PDA

View Full Version : I have a rootkit problem PLEASE HELP



atilla
2014-04-06, 17:03
i am sory if the topic is irrelevent with there or opened somewhere before me.Yesterday i was searching my computer for rootkits and program found a invisible folder and i deleted it then i searched the computer again for rootkits and it found the folder again. I seached computer 3-4 times and deleted same folder/file everytime but it still find that folder for my every search. would please someone help me for this problem ?

11397


Edit

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance))

Juliet
2014-04-06, 17:12
Please back up your registry!


Download ERUNT (http://www.larshederer.homepage.t-online.de/erunt/index.htm) The Emergency Recovery Utility NT Registry Backup and Restore for Windows NT/2000/2003/XP/Vista

NOTE: Installing ERUNT may also install the "registry optimization tool" "NTREGOPT" by default. Please do NOT run NTREGOPT.


Save ERUNT to your desktop. Run and install this program.
In the box that opens ONLY choose "System registry"
Click OK.
Click save and then go to File > Exit.

This is so the registry can be restored to this point if we need it.

If you cannot use ERUNT or it doesn't support your operating system please let us know in your first post which should include the DDS and aswMBR logs so the responder can link you to a different backup utility. :)


Instruction for producing the DDS and aswMBR logs


DDS Log

Download to your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)


Double click the tool to run it.
If a black Screen opens, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post. Please do not use code wrap.

'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)


aswMBR Log

Important! Please do not perform any fix options offered in aswMBR

Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.



Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the DDS logs.

atilla
2014-04-06, 17:30
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by ESMEN at 17:22:41 on 2014-04-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.1545 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uSearch Bar = www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\ESMEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ESMEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Bütün Bağlantıları IDM ile İndir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: IDM ile İndir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : NameServer = 213.74.0.1,213.74.1.1
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : DHCPNameServer = 192.168.1.1 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-4-6 445304]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-28 208928]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-1-28 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-28 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-28 423240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-28 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-6 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-6 109048]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-5 175480]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-5 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-5 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-5 171416]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-12-8 27768]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-28 84816]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-12-8 2210376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-9 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2014-04-06 11:03:49 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-06 11:03:38 445304 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-04-06 10:49:56 -------- d-----w- C:\Windows\jumpshot.com
2014-04-05 16:40:06 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-04-05 16:39:59 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-05 16:39:31 -------- d-----w- C:\Users\ESMEN\AppData\Local\Programs
2014-04-04 18:47:21 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2014-04-04 09:31:45 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
2014-03-27 16:21:50 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\The Creative Assembly
2014-03-27 16:04:40 -------- d-----w- C:\Program Files (x86)\Napoleon Total War
2014-03-12 19:35:49 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 19:35:21 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 19:35:21 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 19:32:32 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 19:32:32 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 19:32:04 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 19:32:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-09 11:08:49 -------- d-----r- C:\Users\ESMEN\Dropbox
2014-03-09 11:07:58 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\DropboxMaster
2014-03-09 11:06:58 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2014-04-06 11:03:50 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-04-06 11:03:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-06 11:03:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-06 11:03:50 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-06 11:03:50 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-06 11:03:49 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-06 11:03:42 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-03-14 07:30:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 07:30:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-19 17:09:47 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2014-02-19 17:09:47 14848 ----a-w- C:\Windows\System32\slwga.dll
2014-02-19 17:09:47 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-09 02:22:42 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
.
============= FINISH: 17:23:01,06 ===============

Juliet
2014-04-06, 18:35
aswMBR Log?

atilla
2014-04-06, 19:12
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-06 19:02:03
-----------------------------
19:02:03.848 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:03.848 Number of processors: 4 586 0x170A
19:02:03.849 ComputerName: ESMEN-PC UserName: ESMEN
19:02:05.079 Initialize success
19:02:08.291 AVAST engine defs: 14040600
19:02:10.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:02:10.613 Disk 0 Vendor: ST3500418AS CC37 Size: 476940MB BusType: 3
19:02:10.680 Disk 0 MBR read successfully
19:02:10.682 Disk 0 MBR scan
19:02:10.686 Disk 0 Windows 7 default MBR code
19:02:10.697 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1024 MB offset 2048
19:02:10.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 251299 MB offset 2099200
19:02:10.733 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224615 MB offset 516759552
19:02:10.772 Disk 0 scanning C:\Windows\system32\drivers
19:02:19.015 Service scanning
19:02:33.578 Modules scanning
19:02:33.586 Disk 0 trace - called modules:
19:02:33.599 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
19:02:33.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a44060]
19:02:33.611 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa80047cf520]
19:02:33.618 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047d0680]
19:02:34.918 AVAST engine scan C:\Windows
19:02:36.417 AVAST engine scan C:\Windows\system32
19:05:33.396 AVAST engine scan C:\Windows\system32\drivers
19:05:56.830 AVAST engine scan C:\Users\ESMEN
19:10:42.535 AVAST engine scan C:\ProgramData
19:11:05.305 Scan finished successfully
19:11:39.490 Disk 0 MBR has been saved successfully to "C:\Users\ESMEN\Desktop\MBR.dat"
19:11:39.496 The log file has been saved successfully to "C:\Users\ESMEN\Desktop\aswMBR.txt"

Juliet
2014-04-06, 19:24
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


********************

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

atilla
2014-04-06, 19:36
--Rkill--
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/06/2014 07:28:08 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 1.008.640 : 12/09/2013 00:14 AM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833.024 : 12/09/2013 00:14 AM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1.008.640 : 07/14/2009 04:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1.008.128 : 11/20/2010 04:27 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833.024 : 07/14/2009 04:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833.024 : 11/20/2010 03:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15506 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 04/06/2014 07:28:58 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)

--addition--

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ESMEN at 2014-04-06 19:30:52
Running from C:\Users\ESMEN\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}) (Version: 3.1.45.72435 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 3.1.45.72435 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DriverEasy 4.6.2 (HKLM\...\DriverEasy_is1) (Version: 4.6.2.0 - Easeware)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - ByBordo)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (TRK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
The Lord of the Rings Conquest (HKLM-x32\...\The Lord of the Rings Conquest Multi10 *REPACK* ~83C7E069_is1) (Version: - The Lord of the Rings Conquest)
VIA Platform Aygıt Yöneticisi (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

01-04-2014 10:11:42 Windows Update
06-04-2014 11:02:18 avast! antivirus system restore point
06-04-2014 11:04:32 Device Driver Package Install: Avast Network Service

