TechSpot

Some spyware

By islam
Jul 29, 2012
  1. my pc is infected with smartwebsearch spyware and I tried to do every possible thing to get rid of it and nothing worked with me , also some websites like facebook doesn't work in my pc most of times and sometimes it takes so long time to load and I do not know why
    I am using bitdeffeneder internet security 2012 and no infections at the moment in my pc so any 1 suggest what should I do
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. islam

    islam TS Rookie Topic Starter Posts: 23

    ok I did a scan with Malwarebytes Anti-Malware
    scan log
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229763
    Time elapsed: 10 minute(s), 53 second(s)

    Memory Processes Detected: 1
    C:\Users\islam\AppData\Local\Temp\Trojan.exe (Trojan.Agent) -> 5700 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\Software\SkyMedia (Adware.SkyMedia) -> No action taken.
    HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2 (Trojan.Agent) -> Data: "C:\Users\islam\AppData\Local\Temp\Trojan.exe" .. -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2 (Trojan.Agent) -> Data: "C:\Users\islam\AppData\Local\Temp\Trojan.exe" .. -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    C:\Users\islam\Local Settings\Temporary Internet Files\Content.IE5\Z4IJ28K0\Anytube_5315[1].exe (PUP.Adware.Agent) -> No action taken.
    C:\Users\islam\AppData\Local\Temp\pi.exe (Trojan.Agent) -> No action taken.
    C:\Users\islam\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> No action taken.
    C:\Users\islam\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> No action taken.
    C:\Users\islam\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> No action taken.
    C:\Users\islam\AppData\Roaming\Keylogger (Stolen.Data) -> No action taken.
    C:\Users\islam\AppData\Local\Temp\Trojan.exe (Trojan.Agent) -> No action taken.
    C:\Users\islam\AppData\Local\Temp\Trojan.exe.tmp (Malware.Trace) -> No action taken.

    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please do NOT format your logs with some other colors.

    Your MBAM log says "No action taken".
    Re=run it, fix all issues and post new log.

    Then continue with other steps.
     
  5. islam

    islam TS Rookie Topic Starter Posts: 23

    Protection: Enabled

    30/07/2012 04:43:24 ص
    mbam-log-2012-07-30 (04-43-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228281
    Time elapsed: 14 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\islam\Local Settings\Temporary Internet Files\Content.IE5\Z4IJ28K0\Anytube_5315[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

    (end)
    now every time I search in the browser I see notification that the program blocked malicious website
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

     
  7. islam

    islam TS Rookie Topic Starter Posts: 23

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-30 22:39:39
    Windows 6.1.7600
    Running: 4f9m8wc2.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows Live\Companion\@hotmail.com@a92b82ed2e997136a802cb75192af1e7\r\n 0x14 0xC4 0xC9 0x64 ...

    ---- EOF - GMER 1.0.15 ----
     
  8. islam

    islam TS Rookie Topic Starter Posts: 23

    I tried to download dds several times but for some reason I could not
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  10. islam

    islam TS Rookie Topic Starter Posts: 23

    ok thanks
    now I downloaded dds and everytime I click on it weird notepad opens with something like that 1¸„:uظêiuظêiuظêI¶ضµiwظêiuظëIîظêI¶ض·idظêI!ْعIظêI²كىitظêiRichuظêI PE L ئمK à   P   0َ °  @        ي €      `    ` UPX0    € àUPX1 P ° F  @ à.rsrc    J @ ہ 3.07 UPX!
    •»$ذک…‚غ 'C „ & "ے÷ےU‹ىƒى\ƒ} t+F‹Eu
    ƒH‹
    ¨>Bے؟lے ‰HPےu ےHr@ é uSفŒ}÷V‹5°چE¤WPLƒeôيوl»1E نP‹}ً؟‎±·ًDp; ï¶FRVV¯Uuے؟‎è‹د+Mèءآ‰M™÷ے3زٹًQ‌ùغحNUMèء‹ت1T»vé>ٹبPE3ءل×m··ہ بsôPBّ¢p‡™هىrEًPˆ Tكق¾½ےسè9}qŒwے ƒ~Xے؛‌ûteےv4½5…ہ3tnغ¶/jWا:« èî"فح¹*ت )XWKpغg›غےXضًh -P¹gWّjےh 6%Xr ؟9Yˆw¤\_^3ہ[ةغكً·آ_‹L$،بF‹رSiزAVûفےےW‹TِآtOچq3ے;5جsB‹خIة¼}Y‏چD‹ءGëtغےِ/BO…ةt ë
    u ‹ظ3عƒم9ظ´غ³÷‰F1Arتt[آ…wأ7îQQ‹U؟ٍIِک{أآ€3ةَW?üB‹F¨^~ىِ 9M t$¾B‰;„D‹آIہ°ً‎G|چB‹‡
    ,Rغثِ÷#
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. islam

    islam TS Rookie Topic Starter Posts: 23

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-01 23:04:28
    -----------------------------
    23:04:28.962 OS Version: Windows x64 6.1.7600
    23:04:28.962 Number of processors: 6 586 0xA00
    23:04:28.962 ComputerName: ISLAM-PC UserName: islam
    23:04:29.810 Initialize success
    23:36:25.981 AVAST engine defs: 12080100
    23:40:31.661 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
    23:40:31.663 Disk 0 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 3
    23:40:31.665 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:40:31.666 Disk 1 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 3
    23:40:31.669 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-7
    23:40:31.671 Disk 2 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
    23:40:31.685 Disk 2 MBR read successfully
    23:40:31.688 Disk 2 MBR scan
    23:40:31.755 Disk 2 Windows 7 default MBR code
    23:40:31.774 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476934 MB offset 2048
    23:40:31.823 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 476932 MB offset 976762880
    23:40:31.918 Disk 2 scanning C:\Windows\system32\drivers
    23:40:38.339 Service scanning
    23:40:55.386 Modules scanning
    23:40:55.393 Disk 2 trace - called modules:
    23:40:55.401 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    23:40:55.405 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004ac5060]
    23:40:55.409 3 CLASSPNP.SYS[fffff880013af43f] -> nt!IofCallDriver -> [0xfffffa80049889b0]
    23:40:55.412 5 ACPI.sys[fffff88000f68781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-7[0xfffffa8004a4e060]
    23:40:56.381 AVAST engine scan C:\Windows
    23:40:58.959 AVAST engine scan C:\Windows\system32
    23:43:22.453 AVAST engine scan C:\Windows\system32\drivers
    23:43:30.415 AVAST engine scan C:\Users\islam
    23:48:51.475 File: C:\Users\islam\AppData\Local\Temp\fhbnxqxklt.exe **INFECTED** Win32:Agent-APAI [Spy]
    23:54:01.983 Disk 2 MBR has been saved successfully to "C:\Users\islam\Documents\MBR.dat"
    23:54:01.989 The log file has been saved successfully to "C:\Users\islam\Documents\aswMBR.txt"
    00:16:00.550 File: C:\Users\islam\SvcHost.exe **INFECTED** Win32:Agent-APAI [Spy]
    00:16:54.406 AVAST engine scan C:\ProgramData
    00:27:46.962 Scan finished successfully
    00:31:15.372 Disk 2 MBR has been saved successfully to "C:\Users\islam\Documents\MBR.dat"
    00:31:15.388 The log file has been saved successfully to "C:\Users\islam\Documents\aswMBR.txt"
    00:32:14.478 Disk 2 MBR has been saved successfully to "C:\Users\islam\Pictures\MBR.dat"
    00:32:14.482 The log file has been saved successfully to "C:\Users\islam\Pictures\aswMBR.txt"
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    RogueKiller?
     
