 3320  C:\Windows\System32\drivers\http.sys - ok
20:01:10.0559 3320  [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
20:01:10.0559 3320  C:\Windows\System32\spoolsv.exe - ok
20:01:10.0574 3320  [ 72E953215CADE1A726C04AAFDF6B463D ] C:\Windows\System32\taskhost.exe
20:01:10.0574 3320  C:\Windows\System32\taskhost.exe - ok
20:01:10.0574 3320  [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
20:01:10.0574 3320  C:\Windows\System32\HotStartUserAgent.dll - ok
20:01:10.0574 3320  [ 8FC518FFE9519C2631D37515A68009C4 ] C:\Windows\System32\SCardSvr.dll
20:01:10.0574 3320  C:\Windows\System32\SCardSvr.dll - ok
20:01:10.0590 3320  [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL
20:01:10.0590 3320  C:\Windows\System32\BFE.DLL - ok
20:01:10.0590 3320  [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
20:01:10.0590 3320  C:\Windows\System32\esent.dll - ok
20:01:10.0590 3320  [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
20:01:10.0590 3320  C:\Windows\System32\PlaySndSrv.dll - ok
20:01:10.0605 3320  [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
20:01:10.0605 3320  C:\Windows\System32\MsCtfMonitor.dll - ok
20:01:10.0605 3320  [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
20:01:10.0605 3320  C:\Windows\System32\msutb.dll - ok
20:01:10.0621 3320  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
20:01:10.0621 3320  C:\Windows\System32\drivers\bowser.sys - ok
20:01:10.0621 3320  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
20:01:10.0621 3320  C:\Windows\System32\drivers\mpsdrv.sys - ok
20:01:10.0621 3320  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
20:01:10.0621 3320  C:\Windows\System32\drivers\mrxsmb.sys - ok
20:01:10.0637 3320  [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
20:01:10.0637 3320  C:\Windows\System32\drivers\mrxsmb10.sys - ok
20:01:10.0637 3320  [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll
20:01:10.0637 3320  C:\Windows\System32\MPSSVC.dll - ok
20:01:10.0637 3320  [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
20:01:10.0637 3320  C:\Windows\System32\drivers\mrxsmb20.sys - ok
20:01:10.0652 3320  [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
20:01:10.0652 3320  C:\Windows\System32\wkssvc.dll - ok
20:01:10.0652 3320  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
20:01:10.0652 3320  C:\Windows\System32\drivers\parport.sys - ok
20:01:10.0668 3320  [ B6F5AC88A1A1FDD802CB689721D640FE ] C:\Windows\System32\drivers\hcmon.sys
20:01:10.0668 3320  C:\Windows\System32\drivers\hcmon.sys - ok
20:01:10.0668 3320  [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
20:01:10.0668 3320  C:\Windows\System32\wfapigp.dll - ok
20:01:10.0668 3320  [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
20:01:10.0668 3320  C:\Windows\System32\pcasvc.dll - ok
20:01:10.0683 3320  [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
20:01:10.0683 3320  C:\Windows\System32\snmptrap.exe - ok
20:01:10.0683 3320  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:10.0683 3320  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
20:01:10.0699 3320  [ 6B649BAAF488C8505C613A1159A8D05C ] C:\Windows\System32\drivers\vmx86.sys
20:01:10.0699 3320  C:\Windows\System32\drivers\vmx86.sys - ok
20:01:10.0699 3320  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
20:01:10.0699 3320  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
20:01:10.0699 3320  [ 645B2E8D38F937DAB5A735B12922446E ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
20:01:10.0699 3320  C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe - ok
20:01:10.0715 3320  [ 8A8B277067C22F4BF6AA9A31692FC4D3 ] C:\Windows\System32\cryptnet.dll
20:01:10.0715 3320  C:\Windows\System32\cryptnet.dll - ok
20:01:10.0715 3320  [ 3897DFF247D9ED0006190349DE264E14 ] C:\Windows\System32\cryptsvc.dll
20:01:10.0715 3320  C:\Windows\System32\cryptsvc.dll - ok
20:01:10.0715 3320  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
20:01:10.0715 3320  C:\Windows\System32\dps.dll - ok
20:01:10.0730 3320  [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
20:01:10.0730 3320  C:\Windows\System32\vssapi.dll - ok
20:01:10.0730 3320  [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
20:01:10.0730 3320  C:\Windows\System32\taskschd.dll - ok
20:01:10.0730 3320  [ 91AB587F7EA44B0DEB0522F71AD7B2DC ] C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE
20:01:10.0730 3320  C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE - ok
20:01:10.0746 3320  [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
20:01:10.0746 3320  C:\Windows\System32\vsstrace.dll - ok
20:01:10.0746 3320  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
20:01:10.0746 3320  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
20:01:10.0761 3320  [ 15D52DA93B328A3E7CAF9AAEE5E988C1 ] C:\Program Files\Common Files\microsoft shared\IME14WR\SHARED\IMEDICTUPDATE.EXE
20:01:10.0761 3320  C:\Program Files\Common Files\microsoft shared\IME14WR\SHARED\IMEDICTUPDATE.EXE - ok
20:01:10.0761 3320  [ F95622F161474511B8D80D6B093AA610 ] C:\Windows\System32\IKEEXT.DLL
20:01:10.0761 3320  C:\Windows\System32\IKEEXT.DLL - ok
20:01:10.0761 3320  [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe
20:01:10.0761 3320  C:\Windows\System32\taskeng.exe - ok
20:01:10.0777 3320  [ 5845B1C54380FB980F68024B3A8B1E66 ] C:\Windows\System32\vpnikeapi.dll
20:01:10.0777 3320  C:\Windows\System32\vpnikeapi.dll - ok
20:01:10.0777 3320  [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
20:01:10.0777 3320  C:\Windows\System32\TSChannel.dll - ok
20:01:10.0777 3320  [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
20:01:10.0777 3320  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
20:01:10.0793 3320  [ C369D1EEE8EBEA7CB60293C8E1AEA845 ] D:\Program Files\Genie9\Zoolz2\GSLogging.dll
20:01:10.0793 3320  D:\Program Files\Genie9\Zoolz2\GSLogging.dll - ok
20:01:10.0793 3320  [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
20:01:10.0793 3320  C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
20:01:10.0793 3320  [ 3C4C6BE926A2EF0293315BBC014E477F ] C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
20:01:10.0793 3320  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll - ok
20:01:10.0808 3320  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
20:01:10.0808 3320  C:\Windows\System32\msi.dll - ok
20:01:10.0808 3320  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
20:01:10.0808 3320  C:\Windows\System32\cscapi.dll - ok
20:01:10.0824 3320  [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
20:01:10.0824 3320  C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
20:01:10.0824 3320  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
20:01:10.0824 3320  C:\Windows\System32\dbghelp.dll - ok
20:01:10.0824 3320  [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
20:01:10.0824 3320  C:\Windows\System32\mstask.dll - ok
20:01:10.0839 3320  [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
20:01:10.0839 3320  C:\Windows\System32\msxml3.dll - ok
20:01:10.0839 3320  [ 62377E616A4850C6B46FF748917D7064 ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll
20:01:10.0839 3320  C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll - ok
20:01:10.0839 3320  [ 95689A138E6E288AFC0C0FCB04C30473 ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVer.dll
20:01:10.0839 3320  C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVer.dll - ok
20:01:10.0855 3320  [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
20:01:10.0855 3320  C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
20:01:10.0855 3320  [ 5C22C4AD546102A455A0CC4885F5601E ] D:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
20:01:10.0855 3320  D:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll - ok
20:01:10.0871 3320  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
20:01:10.0871 3320  C:\Windows\System32\provsvc.dll - ok
20:01:10.0871 3320  [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
20:01:10.0871 3320  C:\Windows\System32\sstpsvc.dll - ok
20:01:10.0871 3320  [ 65085456FD9A74D7F1A999520C299ECB ] D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:01:10.0871 3320  D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
20:01:10.0886 3320  [ EF39CCCC9AD927A25334AE0B41A8A343 ] D:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
20:01:10.0886 3320  D:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
20:01:10.0886 3320  [ 1CC9F4BB5ACC9A99DB25A72EB0E6D7F4 ] D:\Program Files\TortoiseSVN\bin\TortoiseSVN32.dll
20:01:10.0886 3320  D:\Program Files\TortoiseSVN\bin\TortoiseSVN32.dll - ok
20:01:10.0886 3320  [ B1B17BF2EC8D15774A749CBAAB6DF24D ] D:\Program Files\TortoiseSVN\bin\libsvn_tsvn32.dll
20:01:10.0886 3320  D:\Program Files\TortoiseSVN\bin\libsvn_tsvn32.dll - ok
20:01:10.0902 3320  [ 9275F02BEA644F43A459E316A932658F ] D:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
20:01:10.0902 3320  D:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
20:01:10.0902 3320  [ 248A8C84E043F2BC2CC0C6C4E151010D ] D:\Program Files\TortoiseSVN\bin\libapr_tsvn32.dll
20:01:10.0902 3320  D:\Program Files\TortoiseSVN\bin\libapr_tsvn32.dll - ok
20:01:10.0917 3320  [ 0F8459942A1A6D054ADD3812366462AF ] D:\Program Files\TortoiseSVN\bin\libaprutil_tsvn32.dll
20:01:10.0917 3320  D:\Program Files\TortoiseSVN\bin\libaprutil_tsvn32.dll - ok
20:01:10.0917 3320  [ 18080469E2360A432D71E21B701C4F0D ] D:\Program Files\TortoiseSVN\bin\intl3_tsvn32.dll
20:01:10.0917 3320  D:\Program Files\TortoiseSVN\bin\intl3_tsvn32.dll - ok
20:01:10.0917 3320  [ D1C4FEA301DEE43EFD93F35C34CBBC90 ] D:\Program Files\TortoiseSVN\bin\libsasl32.dll
20:01:10.0917 3320  D:\Program Files\TortoiseSVN\bin\libsasl32.dll - ok
20:01:10.0933 3320  [ 58932F2AA934FE62C28A21F9150204A0 ] C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVerPS.dll
20:01:10.0933 3320  C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVerPS.dll - ok
20:01:10.0933 3320  [ FFD5E5C32C03016FC7D84B25EB8C95E3 ] D:\Program Files\TortoiseSVN\Languages\TortoiseProc2052.dll
20:01:10.0933 3320  D:\Program Files\TortoiseSVN\Languages\TortoiseProc2052.dll - ok
20:01:10.0933 3320  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:01:10.0933 3320  D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
20:01:10.0949 3320  [ D1F4EF194A129726FBF30E2F514824AA ] C:\Users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
20:01:10.0949 3320  C:\Users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll - ok
20:01:10.0949 3320  [ 80D8679BF84A9383BFF33E07D5D9FC35 ] D:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
20:01:10.0949 3320  D:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
20:01:10.0964 3320  [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
20:01:10.0964 3320  C:\Windows\System32\IconCodecService.dll - ok
20:01:10.0964 3320  [ 832E098BCA8235436FE2D8AE50AC3718 ] C:\Windows\System32\drivers\NisDrvWFP.sys
20:01:10.0964 3320  C:\Windows\System32\drivers\NisDrvWFP.sys - ok
20:01:10.0964 3320  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
20:01:10.0964 3320  C:\Windows\System32\netman.dll - ok
20:01:10.0980 3320  [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll
20:01:10.0980 3320  C:\Windows\System32\nlasvc.dll - ok
20:01:10.0980 3320  [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll
20:01:10.0980 3320  C:\Windows\System32\ncsi.dll - ok
20:01:10.0980 3320  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
20:01:10.0980 3320  C:\Windows\System32\winhttp.dll - ok
20:01:10.0995 3320  [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
20:01:10.0995 3320  C:\Windows\System32\ssdpapi.dll - ok
20:01:10.0995 3320  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
20:01:10.0995 3320  C:\Windows\System32\webio.dll - ok
20:01:10.0995 3320  [ D1D5DAB39DCB4BE0359943738D87409B ] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
20:01:10.0995 3320  D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
20:01:11.0011 3320  [ E1ACE17DDAF078458E2FF063C8457E8C ] C:\Windows\System32\drivers\PassGuard.sys
20:01:11.0011 3320  C:\Windows\System32\drivers\PassGuard.sys - ok
20:01:11.0011 3320  [ 1319CD4619E96B156911CA3897563EBC ] C:\Windows\System32\ci.dll
20:01:11.0011 3320  C:\Windows\System32\ci.dll - ok
20:01:11.0011 3320  [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
20:01:11.0011 3320  C:\Windows\System32\drivers\PEAuth.sys - ok
20:01:11.0027 3320  [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
20:01:11.0027 3320  C:\Windows\System32\drivers\secdrv.sys - ok
20:01:11.0027 3320  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
20:01:11.0027 3320  C:\Windows\System32\drivers\srvnet.sys - ok
20:01:11.0042 3320  [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
20:01:11.0042 3320  C:\Windows\System32\seclogon.dll - ok
20:01:11.0042 3320  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys
20:01:11.0042 3320  C:\Windows\System32\drivers\tcpipreg.sys - ok
20:01:11.0042 3320  [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
20:01:11.0042 3320  C:\Windows\System32\httpapi.dll - ok
20:01:11.0058 3320  [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