==================== Hosts content: ==========================

2009-07-14 05:34 - 2014-04-06 16:17 - 00451372 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {07A7E571-F751-4D20-A49A-90EC1CD5F9D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {295F9BE7-FDF7-46DA-836A-F1ACACE19394} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {43E38926-790D-4B9E-8A96-2BC774D3F74B} - System32\Tasks\{7455FFB5-DD14-402A-9F15-E3E1C24B47CA} => D:\Program Files\Counter-Strike 1.6\cstrike.exe [2005-09-27] ()
Task: {75435C43-83F6-4AA7-864F-99D38533A9C9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {86169B72-2A6E-48EF-BBD4-2EFF5454553A} - System32\Tasks\{325F10A8-3F42-42FB-AB12-23B3DA4557ED} => D:\Program Files (x86)\Team JPN\The Lord of the Rings Conquest\Conquest.exe [2009-01-15] (Electronic Arts Inc.)
Task: {9B4BF1E5-950D-4560-9525-E388409C37A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AE0E1DAD-6EEA-4F69-B123-F27063DF9933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {C9708753-1BF9-4D56-B6DC-F6242F8C19C9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CAF331FD-A2D9-4D52-AEF6-8CDEF9B9A1AC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-06] (AVAST Software)
Task: {EE325F10-87D5-41D6-970C-314362573071} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {F0E519A9-D93B-4F45-8A8D-F50B1325C3A7} - System32\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {F9424DDF-B28B-4152-BEBF-9F4361190401} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2013-11-11] (Easeware)
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-08 16:24 - 2012-11-14 16:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-12-08 16:24 - 2012-11-14 16:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-06 13:25 - 2014-04-06 10:21 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 15:55 - 2014-04-06 15:55 - 00041984 _____ () c:\users\esmen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
2013-10-19 02:55 - 2013-10-19 02:55 - 25100288 _____ () C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-28 01:10 - 2014-01-28 01:10 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-05 19:40 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-05 19:40 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-05 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-05 19:40 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-05 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2014 03:55:17 PM) (Source: Winlogon) (User: )
Description: Windows lisansı etkinleştirilemedi. Hata: 0x80070005.

Error: (04/06/2014 01:23:54 PM) (Source: Winlogon) (User: )
Description: Windows lisansı etkinleştirilemedi. Hata: 0x80070005.

Error: (04/06/2014 00:53:05 AM) (Source: Application Hang) (User: )
Description: gmer.exe programının 2.1.19357.0 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.

İşlem Kimlik No: 16c0

Başlatma Saati: 01cf51180d16d807

Sona Erdirme Saati: 9

Uygulama Yolu: C:\Users\ESMEN\Desktop\gmer.exe

Rapor Kimliği: a4c38738-bd0c-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:43:06 AM) (Source: Application Error) (User: )
Description: Hatalı uygulama adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Hatalı modül adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x0008d93e
Hatalı işlem kimliği: 0xcf0
Uygulama başlangıç zamanı: 0xgmer.exe0
Hatalı uygulama yolu: gmer.exe1
Hatalı modül yolu: gmer.exe2
Rapor kimliği: gmer.exe3

Error: (04/06/2014 00:41:14 AM) (Source: Application Error) (User: )
Description: Hatalı uygulama adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Hatalı modül adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x00062128
Hatalı işlem kimliği: 0x17a4
Uygulama başlangıç zamanı: 0xgmer.exe0
Hatalı uygulama yolu: gmer.exe1
Hatalı modül yolu: gmer.exe2
Rapor kimliği: gmer.exe3

Error: (04/06/2014 00:18:37 AM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 11:18:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 10:18:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 09:18:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 08:18:36 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005


System errors:
=============
Error: (04/06/2014 03:54:31 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/06/2014 01:12:04 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:08:10 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:52 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:52 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/06/2014 03:55:17 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (04/06/2014 01:23:54 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (04/06/2014 00:53:05 AM) (Source: Application Hang)(User: )
Description: gmer.exe2.1.19357.016c001cf51180d16d8079C:\Users\ESMEN\Desktop\gmer.exea4c38738-bd0c-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:43:06 AM) (Source: Application Error)(User: )
Description: gmer.exe2.1.19357.052e7ea83gmer.exe2.1.19357.052e7ea83c00000050008d93ecf001cf5117cf2b698dC:\Users\ESMEN\Desktop\gmer.exeC:\Users\ESMEN\Desktop\gmer.exe453d078b-bd0b-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:41:14 AM) (Source: Application Error)(User: )
Description: gmer.exe2.1.19357.052e7ea83gmer.exe2.1.19357.052e7ea83c00000050006212817a401cf51179aa646dfC:\Users\ESMEN\AppData\Local\Temp\Rar$EXa0.096\gmer.exeC:\Users\ESMEN\AppData\Local\Temp\Rar$EXa0.096\gmer.exe02b14ba9-bd0b-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:18:37 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 11:18:37 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 10:18:37 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 09:18:37 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 08:18:36 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 4095.24 MB
Available physical RAM: 1598.23 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 5500.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:245.41 GB) (Free:127.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EXPER) (Fixed) (Total:219.35 GB) (Free:35.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BFE3D855)

Partition: GPT Partition Type.