  14. islam

    islam TS Rookie Topic Starter Posts: 23

    didnot work in my pc , I tried it 3 times and every time bsod
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You have to tell me though (??)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. islam

    islam TS Rookie Topic Starter Posts: 23

    02:33:31.0295 6836TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    02:33:33.0296 6836============================================================
    02:33:33.0296 6836Current date / time: 2012/08/02 02:33:33.0296
    02:33:33.0296 6836SystemInfo:
    02:33:33.0296 6836
    02:33:33.0296 6836OS Version: 6.1.7600 ServicePack: 0.0
    02:33:33.0296 6836Product type: Workstation
    02:33:33.0296 6836ComputerName: ISLAM-PC
    02:33:33.0296 6836UserName: islam
    02:33:33.0296 6836Windows directory: C:\Windows
    02:33:33.0296 6836System windows directory: C:\Windows
    02:33:33.0296 6836Running under WOW64
    02:33:33.0296 6836Processor architecture: Intel x64
    02:33:33.0296 6836Number of processors: 6
    02:33:33.0296 6836Page size: 0x1000
    02:33:33.0296 6836Boot type: Normal boot
    02:33:33.0296 6836============================================================
    02:33:34.0947 6836Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    02:33:34.0957 6836Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    02:33:35.0364 6836Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    02:33:35.0368 6836============================================================
    02:33:35.0368 6836\Device\Harddisk1\DR1:
    02:33:35.0368 6836MBR partitions:
    02:33:35.0368 6836\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x186B1F1E
    02:33:35.0387 6836\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x186B1F9C, BlocksNum 0x19B02ACC
    02:33:35.0407 6836\Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x321B4AA7, BlocksNum 0x186A241A
    02:33:35.0407 6836\Device\Harddisk2\DR2:
    02:33:35.0407 6836MBR partitions:
    02:33:35.0407 6836\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A383000
    02:33:35.0407 6836\Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3A383800, BlocksNum 0x3A382000
    02:33:35.0407 6836\Device\Harddisk0\DR0:
    02:33:35.0407 6836MBR partitions:
    02:33:35.0407 6836\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A382800
    02:33:35.0407 6836\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A383000, BlocksNum 0x3A382800
    02:33:35.0407 6836============================================================
    02:33:35.0413 6836C: <-> \Device\Harddisk2\DR2\Partition0
    02:33:35.0434 6836E: <-> \Device\Harddisk1\DR1\Partition0
    02:33:35.0456 6836F: <-> \Device\Harddisk1\DR1\Partition1
    02:33:35.0476 6836G: <-> \Device\Harddisk1\DR1\Partition2
    02:33:35.0498 6836J: <-> \Device\Harddisk2\DR2\Partition1
    02:33:35.0538 6836K: <-> \Device\Harddisk0\DR0\Partition1
    02:33:35.0562 6836I: <-> \Device\Harddisk0\DR0\Partition0
    02:33:35.0562 6836============================================================
    02:33:35.0562 6836Initialize success
    02:33:35.0562 6836============================================================
    02:33:50.0510 5580============================================================
    02:33:50.0510 5580Scan started
    02:33:50.0510 5580Mode: Manual;
    02:33:50.0510 5580============================================================
    02:33:52.0336 55801394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    02:33:52.0343 55801394ohci - ok
    02:33:52.0373 5580ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    02:33:52.0376 5580ACPI - ok
    02:33:52.0385 5580AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    02:33:52.0388 5580AcpiPmi - ok
    02:33:52.0477 5580AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    02:33:52.0478 5580AdobeARMservice - ok
    02:33:52.0586 5580AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    02:33:52.0587 5580AdobeFlashPlayerUpdateSvc - ok
    02:33:52.0629 5580adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    02:33:52.0640 5580adp94xx - ok
    02:33:52.0665 5580adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    02:33:52.0670 5580adpahci - ok
    02:33:52.0684 5580adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    02:33:52.0687 5580adpu320 - ok
    02:33:52.0704 5580AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    02:33:52.0705 5580AeLookupSvc - ok
    02:33:52.0729 5580AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    02:33:52.0740 5580AFD - ok
    02:33:52.0777 5580agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    02:33:52.0780 5580agp440 - ok
    02:33:52.0790 5580ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    02:33:52.0792 5580ALG - ok
    02:33:52.0805 5580aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    02:33:52.0807 5580aliide - ok
    02:33:52.0932 5580ALSysIO - ok
    02:33:53.0015 5580AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
    02:33:53.0017 5580AMD External Events Utility - ok
    02:33:53.0050 5580AMD FUEL Service - ok
    02:33:53.0075 5580amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    02:33:53.0076 5580amdide - ok
    02:33:53.0092 5580amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    02:33:53.0096 5580amdiox64 - ok
    02:33:53.0117 5580AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    02:33:53.0120 5580AmdK8 - ok
    02:33:53.0407 5580amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    02:33:53.0575 5580amdkmdag - ok
    02:33:53.0662 5580amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
    02:33:53.0668 5580amdkmdap - ok
    02:33:53.0696 5580AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    02:33:53.0697 5580AmdPPM - ok
    02:33:53.0711 5580amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    02:33:53.0716 5580amdsata - ok
    02:33:53.0729 5580amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    02:33:53.0732 5580amdsbs - ok
    02:33:53.0741 5580amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    02:33:53.0742 5580amdxata - ok
    02:33:53.0794 5580AODDriver (b934322c68c30dceca96c0274a51f7b0) C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys
    02:33:53.0798 5580AODDriver - ok
    02:33:53.0826 5580AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    02:33:53.0827 5580AODDriver4.01 - ok
    02:33:53.0829 5580AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    02:33:53.0830 5580AODDriver4.1 - ok
    02:33:53.0897 5580AODDriver4.2.0 (cca0610205bfe4ea3a7b7319ae7ef2a2) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
    02:33:53.0898 5580AODDriver4.2.0 - ok
    02:33:53.0925 5580AODService (01cb9ee6adaed004e86f9870a14f86eb) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    02:33:53.0927 5580AODService - ok
    02:33:53.0952 5580AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    02:33:53.0956 5580AppID - ok
    02:33:53.0974 5580AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    02:33:53.0976 5580AppIDSvc - ok
    02:33:53.0986 5580Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    02:33:53.0987 5580Appinfo - ok
    02:33:54.0019 5580AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    02:33:54.0023 5580AppMgmt - ok
    02:33:54.0032 5580arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    02:33:54.0037 5580arc - ok
    02:33:54.0049 5580arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    02:33:54.0052 5580arcsas - ok
    02:33:54.0102 5580AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
    02:33:54.0105 5580AsIO - ok
    02:33:54.0121 5580asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
    02:33:54.0126 5580asmthub3 - ok
    02:33:54.0152 5580asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
    02:33:54.0168 5580asmtxhci - ok
    02:33:54.0251 5580aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    02:33:54.0267 5580aspnet_state - ok
    02:33:54.0313 5580AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
    02:33:54.0316 5580AsUpIO - ok
    02:33:54.0335 5580AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    02:33:54.0337 5580AsyncMac - ok
    02:33:54.0349 5580atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    02:33:54.0349 5580atapi - ok
    02:33:54.0381 5580AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
    02:33:54.0386 5580AtiHDAudioService - ok
    02:33:54.0475 5580AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
    02:33:54.0479 5580AtiHdmiService - ok
    02:33:54.0512 5580AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
    02:33:54.0512 5580AtiPcie - ok
    02:33:54.0554 5580AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    02:33:54.0568 5580AudioEndpointBuilder - ok
    02:33:54.0573 5580AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    02:33:54.0576 5580AudioSrv - ok
    02:33:54.0645 5580Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    02:33:54.0646 5580Autodesk Content Service - ok
    02:33:54.0702 5580avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
    02:33:54.0742 5580avc3 - ok
    02:33:54.0779 5580avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
    02:33:54.0785 5580avchv - ok
    02:33:54.0828 5580avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
    02:33:54.0840 5580avckf - ok
    02:33:54.0873 5580AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    02:33:54.0878 5580AxInstSV - ok
    02:33:54.0913 5580b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    02:33:54.0924 5580b06bdrv - ok
    02:33:54.0959 5580b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    02:33:54.0963 5580b57nd60a - ok
    02:33:55.0009 5580BCUService (328e794278cc30ca7c06e346a18b1abc) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    02:33:55.0011 5580BCUService - ok
    02:33:55.0027 5580BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    02:33:55.0030 5580BDESVC - ok
    02:33:55.0073 5580BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
    02:33:55.0077 5580BdfNdisf - ok
    02:33:55.0128 5580bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
    02:33:55.0140 5580bdfsfltr - ok
    02:33:55.0153 5580bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
    02:33:55.0157 5580bdfwfpf - ok
    02:33:55.0184 5580bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
    02:33:55.0188 5580bdsandbox - ok
    02:33:55.0207 5580BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
    02:33:55.0211 5580BDVEDISK - ok
    02:33:55.0220 5580Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    02:33:55.0221 5580Beep - ok
    02:33:55.0269 5580BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    02:33:55.0283 5580BFE - ok
    02:33:55.0325 5580BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    02:33:55.0345 5580BITS - ok
    02:33:55.0385 5580blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    02:33:55.0387 5580blbdrive - ok
    02:33:55.0404 5580bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    02:33:55.0405 5580bowser - ok
    02:33:55.0415 5580BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    02:33:55.0417 5580BrFiltLo - ok
    02:33:55.0427 5580BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    02:33:55.0428 5580BrFiltUp - ok
    02:33:55.0444 5580Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    02:33:55.0446 5580Browser - ok
    02:33:55.0463 5580Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    02:33:55.0468 5580Brserid - ok
    02:33:55.0479 5580BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    02:33:55.0482 5580BrSerWdm - ok
    02:33:55.0496 5580BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    02:33:55.0497 5580BrUsbMdm - ok