20:01:11.0058 3320  C:\Windows\System32\sysmain.dll - ok
20:01:11.0058 3320  [ 613BF4820361543956909043A265C6AC ] C:\Windows\System32\tapisrv.dll
20:01:11.0058 3320  C:\Windows\System32\tapisrv.dll - ok
20:01:11.0058 3320  [ 4214CE8AC6E4E2667E71B9A5E973D590 ] C:\Windows\System32\drivers\vmnetuserif.sys
20:01:11.0058 3320  C:\Windows\System32\drivers\vmnetuserif.sys - ok
20:01:11.0073 3320  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
20:01:11.0073 3320  C:\Windows\System32\trkwks.dll - ok
20:01:11.0073 3320  [ 709B9008BCC9E0375D0A45B08F4C48ED ] C:\Windows\System32\vmnat.exe
20:01:11.0073 3320  C:\Windows\System32\vmnat.exe - ok
20:01:11.0073 3320  [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
20:01:11.0073 3320  C:\Windows\System32\shfolder.dll - ok
20:01:11.0089 3320  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
20:01:11.0089 3320  C:\Windows\System32\wbemcomn.dll - ok
20:01:11.0089 3320  [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
20:01:11.0089 3320  C:\Windows\System32\wbem\WMIsvc.dll - ok
20:01:11.0089 3320  [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
20:01:11.0089 3320  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
20:01:11.0105 3320  [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
20:01:11.0105 3320  C:\Windows\System32\wbem\WinMgmtR.dll - ok
20:01:11.0105 3320  [ 0DAAEBED3A2A3A86D2766C2B7163EB47 ] D:\Program Files\Genie9\Zoolz2\ZoolzService.exe
20:01:11.0105 3320  D:\Program Files\Genie9\Zoolz2\ZoolzService.exe - ok
20:01:11.0120 3320  [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
20:01:11.0120 3320  C:\Windows\System32\mscoree.dll - ok
20:01:11.0120 3320  [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
20:01:11.0120 3320  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
20:01:11.0120 3320  [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
20:01:11.0120 3320  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
20:01:11.0136 3320  [ 5FF5E12F28725D14CAA3B408848ADFFC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
20:01:11.0136 3320  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll - ok
20:01:11.0136 3320  [ C3E39FB1398EEE8E612C2FE53A9192EF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
20:01:11.0136 3320  C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll - ok
20:01:11.0136 3320  [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
20:01:11.0136 3320  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
20:01:11.0151 3320  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
20:01:11.0151 3320  C:\Windows\System32\riched20.dll - ok
20:01:11.0151 3320  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
20:01:11.0151 3320  C:\Windows\System32\SensApi.dll - ok
20:01:11.0167 3320  [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
20:01:11.0167 3320  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
20:01:11.0167 3320  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
20:01:11.0167 3320  C:\Windows\System32\wbem\fastprox.dll - ok
20:01:11.0167 3320  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
20:01:11.0167 3320  C:\Windows\System32\ntdsapi.dll - ok
20:01:11.0183 3320  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
20:01:11.0183 3320  C:\Windows\System32\wbem\wbemprox.dll - ok
20:01:11.0183 3320  [ 3518CB4E2D896CAB53D5386F15AC0566 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
20:01:11.0183 3320  C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll - ok
20:01:11.0198 3320  [ 7765680E25E329708CB034B180CF9FCD ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
20:01:11.0198 3320  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll - ok
20:01:11.0198 3320  [ 7EC0743DBACC4F137BBAEF2E9DE05417 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll
20:01:11.0198 3320  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll - ok
20:01:11.0198 3320  [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
20:01:11.0198 3320  C:\Windows\System32\wbem\wbemcore.dll - ok
20:01:11.0214 3320  [ 4B67F6B9F0BC9753FF566D08FB59D370 ] D:\Program Files\Genie9\Zoolz2\Settings.dll
20:01:11.0214 3320  D:\Program Files\Genie9\Zoolz2\Settings.dll - ok
20:01:11.0214 3320  [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
20:01:11.0214 3320  C:\Windows\System32\wbem\esscli.dll - ok
20:01:11.0214 3320  [ A2623E7425AF07134D4825AB9EAC09AD ] D:\Program Files\Genie9\Zoolz2\GenieLog.dll
20:01:11.0214 3320  D:\Program Files\Genie9\Zoolz2\GenieLog.dll - ok
20:01:11.0229 3320  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
20:01:11.0229 3320  C:\Windows\System32\wbem\wbemsvc.dll - ok
20:01:11.0229 3320  [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
20:01:11.0229 3320  C:\Windows\System32\wbem\wmiutils.dll - ok
20:01:11.0229 3320  [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
20:01:11.0229 3320  C:\Windows\System32\wbem\repdrvfs.dll - ok
20:01:11.0245 3320  [ 871F7F32E3441580138E61A4AA072DF6 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
20:01:11.0245 3320  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll - ok
20:01:11.0245 3320  [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
20:01:11.0245 3320  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
20:01:11.0261 3320  [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
20:01:11.0261 3320  C:\Windows\System32\ncobjapi.dll - ok
20:01:11.0261 3320  [ 98A335646C2FFC0DB78C856B5CA14F4D ] D:\Program Files\Genie9\Zoolz2\Ionic.Zip.dll
20:01:11.0261 3320  D:\Program Files\Genie9\Zoolz2\Ionic.Zip.dll - ok
20:01:11.0261 3320  [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
20:01:11.0261 3320  C:\Windows\System32\wbem\wbemess.dll - ok
20:01:11.0276 3320  [ 66F423BC6EC65C8C58DAE8ACD60C6ECF ] D:\Program Files\Genie9\Zoolz2\Ionic.BZip2.dll
20:01:11.0276 3320  D:\Program Files\Genie9\Zoolz2\Ionic.BZip2.dll - ok
20:01:11.0276 3320  [ 7FB07F0B74E05042958EC01B3DD3AB45 ] D:\Program Files\Genie9\Zoolz2\log4net.dll
20:01:11.0276 3320  D:\Program Files\Genie9\Zoolz2\log4net.dll - ok
20:01:11.0276 3320  [ C6458BF42FD8A9194EA4B2C81AA3B157 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
20:01:11.0276 3320  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll - ok
20:01:11.0292 3320  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
20:01:11.0292 3320  C:\Windows\System32\NapiNSP.dll - ok
20:01:11.0292 3320  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
20:01:11.0292 3320  C:\Windows\System32\pnrpnsp.dll - ok
20:01:11.0292 3320  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
20:01:11.0292 3320  C:\Windows\System32\winrnr.dll - ok
20:01:11.0307 3320  [ 51BD0DDD8F3A45135CBEEBEADF59CCCF ] C:\Windows\System32\PrxerNsp.dll
20:01:11.0307 3320  C:\Windows\System32\PrxerNsp.dll - ok
20:01:11.0307 3320  [ AF101D19EDD25AC27DD888F08B37D63C ] D:\Program Files\Genie9\Zoolz2\DevNetGlobalCache.dll
20:01:11.0307 3320  D:\Program Files\Genie9\Zoolz2\DevNetGlobalCache.dll - ok
20:01:11.0323 3320  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
20:01:11.0323 3320  C:\Windows\System32\drivers\srv2.sys - ok
20:01:11.0323 3320  [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
20:01:11.0323 3320  C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
20:01:11.0323 3320  [ CB9E04DC05EACF5B9A36CA276D475006 ] C:\Windows\System32\rasmans.dll
20:01:11.0323 3320  C:\Windows\System32\rasmans.dll - ok
20:01:11.0339 3320  [ 57C33C343681C43EFF2518B9BDC70305 ] C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
20:01:11.0339 3320  C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll - ok
20:01:11.0339 3320  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] C:\Windows\System32\iphlpsvc.dll
20:01:11.0339 3320  C:\Windows\System32\iphlpsvc.dll - ok
20:01:11.0339 3320  [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
20:01:11.0339 3320  C:\Windows\System32\sqmapi.dll - ok
20:01:11.0354 3320  [ A942813405C51998DD2C2B86A08394D5 ] D:\Program Files\vmware\vmware-authd.exe
20:01:11.0354 3320  D:\Program Files\vmware\vmware-authd.exe - ok
20:01:11.0354 3320  [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
20:01:11.0354 3320  C:\Windows\System32\wdscore.dll - ok
20:01:11.0354 3320  [ B2E1E4A16EDD02396F451F915FA3CBFA ] C:\Windows\System32\rastapi.dll
20:01:11.0354 3320  C:\Windows\System32\rastapi.dll - ok
20:01:11.0370 3320  [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
20:01:11.0370 3320  C:\Windows\System32\tapi32.dll - ok
20:01:11.0370 3320  [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
20:01:11.0370 3320  C:\Windows\System32\netcfgx.dll - ok
20:01:11.0370 3320  [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
20:01:11.0370 3320  C:\Windows\System32\hnetcfg.dll - ok
20:01:11.0385 3320  [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
20:01:11.0385 3320  C:\Windows\System32\nci.dll - ok
20:01:11.0385 3320  [ 377F0C1DDBFA6A43CB7E7568BC0ECED0 ] C:\Windows\System32\unimdm.tsp
20:01:11.0385 3320  C:\Windows\System32\unimdm.tsp - ok
20:01:11.0401 3320  [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
20:01:11.0401 3320  C:\Windows\System32\netprofm.dll - ok
20:01:11.0401 3320  [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\System32\uniplat.dll
20:01:11.0401 3320  C:\Windows\System32\uniplat.dll - ok
20:01:11.0401 3320  [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\System32\kmddsp.tsp
20:01:11.0401 3320  C:\Windows\System32\kmddsp.tsp - ok
20:01:11.0417 3320  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
20:01:11.0417 3320  C:\Windows\System32\rasadhlp.dll - ok
20:01:11.0417 3320  [ A8A6732FDDAA0B8207C9B7D706E971FB ] D:\Program Files\vmware\vmwarebase.dll
20:01:11.0417 3320  D:\Program Files\vmware\vmwarebase.dll - ok
20:01:11.0417 3320  [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\System32\ndptsp.tsp
20:01:11.0417 3320  C:\Windows\System32\ndptsp.tsp - ok
20:01:11.0432 3320  [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\System32\hidphone.tsp
20:01:11.0432 3320  C:\Windows\System32\hidphone.tsp - ok
20:01:11.0432 3320  [ 67F9B5C7E215B48F9256757E9CC09A7B ] C:\Windows\System32\rasppp.dll
20:01:11.0432 3320  C:\Windows\System32\rasppp.dll - ok
20:01:11.0432 3320  [ 80B562B5B59ED850C328DD75F964F3D8 ] C:\Windows\System32\vpnike.dll
20:01:11.0432 3320  C:\Windows\System32\vpnike.dll - ok
20:01:11.0448 3320  [ 9E28833FE115A8A243F8C4C7EC116AE3 ] D:\Program Files\vmware\libxml2.dll
20:01:11.0448 3320  D:\Program Files\vmware\libxml2.dll - ok
20:01:11.0448 3320  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
20:01:11.0448 3320  C:\Windows\System32\wsock32.dll - ok
20:01:11.0463 3320  [ 207CF171B1C6B8AE50C1FBF87363EEBC ] C:\Windows\System32\raschap.dll
20:01:11.0463 3320  C:\Windows\System32\raschap.dll - ok
20:01:11.0463 3320  [ EA3D54E8FE48B55083CB51D5F85C4BDF ] D:\Program Files\vmware\iconv.dll
20:01:11.0463 3320  D:\Program Files\vmware\iconv.dll - ok
20:01:11.0463 3320  [ 4B686FE8BC6EC9E0B1823523D76310A3 ] D:\Program Files\vmware\amqp.dll
20:01:11.0463 3320  D:\Program Files\vmware\amqp.dll - ok
20:01:11.0479 3320  [ 40B34BF0BC649B0B822FDDA69CB5877E ] D:\Program Files\vmware\libeay32.dll
20:01:11.0479 3320  D:\Program Files\vmware\libeay32.dll - ok
20:01:11.0479 3320  [ 565BD093D46231EE1EE4D8A981E576E8 ] D:\Program Files\vmware\ssleay32.dll
20:01:11.0479 3320  D:\Program Files\vmware\ssleay32.dll - ok
20:01:11.0479 3320  [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\System32\wbem\WmiPrvSE.exe
20:01:11.0479 3320  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
20:01:11.0495 3320  [ CB67C2B94302DC94BC15ED6553A5C1C7 ] C:\Windows\System32\wbem\cimwin32.dll
20:01:11.0495 3320  C:\Windows\System32\wbem\cimwin32.dll - ok
20:01:11.0495 3320  [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\System32\framedynos.dll
20:01:11.0495 3320  C:\Windows\System32\framedynos.dll - ok
20:01:11.0495 3320  [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\System32\wmi.dll
20:01:11.0495 3320  C:\Windows\System32\wmi.dll - ok
20:01:11.0510 3320  [ 24521D99BF36F190BA10BB2BFDB17682 ] C:\Windows\System32\vmnetdhcp.exe
20:01:11.0510 3320  C:\Windows\System32\vmnetdhcp.exe - ok
20:01:11.0510 3320  [ 90B4CC5C515B52796E26F72F3EEAF643 ] C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
20:01:11.0510 3320  C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe - ok
20:01:11.0526 3320  [ D1A079A0DE2EA524513B6930C24527A2 ] C:\Windows\System32\ipnathlp.dll
20:01:11.0526 3320  C:\Windows\System32\ipnathlp.dll - ok
20:01:11.0526 3320  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
20:01:11.0526 3320  C:\Windows\System32\drivers\srv.sys - ok
20:01:11.0526 3320  [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
20:01:11.0526 3320  C:\Windows\System32\mprapi.dll - ok
20:01:11.0541 3320  [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
20:01:11.0541 3320  C:\Windows\System32\netshell.dll - ok
20:01:11.0541 3320  [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
20:01:11.0541 3320  C:\Windows\System32\bthprops.cpl - ok
20:01:11.0541 3320  [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
20:01:11.0541 3320  C:\Windows\System32\srvsvc.dll - ok