==================== End Of Log ============================

--FRST--

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ESMEN (administrator) on ESMEN-PC on 06-04-2014 19:30:24
Running from C:\Users\ESMEN\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dropbox, Inc.) C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5670448 2013-02-05] (VIA)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-06] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0AB40B1D0F2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: [NameServer]213.74.0.1,213.74.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com.tr/
CHR DefaultSearchKeyword: google.com.tr
CHR Extension: (Video indirme yardımcısı) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm [2014-04-04]
CHR Extension: (avast! Online Security) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Google Cüzdan) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Şikayetvar) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmfmekkdddepehcblkiffennabldbpg [2013-12-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 HPSLPSVC; C:\Users\ESMEN\AppData\Local\Temp\7zS37EE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-06] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-06] ()
R3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\ESMEN\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 19:30 - 2014-04-06 19:30 - 00010738 _____ () C:\Users\ESMEN\Downloads\FRST.txt
2014-04-06 19:28 - 2014-04-06 19:30 - 00000000 ____D () C:\FRST
2014-04-06 19:28 - 2014-04-06 19:28 - 02157056 _____ (Farbar) C:\Users\ESMEN\Downloads\FRST64.exe
2014-04-06 19:28 - 2014-04-06 19:28 - 00005552 _____ () C:\Users\ESMEN\Desktop\Rkill.txt
2014-04-06 19:27 - 2014-04-06 19:28 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ESMEN\Downloads\rkill.exe
2014-04-06 19:11 - 2014-04-06 19:11 - 00002045 _____ () C:\Users\ESMEN\Desktop\aswMBR.txt
2014-04-06 19:11 - 2014-04-06 19:11 - 00000512 _____ () C:\Users\ESMEN\Desktop\MBR.dat
2014-04-06 19:01 - 2014-04-06 19:01 - 04745728 _____ (AVAST Software) C:\Users\ESMEN\Downloads\aswMBR.exe
2014-04-06 18:15 - 2014-04-06 18:15 - 00000087 _____ () C:\Users\ESMEN\Desktop\Malware Removal.url
2014-04-06 17:29 - 2014-04-06 17:29 - 00001276 _____ () C:\Users\ESMEN\Desktop\attach.zip
2014-04-06 17:26 - 2014-04-06 17:26 - 00001253 _____ () C:\Users\ESMEN\Desktop\attach.rar
2014-04-06 17:23 - 2014-04-06 17:24 - 00017087 _____ () C:\Users\ESMEN\Desktop\dds.txt
2014-04-06 17:23 - 2014-04-06 17:24 - 00002797 _____ () C:\Users\ESMEN\Desktop\attach.txt
2014-04-06 17:22 - 2014-04-06 17:22 - 00688992 ____R (Swearware) C:\Users\ESMEN\Downloads\dds.scr
2014-04-06 17:22 - 2014-04-06 17:22 - 00000000 ____D () C:\Windows\ERDNT
2014-04-06 17:21 - 2014-04-06 17:21 - 00000924 _____ () C:\Users\ESMEN\Desktop\NTREGOPT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000905 _____ () C:\Users\ESMEN\Desktop\ERUNT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-06 17:20 - 2014-04-06 17:20 - 00791393 _____ (Lars Hederer ) C:\Users\ESMEN\Downloads\erunt-setup.exe
2014-04-06 16:00 - 2014-04-06 16:00 - 00000000 ____D () C:\Users\ESMEN\Documents\ProcAlyzer Dumps
2014-04-06 14:03 - 2014-04-06 14:03 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-06 14:03 - 2014-04-06 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 13:49 - 2014-04-06 13:49 - 00000000 ____D () C:\Windows\jumpshot.com
2014-04-06 13:47 - 2014-04-06 13:47 - 14482352 _____ (AVAST Software) C:\Users\ESMEN\Downloads\grimefighter.exe
2014-04-06 13:42 - 2014-04-06 14:30 - 1442186430 _____ () C:\Users\ESMEN\Downloads\Dracula Kara Prens izle Dracula Kara Prens Trke Altyazl izle Dracula Kara Prens filmini izle Dracula Kara Prens full izle Dracula Kara Prens Film izle Full izle Filmi Full izle Direk Film izle Dizi izle Trke Dublaj izl.mp4
2014-04-06 00:53 - 2014-04-06 00:54 - 90488176 _____ (Sophos Limited) C:\Users\ESMEN\Downloads\Sophos Virus Removal Tool.exe
2014-04-06 00:39 - 2014-04-06 00:39 - 00370943 _____ () C:\Users\ESMEN\Downloads\gmer.zip
2014-04-06 00:23 - 2014-04-06 00:52 - 00000762 _____ () C:\Windows\wininit.ini
2014-04-05 19:40 - 2014-04-05 19:40 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-05 19:40 - 2014-04-05 19:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-05 19:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-05 19:39 - 2014-04-05 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-05 19:37 - 2014-04-05 19:39 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\ESMEN\Downloads\spybot-2.2.exe
2014-04-05 01:34 - 2014-04-05 01:34 - 00000123 _____ () C:\Users\ESMEN\Desktop\Hobbit 2 Smaug’un Çorak Toprakları (2013) Full HD 1080p 720p Türkçe Dublaj Film izle - Full Katılımsız Program Oyun indir Film izle Portalcıyız.url
2014-04-04 21:48 - 2014-04-04 21:48 - 00000000 ____D () C:\Users\ESMEN\Downloads\Compressed
2014-04-04 21:47 - 2014-04-04 21:47 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-04-04 21:46 - 2014-04-04 21:46 - 09624492 _____ () C:\Users\ESMEN\Downloads\İDM 6.19 Final Full Turkce.rar
2014-03-31 22:14 - 2014-03-31 22:15 - 76817449 _____ () C:\Users\ESMEN\Downloads\Avatar_-_The_Last_Airbender_-_The_Rift_Part_1_(2014)_(digital)_(Son_of_Ultron-Empire).cbr
2014-03-31 22:13 - 2014-03-31 22:13 - 00012414 _____ () C:\Users\ESMEN\Downloads\[kickass.to]avatar.the.last.airbender.the.rift.part.1.2014.digital.torrent
2014-03-31 21:13 - 2014-03-31 21:13 - 01058123 _____ () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON.rar
2014-03-31 11:16 - 2014-04-03 23:13 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON
2014-03-27 19:19 - 2014-03-27 19:19 - 00000886 _____ () C:\Users\ESMEN\Desktop\Napoleon Total War.lnk
2014-03-27 19:05 - 2014-03-27 19:05 - 00003234 _____ () C:\Windows\System32\Tasks\{D6E1EE84-67D1-4766-B63C-93D971D80F99}
2014-03-27 19:04 - 2014-03-27 19:20 - 00000000 ____D () C:\Program Files (x86)\Napoleon Total War
2014-03-27 13:53 - 2014-03-27 18:46 - 00000000 ____D () C:\Users\ESMEN\Downloads\Napoleon_Total_War-Razor1911
2014-03-23 13:09 - 2014-03-23 13:09 - 00000081 _____ () C:\Users\ESMEN\Desktop\IP-Adress.com Proxy List - Whois Proxy List - IP-Adress.com.url
2014-03-23 12:40 - 2014-03-23 12:40 - 00000021 _____ () C:\Users\ESMEN\Desktop\the piratebay torernt.txt
2014-03-12 22:35 - 2014-01-29 05:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:35 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 22:35 - 2014-01-28 05:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:34 - 2014-03-01 09:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:34 - 2014-03-01 08:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:34 - 2014-03-01 08:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:34 - 2014-03-01 07:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:34 - 2014-03-01 07:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:34 - 2014-03-01 07:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:34 - 2014-03-01 07:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:34 - 2014-03-01 07:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:34 - 2014-03-01 07:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:34 - 2014-03-01 07:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:34 - 2014-03-01 07:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:34 - 2014-03-01 07:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:34 - 2014-03-01 07:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 22:34 - 2014-03-01 07:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:34 - 2014-03-01 07:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:34 - 2014-03-01 07:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 22:34 - 2014-03-01 07:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:34 - 2014-03-01 06:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:34 - 2014-03-01 06:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 22:34 - 2014-03-01 06:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 22:34 - 2014-03-01 06:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 22:34 - 2014-03-01 06:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 22:34 - 2014-03-01 06:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 22:34 - 2014-03-01 06:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:34 - 2014-03-01 06:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 22:34 - 2014-03-01 06:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 22:34 - 2014-03-01 06:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 22:34 - 2014-03-01 06:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:34 - 2014-03-01 06:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:34 - 2014-03-01 06:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 22:34 - 2014-03-01 06:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 22:34 - 2014-03-01 06:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:34 - 2014-03-01 06:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 22:34 - 2014-03-01 06:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 22:34 - 2014-03-01 05:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 22:34 - 2014-03-01 05:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:34 - 2014-03-01 05:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 22:34 - 2014-03-01 05:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 22:34 - 2014-03-01 05:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:34 - 2014-03-01 05:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 22:34 - 2014-02-07 04:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:32 - 2014-02-04 05:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:32 - 2014-02-04 05:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:32 - 2014-02-04 05:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 22:32 - 2014-02-04 05:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:46 - 2014-04-02 13:02 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE351_FLME_STUD
2014-03-09 20:08 - 2014-03-09 20:08 - 00008746 _____ () C:\Users\ESMEN\Desktop\Yeni Microsoft Excel Worksheet.xlsx
2014-03-09 19:03 - 2014-03-09 19:03 - 00948736 _____ () C:\Users\ESMEN\Downloads\SteelProfileTable.xls
2014-03-09 14:08 - 2014-04-06 15:56 - 00000000 ___RD () C:\Users\ESMEN\Dropbox
2014-03-09 14:08 - 2014-03-09 14:08 - 00001039 _____ () C:\Users\ESMEN\Desktop\Dropbox.lnk
2014-03-09 14:07 - 2014-03-09 14:08 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\DropboxMaster
2014-03-09 14:07 - 2014-03-09 14:07 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-09 14:06 - 2014-04-06 15:56 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Dropbox
2014-03-09 14:06 - 2014-03-09 14:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\ESMEN\Downloads\Dropbox 2.6.2.exe