    02:33:55.0511 5580BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    02:33:55.0513 5580BrUsbSer - ok
    02:33:55.0525 5580BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    02:33:55.0527 5580BTHMODEM - ok
    02:33:55.0553 5580bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    02:33:55.0555 5580bthserv - ok
    02:33:55.0565 5580cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    02:33:55.0569 5580cdfs - ok
    02:33:55.0579 5580cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    02:33:55.0588 5580cdrom - ok
    02:33:55.0605 5580CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    02:33:55.0607 5580CertPropSvc - ok
    02:33:55.0614 5580circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    02:33:55.0616 5580circlass - ok
    02:33:55.0637 5580CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    02:33:55.0640 5580CLFS - ok
    02:33:55.0688 5580clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    02:33:55.0691 5580clr_optimization_v2.0.50727_32 - ok
    02:33:55.0828 5580clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    02:33:55.0831 5580clr_optimization_v2.0.50727_64 - ok
    02:33:55.0871 5580clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    02:33:55.0934 5580clr_optimization_v4.0.30319_32 - ok
    02:33:55.0963 5580clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    02:33:55.0965 5580clr_optimization_v4.0.30319_64 - ok
    02:33:55.0976 5580CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    02:33:55.0978 5580CmBatt - ok
    02:33:55.0988 5580cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    02:33:55.0990 5580cmdide - ok
    02:33:56.0021 5580CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    02:33:56.0033 5580CNG - ok
    02:33:56.0050 5580Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    02:33:56.0051 5580Compbatt - ok
    02:33:56.0073 5580CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    02:33:56.0076 5580CompositeBus - ok
    02:33:56.0083 5580COMSysApp - ok
    02:33:56.0193 5580CoordinatorServiceHost (ab82a8885ab9687d82aa51a4b4f62e2d) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    02:33:56.0201 5580CoordinatorServiceHost - ok
    02:33:56.0248 5580cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
    02:33:56.0248 5580cpuz135 - ok
    02:33:56.0259 5580crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    02:33:56.0261 5580crcdisk - ok
    02:33:56.0298 5580CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    02:33:56.0300 5580CryptSvc - ok
    02:33:56.0327 5580CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    02:33:56.0340 5580CSC - ok
    02:33:56.0375 5580CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
    02:33:56.0389 5580CscService - ok
    02:33:56.0426 5580DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    02:33:56.0431 5580DcomLaunch - ok
    02:33:56.0454 5580defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    02:33:56.0458 5580defragsvc - ok
    02:33:56.0491 5580DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    02:33:56.0496 5580DfsC - ok
    02:33:56.0531 5580Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    02:33:56.0535 5580Dhcp - ok
    02:33:56.0547 5580discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    02:33:56.0548 5580discache - ok
    02:33:56.0574 5580Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    02:33:56.0575 5580Disk - ok
    02:33:56.0596 5580Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
    02:33:56.0598 5580Dnscache - ok
    02:33:56.0615 5580dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    02:33:56.0621 5580dot3svc - ok
    02:33:56.0647 5580Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    02:33:56.0649 5580Dot4 - ok
    02:33:56.0674 5580Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    02:33:56.0676 5580Dot4Print - ok
    02:33:56.0685 5580dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    02:33:56.0686 5580dot4usb - ok
    02:33:56.0702 5580DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    02:33:56.0704 5580DPS - ok
    02:33:56.0726 5580drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    02:33:56.0727 5580drmkaud - ok
    02:33:56.0771 5580dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    02:33:56.0774 5580dtsoftbus01 - ok
    02:33:56.0820 5580DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    02:33:56.0863 5580DXGKrnl - ok
    02:33:56.0870 5580E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
    02:33:56.0873 5580E1G60 - ok
    02:33:56.0887 5580EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    02:33:56.0888 5580EapHost - ok
    02:33:56.0990 5580ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    02:33:57.0055 5580ebdrv - ok
    02:33:57.0135 5580EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    02:33:57.0137 5580EFS - ok
    02:33:57.0188 5580ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    02:33:57.0198 5580ehRecvr - ok
    02:33:57.0216 5580ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    02:33:57.0219 5580ehSched - ok
    02:33:57.0263 5580elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    02:33:57.0268 5580elxstor - ok
    02:33:57.0275 5580ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    02:33:57.0276 5580ErrDev - ok
    02:33:57.0317 5580EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    02:33:57.0321 5580EventSystem - ok
    02:33:57.0329 5580exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    02:33:57.0332 5580exfat - ok
    02:33:57.0340 5580fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    02:33:57.0343 5580fastfat - ok
    02:33:57.0390 5580Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    02:33:57.0413 5580Fax - ok
    02:33:57.0428 5580fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    02:33:57.0430 5580fdc - ok
    02:33:57.0437 5580fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    02:33:57.0438 5580fdPHost - ok
    02:33:57.0447 5580FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    02:33:57.0448 5580FDResPub - ok
    02:33:57.0457 5580FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    02:33:57.0459 5580FileInfo - ok
    02:33:57.0473 5580Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    02:33:57.0475 5580Filetrace - ok
    02:33:57.0547 5580FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    02:33:57.0800 5580FLEXnet Licensing Service - ok
    02:33:57.0895 5580FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    02:33:57.0913 5580FLEXnet Licensing Service 64 - ok
    02:33:57.0993 5580flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    02:33:57.0995 5580flpydisk - ok
    02:33:58.0015 5580FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    02:33:58.0018 5580FltMgr - ok
    02:33:58.0060 5580FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    02:33:58.0073 5580FontCache - ok
    02:33:58.0119 5580FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    02:33:58.0120 5580FontCache3.0.0.0 - ok
    02:33:58.0130 5580FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    02:33:58.0133 5580FsDepends - ok
    02:33:58.0139 5580Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    02:33:58.0140 5580Fs_Rec - ok
    02:33:58.0163 5580fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    02:33:58.0165 5580fvevol - ok
    02:33:58.0182 5580gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    02:33:58.0185 5580gagp30kx - ok
    02:33:58.0226 5580GGSAFERDriver - ok
    02:33:58.0259 5580gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    02:33:58.0271 5580gpsvc - ok
    02:33:58.0338 5580GSService (c4d6a1ef698ec3d641713b550b9b33d1) C:\Windows\SysWOW64\GSService.exe
    02:33:58.0367 5580GSService - ok
    02:33:58.0414 5580gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    02:33:58.0436 5580gusvc - ok
    02:33:58.0533 5580hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    02:33:58.0536 5580hamachi - ok
    02:33:58.0546 5580hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    02:33:58.0548 5580hcw85cir - ok
    02:33:58.0598 5580HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    02:33:58.0612 5580HdAudAddService - ok
    02:33:58.0662 5580HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    02:33:58.0664 5580HDAudBus - ok
    02:33:58.0677 5580HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    02:33:58.0678 5580HidBatt - ok
    02:33:58.0690 5580HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    02:33:58.0693 5580HidBth - ok
    02:33:58.0712 5580HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    02:33:58.0715 5580HidIr - ok
    02:33:58.0735 5580hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    02:33:58.0736 5580hidserv - ok
    02:33:58.0749 5580HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    02:33:58.0752 5580HidUsb - ok
    02:33:58.0763 5580hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    02:33:58.0765 5580hkmsvc - ok
    02:33:58.0781 5580HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    02:33:58.0783 5580HomeGroupListener - ok
    02:33:58.0803 5580HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    02:33:58.0806 5580HomeGroupProvider - ok
    02:33:58.0897 5580hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    02:33:58.0900 5580hpqcxs08 - ok
    02:33:58.0926 5580hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    02:33:58.0928 5580hpqddsvc - ok
    02:33:58.0932 5580HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    02:33:58.0937 5580HpSAMD - ok
    02:33:58.0976 5580HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    02:33:58.0989 5580HTTP - ok
    02:33:58.0995 5580hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    02:33:58.0995 5580hwpolicy - ok
    02:33:59.0011 5580i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    02:33:59.0014 5580i8042prt - ok
    02:33:59.0029 5580iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    02:33:59.0035 5580iaStorV - ok
    02:33:59.0079 5580IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
    02:33:59.0081 5580IDMWFP - ok
    02:33:59.0137 5580idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    02:33:59.0150 5580idsvc - ok
    02:33:59.0172 5580iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    02:33:59.0174 5580iirsp - ok
    02:33:59.0216 5580IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    02:33:59.0226 5580IKEEXT - ok
    02:33:59.0341 5580IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
    02:33:59.0378 5580IntcAzAudAddService - ok
    02:33:59.0504 5580intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    02:33:59.0523 5580intelide - ok
    02:33:59.0704 5580intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    02:33:59.0707 5580intelppm - ok
    02:33:59.0720 5580IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    02:33:59.0723 5580IPBusEnum - ok
    02:33:59.0735 5580IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    02:33:59.0748 5580IpFilterDriver - ok
    02:33:59.0776 5580iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    02:33:59.0785 5580iphlpsvc - ok
    02:33:59.0797 5580IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    02:33:59.0802 5580IPMIDRV - ok
    02:33:59.0808 5580IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    02:33:59.0811 5580IPNAT - ok
    02:33:59.0823 5580IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    02:33:59.0825 5580IRENUM - ok
    02:33:59.0831 5580isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    02:33:59.0833 5580isapnp - ok
    02:33:59.0852 5580iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    02:33:59.0857 5580iScsiPrt - ok