Link to post
Share on other sites

20:01:11.0557 3320  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
20:01:11.0557 3320  C:\Windows\System32\browser.dll - ok
20:01:11.0557 3320  [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
20:01:11.0557 3320  C:\Windows\System32\netmsg.dll - ok
20:01:11.0557 3320  [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
20:01:11.0557 3320  C:\Windows\System32\sscore.dll - ok
20:01:11.0573 3320  [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
20:01:11.0573 3320  C:\Windows\System32\clusapi.dll - ok
20:01:11.0573 3320  [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
20:01:11.0573 3320  C:\Windows\System32\resutils.dll - ok
20:01:11.0573 3320  [ E570ECA850F30EB740C2E9699DF3D2BD ] C:\Program Files\Microsoft Security Client\NisSrv.exe
20:01:11.0573 3320  C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
20:01:11.0588 3320  [ EACFDF31921F51C097629F1F3C9129B4 ] C:\Windows\System32\appinfo.dll
20:01:11.0588 3320  C:\Windows\System32\appinfo.dll - ok
20:01:11.0588 3320  [ 0A3CCB2C4F603D99F34D742FC9544B97 ] C:\Windows\System32\pstorsvc.dll
20:01:11.0588 3320  C:\Windows\System32\pstorsvc.dll - ok
20:01:11.0588 3320  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
20:01:11.0588 3320  C:\Windows\System32\wdi.dll - ok
20:01:11.0604 3320  [ 274992D0945889A6B56D0E1BD4288A6E ] C:\Windows\System32\psbase.dll
20:01:11.0604 3320  C:\Windows\System32\psbase.dll - ok
20:01:11.0604 3320  [ 3E81E93CBAD69FD0112F88148913B5FC ] C:\Program Files\Microsoft Security Client\NisLog.dll
20:01:11.0604 3320  C:\Program Files\Microsoft Security Client\NisLog.dll - ok
20:01:11.0619 3320  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
20:01:11.0619 3320  C:\Windows\System32\npmproxy.dll - ok
20:01:11.0619 3320  [ A69630D039C38018689190234F866D77 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\MpKslddfba513.sys
20:01:11.0619 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E35D41-7475-4E7C-8146-FFE8B22F8130}\MpKslddfba513.sys - ok
20:01:11.0619 3320  [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
20:01:11.0619 3320  C:\Windows\System32\wpdbusenum.dll - ok
20:01:11.0635 3320  [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
20:01:11.0635 3320  C:\Windows\System32\diagperf.dll - ok
20:01:11.0635 3320  [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
20:01:11.0635 3320  C:\Windows\System32\PortableDeviceApi.dll - ok
20:01:11.0635 3320  [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
20:01:11.0635 3320  C:\Windows\System32\perftrack.dll - ok
20:01:11.0651 3320  [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
20:01:11.0651 3320  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
20:01:11.0651 3320  [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
20:01:11.0651 3320  C:\Windows\System32\pnpts.dll - ok
20:01:11.0666 3320  [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
20:01:11.0666 3320  C:\Windows\System32\radardt.dll - ok
20:01:11.0666 3320  [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
20:01:11.0666 3320  C:\Windows\System32\wer.dll - ok
20:01:11.0666 3320  [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
20:01:11.0666 3320  C:\Windows\System32\dimsjob.dll - ok
20:01:11.0682 3320  [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
20:01:11.0682 3320  C:\Windows\System32\wdiasqmmodule.dll - ok
20:01:11.0682 3320  [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
20:01:11.0682 3320  C:\Windows\System32\aepic.dll - ok
20:01:11.0697 3320  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
20:01:11.0697 3320  C:\Windows\System32\sfc.dll - ok
20:01:11.0697 3320  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
20:01:11.0697 3320  C:\Windows\System32\sfc_os.dll - ok
20:01:11.0697 3320  [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
20:01:11.0697 3320  C:\Windows\System32\pautoenr.dll - ok
20:01:11.0713 3320  [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
20:01:11.0713 3320  C:\Windows\System32\certcli.dll - ok
20:01:11.0713 3320  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
20:01:11.0713 3320  C:\Windows\System32\runonce.exe - ok
20:01:11.0713 3320  [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
20:01:11.0713 3320  C:\Windows\System32\CertEnroll.dll - ok
20:01:11.0729 3320  [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
20:01:11.0729 3320  C:\Windows\System32\Apphlpdm.dll - ok
20:01:11.0729 3320  [ 1BFAE531CB5DD89A0D1A935E307CC7F2 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\gapaengine.dll
20:01:11.0729 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\gapaengine.dll - ok
20:01:11.0729 3320  [ 2F50B262AF349C3B6F8D659C15241E26 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\nisfull.vdm
20:01:11.0729 3320  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5503ED4C-1A13-465E-83AE-090B9CE04942}\nisfull.vdm - ok
20:01:11.0744 3320  [ 660C8E78B94F483E44B0243A774A4746 ] D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
20:01:11.0744 3320  D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - ok
20:01:11.0744 3320  [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll
20:01:11.0744 3320  C:\Program Files\Windows Defender\MpClient.dll - ok
20:01:11.0760 3320  [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
20:01:11.0760 3320  C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
20:01:11.0760 3320  [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
20:01:11.0760 3320  C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF - ok
20:01:11.0760 3320  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
20:01:11.0760 3320  C:\Windows\System32\cmd.exe - ok
20:01:11.0775 3320  [ FCA0837B2739C044EEC00AF0DDD73FFC ] C:\Windows\System32\ieframe.dll
20:01:11.0775 3320  C:\Windows\System32\ieframe.dll - ok
20:01:11.0775 3320  [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20:01:11.0775 3320  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
20:01:11.0775 3320  [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
20:01:11.0775 3320  C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
20:01:11.0791 3320  [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\System32\shdocvw.dll
20:01:11.0791 3320  C:\Windows\System32\shdocvw.dll - ok
20:01:11.0791 3320  [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\System32\perfos.dll
20:01:11.0791 3320  C:\Windows\System32\perfos.dll - ok
20:01:11.0791 3320  [ 752F8E96BAB993517838315508FB82CB ] C:\Windows\System32\perfproc.dll
20:01:11.0791 3320  C:\Windows\System32\perfproc.dll - ok
20:01:11.0807 3320  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
20:01:11.0807 3320  C:\Windows\System32\aelupsvc.dll - ok
20:01:11.0807 3320  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\judy\AppData\Local\Temp\6A9CE52B-A7A9-4B60-95C1-3CEB7A17ADDA.exe
20:01:11.0807 3320  C:\Users\judy\AppData\Local\Temp\6A9CE52B-A7A9-4B60-95C1-3CEB7A17ADDA.exe - ok
20:01:11.0822 3320  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
20:01:11.0822 3320  C:\Windows\System32\EhStorShell.dll - ok
20:01:11.0822 3320  [ 548AC193C7430B924CA907B292DA17B6 ] D:\Program Files\Microsoft Office\Office14\2052\GrooveIntlResource.dll
20:01:11.0822 3320  D:\Program Files\Microsoft Office\Office14\2052\GrooveIntlResource.dll - ok
20:01:11.0822 3320  [ 5A1BC68A5B6CA1E48C3B190BA98D2513 ] C:\Program Files\NVIDIA Corporation\Display\nvsmartmax.dll
20:01:11.0822 3320  C:\Program Files\NVIDIA Corporation\Display\nvsmartmax.dll - ok
20:01:11.0838 3320  [ 311CCA642D0BFAF29EBC2C0D71CBB286 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
20:01:11.0838 3320  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok
20:01:11.0838 3320  [ 335C3C737E2C28EEE4055F99AB25E915 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
20:01:11.0838 3320  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
20:01:11.0838 3320  [ 3051A958B6280BB39880F667F2196F00 ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll
20:01:11.0838 3320  C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok
20:01:11.0853 3320  [ 8D923A2AC0B83E741A167F0AC0C518A7 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
20:01:11.0853 3320  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
20:01:11.0853 3320  [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
20:01:11.0853 3320  C:\Windows\System32\timedate.cpl - ok
20:01:11.0869 3320  [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
20:01:11.0869 3320  C:\Windows\System32\actxprxy.dll - ok
20:01:11.0869 3320  [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
20:01:11.0869 3320  C:\Windows\System32\aeevts.dll - ok
20:01:11.0869 3320  [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
20:01:11.0869 3320  C:\Windows\System32\linkinfo.dll - ok
20:01:11.0885 3320  [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\System32\gameux.dll
20:01:11.0885 3320  C:\Windows\System32\gameux.dll - ok
20:01:11.0885 3320  [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
20:01:11.0885 3320  C:\Windows\System32\msftedit.dll - ok
20:01:11.0885 3320  [ C225E5307D8D4982A1687F2702C37C78 ] C:\Windows\System32\msls31.dll
20:01:11.0885 3320  C:\Windows\System32\msls31.dll - ok
20:01:11.0900 3320  [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
20:01:11.0900 3320  C:\Windows\System32\msiltcfg.dll - ok
20:01:11.0900 3320  [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
20:01:11.0900 3320  C:\Windows\System32\DeviceCenter.dll - ok
20:01:11.0900 3320  [ 6581B52E133CC6D00661C58968C7E212 ] C:\Windows\System32\SearchFolder.dll
20:01:11.0900 3320  C:\Windows\System32\SearchFolder.dll - ok
20:01:11.0916 3320  [ 8895BE670D1D4BD478B16DD311273F4A ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
20:01:11.0916 3320  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
20:01:11.0916 3320  [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
20:01:11.0916 3320  C:\Windows\System32\thumbcache.dll - ok
20:01:11.0916 3320  [ 4D2F7561D8A840450AABFAD3740B0E6B ] C:\Program Files\Microsoft Security Client\msseces.exe
20:01:11.0916 3320  C:\Program Files\Microsoft Security Client\msseces.exe - ok
20:01:11.0931 3320  [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
20:01:11.0931 3320  C:\Windows\System32\networkexplorer.dll - ok
20:01:11.0931 3320  [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
20:01:11.0931 3320  C:\Windows\System32\wdmaud.drv - ok
20:01:11.0947 3320  [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
20:01:11.0947 3320  C:\Windows\System32\ksuser.dll - ok
20:01:11.0947 3320  [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
20:01:11.0947 3320  C:\Windows\System32\ntshrui.dll - ok
20:01:11.0947 3320  [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
20:01:11.0947 3320  C:\Windows\System32\AudioSes.dll - ok
20:01:11.0963 3320  [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
20:01:11.0963 3320  C:\Windows\System32\msacm32.drv - ok
20:01:11.0963 3320  [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
20:01:11.0963 3320  C:\Windows\System32\msacm32.dll - ok
20:01:11.0963 3320  [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
20:01:11.0963 3320  C:\Windows\System32\midimap.dll - ok
20:01:11.0978 3320  [ FE7F40938B38298BB198CB08AA5B9CEA ] D:\Program Files\FaceDominator\FaceDominator\LicensingManager.exe
20:01:11.0978 3320  D:\Program Files\FaceDominator\FaceDominator\LicensingManager.exe - ok
20:01:11.0978 3320  [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
20:01:11.0978 3320  C:\Windows\System32\AudioEng.dll - ok
20:01:11.0994 3320  [ 420AFC51EE8797F7704912C79F116FC5 ] D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
20:01:11.0994 3320  D:\Program Files\TortoiseSVN\bin\TSVNCache.exe - ok
20:01:11.0994 3320  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\14229326.sys
20:01:11.0994 3320  C:\Windows\System32\drivers\14229326.sys - ok
20:01:11.0994 3320  [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
20:01:11.0994 3320  C:\Windows\System32\AUDIOKSE.dll - ok
20:01:12.0009 3320  [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\System32\apisetschema.dll
20:01:12.0009 3320  C:\Windows\System32\apisetschema.dll - ok
20:01:12.0009 3320  [ 29B671495C7AE90D058A30566B6DCB30 ] C:\Windows\System32\RtkAPO.dll
20:01:12.0009 3320  C:\Windows\System32\RtkAPO.dll - ok
20:01:12.0009 3320  [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
20:01:12.0009 3320  C:\Windows\System32\WMALFXGFXDSP.dll - ok