==================== One Month Modified Files and Folders =======

2014-04-06 19:30 - 2014-04-06 19:30 - 00010738 _____ () C:\Users\ESMEN\Downloads\FRST.txt
2014-04-06 19:30 - 2014-04-06 19:28 - 00000000 ____D () C:\FRST
2014-04-06 19:28 - 2014-04-06 19:28 - 02157056 _____ (Farbar) C:\Users\ESMEN\Downloads\FRST64.exe
2014-04-06 19:28 - 2014-04-06 19:28 - 00005552 _____ () C:\Users\ESMEN\Desktop\Rkill.txt
2014-04-06 19:28 - 2014-04-06 19:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ESMEN\Downloads\rkill.exe
2014-04-06 19:18 - 2013-12-07 01:27 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 19:11 - 2014-04-06 19:11 - 00002045 _____ () C:\Users\ESMEN\Desktop\aswMBR.txt
2014-04-06 19:11 - 2014-04-06 19:11 - 00000512 _____ () C:\Users\ESMEN\Desktop\MBR.dat
2014-04-06 19:01 - 2014-04-06 19:01 - 04745728 _____ (AVAST Software) C:\Users\ESMEN\Downloads\aswMBR.exe
2014-04-06 18:15 - 2014-04-06 18:15 - 00000087 _____ () C:\Users\ESMEN\Desktop\Malware Removal.url
2014-04-06 17:29 - 2014-04-06 17:29 - 00001276 _____ () C:\Users\ESMEN\Desktop\attach.zip
2014-04-06 17:26 - 2014-04-06 17:26 - 00001253 _____ () C:\Users\ESMEN\Desktop\attach.rar
2014-04-06 17:24 - 2014-04-06 17:23 - 00017087 _____ () C:\Users\ESMEN\Desktop\dds.txt
2014-04-06 17:24 - 2014-04-06 17:23 - 00002797 _____ () C:\Users\ESMEN\Desktop\attach.txt
2014-04-06 17:22 - 2014-04-06 17:22 - 00688992 ____R (Swearware) C:\Users\ESMEN\Downloads\dds.scr
2014-04-06 17:22 - 2014-04-06 17:22 - 00000000 ____D () C:\Windows\ERDNT
2014-04-06 17:21 - 2014-04-06 17:21 - 00000924 _____ () C:\Users\ESMEN\Desktop\NTREGOPT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000905 _____ () C:\Users\ESMEN\Desktop\ERUNT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-06 17:21 - 2013-12-07 01:07 - 00000000 ___RD () C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 17:20 - 2014-04-06 17:20 - 00791393 _____ (Lars Hederer ) C:\Users\ESMEN\Downloads\erunt-setup.exe
2014-04-06 16:01 - 2013-12-07 22:07 - 00656002 _____ () C:\Windows\system32\perfh01F.dat
2014-04-06 16:01 - 2013-12-07 22:07 - 00139380 _____ () C:\Windows\system32\perfc01F.dat
2014-04-06 16:01 - 2009-07-14 08:13 - 01568678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 16:00 - 2014-04-06 16:00 - 00000000 ____D () C:\Users\ESMEN\Documents\ProcAlyzer Dumps
2014-04-06 16:00 - 2014-02-23 02:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-06 15:58 - 2010-02-25 03:52 - 01607608 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 15:56 - 2014-03-09 14:08 - 00000000 ___RD () C:\Users\ESMEN\Dropbox
2014-04-06 15:56 - 2014-03-09 14:06 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Dropbox
2014-04-06 15:55 - 2013-12-07 22:58 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
2014-04-06 15:55 - 2013-12-07 02:19 - 00013926 _____ () C:\Windows\PFRO.log
2014-04-06 15:55 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 15:55 - 2009-07-14 07:51 - 00042056 _____ () C:\Windows\setupact.log
2014-04-06 14:30 - 2014-04-06 13:42 - 1442186430 _____ () C:\Users\ESMEN\Downloads\Dracula Kara Prens izle Dracula Kara Prens Trke Altyazl izle Dracula Kara Prens filmini izle Dracula Kara Prens full izle Dracula Kara Prens Film izle Full izle Filmi Full izle Direk Film izle Dizi izle Trke Dublaj izl.mp4
2014-04-06 14:04 - 2014-01-28 17:58 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-04-06 14:03 - 2014-04-06 14:03 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-06 14:03 - 2014-04-06 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 14:03 - 2014-01-28 17:58 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-06 14:03 - 2014-01-28 01:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-06 13:49 - 2014-04-06 13:49 - 00000000 ____D () C:\Windows\jumpshot.com
2014-04-06 13:47 - 2014-04-06 13:47 - 14482352 _____ (AVAST Software) C:\Users\ESMEN\Downloads\grimefighter.exe
2014-04-06 01:03 - 2013-12-07 19:23 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\DMCache
2014-04-06 01:03 - 2009-07-14 07:45 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 01:03 - 2009-07-14 07:45 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 00:54 - 2014-04-06 00:53 - 90488176 _____ (Sophos Limited) C:\Users\ESMEN\Downloads\Sophos Virus Removal Tool.exe
2014-04-06 00:52 - 2014-04-06 00:23 - 00000762 _____ () C:\Windows\wininit.ini
2014-04-06 00:39 - 2014-04-06 00:39 - 00370943 _____ () C:\Users\ESMEN\Downloads\gmer.zip
2014-04-06 00:39 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 23:41 - 2013-12-07 19:23 - 00000000 ____D () C:\Users\ESMEN\Downloads\Video
2014-04-05 22:37 - 2009-07-14 05:34 - 00451372 ____R () C:\Windows\system32\Drivers\etc\hosts.20140406-161741.backup
2014-04-05 19:41 - 2014-04-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-05 19:40 - 2014-04-05 19:40 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-05 19:40 - 2014-04-05 19:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-05 19:39 - 2014-04-05 19:37 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\ESMEN\Downloads\spybot-2.2.exe
2014-04-05 01:34 - 2014-04-05 01:34 - 00000123 _____ () C:\Users\ESMEN\Desktop\Hobbit 2 Smaug’un Çorak Toprakları (2013) Full HD 1080p 720p Türkçe Dublaj Film izle - Full Katılımsız Program Oyun indir Film izle Portalcıyız.url
2014-04-04 21:49 - 2013-12-07 19:23 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\IDM
2014-04-04 21:48 - 2014-04-04 21:48 - 00000000 ____D () C:\Users\ESMEN\Downloads\Compressed
2014-04-04 21:47 - 2014-04-04 21:47 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-04-04 21:47 - 2013-12-07 19:23 - 00001009 _____ () C:\Users\ESMEN\Desktop\Internet Download Manager.lnk
2014-04-04 21:47 - 2009-07-14 05:34 - 00451312 __RSH () C:\Windows\system32\Drivers\etc\hosts.20140405-223743.backup
2014-04-04 21:46 - 2014-04-04 21:46 - 09624492 _____ () C:\Users\ESMEN\Downloads\İDM 6.19 Final Full Turkce.rar
2014-04-03 23:13 - 2014-03-31 11:16 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON
2014-04-02 13:02 - 2014-03-12 20:46 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE351_FLME_STUD
2014-03-31 23:35 - 2013-12-11 16:48 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\BitTorrent
2014-03-31 22:15 - 2014-03-31 22:14 - 76817449 _____ () C:\Users\ESMEN\Downloads\Avatar_-_The_Last_Airbender_-_The_Rift_Part_1_(2014)_(digital)_(Son_of_Ultron-Empire).cbr
2014-03-31 22:13 - 2014-03-31 22:13 - 00012414 _____ () C:\Users\ESMEN\Downloads\[kickass.to]avatar.the.last.airbender.the.rift.part.1.2014.digital.torrent
2014-03-31 21:13 - 2014-03-31 21:13 - 01058123 _____ () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON.rar
2014-03-31 11:19 - 2014-02-26 20:50 - 00000000 ____D () C:\Users\ESMEN\Desktop\SOİLWORK
2014-03-30 14:44 - 2013-12-08 15:56 - 00000000 ____D () C:\Users\ESMEN\Documents\GTA San Andreas User Files
2014-03-29 15:13 - 2013-12-07 22:58 - 00003764 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17
2014-03-29 15:13 - 2013-12-07 01:27 - 00004014 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 19:20 - 2014-03-27 19:04 - 00000000 ____D () C:\Program Files (x86)\Napoleon Total War
2014-03-27 19:19 - 2014-03-27 19:19 - 00000886 _____ () C:\Users\ESMEN\Desktop\Napoleon Total War.lnk
2014-03-27 19:05 - 2014-03-27 19:05 - 00003234 _____ () C:\Windows\System32\Tasks\{D6E1EE84-67D1-4766-B63C-93D971D80F99}
2014-03-27 18:46 - 2014-03-27 13:53 - 00000000 ____D () C:\Users\ESMEN\Downloads\Napoleon_Total_War-Razor1911
2014-03-23 13:09 - 2014-03-23 13:09 - 00000081 _____ () C:\Users\ESMEN\Desktop\IP-Adress.com Proxy List - Whois Proxy List - IP-Adress.com.url
2014-03-23 12:40 - 2014-03-23 12:40 - 00000021 _____ () C:\Users\ESMEN\Desktop\the piratebay torernt.txt
2014-03-20 19:56 - 2009-07-14 08:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-18 19:16 - 2013-12-07 01:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 19:14 - 2013-12-07 01:46 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 23:15 - 2013-12-07 01:28 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 10:30 - 2013-12-07 01:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-14 10:30 - 2013-12-07 01:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 20:36 - 2014-02-04 23:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 10:03 - 2009-07-14 07:45 - 00416720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 20:08 - 2014-03-09 20:08 - 00008746 _____ () C:\Users\ESMEN\Desktop\Yeni Microsoft Excel Worksheet.xlsx
2014-03-09 19:03 - 2014-03-09 19:03 - 00948736 _____ () C:\Users\ESMEN\Downloads\SteelProfileTable.xls
2014-03-09 14:08 - 2014-03-09 14:08 - 00001039 _____ () C:\Users\ESMEN\Desktop\Dropbox.lnk
2014-03-09 14:08 - 2014-03-09 14:07 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\DropboxMaster
2014-03-09 14:08 - 2013-12-07 01:06 - 00000000 ____D () C:\Users\ESMEN
2014-03-09 14:07 - 2014-03-09 14:07 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-09 14:06 - 2014-03-09 14:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\ESMEN\Downloads\Dropbox 2.6.2.exe