    02:33:59.0877 5580kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    02:33:59.0880 5580kbdclass - ok
    02:33:59.0891 5580kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    02:33:59.0895 5580kbdhid - ok
    02:33:59.0910 5580KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    02:33:59.0911 5580KeyIso - ok
    02:33:59.0919 5580KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    02:33:59.0921 5580KSecDD - ok
    02:33:59.0933 5580KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    02:33:59.0935 5580KSecPkg - ok
    02:33:59.0944 5580ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    02:33:59.0946 5580ksthunk - ok
    02:33:59.0967 5580KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    02:33:59.0977 5580KtmRm - ok
    02:33:59.0999 5580LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    02:34:00.0002 5580LanmanServer - ok
    02:34:00.0023 5580LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    02:34:00.0026 5580LanmanWorkstation - ok
    02:34:00.0043 5580lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    02:34:00.0044 5580lltdio - ok
    02:34:00.0065 5580lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    02:34:00.0070 5580lltdsvc - ok
    02:34:00.0083 5580lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    02:34:00.0085 5580lmhosts - ok
    02:34:00.0108 5580LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    02:34:00.0113 5580LSI_FC - ok
    02:34:00.0132 5580LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    02:34:00.0134 5580LSI_SAS - ok
    02:34:00.0144 5580LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    02:34:00.0146 5580LSI_SAS2 - ok
    02:34:00.0161 5580LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    02:34:00.0165 5580LSI_SCSI - ok
    02:34:00.0185 5580luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    02:34:00.0186 5580luafv - ok
    02:34:00.0243 5580MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    02:34:00.0244 5580MBAMProtector - ok
    02:34:00.0349 5580MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    02:34:00.0352 5580MBAMService - ok
    02:34:00.0382 5580mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
    02:34:00.0388 5580mcdbus - ok
    02:34:00.0404 5580Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    02:34:00.0408 5580Mcx2Svc - ok
    02:34:00.0422 5580megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    02:34:00.0425 5580megasas - ok
    02:34:00.0437 5580MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    02:34:00.0440 5580MegaSR - ok
    02:34:00.0496 5580Microsoft SharePoint Workspace Audit Service - ok
    02:34:00.0516 5580MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    02:34:00.0518 5580MMCSS - ok
    02:34:00.0529 5580Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    02:34:00.0531 5580Modem - ok
    02:34:00.0549 5580monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    02:34:00.0550 5580monitor - ok
    02:34:00.0560 5580mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    02:34:00.0562 5580mouclass - ok
    02:34:00.0586 5580mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    02:34:00.0588 5580mouhid - ok
    02:34:00.0604 5580mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    02:34:00.0605 5580mountmgr - ok
    02:34:00.0677 5580MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    02:34:00.0690 5580MozillaMaintenance - ok
    02:34:00.0705 5580mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    02:34:00.0710 5580mpio - ok
    02:34:00.0717 5580mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    02:34:00.0719 5580mpsdrv - ok
    02:34:00.0754 5580MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    02:34:00.0765 5580MpsSvc - ok
    02:34:00.0802 5580MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    02:34:00.0806 5580MRxDAV - ok
    02:34:00.0822 5580mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    02:34:00.0824 5580mrxsmb - ok
    02:34:00.0837 5580mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    02:34:00.0839 5580mrxsmb10 - ok
    02:34:00.0851 5580mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    02:34:00.0853 5580mrxsmb20 - ok
    02:34:00.0864 5580msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    02:34:00.0867 5580msahci - ok
    02:34:00.0881 5580msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    02:34:00.0886 5580msdsm - ok
    02:34:00.0899 5580MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    02:34:00.0902 5580MSDTC - ok
    02:34:00.0914 5580Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    02:34:00.0915 5580Msfs - ok
    02:34:00.0926 5580mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    02:34:00.0927 5580mshidkmdf - ok
    02:34:00.0934 5580msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    02:34:00.0935 5580msisadrv - ok
    02:34:00.0967 5580MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    02:34:00.0971 5580MSiSCSI - ok
    02:34:00.0974 5580msiserver - ok
    02:34:00.0991 5580MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    02:34:00.0993 5580MSKSSRV - ok
    02:34:01.0004 5580MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    02:34:01.0005 5580MSPCLOCK - ok
    02:34:01.0019 5580MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    02:34:01.0020 5580MSPQM - ok
    02:34:01.0043 5580MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    02:34:01.0049 5580MsRPC - ok
    02:34:01.0060 5580mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    02:34:01.0061 5580mssmbios - ok
    02:34:01.0063 5580MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    02:34:01.0064 5580MSTEE - ok
    02:34:01.0075 5580MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    02:34:01.0076 5580MTConfig - ok
    02:34:01.0103 5580MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    02:34:01.0106 5580MTsensor - ok
    02:34:01.0123 5580Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    02:34:01.0124 5580Mup - ok
    02:34:01.0157 5580napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    02:34:01.0168 5580napagent - ok
    02:34:01.0194 5580NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    02:34:01.0199 5580NativeWifiP - ok
    02:34:01.0244 5580NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    02:34:01.0254 5580NDIS - ok
    02:34:01.0269 5580NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    02:34:01.0271 5580NdisCap - ok
    02:34:01.0290 5580NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    02:34:01.0292 5580NdisTapi - ok
    02:34:01.0308 5580Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    02:34:01.0312 5580Ndisuio - ok
    02:34:01.0326 5580NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    02:34:01.0330 5580NdisWan - ok
    02:34:01.0338 5580NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    02:34:01.0342 5580NDProxy - ok
    02:34:01.0379 5580Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
    02:34:01.0380 5580Net Driver HPZ12 - ok
    02:34:01.0391 5580NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    02:34:01.0393 5580NetBIOS - ok
    02:34:01.0408 5580NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    02:34:01.0410 5580NetBT - ok
    02:34:01.0427 5580Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    02:34:01.0428 5580Netlogon - ok
    02:34:01.0457 5580Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    02:34:01.0461 5580Netman - ok
    02:34:01.0529 5580NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    02:34:01.0544 5580NetMsmqActivator - ok
    02:34:01.0546 5580NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    02:34:01.0547 5580NetPipeActivator - ok
    02:34:01.0572 5580netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    02:34:01.0587 5580netprofm - ok
    02:34:01.0590 5580NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    02:34:01.0591 5580NetTcpActivator - ok
    02:34:01.0594 5580NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    02:34:01.0595 5580NetTcpPortSharing - ok
    02:34:01.0627 5580nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    02:34:01.0629 5580nfrd960 - ok
    02:34:01.0652 5580NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    02:34:01.0655 5580NlaSvc - ok
    02:34:01.0657 5580NLNdisMP - ok
    02:34:01.0672 5580NLNdisPT - ok
    02:34:01.0681 5580Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    02:34:01.0684 5580Npfs - ok
    02:34:01.0687 5580nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    02:34:01.0689 5580nsi - ok
    02:34:01.0697 5580nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    02:34:01.0698 5580nsiproxy - ok
    02:34:01.0765 5580Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    02:34:01.0792 5580Ntfs - ok
    02:34:01.0857 5580Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    02:34:01.0858 5580Null - ok
    02:34:01.0876 5580nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    02:34:01.0883 5580nvraid - ok
    02:34:01.0890 5580nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    02:34:01.0895 5580nvstor - ok
    02:34:01.0902 5580nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    02:34:01.0905 5580nv_agp - ok
    02:34:01.0923 5580ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    02:34:01.0925 5580ohci1394 - ok
    02:34:01.0987 5580ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    02:34:01.0990 5580ose64 - ok
    02:34:02.0163 5580osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    02:34:02.0237 5580osppsvc - ok
    02:34:02.0330 5580p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    02:34:02.0334 5580p2pimsvc - ok
    02:34:02.0357 5580p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    02:34:02.0369 5580p2psvc - ok
    02:34:02.0397 5580Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    02:34:02.0399 5580Parport - ok
    02:34:02.0410 5580partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    02:34:02.0411 5580partmgr - ok
    02:34:02.0431 5580PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    02:34:02.0433 5580PcaSvc - ok
    02:34:02.0449 5580pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    02:34:02.0451 5580pci - ok
    02:34:02.0458 5580pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    02:34:02.0459 5580pciide - ok
    02:34:02.0468 5580pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    02:34:02.0472 5580pcmcia - ok
    02:34:02.0495 5580pcouffin (899e41a057038cb5be892fe428bdc576) C:\Windows\system32\Drivers\pcouffin.sys
    02:34:02.0500 5580pcouffin - ok
    02:34:02.0515 5580pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    02:34:02.0516 5580pcw - ok
    02:34:02.0539 5580PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    02:34:02.0544 5580PEAUTH - ok
    02:34:02.0599 5580PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    02:34:02.0628 5580PeerDistSvc - ok
    02:34:02.0710 5580PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    02:34:02.0717 5580PerfHost - ok
    02:34:02.0809 5580pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    02:34:02.0828 5580pla - ok
    02:34:02.0859 5580PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
    02:34:02.0863 5580PlugPlay - ok
    02:34:02.0914 5580Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
    02:34:02.0915 5580Pml Driver HPZ12 - ok
    02:34:02.0929 5580PnkBstrA - ok
    02:34:02.0940 5580PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    02:34:02.0943 5580PNRPAutoReg - ok
    02:34:02.0963 5580PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    02:34:02.0966 5580PNRPsvc - ok
    02:34:02.0998 5580PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    02:34:03.0008 5580PolicyAgent - ok
     