20:01:12.0025 3320  [ F495504BA51496A72635C7E9B3041660 ] C:\Windows\System32\SynCOM.dll
20:01:12.0025 3320  C:\Windows\System32\SynCOM.dll - ok
20:01:12.0025 3320  [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
20:01:12.0025 3320  C:\Windows\System32\mfplat.dll - ok
20:01:12.0025 3320  [ 2DDC029DD444A2921C286357B5329B85 ] C:\Windows\System32\SynTPAPI.dll
20:01:12.0025 3320  C:\Windows\System32\SynTPAPI.dll - ok
20:01:12.0041 3320  [ 5FC4EFA0C060ADE51CBDB89AED40C6A6 ] C:\Windows\System32\zh-CN\crypt32.dll.mui
20:01:12.0041 3320  C:\Windows\System32\zh-CN\crypt32.dll.mui - ok
20:01:12.0041 3320  [ DBBA44BF503B20DF778AE376E0C9C13A ] C:\Windows\System32\zh-CN\propsys.dll.mui
20:01:12.0041 3320  C:\Windows\System32\zh-CN\propsys.dll.mui - ok
20:01:12.0041 3320  [ CC12322F4E1233F1E8BB1AC6EA4E18B5 ] C:\Windows\System32\zh-CN\setupapi.dll.mui
20:01:12.0041 3320  C:\Windows\System32\zh-CN\setupapi.dll.mui - ok
20:01:12.0056 3320  [ 08D2B47FB6389007E5C7FDE2DDE65542 ] C:\Windows\System32\zh-CN\KernelBase.dll.mui
20:01:12.0056 3320  C:\Windows\System32\zh-CN\KernelBase.dll.mui - ok
20:01:12.0056 3320  [ 43E45D66612C8B1E757F7A194104E7F3 ] C:\Program Files\Synaptics\SynTP\SynZMetr.exe
20:01:12.0056 3320  C:\Program Files\Synaptics\SynTP\SynZMetr.exe - ok
20:01:12.0072 3320  [ A45CB10FC8C4DCA23F96FE4D334F64FE ] C:\Windows\System32\msxml3r.dll
20:01:12.0072 3320  C:\Windows\System32\msxml3r.dll - ok
20:01:12.0072 3320  [ E12A3A6029F46D4B9D6F6A16EE10BFB3 ] C:\Program Files\Synaptics\SynTP\SynMood.exe
20:01:12.0072 3320  C:\Program Files\Synaptics\SynTP\SynMood.exe - ok
20:01:12.0072 3320  [ DC90506FDD895C96A0E2D05E9C5D93C4 ] C:\Windows\System32\zh-CN\urlmon.dll.mui
20:01:12.0072 3320  C:\Windows\System32\zh-CN\urlmon.dll.mui - ok
20:01:12.0087 3320  [ 564E468E1422FDD64A958A66B05B4D91 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
20:01:12.0087 3320  C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
20:01:12.0087 3320  [ C3F16DEF61A1867E1E54311D080DB0F0 ] C:\Windows\System32\en-US\urlmon.dll.mui
20:01:12.0087 3320  C:\Windows\System32\en-US\urlmon.dll.mui - ok
20:01:12.0087 3320  [ 5705DAFA21D68005384267791AF21810 ] C:\Program Files\Microsoft Security Client\zh-cn\MsMpRes.dll.mui
20:01:12.0087 3320  C:\Program Files\Microsoft Security Client\zh-cn\MsMpRes.dll.mui - ok
20:01:12.0103 3320  [ DE8C5AB7EE56A7DA0166B2E2B0E496A2 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
20:01:12.0103 3320  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
20:01:12.0103 3320  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
20:01:12.0103 3320  C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
20:01:12.0119 3320  [ D37616288561175CEDEA2E7DBF3FD38F ] C:\Windows\System32\zh-CN\msctf.dll.mui
20:01:12.0119 3320  C:\Windows\System32\zh-CN\msctf.dll.mui - ok
20:01:12.0119 3320  [ B0BC447C758FF055D53FC6831FDB0344 ] C:\Windows\System32\consent.exe
20:01:12.0119 3320  C:\Windows\System32\consent.exe - ok
20:01:12.0119 3320  [ AA90F062F1F19EA4381E378C890B070D ] C:\Windows\System32\zh-CN\consent.exe.mui
20:01:12.0119 3320  C:\Windows\System32\zh-CN\consent.exe.mui - ok
20:01:12.0134 3320  [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
20:01:12.0134 3320  C:\Windows\System32\stobject.dll - ok
20:01:12.0134 3320  [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
20:01:12.0134 3320  C:\Windows\System32\batmeter.dll - ok
20:01:12.0134 3320  [ 9B9A0802B4E34CC4D9DB04AB6ABFA8AE ] C:\Windows\System32\input.dll
20:01:12.0134 3320  C:\Windows\System32\input.dll - ok
20:01:12.0150 3320  [ 492002CD105AAF3815BB9B145783D57B ] C:\Windows\System32\zh-CN\input.dll.mui
20:01:12.0150 3320  C:\Windows\System32\zh-CN\input.dll.mui - ok
20:01:12.0150 3320  [ 731F8141A63D4D1283E8C9259FBEEBD5 ] C:\Program Files\Common Files\microsoft shared\IME14\IMESC\IMSCTIP.DLL
20:01:12.0150 3320  C:\Program Files\Common Files\microsoft shared\IME14\IMESC\IMSCTIP.DLL - ok
20:01:12.0150 3320  [ B69C709F91BCBA51C3AE53B84C83D5F5 ] C:\Program Files\Common Files\microsoft shared\IME14WR\IMESC\IMSCTIP.DLL
20:01:12.0150 3320  C:\Program Files\Common Files\microsoft shared\IME14WR\IMESC\IMSCTIP.DLL - ok
20:01:12.0165 3320  [ D629F73E88B2DA7F5BDA2C06466DCCC4 ] C:\Windows\IME\SPTIP.DLL
20:01:12.0165 3320  C:\Windows\IME\SPTIP.DLL - ok
20:01:12.0165 3320  [ 91DEDAD8D6498A1D720A25391BAC8002 ] C:\Windows\IME\zh-CN\SpTip.dll.mui
20:01:12.0165 3320  C:\Windows\IME\zh-CN\SpTip.dll.mui - ok
20:01:12.0181 3320  [ FCEBDCCD70A8E4EB4C44F6705B3EA777 ] C:\Program Files\Windows NT\TableTextService\TableTextService.dll
20:01:12.0181 3320  C:\Program Files\Windows NT\TableTextService\TableTextService.dll - ok
20:01:12.0181 3320  [ 085ADCB1BD717DB9F1C43ED9AF41BAA3 ] C:\Program Files\Windows NT\TableTextService\zh-CN\TableTextService.dll.mui
20:01:12.0181 3320  C:\Program Files\Windows NT\TableTextService\zh-CN\TableTextService.dll.mui - ok
20:01:12.0181 3320  [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
20:01:12.0181 3320  C:\Windows\System32\prnfldr.dll - ok
20:01:12.0197 3320  [ DAB8DE0D3BFDBF1054793A7AD1F1656D ] C:\Windows\System32\zh-CN\msutb.dll.mui
20:01:12.0197 3320  C:\Windows\System32\zh-CN\msutb.dll.mui - ok
20:01:12.0197 3320  [ 8B285BDAB7735FDFB18E6F7122923B77 ] C:\Windows\System32\UIAnimation.dll
20:01:12.0197 3320  C:\Windows\System32\UIAnimation.dll - ok
20:01:12.0197 3320  [ 08B2C116E280F7137F2E501ED6B10505 ] C:\Windows\System32\zh-CN\wdmaud.drv.mui
20:01:12.0197 3320  C:\Windows\System32\zh-CN\wdmaud.drv.mui - ok
20:01:12.0212 3320  [ 65958D3836B587E31FEB0BF02CF9400B ] C:\Windows\System32\zh-CN\authui.dll.mui
20:01:12.0212 3320  C:\Windows\System32\zh-CN\authui.dll.mui - ok
20:01:12.0212 3320  [ C8C9C971B5F59D184E01C4019C3D22B8 ] C:\Windows\System32\zh-CN\MMDevAPI.dll.mui
20:01:12.0212 3320  C:\Windows\System32\zh-CN\MMDevAPI.dll.mui - ok
20:01:12.0228 3320  [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
20:01:12.0228 3320  C:\Windows\System32\DXP.dll - ok
20:01:12.0228 3320  [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
20:01:12.0228 3320  C:\Windows\System32\Syncreg.dll - ok
20:01:12.0228 3320  [ 5704351536FDEACEBC4291D570826F17 ] C:\Windows\System32\en-US\imageres.dll.mui
20:01:12.0228 3320  C:\Windows\System32\en-US\imageres.dll.mui - ok
20:01:12.0243 3320  [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
20:01:12.0243 3320  C:\Windows\System32\rundll32.exe - ok
20:01:12.0243 3320  [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
20:01:12.0243 3320  C:\Windows\AppPatch\AcLayers.dll - ok
20:01:12.0243 3320  [ 54334C4FD3D2AECA130D8B5AF3406D34 ] C:\Windows\System32\zh-CN\rundll32.exe.mui
20:01:12.0243 3320  C:\Windows\System32\zh-CN\rundll32.exe.mui - ok
20:01:12.0259 3320  [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\System32\tzres.dll
20:01:12.0259 3320  C:\Windows\System32\tzres.dll - ok
20:01:12.0259 3320  [ 709B4F898B86044C3664589CACD49D7D ] C:\Windows\System32\zh-CN\tzres.dll.mui
20:01:12.0259 3320  C:\Windows\System32\zh-CN\tzres.dll.mui - ok
20:01:12.0259 3320  [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
20:01:12.0259 3320  C:\Windows\System32\AltTab.dll - ok
20:01:12.0275 3320  [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
20:01:12.0275 3320  C:\Windows\System32\WPDShServiceObj.dll - ok
20:01:12.0275 3320  [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
20:01:12.0275 3320  C:\Windows\System32\PortableDeviceTypes.dll - ok
20:01:12.0275 3320  [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
20:01:12.0275 3320  C:\Windows\System32\pnidui.dll - ok
20:01:12.0290 3320  [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
20:01:12.0290 3320  C:\Windows\System32\QUTIL.DLL - ok
20:01:12.0290 3320  [ 66AA43F07DEE7FE8F22D955E06A1FB0B ] D:\Program Files\FileZilla FTP Client\fzshellext.dll
20:01:12.0290 3320  D:\Program Files\FileZilla FTP Client\fzshellext.dll - ok
20:01:12.0290 3320  [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
20:01:12.0290 3320  C:\Windows\System32\srchadmin.dll - ok
20:01:12.0306 3320  [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
20:01:12.0306 3320  C:\Windows\System32\SearchIndexer.exe - ok
20:01:12.0306 3320  [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
20:01:12.0306 3320  C:\Windows\System32\rasdlg.dll - ok
20:01:12.0321 3320  [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
20:01:12.0321 3320  C:\Windows\System32\dot3api.dll - ok
20:01:12.0321 3320  [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
20:01:12.0321 3320  C:\Windows\System32\wlanhlp.dll - ok
20:01:12.0321 3320  [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
20:01:12.0321 3320  C:\Windows\System32\wlanapi.dll - ok
20:01:12.0337 3320  [ 9A39A2A5F443A756C568C6ED5748AFE4 ] C:\Windows\System32\ActionCenter.dll
20:01:12.0337 3320  C:\Windows\System32\ActionCenter.dll - ok
20:01:12.0337 3320  [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
20:01:12.0337 3320  C:\Windows\System32\WWanAPI.dll - ok
20:01:12.0337 3320  [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
20:01:12.0337 3320  C:\Windows\System32\wwapi.dll - ok
20:01:12.0353 3320  [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll
20:01:12.0353 3320  C:\Windows\System32\tquery.dll - ok
20:01:12.0353 3320  [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll
20:01:12.0353 3320  C:\Windows\System32\mssrch.dll - ok
20:01:12.0353 3320  [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
20:01:12.0353 3320  C:\Windows\System32\QAGENT.DLL - ok
20:01:12.0368 3320  [ 2BC8DC70DD268E0ED7FCDD4A30F4CBDD ] C:\Windows\System32\zh-CN\SearchIndexer.exe.mui
20:01:12.0368 3320  C:\Windows\System32\zh-CN\SearchIndexer.exe.mui - ok
20:01:12.0368 3320  [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
20:01:12.0368 3320  C:\Windows\System32\msidle.dll - ok
20:01:12.0368 3320  [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
20:01:12.0368 3320  C:\Windows\System32\mssprxy.dll - ok
20:01:12.0384 3320  [ D226B47A7C5DF5403A5829F8F2887AEF ] C:\Windows\System32\zh-CN\tquery.dll.mui
20:01:12.0384 3320  C:\Windows\System32\zh-CN\tquery.dll.mui - ok
20:01:12.0384 3320  [ 108BC4AAB7A614F511C79D13C7AAED76 ] C:\Windows\System32\zh-CN\ESENT.dll.mui
20:01:12.0384 3320  C:\Windows\System32\zh-CN\ESENT.dll.mui - ok
20:01:12.0399 3320  [ E1A4539DF3CA07E7AF643666FA79437F ] C:\Windows\System32\zh-CN\vsstrace.dll.mui
20:01:12.0399 3320  C:\Windows\System32\zh-CN\vsstrace.dll.mui - ok
20:01:12.0399 3320  [ D53519D8BB92559350125447991DCFA8 ] C:\Windows\System32\mssitlb.dll
20:01:12.0399 3320  C:\Windows\System32\mssitlb.dll - ok
20:01:12.0399 3320  [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\System32\stdole2.tlb
20:01:12.0399 3320  C:\Windows\System32\stdole2.tlb - ok
20:01:12.0415 3320  [ 9DF7A7C74D8632CB5EBD37E3A374825E ] C:\Windows\System32\webcheck.dll
20:01:12.0415 3320  C:\Windows\System32\webcheck.dll - ok
20:01:12.0415 3320  [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
20:01:12.0415 3320  C:\Windows\System32\mlang.dll - ok
20:01:12.0415 3320  [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
20:01:12.0415 3320  C:\Windows\System32\SyncCenter.dll - ok
20:01:12.0415 3320  [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
20:01:12.0415 3320  C:\Windows\System32\imapi2.dll - ok
20:01:12.0431 3320  [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
20:01:12.0431 3320  C:\Windows\System32\hgcpl.dll - ok
20:01:12.0431 3320  [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
20:01:12.0431 3320  C:\Windows\System32\FXSST.dll - ok
20:01:12.0431 3320  [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
20:01:12.0431 3320  C:\Windows\System32\FXSAPI.dll - ok
20:01:12.0446 3320  [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
20:01:12.0446 3320  C:\Windows\System32\FXSRESM.dll - ok
20:01:12.0446 3320  [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
20:01:12.0446 3320  C:\Windows\System32\FXSSVC.exe - ok
20:01:12.0446 3320  ============================================================
20:01:12.0446 3320  Scan finished
20:01:12.0446 3320  ============================================================
20:01:12.0462 3312  Detected object count: 2
20:01:12.0462 3312  Actual detected object count: 2
20:03:19.0915 3312  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:19.0915 3312  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:19.0915 3312  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:19.0915 3312  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:05:59.0956 0760  Deinitialize success
 