Some content of TEMP:
====================
C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 15:15

==================== End Of Log ============================

Juliet
2014-04-06, 19:53
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\ESMEN\AppData\Local\Temp
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~~~

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

atilla
2014-04-06, 20:06
FIX LOG
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by ESMEN at 2014-04-06 19:58:27 Run:1
Running from C:\Users\ESMEN\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\ESMEN\AppData\Local\Temp
Reboot:
end
*****************

C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe => Moved successfully.

"C:\Users\ESMEN\AppData\Local\Temp" directory move:

C:\Users\ESMEN\AppData\Local\Temp\A4026749-6F12-4033-A2AD-18499A2EA9A9.Diagnose.0.etl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\A4026749-6F12-4033-A2AD-18499A2EA9A9.Repair.Admin.0.etl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\A4026749-6F12-4033-A2AD-18499A2EA9A9.Verify.Admin.1.etl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\DDS.txt => Moved successfully.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.lck" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\etilqs_bGkgsfrnWyiczec" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\etilqs_vCVhcTjgJ7LVmcw" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\ESMEN\AppData\Local\Temp\~DF013895FED4A9848B.TMP => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000630a\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp00001482\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp00000ce4\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp00000cba\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000079f\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp000004ff\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000028c\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000001c\tmp00000000 => Moved successfully.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies-journal" => Scheduled to move on reboot.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_0 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_1 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_2 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_3 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\index => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\Sophos Virus Removal Tool.msi => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afih.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afjq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afko.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afls.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afmj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afms.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afmx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afng.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afoa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afob.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afoc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afoy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afpa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afpw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afqs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afqt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afqv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afra.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afrl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afro.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afru.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aftj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aftr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aftu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afuc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afuh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afun.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afuv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afve.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afvn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afwa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afxg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afxi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afxl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afyk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agan.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agat.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agbh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agdo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-ageb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-ager.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agez.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agga.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aggb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aggf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aghi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aghm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agil.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agis.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agke.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agkt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aglo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aglr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aglv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agmw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agod.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agot.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agov.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\agen-ank.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\andro-br.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\andro-bv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-abj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-abo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-abp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-acm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-acn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aco.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-acp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-ado.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aeo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aet.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aev.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aff.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-afp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-afu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-agg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-agr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-agu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-ahg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\backd-jy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\baffec-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-byb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-byc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-byf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gan.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gao.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gaq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gar.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gbf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gbp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gbw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-al.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-rr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-rs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-rt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-sc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-sj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-sl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-tg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-tl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-to.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-ub.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-uc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banspy-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bckd-rrk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bckd-rro.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bckd-rrx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bdoo-bfs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\betabo-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\blada-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bladab-k.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bladab-l.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\boaxx-ac.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\boaxx-ad.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\boht-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-alq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-als.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-alv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-alx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-amg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-ami.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-amk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-amn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bredo-vg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bredo-wh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bunitu-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\burnwo-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\buzus-hw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\buzus-ic.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\capha-bh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\capha-bj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\capha-bs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-x.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cidox-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-ec.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cutwa-bc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\danglo-g.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\darkco-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\darkko-l.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\darkko-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-ev.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fry.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fst.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delfdl-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delfi-bv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dloa-dtu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\docdl-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\docdl-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\docdr-bg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lgf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lhq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lhz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lid.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lif.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lih.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lij.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lja.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-ljc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-ljt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-ljx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lkz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lla.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-llg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lli.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-llp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-llv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\encpk-al.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\encpk-ao.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\expiro-t.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\expiro-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hay.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hbe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hbk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hbl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hce.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hch.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hcj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hck.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\farei-bw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\farei-bx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fbjack-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-x.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\gamar-ce.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\gamar-cg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\hioles-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\hkmain-o.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ifram-ll.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ifram-ls.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-ast.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-asw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aug.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aui.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aul.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aux.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-ava.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-ave.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-awa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-awb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-awh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\injec-ct.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\injec-da.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\java-ry.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\java-sh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-rs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-ru.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-rw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-rx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-sa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-sc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\jsred-mz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\jsred-no.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\jvjack-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\kazy-cd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keyge-ll.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keygen-y.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keylo-pr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keylo-pt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keylo-pw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\kilim-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-cq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-cs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-ct.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-cv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\kuluo-ah.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-ad.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-af.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-ah.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-ak.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-at.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-aw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-bg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-bl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-q.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-y.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\matsn-bc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\matsn-bd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-frg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-frj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-frr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fsc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fsi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fss.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fst.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fte.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-ftg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-ftx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fud.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fuk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fun.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fuo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fut.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-t.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miuref-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miuref-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\morix-k.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-hh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ht.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ir.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-it.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-iy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ji.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-jn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-js.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ks.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ku.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-lr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-no.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ok.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-os.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-av.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msilin-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\napola-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\napola-g.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-ba.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-bc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-bk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-bo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\neurev-f.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\nimnul-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\nymaim-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\obfjs-eq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pdf-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\perldo-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\php-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\php-s.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\phpdoo-o.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ploutu-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pws-cft.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pws-cfy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pwszb-ai.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\qakbo-bj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-e.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-k.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-l.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramni-ee.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramni-eg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramni-ek.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-aft.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-age.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rbrute-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rebhi-aw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\redym-aa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\revetr-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rovnix-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rtfex-bi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sefni-bz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sharik-e.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sharik-f.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sharik-i.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\silly-lm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sniffe-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\snifie-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\snuffy-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\spy-aci.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sshdoo-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\stealf-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\swfex-cm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\symmi-s.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\symmi-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\symmi-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sysmon-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tepfe-au.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tepfe-av.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\themas-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\themas-g.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\themeb-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tiotu-ec.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tiotu-ed.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tproxy-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\track-ae.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tracu-bs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tracu-bu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-f.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatr-aa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatr-aq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatr-ax.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-n.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-o.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-alh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-alm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-gzu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-haw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hby.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hcp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hct.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hdg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hdq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hdy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hef.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-heh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hem.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hgg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbagen-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbdwnl-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbinj-hb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbinj-hp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbinj-it.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbs-do.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbs-ds.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vobfu-dn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vobfu-dp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\weels-cl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\weels-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-ac.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-ah.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-am.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-aq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-aw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-be.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-t.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-z.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wowspy-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hev.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hge.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hgh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hgq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hgs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hhx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hij.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hio.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hit.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hiu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hkl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hko.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hkp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hks.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hku.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hmf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hmy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hmz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hnc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hni.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hno.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hnv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hot.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hpe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hph.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hpl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hpv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hqu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hrd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hru.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hrz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-htf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-htr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-htz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hud.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hup.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-huu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hve.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hws.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hxc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hxr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hys.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hza.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hzm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hzn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hzr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-iaj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zegos-cg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zipma-dn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zusy-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zxshel-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\avastBCLTMP\chrome\Default\Web Data => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\0X0409.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\ASIA.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\audioentry.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\english.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\ENGLISH.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE1.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE2.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE3.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE4.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\INSTMSIA.EXE => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\INSTMSIW.EXE => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\ISSCRIPT.MSI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\LICENSE.MLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\Platform.msi => Moved successfully.