  17. islam

    islam TS Rookie Topic Starter Posts: 23

    02:34:03.0028 5580Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    02:34:03.0031 5580Power - ok
    02:34:03.0072 5580PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    02:34:03.0077 5580PptpMiniport - ok
    02:34:03.0098 5580Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    02:34:03.0101 5580Processor - ok
    02:34:03.0126 5580ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    02:34:03.0128 5580ProfSvc - ok
    02:34:03.0143 5580ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    02:34:03.0144 5580ProtectedStorage - ok
    02:34:03.0160 5580Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    02:34:03.0161 5580Psched - ok
    02:34:03.0220 5580ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    02:34:03.0234 5580ql2300 - ok
    02:34:03.0295 5580ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    02:34:03.0298 5580ql40xx - ok
    02:34:03.0315 5580QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    02:34:03.0319 5580QWAVE - ok
    02:34:03.0329 5580QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    02:34:03.0333 5580QWAVEdrv - ok
    02:34:03.0344 5580RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    02:34:03.0345 5580RasAcd - ok
    02:34:03.0361 5580RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    02:34:03.0364 5580RasAgileVpn - ok
    02:34:03.0378 5580RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    02:34:03.0381 5580RasAuto - ok
    02:34:03.0399 5580Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    02:34:03.0404 5580Rasl2tp - ok
    02:34:03.0424 5580RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    02:34:03.0433 5580RasMan - ok
    02:34:03.0438 5580RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    02:34:03.0441 5580RasPppoe - ok
    02:34:03.0455 5580RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    02:34:03.0457 5580RasSstp - ok
    02:34:03.0482 5580rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    02:34:03.0498 5580rdbss - ok
    02:34:03.0512 5580rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    02:34:03.0514 5580rdpbus - ok
    02:34:03.0523 5580RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    02:34:03.0524 5580RDPCDD - ok
    02:34:03.0533 5580RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    02:34:03.0538 5580RDPDR - ok
    02:34:03.0545 5580RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    02:34:03.0546 5580RDPENCDD - ok
    02:34:03.0556 5580RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    02:34:03.0557 5580RDPREFMP - ok
    02:34:03.0565 5580RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    02:34:03.0570 5580RDPWD - ok
    02:34:03.0595 5580rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    02:34:03.0597 5580rdyboost - ok
    02:34:03.0610 5580RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    02:34:03.0613 5580RemoteAccess - ok
    02:34:03.0631 5580RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    02:34:03.0635 5580RemoteRegistry - ok
    02:34:03.0655 5580RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    02:34:03.0657 5580RpcEptMapper - ok
    02:34:03.0674 5580RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    02:34:03.0676 5580RpcLocator - ok
    02:34:03.0701 5580RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    02:34:03.0704 5580RpcSs - ok
    02:34:03.0710 5580rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    02:34:03.0711 5580rspndr - ok
    02:34:03.0751 5580RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    02:34:03.0765 5580RTL8167 - ok
    02:34:03.0816 5580s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    02:34:03.0819 5580s3cap - ok
    02:34:03.0827 5580SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    02:34:03.0828 5580SamSs - ok
    02:34:03.0834 5580sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    02:34:03.0839 5580sbp2port - ok
    02:34:03.0860 5580SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
    02:34:03.0864 5580SBRE - ok
    02:34:03.0882 5580SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    02:34:03.0886 5580SCardSvr - ok
    02:34:03.0895 5580scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    02:34:03.0899 5580scfilter - ok
    02:34:03.0947 5580Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    02:34:03.0961 5580Schedule - ok
    02:34:03.0980 5580SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    02:34:03.0981 5580SCPolicySvc - ok
    02:34:03.0999 5580SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    02:34:04.0005 5580SDRSVC - ok
    02:34:04.0039 5580secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    02:34:04.0040 5580secdrv - ok
    02:34:04.0050 5580seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    02:34:04.0051 5580seclogon - ok
    02:34:04.0059 5580SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    02:34:04.0061 5580SENS - ok
    02:34:04.0070 5580SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    02:34:04.0073 5580SensrSvc - ok
    02:34:04.0079 5580Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    02:34:04.0081 5580Serenum - ok
    02:34:04.0089 5580Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    02:34:04.0091 5580Serial - ok
    02:34:04.0104 5580sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    02:34:04.0106 5580sermouse - ok
    02:34:04.0131 5580SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    02:34:04.0133 5580SessionEnv - ok
    02:34:04.0148 5580sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    02:34:04.0149 5580sffdisk - ok
    02:34:04.0159 5580sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    02:34:04.0161 5580sffp_mmc - ok
    02:34:04.0175 5580sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    02:34:04.0178 5580sffp_sd - ok
    02:34:04.0188 5580sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    02:34:04.0190 5580sfloppy - ok
    02:34:04.0222 5580SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    02:34:04.0231 5580SharedAccess - ok
    02:34:04.0256 5580ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    02:34:04.0260 5580ShellHWDetection - ok
    02:34:04.0281 5580SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    02:34:04.0283 5580SiSRaid2 - ok
    02:34:04.0288 5580SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    02:34:04.0290 5580SiSRaid4 - ok
    02:34:04.0353 5580SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
    02:34:04.0354 5580SkypeUpdate - ok
    02:34:04.0360 5580Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    02:34:04.0362 5580Smb - ok
    02:34:04.0389 5580SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    02:34:04.0391 5580SNMPTRAP - ok
    02:34:04.0461 5580SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    02:34:04.0474 5580SolidWorks Licensing Service - ok
    02:34:04.0528 5580speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
    02:34:04.0530 5580speedfan - ok
    02:34:04.0537 5580spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    02:34:04.0538 5580spldr - ok
    02:34:04.0567 5580Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    02:34:04.0575 5580Spooler - ok
    02:34:04.0713 5580sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    02:34:04.0791 5580sppsvc - ok
    02:34:04.0844 5580sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    02:34:04.0846 5580sppuinotify - ok
    02:34:04.0883 5580srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    02:34:04.0894 5580srv - ok
    02:34:04.0920 5580srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    02:34:04.0932 5580srv2 - ok
    02:34:04.0947 5580srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    02:34:04.0949 5580srvnet - ok
    02:34:04.0966 5580SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    02:34:04.0969 5580SSDPSRV - ok
    02:34:04.0983 5580SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    02:34:04.0985 5580SstpSvc - ok
    02:34:05.0041 5580Steam Client Service - ok
    02:34:05.0057 5580stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    02:34:05.0059 5580stexstor - ok
    02:34:05.0102 5580stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    02:34:05.0111 5580stisvc - ok
    02:34:05.0141 5580storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    02:34:05.0142 5580storflt - ok
    02:34:05.0153 5580StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    02:34:05.0157 5580StorSvc - ok
    02:34:05.0173 5580storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    02:34:05.0177 5580storvsc - ok
    02:34:05.0191 5580swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    02:34:05.0193 5580swenum - ok
    02:34:05.0246 5580SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    02:34:05.0248 5580SwitchBoard - ok
    02:34:05.0276 5580swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    02:34:05.0286 5580swprv - ok
    02:34:05.0356 5580SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    02:34:05.0378 5580SysMain - ok
    02:34:05.0435 5580TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    02:34:05.0440 5580TabletInputService - ok
    02:34:05.0463 5580TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    02:34:05.0470 5580TapiSrv - ok
    02:34:05.0482 5580TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    02:34:05.0484 5580TBS - ok
    02:34:05.0572 5580Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    02:34:05.0591 5580Tcpip - ok
    02:34:05.0694 5580TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    02:34:05.0702 5580TCPIP6 - ok