Link to post
Share on other sites

Hi,

still have problem with ip block.the problem is I don't know which service cause this,I have 9 svchost.exe running at the same time.can I just stop some service or close some port?how to do?thank you.

2013/06/28 09:48:53 +0800    JUDY-PC    judy    IP-BLOCK    220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)
2013/06/28 09:56:54 +0800    JUDY-PC    judy    IP-BLOCK    220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)
2013/06/28 09:56:55 +0800    JUDY-PC    judy    IP-BLOCK    220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)
2013/06/28 09:56:55 +0800    JUDY-PC    judy    IP-BLOCK    220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)
2013/06/28 09:56:55 +0800    JUDY-PC    judy    IP-BLOCK    220.248.184.39 (Type: incoming, Port: 34861, Process: svchost.exe)
2013/06/28 09:57:51 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.246 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 09:57:51 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.246 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 10:34:10 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.248 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 10:34:43 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.39 (Type: incoming, Port: 8080, Process: svchost.exe)
2013/06/28 10:39:08 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 10:39:08 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.23 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 10:39:16 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.77 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 10:39:16 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.77 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 10:39:24 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 10:39:24 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 10:41:25 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.247 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 10:45:26 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.3 (Type: incoming, Port: 22, Process: svchost.exe)
2013/06/28 10:45:26 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.3 (Type: incoming, Port: 22, Process: svchost.exe)
2013/06/28 10:48:38 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.246 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 10:51:50 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 10:51:50 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 10:53:50 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.39 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 10:55:34 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 10:58:30 +0800    JUDY-PC    judy    IP-BLOCK    222.186.26.31 (Type: incoming, Port: 808, Process: svchost.exe)
2013/06/28 10:58:30 +0800    JUDY-PC    judy    IP-BLOCK    222.186.26.31 (Type: incoming, Port: 808, Process: svchost.exe)
2013/06/28 10:59:59 +0800    JUDY-PC    judy    IP-BLOCK    222.186.27.102 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/06/28 11:01:03 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:11:11 +0800    JUDY-PC    judy    IP-BLOCK    89.248.171.125 (Type: incoming, Port: 19, Process: svchost.exe)
2013/06/28 11:11:11 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:12:15 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.4 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 11:12:16 +0800    JUDY-PC    judy    IP-BLOCK    222.186.25.4 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 11:17:52 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.239 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 11:20:48 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:20:48 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:40:17 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:40:17 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:44:25 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:47:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.248 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 11:47:06 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.248 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 11:49:54 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.151 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 11:51:06 +0800    JUDY-PC    judy    IP-BLOCK    93.174.93.99 (Type: incoming, Port: 8443, Process: svchost.exe)
2013/06/28 11:54:26 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.233 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 11:54:26 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.233 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 11:56:18 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.113 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 11:58:02 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/06/28 12:00:02 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.232 (Type: incoming, Port: 9999, Process: svchost.exe)
2013/06/28 12:01:38 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.238 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 12:01:39 +0800    JUDY-PC    judy    IP-BLOCK    60.173.8.238 (Type: incoming, Port: 8888, Process: svchost.exe)
2013/06/28 12:04:35 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.112 (Type: incoming, Port: 9000, Process: svchost.exe)
2013/06/28 12:05:31 +0800    JUDY-PC    judy    IP-BLOCK    222.186.26.31 (Type: incoming, Port: 8080, Process: svchost.exe)
2013/06/28 12:06:35 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.39 (Type: incoming, Port: 8080, Process: svchost.exe)
2013/06/28 12:11:55 +0800    JUDY-PC    judy    IP-BLOCK    60.173.12.113 (Type: incoming, Port: 9000, Process: svchost.exe)
2013/06/28 12:19:00 +0800    JUDY-PC    judy    IP-BLOCK    222.186.63.186 (Type: incoming, Port: 8099, Process: svchost.exe)
2013/06/28 12:20:20 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.85 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 12:20:44 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.93 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 12:20:44 +0800    JUDY-PC    judy    IP-BLOCK    222.186.34.93 (Type: incoming, Port: 6666, Process: svchost.exe)
2013/06/28 12:27:01 +0800    JUDY-PC    judy    IP-BLOCK    89.248.171.125 (Type: incoming, Port: 19, Process: svchost.exe)
2013/06/28 12:34:21 +0800    JUDY-PC    judy    IP-BLOCK    60.173.11.208 (Type: incoming, Port: 9999, Process: svchost.exe)

Link to post
Share on other sites

You don't have to close svchost.exe . This is normal. It's the way Windows works.

http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

OTL Extras logfile created on: 2013/6/28 21:11:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\download
 Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d
 
1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.70% Memory free
3.98 Gb Paging File | 3.10 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.09 Gb Total Space | 6.75 Gb Free Space | 17.27% Space Free | Partition Type: NTFS
Drive D: | 80.04 Gb Total Space | 48.64 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
Drive E: | 80.04 Gb Total Space | 67.55 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
Drive F: | 98.91 Gb Total Space | 57.40 Gb Free Space | 58.03% Space Free | Partition Type: NTFS
 
Computer Name: JUDY-PC | User Name: judy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = BaiduPlayerBrowserHTML] -- D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\baiduplayerbrowser.exe (BaiduPlayerBrowser)
 