atilla
2014-04-06, 20:07
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\Setup.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\Setup.iss => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\setup.log => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\SETUP.MLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\SETUP.SCF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAPCI.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIASETUP.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\viaudio.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Component.cif => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDAudDrVista64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDUpDrVista64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF00.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF01.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF02.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF03.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF04.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF05.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF06.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF07.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF08.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF09.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF10.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF100.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF101.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF102.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF103.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF104.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF105.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF106.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF107.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF108.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF109.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF11.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF110.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF111.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF112.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF113.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF114.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF115.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF116.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF117.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF118.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF119.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF12.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF120.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF121.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF122.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF123.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF124.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF125.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF126.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF127.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF128.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF129.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF13.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF130.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF131.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF132.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF133.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF134.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF135.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF136.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF137.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF138.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF139.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF14.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF140.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF15.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF16.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF17.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF18.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF19.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF20.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF21.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF22.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF23.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF24.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF25.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF26.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF27.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF28.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF29.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF30.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF31.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF32.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF33.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF34.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF35.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF36.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF37.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF38.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF39.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF40.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF41.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF42.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF43.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF44.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF45.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF46.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF47.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF48.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF49.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF50.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF51.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF52.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF53.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF54.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF55.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF56.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF57.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF58.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF59.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF60.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF61.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF62.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF63.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF64.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF65.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF66.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF67.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF68.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF69.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF70.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF71.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF72.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF73.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF74.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF75.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF76.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF77.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF78.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF79.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF80.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF81.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF82.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF83.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF84.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF85.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF86.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF87.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF88.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF89.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF90.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF91.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF92.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF93.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF94.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF95.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF96.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF97.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF98.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF99.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DrvCaps.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\IniVerbs.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\IVDEF00.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043102F.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043107F.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043108D.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\104310FD.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043117D.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043118D.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\10431577.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\ADeckIcon.ico => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\AudioDeck.ico => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Dolby_15582101.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Dolby_1B0A20F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Dts2ApoApi64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\eq.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_11.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_2.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\LFE.wav => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\MaxxAudioControl64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\QsApoApi64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\skin.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin1.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin2.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin2.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin3.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin4.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin5.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin6.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\SoundEffectComponent.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\SRSUIx64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\ST.WAV => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\String.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeck.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeck.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VEN1106_DEV0448_SUBSYS15584120.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VEN1106_DEV0448_SUBSYS15584121.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VEN1106_DEV0448_SUBSYS15584122.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\viaaud.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\viaaud.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VIAPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VMicApi.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\_SysLanID.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10190000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192249.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192683.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192687.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192690.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck101929B1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck101929B6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10193121.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10193126.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10193131.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10197C6F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10197DD5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10197DD9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10250657.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck102802FC.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431003.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431013.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431023.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043102D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043102F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043104D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431053.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043107F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043108D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310AD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310BD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310DD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310ED.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310FD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043110D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431111.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043115D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043116D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043117D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043118D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104313F7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431473.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431487.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104314C7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104314E7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431523.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431577.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104315F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431C13.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431C23.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431C33.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104382EA.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043830C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438345.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438346.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438348.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043836C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043837A.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043837C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043838C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383A1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383AA.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383AE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383BD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383C4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383C5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383C6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383CF.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D0.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383DE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383DF.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383E4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383E8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383EA.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383EB.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383F4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383F7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383FB.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043840C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043840D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043840E.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438414.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438415.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438416.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438417.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438420.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438421.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438425.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438463.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043846A.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104384BE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104384F6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043850B.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438511.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043851C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438532.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CF7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CF8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CFC.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CFD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0D0F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DC6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DC9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DD3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DE4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DE9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DED.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DF0.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DF1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E11.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E19.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E22.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E24.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0EFE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10CF1777.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck11060000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12972018.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12972019.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12973162.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12973170.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12975162.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1458A000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1458A002.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1458A014.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14620000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14621000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627577.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627592.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627599.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627623.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15090000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15091E40.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15093002.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15096047.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck152D0778.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580240.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580370.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580540.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580541.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580550.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580551.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580650.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581100.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581110.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581150.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581300.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581301.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581310.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581311.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581550.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581551.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582100.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582101.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582400.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582450.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582511.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582512.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582701.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582702.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582703.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582704.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582705.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582706.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582707.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15583110.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15583450.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15583537.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15584120.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15584121.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15584511.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15585125.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15585410.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15586500.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15587410.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15589100.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15650000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15658108.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1565810C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1565810D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1565810F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15658111.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F30B97.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F30B98.via => Moved successfully.