    02:34:05.0743 5580tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    02:34:05.0744 5580tcpipreg - ok
    02:34:05.0752 5580TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    02:34:05.0754 5580TDPIPE - ok
    02:34:05.0761 5580TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    02:34:05.0763 5580TDTCP - ok
    02:34:05.0785 5580tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    02:34:05.0789 5580tdx - ok
    02:34:05.0806 5580TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    02:34:05.0810 5580TermDD - ok
    02:34:05.0845 5580TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    02:34:05.0857 5580TermService - ok
    02:34:05.0868 5580Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    02:34:05.0870 5580Themes - ok
    02:34:05.0891 5580THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    02:34:05.0892 5580THREADORDER - ok
    02:34:05.0907 5580TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    02:34:05.0909 5580TrkWks - ok
    02:34:05.0943 5580trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
    02:34:05.0946 5580trufos - ok
    02:34:05.0981 5580TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    02:34:05.0982 5580TrustedInstaller - ok
    02:34:05.0991 5580tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    02:34:05.0994 5580tssecsrv - ok
    02:34:06.0011 5580tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    02:34:06.0015 5580tunnel - ok
    02:34:06.0026 5580uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    02:34:06.0028 5580uagp35 - ok
    02:34:06.0046 5580udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    02:34:06.0062 5580udfs - ok
    02:34:06.0081 5580UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    02:34:06.0084 5580UI0Detect - ok
    02:34:06.0092 5580uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    02:34:06.0095 5580uliagpkx - ok
    02:34:06.0116 5580umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    02:34:06.0120 5580umbus - ok
    02:34:06.0131 5580UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    02:34:06.0132 5580UmPass - ok
    02:34:06.0153 5580UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
    02:34:06.0156 5580UmRdpService - ok
    02:34:06.0236 5580Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    02:34:06.0251 5580Update Server - ok
    02:34:06.0299 5580UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    02:34:06.0325 5580UPDATESRV - ok
    02:34:06.0346 5580upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    02:34:06.0350 5580upnphost - ok
    02:34:06.0394 5580usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    02:34:06.0398 5580usbaudio - ok
    02:34:06.0412 5580usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    02:34:06.0416 5580usbccgp - ok
    02:34:06.0443 5580usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    02:34:06.0446 5580usbcir - ok
    02:34:06.0465 5580usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    02:34:06.0468 5580usbehci - ok
    02:34:06.0492 5580usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    02:34:06.0499 5580usbhub - ok
    02:34:06.0505 5580usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    02:34:06.0507 5580usbohci - ok
    02:34:06.0523 5580usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    02:34:06.0525 5580usbprint - ok
    02:34:06.0545 5580usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    02:34:06.0547 5580usbscan - ok
    02:34:06.0552 5580USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    02:34:06.0555 5580USBSTOR - ok
    02:34:06.0565 5580usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    02:34:06.0567 5580usbuhci - ok
    02:34:06.0574 5580UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    02:34:06.0576 5580UxSms - ok
    02:34:06.0593 5580VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    02:34:06.0594 5580VaultSvc - ok
    02:34:06.0613 5580vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    02:34:06.0614 5580vdrvroot - ok
    02:34:06.0645 5580vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    02:34:06.0659 5580vds - ok
    02:34:06.0713 5580VF0470Vid (8731905e73670b4a0c2fd4c774d3099d) C:\Windows\system32\DRIVERS\V0470Vid.sys
    02:34:06.0718 5580VF0470Vid - ok
    02:34:06.0730 5580vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    02:34:06.0732 5580vga - ok
    02:34:06.0742 5580VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    02:34:06.0744 5580VgaSave - ok
    02:34:06.0758 5580vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    02:34:06.0764 5580vhdmp - ok
    02:34:06.0777 5580viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    02:34:06.0779 5580viaide - ok
    02:34:06.0787 5580vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    02:34:06.0793 5580vmbus - ok
    02:34:06.0807 5580VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    02:34:06.0810 5580VMBusHID - ok
    02:34:06.0823 5580volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    02:34:06.0824 5580volmgr - ok
    02:34:06.0846 5580volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    02:34:06.0849 5580volmgrx - ok
    02:34:06.0864 5580volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    02:34:06.0867 5580volsnap - ok
    02:34:06.0885 5580vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    02:34:06.0888 5580vsmraid - ok
    02:34:06.0951 5580VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    02:34:06.0973 5580VSS - ok
    02:34:07.0004 5580VSSERV - ok
    02:34:07.0075 5580vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    02:34:07.0077 5580vwifibus - ok
    02:34:07.0101 5580W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    02:34:07.0105 5580W32Time - ok
    02:34:07.0110 5580WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    02:34:07.0112 5580WacomPen - ok
    02:34:07.0127 5580WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    02:34:07.0132 5580WANARP - ok
    02:34:07.0134 5580Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    02:34:07.0135 5580Wanarpv6 - ok
    02:34:07.0197 5580wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    02:34:07.0219 5580wbengine - ok
    02:34:07.0257 5580WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    02:34:07.0262 5580WbioSrvc - ok
    02:34:07.0285 5580wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
    02:34:07.0291 5580wcncsvc - ok
    02:34:07.0294 5580WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    02:34:07.0297 5580WcsPlugInService - ok
    02:34:07.0302 5580Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    02:34:07.0303 5580Wd - ok
    02:34:07.0337 5580WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    02:34:07.0339 5580WDC_SAM - ok
    02:34:07.0374 5580Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    02:34:07.0381 5580Wdf01000 - ok
    02:34:07.0389 5580WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    02:34:07.0392 5580WdiServiceHost - ok
    02:34:07.0394 5580WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    02:34:07.0396 5580WdiSystemHost - ok
    02:34:07.0411 5580WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
    02:34:07.0418 5580WebClient - ok
    02:34:07.0435 5580Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    02:34:07.0439 5580Wecsvc - ok
    02:34:07.0457 5580wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    02:34:07.0459 5580wercplsupport - ok
    02:34:07.0481 5580WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    02:34:07.0483 5580WerSvc - ok
    02:34:07.0503 5580WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    02:34:07.0504 5580WfpLwf - ok
    02:34:07.0508 5580WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    02:34:07.0510 5580WIMMount - ok
    02:34:07.0527 5580WinDefend - ok
    02:34:07.0533 5580WinHttpAutoProxySvc - ok
    02:34:07.0586 5580Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    02:34:07.0588 5580Winmgmt - ok
    02:34:07.0664 5580WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    02:34:07.0726 5580WinRM - ok
    02:34:07.0810 5580WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    02:34:07.0814 5580WinUsb - ok
    02:34:07.0859 5580Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    02:34:07.0895 5580Wlansvc - ok
    02:34:08.0010 5580wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    02:34:08.0021 5580wlidsvc - ok
    02:34:08.0054 5580WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    02:34:08.0055 5580WmiAcpi - ok
    02:34:08.0083 5580wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    02:34:08.0087 5580wmiApSrv - ok
    02:34:08.0099 5580WMPNetworkSvc - ok
    02:34:08.0109 5580WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    02:34:08.0111 5580WPCSvc - ok
    02:34:08.0126 5580WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    02:34:08.0128 5580WPDBusEnum - ok
    02:34:08.0139 5580ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    02:34:08.0141 5580ws2ifsl - ok
    02:34:08.0157 5580wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    02:34:08.0160 5580wscsvc - ok
    02:34:08.0162 5580WSearch - ok
    02:34:08.0248 5580wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    02:34:08.0281 5580wuauserv - ok
    02:34:08.0357 5580WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    02:34:08.0358 5580WudfPf - ok
    02:34:08.0374 5580WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    02:34:08.0378 5580WUDFRd - ok
    02:34:08.0393 5580wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    02:34:08.0395 5580wudfsvc - ok