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\baiduplayerbrowser.exe" -- "%1" (BaiduPlayerBrowser)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B9CBFF3-5AD3-4E14-A141-EB7E5909D99B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1CDFB217-3CB4-457E-AE51-4E38B331E14C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7065FA99-F01B-44EF-BFC6-95E9E7CE7D2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7309DC4E-6E9C-4693-8993-7100D1610EDB}" = lport=139 | protocol=6 | dir=in | app=system |
"{86D6B027-6A70-4ACA-AE71-D820A5A5B58F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A0984CB-2031-4EBF-A3A0-CAC626967F5C}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe |
"{8A671555-EF8E-4280-A1A7-54793EEA4F13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CF6D163-7CAB-4F4D-A599-BEB22EA91B3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FCB8B4C-BB0E-4BD6-83CE-D9F5D44CF808}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD2F0A8D-D58A-4923-9CF7-C2002AE54CCD}" = rport=137 | protocol=17 | dir=out | app=system |
"{D93EF6D3-5A06-49D6-8415-25E5598A7CE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{E26F8220-E7C2-427E-8F8E-B971A3D86B59}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD409D5D-CC04-47B6-AD03-5CEF22E9C9FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044E32A6-3E46-4F7B-9AF0-3DCC074E5849}" = protocol=6 | dir=in | app=d:\download\baiduplayernetsetup_49059037.exe |
"{04DFDB52-A531-48BB-976E-3909C4F3322B}" = dir=in | app=d:\pps.tv\ppsgame\updatermini.exe |
"{18ED3CB8-CE7D-4C47-A403-4F4AA1642736}" = dir=in | app=d:\program files\baiduplayerbrowser\2.5.1.49_1\statreport.exe |
"{19A8A881-5239-4F0B-882A-69F91F746163}" = protocol=17 | dir=in | app=d:\program files\thunder network\minithunder\bin\thundermini.exe |
"{1CB6DF1C-4E33-464C-BC1F-B888EB600736}" = protocol=17 | dir=in | app=d:\programfile\opera\opera.exe |
"{1DD3B215-9A7D-4DE2-AEE8-5D5A115B51F9}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\onenote.exe |
"{397041A1-40C0-4418-A50B-CB0E1144F841}" = protocol=6 | dir=in | app=d:\download\baiduplayernetsetup_490590373.exe |
"{4441BF9F-98CC-4FD6-AB84-8DDD023110AD}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\onenote.exe |
"{4ABD19EC-DB0C-4CC8-85F4-E3285E5CF733}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{4D769F55-CD8E-403D-9E56-B254291F5C63}" = protocol=6 | dir=in | app=d:\download\baiduplayernetsetup_490590373(1).exe |
"{56C687C2-A7E6-4AB2-A10E-8558D8D0A99D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6035E53B-18AD-4FC7-B7FB-42358CCBFED5}" = dir=in | app=d:\program files\baiduplayerbrowser\2.5.1.49_1\baidup2pservice.exe |
"{669E054D-9CD9-41C3-A27F-D736EBD3B792}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{69D98314-124E-4EA6-B628-7ECF2ABAD485}" = dir=in | app=d:\program files\vmware\vmware-authd.exe |
"{6D8970BD-B6AC-4D80-9EE9-A1045E3D70BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7851F50C-B72C-4D44-A4B7-5B3B68ABB220}" = dir=in | app=d:\program files\vmware\vmware-authd.exe |
"{78AF400A-8978-4AE3-9DFB-6B1DD78F4812}" = dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{7B2E0F4B-ABD1-4FF5-88AC-CEE46C461F5A}" = dir=in | app=d:\pps.tv\ppsgame\ppswebclientgame.exe |
"{7E262C70-77E7-473C-A0B1-1FFC4087DB1E}" = dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"{86B32D18-C231-4D83-880B-300D6901A932}" = protocol=6 | dir=in | app=d:\programfile\opera\opera.exe |
"{87B96E00-EF43-42A0-B72E-9D6B8DB83590}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2658727-D909-468F-8D17-E4B4685A0848}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{B2C4DC66-D89B-4972-8302-A4456225915B}" = dir=in | app=d:\pps.tv\ppstream\ppsprotect.exe |
"{C1943518-9F9D-4C46-A140-0CDE32EF6DE4}" = protocol=17 | dir=in | app=c:\users\judy\appdata\roaming\dropbox\bin\dropbox.exe |
"{C198E838-6CC0-4CA2-8152-0D2A10F6616C}" = protocol=17 | dir=in | app=d:\download\baiduplayernetsetup_490590373.exe |
"{C72A7C1E-6EDF-4895-AD00-1D7E9B624D03}" = protocol=17 | dir=in | app=d:\download\baiduplayernetsetup_490590373(1).exe |
"{C785EC36-1577-45AF-A21B-77B3CEAF09AB}" = protocol=17 | dir=in | app=d:\download\baiduplayernetsetup_49059037.exe |
"{D4E23259-2830-4681-886A-8D8A9D45BDF0}" = dir=in | app=d:\program files\baiduplayerbrowser\2.5.1.49_1\player\hs4x.exe |
"{D8019FDE-59E5-4B3F-A137-AFCA617F9288}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EB19DF3C-DC2E-4083-830D-16CC15B10A5A}" = protocol=6 | dir=in | app=d:\program files\thunder network\minithunder\bin\thundermini.exe |
"{EB560943-96CB-4136-9C01-1E2B5AECB54F}" = dir=in | app=c:\users\judy\appdata\roaming\ppstream\ppsupdate.exe |
"{F80F9826-7937-4255-A11C-DDFA770CEE9A}" = protocol=6 | dir=in | app=c:\users\judy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1A86D655-B387-4941-8E67-15A5F47D66D4}D:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=d:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{3F71BC5C-CBD4-4796-8B20-29518A8B5364}D:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=d:\program files\flashget network\flashget 3\flashget3.exe |
"TCP Query User{5D536A3E-78E6-4C68-809E-9555C1798664}D:\program files\perl\bin\perl.exe" = protocol=6 | dir=in | app=d:\program files\perl\bin\perl.exe |
"TCP Query User{5E2FE80A-E67A-4DBF-9366-DF58E0F046E3}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{6CFE9F01-8893-41F6-9263-B529C6FE217B}D:\program files\captcha sniper\csse.exe" = protocol=6 | dir=in | app=d:\program files\captcha sniper\csse.exe |
"TCP Query User{B90A42E6-A23D-4177-B07F-27FFF4D5F7C8}D:\python25\pythonw.exe" = protocol=6 | dir=in | app=d:\python25\pythonw.exe |
"TCP Query User{CC31DDFA-9BA6-4EDA-8D2E-7334D4F32393}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E1636DCF-4F8A-4893-BD12-7B428F278B73}D:\program files\captcha sniper\captchasniper.exe" = protocol=6 | dir=in | app=d:\program files\captcha sniper\captchasniper.exe |
"TCP Query User{F345EEC7-B855-4DCF-8FAA-5A582FEF10B9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{0C967479-9F76-4481-86E7-6FF0E640A8BE}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{20B73E2F-2B7B-4DD4-A677-442BA52C7759}D:\python25\pythonw.exe" = protocol=17 | dir=in | app=d:\python25\pythonw.exe |
"UDP Query User{22439FFC-0A94-4276-9EA7-020404076F6F}D:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=d:\program files\flashget network\flashget 3\flashget3.exe |
"UDP Query User{5D465619-34B6-4E42-93A8-0DEB74584D39}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{93438229-9EDF-41B7-BD98-CE5D34DD202A}D:\program files\captcha sniper\captchasniper.exe" = protocol=17 | dir=in | app=d:\program files\captcha sniper\captchasniper.exe |
"UDP Query User{D0173D7F-84C1-407C-8738-11121CA078D1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{D1BBE7C6-99F9-4D9C-8720-0C46DB6F9E71}D:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=d:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{E6F93D3D-C422-4E7A-B760-54A808D1AAE7}D:\program files\captcha sniper\csse.exe" = protocol=17 | dir=in | app=d:\program files\captcha sniper\csse.exe |
"UDP Query User{FE26B864-5530-4145-8D0B-F0D64466D24A}D:\program files\perl\bin\perl.exe" = protocol=17 | dir=in | app=d:\program files\perl\bin\perl.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0641E784-F9EE-465D-AF4B-5C6F5B450E8F}" = 中国工商银行防钓鱼软件
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A82D6D7-68AB-46CB-B3A7-1F234892F314}" = TweetAttacks
"{0CBE3360-682E-4108-896C-A31CA647C6B0}_is1" = NewsTweets version 1.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{17544ACA-6428-424B-926B-8751610836AE}" = TortoiseSVN 1.7.1.22161 (32 bit)
"{1826D0CA-F479-4430-9EFE-86E8E783505B}_is1" = Opera Mobile Emulator
"{1A915DE2-F485-4F04-9DC8-E335B5DA61FD}" = 工行网银助手
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{243B02B2-44A3-B2BD-5184-B2A9EA318375}" = Kudani
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2DFBF311-4838-345F-A353-647185AA4DA1}" = Microsoft .NET Framework 4 Client Profile CHS Language Pack
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30BA50ED-0F32-421B-BC6A-132A03EFF299}" = VBRunALL
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = OANDA - MetaTrader 4.00
"{46B48F0B-F44C-4988-B497-FB0C44AF0ED5}" = Amz Treasure Hunter 2.0 Standard
"{48EC3A4C-DDE9-462F-9402-8BE411BBB934}" = QQ概念版
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client ZH-CN Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EC62E00-7895-3B72-A044-42F005CB6EF2}" = Microsoft .NET Framework 4 Extended CHS Language Pack
"{90140000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2010
"{90140000-0015-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2010
"{90140000-0016-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0804-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Chinese (Simplified)) 2010
"{90140000-0017-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{AA2EEDEA-84E6-4494-9168-D07DEF2E19CA}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010
"{90140000-0018-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2010
"{90140000-0019-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2010
"{90140000-001A-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2010
"{90140000-001B-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{A620ACD4-585E-40D3-80B9-FD31766D1E2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{394CF546-9CD3-4C0A-B380-F4CCFD44C873}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-0001-0FFF000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2010
"{90140000-002C-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{00EB89C1-EB14-40EE-89F8-A5A5D97B4F30}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0804-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Simplified)) 2010
"{90140000-0044-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2010
"{90140000-006E-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{C12630E0-EBCC-48F1-A0D3-BB8C05AC7306}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0804-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Simplified)) 2010
"{90140000-00A1-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0804-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Chinese (Simplified)) 2010
"{90140000-00BA-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{ED6EB6CE-E9BA-4D10-A9F5-AEC56263D9EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BD-0804-0000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - 简体中文
"{90140000-0100-0804-0000-0000000FF1CE}" = Microsoft Office O MUI (Chinese (Simplified)) 2010
"{90140000-0100-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{0D023A94-08DA-4B07-B878-B213433CF716}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0804-0000-0000000FF1CE}" = Microsoft Office X MUI (Chinese (Simplified)) 2010
"{90140000-0101-0804-0000-0000000FF1CE}_Office14.OMUI.zh-cn_{0799CC5C-199F-463F-81A0-671AF0F25D85}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0121-0804-0001-0FFF000FF1CE}" = Microsoft Office IMESS (Chinese (Simplified)) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF21474-61E3-428B-8D7B-833EA2D0FAAB}" = Microsoft Antimalware Service ZH-CN Language Pack
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-2052-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Chinese Simplified
"{AE010600-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision 驱动程序 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA 控制面板 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA 图形驱动程序 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision 控制器驱动程序 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX 系统软件 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA 更新 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD 音频驱动程序 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C619A1DC-8EE4-4BD2-82AB-D9424A23E42A}" = Auto Blog Samurai
"{D0942B33-E04A-B63A-2D04-9B41313C9BC5}" = LongTailPro - Version 2.1.6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D683BE08-CF48-4555-9D3A-40945287A11E}" = 网赢网站发布平台
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1" = FileSeek 2.1.3
"7-Zip" = 7-Zip 9.20
"A21C8DB81A474239909E6CB8B8DFC590_is1" = A1 Website Download
"Addr201305" = Addr
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alipay security plugin_is1" = 支付宝安全插件 1.3.0.6
"Android SDK Tools" = Android SDK Tools
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Azon Product Inspector1.0.1.9" = Azon Product Inspector
"BaiduPlayer2" = 百度影音浏览器
"Belarc Advisor" = Belarc Advisor 8.3
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"com.longtailpro.LongTailPro" = LongTailPro - Version 2.1.6
"com.pageone.Kudani" = Kudani
"ExamXMLPro" = ExamXMLPro
"FileZilla Client" = FileZilla Client 3.5.3
"FlashGet3.7" = FlashGet3.7
"ImageMagick 6.7.0 Q16_is1" = ImageMagick 6.7.0-0 Q16 (2011-06-01)
"IME14SS.2052" = 微软拼音输入法 2010
"Keyword Optimizer Pro 22.0.1.5" = Keyword Optimizer Pro 2
"Lingoes Translator_is1" = Lingoes 2.7.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware 版本 1.75.0.1300
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 21.0 (x86 zh-CN)" = Mozilla Firefox 21.0 (x86 zh-CN)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.zh-cn" = Microsoft Office Language Pack 2010 - Chinese (PRC)/中文(简体)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 11.01.1190" = Opera 11.01
"PPSGame" = PPS游戏 V1.2.2.6
"PPStream" = PPS影音 V3.1.0.1068 正式版
"Proxifier_is1" = Proxifier version 3.21
"ProxyChecker" = ProxyChecker (remove only)
"Registry Trash Keys Finder" = Registry Trash Keys Finder (Freeware)
"RSS Feeds Submit_is1" = RSS Feeds Submit
"Sandboxie" = Sandboxie 3.74 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"UltraISO_is1" = UltraISO Premium V9.36
"VMware_Player" = VMware Player
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR 压缩文件管理器
"xampp" = XAMPP 1.4.13
"Zoolz2" = Zoolz2
"银联在线支付安全控件IE版" = 银联在线支付安全控件IE版 1.0.0.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a10c648895c21ba6" = Update or Uninstall SENukeX
"AlipayCert" = 支付宝数字证书组件 2.0.0.6
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 7040
Description =
 
Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 7042
Description =
 
Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 9002
Description =
 
Error - 2013/6/27 0:49:00 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 2013/6/27 0:49:01 | Computer Name = judy-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 2013/6/27 0:59:35 | Computer Name = judy-PC | Source = Application Error | ID = 1000
Description = 错误应用程序名称: OnlineScannerApp.exe,版本: 1.0.0.1,时间戳: 0x510236a0  错误模块名称:
ONLINE~1.OCX,版本: 1.0.0.6920,时间戳: 0x510236ce  异常代码: 0xc000000d  错误偏移量: 0x00085a9e  错误进程
 ID: 0x3c8  错误应用程序启动时间: 0x01ce72d0fa448c3c  错误应用程序路径: C:\Program Files\ESET\ESET Online
 Scanner\OnlineScannerApp.exe  错误模块路径: C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX  报告 ID:
 5c40f10e-dee6-11e2-b1a7-005056c00008
 
Error - 2013/6/27 3:27:06 | Computer Name = judy-PC | Source = MsiInstaller | ID = 11730
Description =
 
[ System Events ]
Error - 2013/6/28 3:27:39 | Computer Name = judy-PC | Source = volmgr | ID = 262190
Description = 故障转储初始化未成功
 
Error - 2013/6/28 3:27:39 | Computer Name = judy-PC | Source = volmgr | ID = 262190
Description = 故障转储初始化未成功
 
Error - 2013/6/28 3:27:49 | Computer Name = judy-PC | Source = volmgr | ID = 262190
Description = 故障转储初始化未成功
 
Error - 2013/6/28 3:30:27 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7038
Description = nvUpdatusService 服务无法使用当前配置的密码以 .\UpdatusUser 身份登录,错误原因如下:   %%1330    要确保服务配置正确,请使用
 Microsoft 管理控制台(MMC)中的服务管理单元。
 
Error - 2013/6/28 3:30:27 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7000
Description = 由于下列错误,NVIDIA Update Service Daemon 服务启动失败:   %%1069
 
Error - 2013/6/28 8:46:14 | Computer Name = judy-PC | Source = volmgr | ID = 262190
Description = 故障转储初始化未成功
 
Error - 2013/6/28 8:46:14 | Computer Name = judy-PC | Source = volmgr | ID = 262190
Description = 故障转储初始化未成功
 
Error - 2013/6/28 8:46:24 | Computer Name = judy-PC | Source = volmgr | ID = 262190
Description = 故障转储初始化未成功
 
Error - 2013/6/28 8:49:08 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7038
Description = nvUpdatusService 服务无法使用当前配置的密码以 .\UpdatusUser 身份登录,错误原因如下:   %%1330    要确保服务配置正确,请使用
 Microsoft 管理控制台(MMC)中的服务管理单元。
 
Error - 2013/6/28 8:49:08 | Computer Name = judy-PC | Source = Service Control Manager | ID = 7000
Description = 由于下列错误,NVIDIA Update Service Daemon 服务启动失败:   %%1069
 
 
< End of report >
 

Link to post
Share on other sites

OTL logfile created on: 2013/6/28 21:11:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\download
 Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d
 
1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.70% Memory free
3.98 Gb Paging File | 3.10 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.09 Gb Total Space | 6.75 Gb Free Space | 17.27% Space Free | Partition Type: NTFS
Drive D: | 80.04 Gb Total Space | 48.64 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
Drive E: | 80.04 Gb Total Space | 67.55 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
Drive F: | 98.91 Gb Total Space | 57.40 Gb Free Space | 58.03% Space Free | Partition Type: NTFS
 
Computer Name: JUDY-PC | User Name: judy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/28 21:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\download\OTL.exe
PRC - [2013/06/18 12:12:16 | 004,000,120 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSKernel.exe
PRC - [2013/06/07 18:01:02 | 004,144,504 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSProtect.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/17 15:14:42 | 000,453,136 | ---- | M] (Genie9) -- D:\Program Files\Genie9\Zoolz2\ZoolzService.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2012/11/01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2012/11/01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- D:\Program Files\vmware\vmware-authd.exe
PRC - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2012/08/30 23:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/08/30 23:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/26 04:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/12/26 16:48:36 | 000,430,720 | ---- | M] () -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
PRC - [2011/10/22 10:16:38 | 000,273,688 | ---- | M] (http://tortoisesvn.net) -- D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/14 16:38:26 | 000,073,728 | ---- | M] () -- D:\Program Files\Genie9\Zoolz2\Communicator.dll
MOD - [2012/12/31 17:56:26 | 000,148,992 | ---- | M] () -- D:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll
MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\System32\PrxerNsp.dll
MOD - [2012/11/14 21:06:14 | 000,038,400 | ---- | M] () -- D:\Program Files\Genie9\Zoolz2\GSLogging.dll
MOD - [2012/01/08 21:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/22 10:16:18 | 000,070,424 | ---- | M] () -- D:\Program Files\TortoiseSVN\bin\libsasl32.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/06/12 16:33:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/17 15:14:42 | 000,453,136 | ---- | M] (Genie9) [Auto | Running] -- D:\Program Files\Genie9\Zoolz2\ZoolzService.exe -- (Zoolz 2 Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/11/01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/11/01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\Program Files\vmware\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/08/31 03:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/26 04:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/12/26 16:48:36 | 000,430,720 | ---- | M] () [Auto | Running] -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe -- (ICBC Daemon Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\512M Driver\IODrv.sys -- (IODRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\judy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/06/28 20:46:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63A45C40-2067-46D9-A5A9-0D1A4FD2E9EC}\MpKsl19f049f8.sys -- (MpKsl19f049f8)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/01 02:35:14 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/11/01 02:34:52 | 000,061,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/11/01 02:34:08 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/11/01 02:34:08 | 000,025,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012/11/01 02:34:08 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/10/24 14:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)
DRV - [2012/10/24 14:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2012/10/11 17:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/10/02 09:01:09 | 000,425,368 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PassGuard.sys -- (PassGuard)
DRV - [2012/08/31 03:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/26 04:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/07/03 23:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/05/31 15:49:42 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2011/05/31 15:49:42 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2007/07/13 00:35:46 | 000,006,912 | ---- | M] (TPS Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tpsacpi.sys -- (tpsacpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cn.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 AC BE 2B D1 73 CE 01  [binary data]
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=ppsbaibu_oem_dg&ch=33
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:30000
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledAddons: eliteproxyswitcher%40my-proxy.com:1.2.0.2
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: jiathis%40jiathis.com:1.0.2.2
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 30000
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@alipay.com/npaliedit: C:\Windows\system32\npaliedit\1.3.0.6\npaliedit.dll (Alipay.com co.,ltd)
FF - HKLM\Software\MozillaPlugins\@alipay.com/NPComBrg701,version=1.0.2011.701: C:\Windows\system32\itruscert\NPComBrg701.dll (iTrusChina)
FF - HKLM\Software\MozillaPlugins\@baidu.com/npsetupdone: D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\plugins\npBDSetupDone.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\Windows\Downloaded Program Files\21293574\npxbdsetup.dll File not found
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: D:\Program Files\BaiduPlayerBrowser\2.5.1.49_1\plugins\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@alipay.com/npalicert: C:\Users\judy\AppData\Roaming\alipay\cf\npalicdo.dll (alipay.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\judy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\judy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2012/12/20 08:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\Extensions
[2013/06/24 10:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions
[2013/05/08 19:18:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/01/28 09:40:02 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013/05/23 10:01:16 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Users\judy\AppData\Roaming\mozilla\Firefox\Profiles\ofugp520.default\extensions\wappalyzer@crunchlabz.com
[2012/12/20 09:03:52 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
[2013/05/25 10:01:41 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\firebug@software.joehewitt.com.xpi
[2013/01/04 21:57:42 | 000,101,265 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\jiathis@jiathis.com.xpi
[2013/02/03 11:39:45 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\yslow@yahoo-inc.com.xpi
[2012/12/20 09:20:47 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2013/02/25 10:33:56 | 000,240,732 | ---- | M] () (No name found) -- C:\Users\judy\AppData\Roaming\mozilla\firefox\profiles\ofugp520.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi
 
========== Chrome  ==========
 
CHR - homepage: http://isearch.babylon.com/?affID=116637&tt=5112_8&babsrc=HP_ss&mntrId=12fb25b5000000000000000000000000
 