atilla
2014-04-06, 20:07
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31702.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31704.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31705.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31706.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck170516F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck170616F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck17AA3606.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18490397.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491397.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491708.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492020.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492120.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492220.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492320.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492397.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492420.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492520.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492620.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492708.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492720.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492820.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492920.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18493718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18493818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18494718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18494818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18495718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18495818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18496718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18496818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18497718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18497818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18498718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18498818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18499718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck19915733.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A0065.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A00B5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A0139.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A013A.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A20E9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A20F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1BAB1015.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1BDD7133.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeckF1248888.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\Dts2APO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\Dts2PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioAPO30.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioAPOShell64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioVIA64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\nQAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\nQPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slcshp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slcsii64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slgeq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slh36064.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slInit64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slmaxv64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slprop64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slprt000.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sltshd64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sltune00.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sluapo64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slvipp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slviq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viaaud.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb01.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb02.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb03.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb04.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb05.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb06.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb07.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb10.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb11.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb17.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb18.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb21.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahduaa.cat => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahduaa.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokeAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokePropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokeSrv.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaMicArrayAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaMicArrayPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VIAPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VIASysFx.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMAPO32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMAPO64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\vmfilt64.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMPPCn64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMppld64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMTHX32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMTHX64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMWrp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VtSrdAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\WavesGUILib64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEA64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEA64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\Dts2APO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\Dts2PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioAPO30.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioAPOShell64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioVIA64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\nQAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\nQPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slcshp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slcsii64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slgeq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slh36064.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slInit64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slmaxv64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slprop64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slprt000.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sltshd64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sltune00.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sluapo64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slvipp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slviq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viaaud.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb01.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb02.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb03.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb04.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb05.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb06.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb07.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb10.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb11.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb17.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb18.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb21.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahduaa.cat => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahduaa.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokeAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokePropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokeSrv.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaMicArrayAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaMicArrayPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VIAPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VIASysFx.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMAPO32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMAPO64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\vmfilt64.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMPPCn64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMppld64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMTHX32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMTHX64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMWrp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VtSrdAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\WavesGUILib64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEA64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEA64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDSrv2K3.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDSrv2K3Sp1.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDW2K.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDW2K3x64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPSp1.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPSp2.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPx64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\x64\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\Vista64\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\Vista32\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\nt\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\DIFXAPI\X86\DIFXAPI.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\DIFXAPI\X64\DIFXAPI.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\7zS37EE\HPSLPSVC64.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\4840_24027\crl-set => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\4840_24027\manifest.fingerprint => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\4840_24027\manifest.json => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\3476_15646\crl-set => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\3476_15646\manifest.fingerprint => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\3476_15646\manifest.json => Moved successfully.
Could not move "C:\Users\ESMEN\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-06 20:01:42)<=

C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.lck => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\etilqs_bGkgsfrnWyiczec => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\etilqs_vCVhcTjgJ7LVmcw => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies-journal => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

atilla
2014-04-06, 20:12
i also take 2 error

1-) the drop box stop running and do not start at beginning

2-)eror saving file
c:/windows/ERDNT/autobackup/06.04.2014/system !

continiue with the next file ?
[ RegCreateKeyEx:5-erişim engellendi ]

Juliet
2014-04-06, 20:16
can you run ComboFix?

)eror saving file
c:/windows/ERDNT/autobackup/06.04.2014/system !

The error from ERUNT is because you have a link in your START UP group for a backup. This gets launched without Admin rights so it fails. You can either modify the shortcut to have Admin rights or remove the shortcut and that should get rid of the error.

atilla
2014-04-06, 20:36
i run combofix and i also run ernt as adminastator

ComboFix 14-04-06.01 - ESMEN 06.04.2014 20:23:34.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.2493 [GMT 3:00]
Running from: c:\users\ESMEN\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-06 to 2014-04-06 )))))))))))))))))))))))))))))))
.
.
2014-04-06 17:29 . 2014-04-06 17:29 -------- d-----w- c:\users\ESMEN\AppData\Local\temp
2014-04-06 17:29 . 2014-04-06 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 17:27 . 2014-04-06 17:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\offreg.dll
2014-04-06 16:28 . 2014-04-06 17:01 -------- d-----w- C:\FRST
2014-04-06 14:21 . 2014-04-06 14:21 -------- d-----w- c:\program files (x86)\ERUNT
2014-04-06 11:03 . 2014-04-06 11:03 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:03 . 2014-04-06 11:03 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-04-06 10:49 . 2014-04-06 10:49 -------- d-----w- c:\windows\jumpshot.com
2014-04-05 16:40 . 2013-09-20 07:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-04-05 16:39 . 2014-04-05 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-05 16:39 . 2014-04-05 16:39 -------- d-----w- c:\users\ESMEN\AppData\Local\Programs
2014-04-04 18:47 . 2014-04-04 18:47 -------- d-----w- c:\program files (x86)\Internet Download Manager
2014-04-04 09:31 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
2014-03-27 16:21 . 2014-03-27 16:21 -------- d-----w- c:\users\ESMEN\AppData\Roaming\The Creative Assembly
2014-03-27 16:04 . 2014-03-27 16:20 -------- d-----w- c:\program files (x86)\Napoleon Total War
2014-03-12 19:35 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 19:35 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 19:35 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 19:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 19:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 11:08 . 2014-04-06 16:59 -------- d-----r- c:\users\ESMEN\Dropbox
2014-03-09 11:06 . 2014-04-06 17:02 -------- d-----w- c:\users\ESMEN\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-06 11:03 . 2014-01-27 22:10 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:03 . 2014-01-27 22:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:03 . 2014-01-27 22:10 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:03 . 2014-01-27 22:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:03 . 2014-01-27 22:10 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:03 . 2014-01-27 22:10 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:03 . 2014-01-27 22:10 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-06 11:03 . 2014-01-27 22:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:03 . 2014-01-28 14:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-18 16:14 . 2013-12-06 22:46 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-14 07:30 . 2013-12-06 22:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 07:30 . 2013-12-06 22:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-19 17:09 . 2013-12-07 15:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-19 17:09 . 2013-12-07 15:26 14848 ----a-w- c:\windows\system32\slwga.dll
2014-02-19 17:09 . 2013-12-07 15:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-01-30 22:09 . 2014-01-30 22:09 119808 ----a-r- c:\users\ESMEN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-01-09 02:22 . 2014-02-26 12:00 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-12-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-12-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:13 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-06 16:15]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-05 5670448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bütün Bağlantıları IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: NameServer = 213.74.0.1,213.74.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{3b625d9c-6e60-4dff-ae0d-c5f64fdd5a59}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002f
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,1e,1d,69,8b,94,af,4f,37,e7,78,f4,b8,ed,25,ea,3d,b1,c4,a6,fb,
f6,e7,c9,49,8a,f5,df,20,48,4c,a6,b4,2b,27,23,07,6b,12,74,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-06 20:30:59
ComboFix-quarantined-files.txt 2014-04-06 17:30
.
Pre-Run: 136.639.127.552 bayt boş
Post-Run: 136.462.843.904 bayt boş
.
- - End Of File - - C7802ADFFE7FF941F810928C7E5B942E
A36C5E4F47E84449FF07ED3517B43A31

Juliet
2014-04-06, 23:34
Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Code box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.