    02:34:08.0412 5580WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    02:34:08.0417 5580WwanSvc - ok
    02:34:08.0478 5580xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
    02:34:08.0494 5580xnacc - ok
    02:34:08.0513 5580xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
    02:34:08.0515 5580xusb21 - ok
    02:34:08.0595 5580YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    02:34:08.0608 5580YahooAUService - ok
    02:34:09.0081 5580MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    02:34:09.0152 5580\Device\Harddisk1\DR1 - ok
    02:34:09.0166 5580MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
    02:34:09.0307 5580\Device\Harddisk2\DR2 - ok
    02:34:09.0309 5580MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    02:34:09.0753 5580\Device\Harddisk0\DR0 - ok
    02:34:09.0755 5580Boot (0x1200) (071e47c0c9537506f747c9f62bb3289f) \Device\Harddisk1\DR1\Partition0
    02:34:09.0756 5580\Device\Harddisk1\DR1\Partition0 - ok
    02:34:09.0777 5580Boot (0x1200) (e9c06738d51cfe052e2e058c8e1970d6) \Device\Harddisk1\DR1\Partition1
    02:34:09.0778 5580\Device\Harddisk1\DR1\Partition1 - ok
    02:34:09.0797 5580Boot (0x1200) (61095db5edbbdd43df74c5567a69609c) \Device\Harddisk1\DR1\Partition2
    02:34:09.0798 5580\Device\Harddisk1\DR1\Partition2 - ok
    02:34:09.0825 5580Boot (0x1200) (48508b5483c9d6cbb8c7ff377c6e1d43) \Device\Harddisk2\DR2\Partition0
    02:34:09.0826 5580\Device\Harddisk2\DR2\Partition0 - ok
    02:34:09.0878 5580Boot (0x1200) (d1fe21b4c5eea8726e490a3c12855147) \Device\Harddisk2\DR2\Partition1
    02:34:09.0879 5580\Device\Harddisk2\DR2\Partition1 - ok
    02:34:09.0882 5580Boot (0x1200) (4bf38942b330383672c4f7079c19893a) \Device\Harddisk0\DR0\Partition0
    02:34:09.0883 5580\Device\Harddisk0\DR0\Partition0 - ok
    02:34:09.0885 5580Boot (0x1200) (e5ee91362aa38e430f8b689dbde3dac8) \Device\Harddisk0\DR0\Partition1
    02:34:09.0886 5580\Device\Harddisk0\DR0\Partition1 - ok
    02:34:09.0887 5580============================================================
    02:34:09.0887 5580Scan finished
    02:34:09.0887 5580============================================================
    02:34:09.0894 6528Detected object count: 0
    02:34:09.0894 6528Actual detected object count: 0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  19. islam

    islam TS Rookie Topic Starter Posts: 23

    well thanks a lot for your help , but both didn't work ( bsod after I run it )
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I need to know what EXACTLY happened.
     
  21. islam

    islam TS Rookie Topic Starter Posts: 23

    I downloaded like u told me and disabled antivirus and closed every running program and after I clicked run blue screen of death :)
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Retry from safe mode.
     
  23. islam

    islam TS Rookie Topic Starter Posts: 23

    ok I will later but can you please tell me why all these steps needed and I even have one of the strongest antiviruses software updated regularly
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We're checking for possible infections.
    We don't have to.
    You asked for help.
     