O1 HOSTS File: ([2013/06/26 10:10:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (7B3FDA4D-DAE0-EBA3-AFAF-36020A742438 Class) - {7B3FDA4D-DAE0-EBA3-AFAF-36020A742438} - C:\Program Files\addr\{7B3FDA4D-DAE0-EBA3-AFAF-36020A742438}\AddressBar.dll ()
O2 - BHO: (迅雷下载支持) - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\MiniThunder\bho\XunleiBHO7.1.7.2248.dll (Xunlei Tech Network)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\judy\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - HKU\S-1-5-18..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - HKU\S-1-5-19..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - HKU\S-1-5-20..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: 发送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : 发送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote 链接笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote 链接笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\PrxerDrv.dll (Initex)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alipay.com ([]http in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alipay.com ([]https in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alisoft.com ([]http in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: alisoft.com ([]https in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: facebook.com ([login] https in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: google.com ([mail] https in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: icbc.com.cn ([]https in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: taobao.com ([]http in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: taobao.com ([]https in 受信任的站点)
O15 - HKU\S-1-5-21-1614121019-1716911202-2953936860-1000\..Trusted Domains: twitter.com ([]https in 受信任的站点)
O16 - DPF: {0E48410F-D1B8-472A-85DB-27F3D77284CE} https://unionpaysecure.com/upe/UPEditor.cab (UPEditorCtrl Class)
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll (InfoSecICBCNetSign Class)
O16 - DPF: {BC878AFA-767A-47D8-B61E-AD96F210833A} https://mybank.icbc.com.cn/icbc/newperbank/icbcEnvCtrl.cab (AxEnvSet Class)
O16 - DPF: {BF6B2647-9A97-4258-AC3F-7CC8EA20D422} https://mybank.icbc.com.cn/icbc/icbc_gemplusdv.dll (Icbc_gemplusdv Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9C1ED3-F3C1-4FA3-9127-040F6E3269CC}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{341D0DAC-33D1-4A64-8D9D-43E4103AB40A}: NameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E988ABA6-A6D6-4FBD-A040-7C2A38834C0C}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/27 22:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2013/06/27 22:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\addr
[2013/06/27 22:46:20 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\idevice
[2013/06/27 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ppstream
[2013/06/27 22:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPStream
[2013/06/27 22:45:16 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\PPStream
[2013/06/27 15:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageOneTraffic
[2013/06/26 15:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/26 09:40:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/26 09:40:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/25 23:27:43 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\Tencent
[2013/06/25 23:27:42 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\Tencent
[2013/06/25 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\Tencent
[2013/06/25 21:03:54 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\kudani
[2013/06/25 21:03:54 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\__MACOSX
[2013/06/25 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\com.pageone.Kudani
[2013/06/25 16:38:58 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\com.ideaincubatorlp.crystl
[2013/06/24 10:17:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/24 10:16:55 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/23 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\SvchostViewer
[2013/06/23 12:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2013/06/22 16:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/21 16:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Treasure Hunter
[2013/06/20 19:52:04 | 000,000,000 | ---D | C] -- C:\Users\judy\Desktop\RK_Quarantine
[2013/06/19 10:25:32 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\Malwarebytes
[2013/06/19 10:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/19 10:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/19 10:25:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/18 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Blog Samurai
[2013/06/16 21:26:50 | 000,000,000 | ---D | C] -- C:\Users\judy\Documents\BlogProfitPro
[2013/06/16 21:26:44 | 000,000,000 | ---D | C] -- C:\Users\judy\AppData\Local\Jolinco_LLC
[2013/06/07 11:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsTweets
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/28 21:11:39 | 000,000,600 | ---- | M] () -- C:\Users\judy\PUTTY.RND
[2013/06/28 21:06:02 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000UA.job
[2013/06/28 20:54:11 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/28 20:54:11 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/28 20:48:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/28 20:48:11 | 000,000,246 | ---- | M] () -- C:\Windows\tasks\PPSProtect.job
[2013/06/28 20:46:45 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 20:46:44 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/06/28 20:46:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/28 20:46:18 | 1601,613,824 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/28 17:31:00 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/28 17:06:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1614121019-1716911202-2953936860-1000Core.job
[2013/06/27 22:46:07 | 000,000,691 | ---- | M] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2013/06/27 22:46:07 | 000,000,691 | ---- | M] () -- C:\Users\judy\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/06/27 22:08:10 | 000,001,042 | ---- | M] () -- C:\Users\judy\AppData\Roaming\coreavc.ini
[2013/06/27 20:34:47 | 003,799,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/27 15:49:52 | 000,130,210 | ---- | M] () -- C:\Users\judy\Documents\feedsList.xml
[2013/06/27 15:48:54 | 000,130,210 | ---- | M] () -- C:\Users\judy\Desktop\feedsList.xml
[2013/06/27 15:27:45 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\Kudani.lnk
[2013/06/27 12:43:09 | 000,034,968 | ---- | M] () -- C:\Users\judy\Documents\cc_20130627_124301.reg
[2013/06/27 10:24:19 | 000,008,118 | ---- | M] () -- C:\Users\judy\Documents\cc_20130627_102358.reg
[2013/06/26 10:10:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/25 20:56:56 | 013,636,983 | ---- | M] () -- C:\Users\judy\Documents\kudani-images.zip
[2013/06/25 15:58:57 | 000,001,163 | ---- | M] () -- C:\Users\judy\Documents\addmefastprofile.csv-profile.csv
[2013/06/25 10:14:42 | 000,001,988 | ---- | M] () -- C:\Users\judy\Desktop\SEnukeXCr.lnk
[2013/06/24 19:29:46 | 000,017,798 | ---- | M] () -- C:\Users\judy\Documents\cc_20130624_192937.reg
[2013/06/24 09:47:32 | 000,000,859 | ---- | M] () -- C:\Users\judy\Desktop\AddMeFastBot - 1.0.33 - 快捷方式.lnk
[2013/06/22 21:10:08 | 000,000,132 | ---- | M] () -- C:\Users\judy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/06/21 16:08:49 | 000,002,637 | ---- | M] () -- C:\Users\Public\Desktop\Amz Treasure Hunter.lnk
[2013/06/21 11:25:30 | 007,703,015 | ---- | M] () -- C:\Users\judy\Documents\Killing-It-With-Amazon.pdf
[2013/06/20 19:51:27 | 000,014,768 | ---- | M] () -- C:\Users\judy\Documents\cc_20130620_195120.reg
[2013/06/19 22:08:47 | 000,000,138 | ---- | M] () -- C:\Windows\vsfilter.INI
[2013/06/19 10:25:22 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/18 20:44:50 | 000,003,035 | ---- | M] () -- C:\Users\judy\Desktop\Auto Blog Samurai.lnk
[2013/06/17 09:32:21 | 000,013,304 | ---- | M] () -- C:\Users\judy\Documents\cc_20130617_093215.reg
[2013/06/17 09:21:51 | 000,000,845 | ---- | M] () -- C:\Users\judy\Desktop\AddMeFastBot1.0.3.2 - 快捷方式.lnk
[2013/06/16 09:51:18 | 000,007,002 | ---- | M] () -- C:\Users\judy\Documents\account.csv
[2013/06/14 22:09:32 | 000,001,014 | ---- | M] () -- C:\Users\judy\Desktop\百度影音浏览器.lnk
[2013/06/14 22:07:26 | 000,000,598 | ---- | M] () -- C:\Windows\System32\bdsecushr.dat
[2013/06/07 11:47:51 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\NewsTweets.lnk
[2013/06/05 09:48:44 | 000,000,843 | ---- | M] () -- C:\Users\judy\Desktop\AddMeFastBot Update - 快捷方式 (2).lnk
[2013/06/05 09:29:28 | 000,001,167 | ---- | M] () -- C:\Users\judy\Documents\addmefast-profile2.csv-profile.csv-profile.csv
[2013/06/05 08:56:04 | 000,005,180 | ---- | M] () -- C:\Users\judy\Documents\cc_20130605_085558.reg
[2013/06/05 08:46:01 | 000,001,158 | ---- | M] () -- C:\Users\judy\Documents\addmefast-profile1.csv-profile.csv-profile.csv
[2013/06/04 12:38:10 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2013/06/27 22:46:13 | 000,000,691 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPS 影音.lnk
[2013/06/27 22:46:13 | 000,000,246 | ---- | C] () -- C:\Windows\tasks\PPSProtect.job
[2013/06/27 22:46:07 | 000,000,691 | ---- | C] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2013/06/27 22:46:07 | 000,000,691 | ---- | C] () -- C:\Users\judy\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/06/27 20:34:22 | 003,799,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/27 15:49:52 | 000,130,210 | ---- | C] () -- C:\Users\judy\Documents\feedsList.xml
[2013/06/27 15:48:53 | 000,130,210 | ---- | C] () -- C:\Users\judy\Desktop\feedsList.xml
[2013/06/27 12:43:05 | 000,034,968 | ---- | C] () -- C:\Users\judy\Documents\cc_20130627_124301.reg
[2013/06/27 10:24:12 | 000,008,118 | ---- | C] () -- C:\Users\judy\Documents\cc_20130627_102358.reg
[2013/06/26 15:52:57 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\Kudani.lnk
[2013/06/25 21:02:27 | 013,636,983 | ---- | C] () -- C:\Users\judy\Documents\kudani-images.zip
[2013/06/24 19:29:41 | 000,017,798 | ---- | C] () -- C:\Users\judy\Documents\cc_20130624_192937.reg
[2013/06/24 09:47:32 | 000,000,859 | ---- | C] () -- C:\Users\judy\Desktop\AddMeFastBot - 1.0.33 - 快捷方式.lnk
[2013/06/21 16:08:49 | 000,002,637 | ---- | C] () -- C:\Users\Public\Desktop\Amz Treasure Hunter.lnk
[2013/06/21 11:21:15 | 007,703,015 | ---- | C] () -- C:\Users\judy\Documents\Killing-It-With-Amazon.pdf
[2013/06/20 19:51:24 | 000,014,768 | ---- | C] () -- C:\Users\judy\Documents\cc_20130620_195120.reg
[2013/06/19 10:25:22 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/18 20:44:50 | 000,003,035 | ---- | C] () -- C:\Users\judy\Desktop\Auto Blog Samurai.lnk
[2013/06/17 09:32:19 | 000,013,304 | ---- | C] () -- C:\Users\judy\Documents\cc_20130617_093215.reg
[2013/06/14 22:09:32 | 000,001,014 | ---- | C] () -- C:\Users\judy\Desktop\百度影音浏览器.lnk
[2013/06/10 17:20:37 | 000,000,845 | ---- | C] () -- C:\Users\judy\Desktop\AddMeFastBot1.0.3.2 - 快捷方式.lnk
[2013/06/08 20:47:14 | 000,001,163 | ---- | C] () -- C:\Users\judy\Documents\addmefastprofile.csv-profile.csv
[2013/06/07 11:47:51 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\NewsTweets.lnk
[2013/06/05 09:48:44 | 000,000,843 | ---- | C] () -- C:\Users\judy\Desktop\AddMeFastBot Update - 快捷方式 (2).lnk
[2013/06/05 09:29:28 | 000,001,167 | ---- | C] () -- C:\Users\judy\Documents\addmefast-profile2.csv-profile.csv-profile.csv
[2013/06/05 08:56:01 | 000,005,180 | ---- | C] () -- C:\Users\judy\Documents\cc_20130605_085558.reg
[2013/06/04 12:38:10 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/10 19:50:19 | 000,000,598 | ---- | C] () -- C:\Windows\System32\bdsecushr.dat
[2013/03/30 20:58:24 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI
[2013/03/22 11:29:03 | 000,201,216 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/03/19 10:12:17 | 000,056,424 | ---- | C] () -- C:\Windows\System32\PrxerNsp.dll
[2013/03/04 17:12:10 | 000,000,088 | ---- | C] () -- C:\Users\judy\.c79792229cdae4d8fe4e261fc4d6976b.key
[2013/03/04 17:08:10 | 000,000,088 | ---- | C] () -- C:\Users\judy\.95d691779473f3e03bc4b4e56319d74c.key
[2012/12/26 15:42:54 | 000,007,602 | ---- | C] () -- C:\Users\judy\AppData\Local\Resmon.ResmonCfg
[2012/12/06 23:20:36 | 000,001,670 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/12/06 22:30:20 | 000,005,078 | ---- | C] () -- C:\ProgramData\zjyopzph.wxh
[2012/11/08 13:02:40 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2012/11/08 12:56:43 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/11/05 22:41:49 | 000,000,132 | ---- | C] () -- C:\Users\judy\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/10/01 22:30:34 | 000,425,368 | ---- | C] () -- C:\Windows\System32\drivers\PassGuard.sys
[2012/09/20 15:40:00 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/08/26 21:41:57 | 000,000,031 | ---- | C] () -- C:\Windows\pdf2word.ini
[2012/08/26 10:45:03 | 000,184,294 | ---- | C] () -- C:\Users\judy\AppData\Local\BlackToText907.tif
[2012/06/05 21:59:35 | 000,001,042 | ---- | C] () -- C:\Users\judy\AppData\Roaming\coreavc.ini
[2012/05/28 09:37:34 | 000,000,132 | ---- | C] () -- C:\Users\judy\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/05/20 08:55:14 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2012/03/15 17:52:32 | 000,069,632 | ---- | C] () -- C:\Windows\System32\csExWBDLMan.dll
[2012/02/17 11:22:19 | 000,000,073 | ---- | C] () -- C:\Windows\jg.INI
[2011/12/26 14:10:46 | 000,174,208 | ---- | C] () -- C:\Windows\System32\icbcclean.dll
[2011/12/26 14:10:46 | 000,113,792 | ---- | C] () -- C:\Windows\System32\EditControl.dll
[2011/12/26 14:10:46 | 000,072,832 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
[2011/11/11 09:54:48 | 000,000,720 | ---- | C] () -- C:\Users\judy\.appcfg_cookies
[2011/10/16 10:28:11 | 000,001,456 | ---- | C] () -- C:\Users\judy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/16 09:47:42 | 000,000,132 | ---- | C] () -- C:\Users\judy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/28 09:59:06 | 000,000,600 | ---- | C] () -- C:\Users\judy\PUTTY.RND
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42ae