  25. islam

    islam TS Rookie Topic Starter Posts: 23

    :) do not misunderstand me I just wanted to know why all these programs and I already know the name of the hjacking site
    .ComboFix 12-07-31.03 - islam 08/02/2012 4:19.1.6 - x64 MINIMAL
    Microsoft Windows 7 Enterprise 6.1.7600.0.1256.20.1033.18.4095.2882 [GMT 3:00]
    Running from: c:\users\islam\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Enabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
    FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    SP: Bitdefender Antispyware *Enabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1009839559.bdinstall.bin
    c:\users\islam\AppData\Roaming\logs
    c:\users\islam\AppData\Roaming\Microsoft\Windows\pL0oyP5.cfg
    c:\users\islam\AppData\Roaming\Microsoft\Windows\pL0oyP5.dat
    c:\users\islam\AppData\Roaming\Microsoft\Windows\pL0oyP5.xtr
    c:\users\islam\AppData\Roaming\system32
    c:\users\islam\SvcHost.exe
    c:\users\islam\SvcHost.exe.tmp
    c:\windows\SysWow64\tmpC45B.tmp
    c:\windows\SysWow64\tmpC4BA.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 01:32 . 2012-08-02 01:32--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-29 23:40 . 2012-07-29 23:40--------d-----w-c:\users\islam\AppData\Roaming\Malwarebytes
    2012-07-29 23:40 . 2012-07-29 23:40--------d-----w-c:\programdata\Malwarebytes
    2012-07-29 23:40 . 2012-07-29 23:40--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-29 23:40 . 2012-07-03 10:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-29 18:06 . 2012-07-29 18:06--------d-----w-c:\program files (x86)\Common Files\Skype
    2012-07-29 18:06 . 2012-07-29 18:06--------d-----r-c:\program files (x86)\Skype
    2012-07-28 19:00 . 2012-07-31 22:05--------d-----w-c:\program files\SUPERAntiSpyware
    2012-07-28 18:59 . 2012-07-28 18:59--------d-----w-c:\users\islam\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-28 00:44 . 2012-01-12 06:2857976----a-r-c:\windows\system32\drivers\SBREDrv.sys
    2012-07-28 00:21 . 2012-07-28 19:18--------d-----w-c:\program files (x86)\Common Files\PC Tools
    2012-07-28 00:21 . 2012-06-22 12:35251560----a-w-c:\windows\system32\drivers\PCTSD64.sys
    2012-07-28 00:17 . 2012-07-28 00:17--------d-----w-c:\users\islam\AppData\Roaming\TestApp
    2012-07-28 00:17 . 2012-07-28 00:17--------d-----w-c:\programdata\PC Tools
    2012-07-23 01:13 . 2001-12-31 21:01--------d-----w-c:\program files (x86)\hpmonitor
    2012-07-23 01:12 . 2012-07-23 01:12--------d-----w-C:\Downloads
    2012-07-23 01:08 . 2012-07-23 01:12--------d-----w-c:\program files (x86)\AnyTube Downloader
    2012-07-23 00:50 . 2012-07-23 00:50--------d-----w-C:\YouTubeVideos
    2012-07-23 00:26 . 2012-07-23 00:26--------d-----w-C:\myyoutube
    2012-07-23 00:25 . 2012-07-23 01:14--------d-----w-c:\program files (x86)\1-Click YouTube Downloader
    2012-07-23 00:19 . 2012-07-23 00:19--------d-----w-c:\program files\YoutubeDownloader.org
    2012-07-23 00:19 . 2012-07-23 00:19--------d-----w-c:\program files (x86)\YoutubeDownloader.org
    2012-07-23 00:16 . 2012-07-23 00:16--------d-----w-c:\windows\Sun
    2012-07-20 14:06 . 2012-07-20 14:06--------d-----w-c:\users\islam\AppData\Roaming\2K Sports
    2012-07-19 19:41 . 2012-07-19 19:41--------d-----w-c:\users\islam\AppData\Roaming\Yahoo!
    2012-07-18 13:31 . 2012-07-18 13:32--------d-----w-c:\program files\Core Temp
    2012-07-18 13:26 . 2012-07-20 22:03--------d-----w-c:\program files (x86)\SpeedFan
    2012-07-13 00:51 . 2012-03-08 16:5065912----a-w-c:\program files (x86)\Windows Media Player\msgrapp.dll
    2012-07-08 14:25 . 2012-07-08 14:25--------d-----w-c:\program files (x86)\AMD
    2012-07-08 14:24 . 2012-07-08 14:24--------d-----w-c:\users\islam\AppData\Local\Downloaded Installations
    2012-07-07 20:08 . 2012-07-07 20:08--------d-----w-c:\users\islam\AppData\Local\BigHugeEngine
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-28 23:09 . 2012-04-09 10:10426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-28 23:09 . 2002-01-01 00:5170344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-25 06:20 . 2011-11-06 00:3148648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2012-07-10 05:52 . 2011-12-28 09:4748648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2012-05-30 08:52 . 2012-06-23 00:354329472----a-w-c:\windows\system32\x264vfw.dll
    2012-05-30 06:17 . 2012-05-30 06:1771680----a-w-c:\windows\system32\frapsv64.dll
    2012-05-30 06:17 . 2012-05-30 06:1765536----a-w-c:\windows\SysWow64\frapsvid.dll
    2012-05-26 10:45 . 2012-06-23 00:35137216----a-w-c:\windows\system32\mlc.dll
    2012-05-20 20:55 . 2012-05-20 20:55189248----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-05-20 20:55 . 2012-05-20 20:5575136----a-w-c:\windows\SysWow64\PnkBstrA.exe
    2012-05-19 22:24 . 2012-05-19 22:24119808----a-r-c:\users\islam\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-05-04 16:29 . 2012-06-21 16:21772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-05-04 16:29 . 2012-06-21 16:21687504----a-w-c:\windows\SysWow64\deployJava1.dll
    2011-12-29 04:2027136--shatr-c:\windows\System32\bddel.exe
    2010-05-26 09:41276832--shatr-c:\windows\System32\d3dx11_43.dll
    2009-07-14 01:41479232--shatr-c:\windows\System32\spool\drivers\x64\3\unidrv.dll
    2009-07-14 01:41884224--shatr-c:\windows\System32\spool\drivers\x64\3\unidrvui.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2011-10-06 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OscarEditor"="c:\program files (x86)\OSCAR Editor\OscarEditor.exe" [2009-11-24 2642432]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "Creative Live! Cam Manager"="c:\program files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
    "CTRegRun"="c:\windows\CTRegRun.EXE" [2006-10-06 53248]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-10-25 3437976]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-21 6276408]
    "Facebook Update"="c:\users\islam\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    "NTServiceManager"="c:\program files (x86)\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2011-04-11 5402752]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
    "V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\users\islam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    99a7400c6ad316c96473810799a4e904.exe [2012-7-31 26624]
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-8 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-05-10 136616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
    R3 ALSysIO;ALSysIO;c:\users\islam\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 AODDriver;AODDriver;c:\program files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-03-12 52280]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-03-01 545064]
    R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2012-02-03 79952]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
    R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-01-23 249856]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-11-04 466736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-30 691896]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-12-25 90192]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-12-25 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2001-12-31 270912]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-05-10 57472]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-30 66096]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-12-25 258736]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-07 82048]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
    S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2007-04-20 182464]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:09]
    .
    2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000Core.job
    - c:\users\islam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 21:26]
    .
    2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000UA.job
    - c:\users\islam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 21:26]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000Core.job
    - c:\users\islam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 11:53]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000UA.job
    - c:\users\islam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 11:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:5022408----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-30 1067256]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\islam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\islam\AppData\Roaming\Mozilla\Firefox\Profiles\2bdzyozy.default\
    FF - prefs.js: browser.search.selectedEngine - google-feed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
    FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
    FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
    FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
    FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    Wow6432Node-HKCU-Run-TrackerChecker2 - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
    Wow6432Node-HKCU-Run-99a7400c6ad316c96473810799a4e904 - c:\users\islam\SvcHost.exe
    Wow6432Node-HKLM-Run-99a7400c6ad316c96473810799a4e904 - c:\users\islam\SvcHost.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\SetId\Internal]
    @Denied: (A 2) (LocalSystem)
    "DEVICE2"="vrfIyq7KygA="
    "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
    .
    [HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):1f,99,68,7d,eb,8d,23,6d,37,a5,79,41,3e,6a,bc,a4,9a,c8,de,ed,c0,
    bc,11,49,db,12,dc,62,45,52,6e,c4,9e,b1,5c,de,73,8e,4e,17,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):3a,e4,de,37,3e,e9,ea,6e,7f,5b,1e,8c,7d,cc,d0,55,96,01,92,8a,a3,
    7f,ec,11,7f,0a,74,a5,af,70,27,ad,c1,e1,87,c9,98,26,b2,0d,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{7baa0223-9ad0-4d46-be58-31dc4b05c40f}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000016c
    "Therad"=dword:00000029
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,1e,03,5a,a8,93,02,ec,74,d4,ef,60,92,54,e4,7e,8f,99,c0,8c,58,9a,8a,\
    .
    [HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{7da38cca-6412-4ee9-9fda-1e0a491f812a}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000132
    "Therad"=dword:00000017
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-02 04:39:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-02 01:39
    .
    Pre-Run: 256,579,829,760 bytes free
    Post-Run: 264,310,153,216 bytes free
    .
    - - End Of File - - 81E2E74F366D21FBAC7F51203B86FF3B
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...