FCopy::c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll
FCopy::c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll|c:\windows\SysWOW64\user32.dll

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Please post this log when done.

atilla
2014-04-07, 14:12
-------combofix with CFscript------------
ComboFix 14-04-06.01 - ESMEN 07.04.2014 14:02:16.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.2211 [GMT 3:00]
Running from: c:\users\ESMEN\Downloads\ComboFix.exe
Command switches used :: c:\users\ESMEN\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-07 11:07 . 2014-04-07 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 17:31 . 2014-04-07 11:07 -------- d-----w- c:\users\ESMEN\AppData\Local\temp
2014-04-06 16:28 . 2014-04-06 17:01 -------- d-----w- C:\FRST
2014-04-06 14:21 . 2014-04-06 14:21 -------- d-----w- c:\program files (x86)\ERUNT
2014-04-06 11:03 . 2014-04-06 11:03 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:03 . 2014-04-06 11:03 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-04-06 10:49 . 2014-04-06 10:49 -------- d-----w- c:\windows\jumpshot.com
2014-04-05 16:40 . 2013-09-20 07:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-04-05 16:39 . 2014-04-05 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-05 16:39 . 2014-04-05 16:39 -------- d-----w- c:\users\ESMEN\AppData\Local\Programs
2014-04-04 18:47 . 2014-04-04 18:47 -------- d-----w- c:\program files (x86)\Internet Download Manager
2014-04-04 09:31 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
2014-03-27 16:21 . 2014-03-27 16:21 -------- d-----w- c:\users\ESMEN\AppData\Roaming\The Creative Assembly
2014-03-27 16:04 . 2014-03-27 16:20 -------- d-----w- c:\program files (x86)\Napoleon Total War
2014-03-12 19:35 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 19:35 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 19:35 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 19:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 19:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 11:08 . 2014-04-07 10:54 -------- d-----r- c:\users\ESMEN\Dropbox
2014-03-09 11:06 . 2014-04-07 10:54 -------- d-----w- c:\users\ESMEN\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-06 11:03 . 2014-01-27 22:10 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:03 . 2014-01-27 22:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:03 . 2014-01-27 22:10 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:03 . 2014-01-27 22:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:03 . 2014-01-27 22:10 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:03 . 2014-01-27 22:10 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:03 . 2014-01-27 22:10 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-06 11:03 . 2014-01-27 22:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:03 . 2014-01-28 14:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-18 16:14 . 2013-12-06 22:46 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-14 07:30 . 2013-12-06 22:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 07:30 . 2013-12-06 22:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-19 17:09 . 2013-12-07 15:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-19 17:09 . 2013-12-07 15:26 14848 ----a-w- c:\windows\system32\slwga.dll
2014-02-19 17:09 . 2013-12-07 15:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-01-30 22:09 . 2014-01-30 22:09 119808 ----a-r- c:\users\ESMEN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-01-09 02:22 . 2014-02-26 12:00 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-12-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-12-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:13 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-06 16:15]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-05 5670448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bütün Bağlantıları IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: NameServer = 213.74.0.1,213.74.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{3b625d9c-6e60-4dff-ae0d-c5f64fdd5a59}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002f
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,1e,1d,69,8b,94,af,4f,37,e7,78,f4,b8,ed,25,ea,3d,b1,c4,a6,fb,
f6,e7,c9,49,8a,f5,df,20,48,4c,a6,b4,2b,27,23,07,6b,12,74,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-07 14:09:39
ComboFix-quarantined-files.txt 2014-04-07 11:09
ComboFix2.txt 2014-04-06 17:30
.
Pre-Run: 135.884.390.400 bayt boş
Post-Run: 135.811.702.784 bayt boş
.
- - End Of File - - 1C2ECA7FEAC3AB8E16213A012E20BA0F
A36C5E4F47E84449FF07ED3517B43A31

Juliet
2014-04-07, 14:38
Did you drag the script I created into the ComboFix icon?

The log you posted was from yesterday

ComboFix 14-04-06.01 <--yesterday

ComboFix 14-04-06.01 <-- today

If you did drag it over, how's the computer now?

atilla
2014-04-07, 14:53
i did cfscript.txt thing as you describe me. it still found the same folder as invisible and i can't find the folder anywhere. if you wish i can do cfscript.txt thing again

Juliet
2014-04-07, 16:13
i did cfscript.txt thing as you describe me. it still found the same folder as invisible and i can't find the folder anywhere. if you wish i can do cfscript.txt thing again

Before we do that let's try this scanner.


Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.




Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG

Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

Click the Start Scan button.


If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please copy and paste its contents on your next reply.



A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Juliet
2014-04-07, 16:18
Looking back I found this
Running from: c:\users\ESMEN\Downloads\ComboFix.exe
Command switches used :: c:\users\ESMEN\Desktop\CFScript.txt

Need to move ComboFix to desktop or delete the version you have now, re-download and make sure it's saved to desktop, then run the fix I created again

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

atilla
2014-04-07, 17:43
I scaned my computer two times

1-) internet access not available

17:36:53.0234 0x0e84 TDSS rootkit removing tool 3.0.0.30 Apr 7 2014 15:39:12
17:37:02.0466 0x0e84 ============================================================
17:37:02.0466 0x0e84 Current date / time: 2014/04/07 17:37:02.0466
17:37:02.0466 0x0e84 SystemInfo:
17:37:02.0466 0x0e84
17:37:02.0466 0x0e84 OS Version: 6.1.7601 ServicePack: 1.0
17:37:02.0466 0x0e84 Product type: Workstation
17:37:02.0466 0x0e84 ComputerName: ESMEN-PC
17:37:02.0466 0x0e84 UserName: ESMEN
17:37:02.0466 0x0e84 Windows directory: C:\Windows
17:37:02.0466 0x0e84 System windows directory: C:\Windows
17:37:02.0466 0x0e84 Running under WOW64
17:37:02.0466 0x0e84 Processor architecture: Intel x64
17:37:02.0466 0x0e84 Number of processors: 4
17:37:02.0466 0x0e84 Page size: 0x1000
17:37:02.0466 0x0e84 Boot type: Normal boot
17:37:02.0466 0x0e84 ============================================================
17:37:03.0696 0x0e84 KLMD registered as C:\Windows\system32\drivers\66413394.sys
17:37:03.0738 0x0e84 System UUID: {1BE76FDF-5BB3-FE7F-1023-085BB72C6983}
17:37:04.0127 0x0e84 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x22DD3, SectorsPerTrack: 0x28, TracksPerCylinder: 0xAB, Type 'K0', Flags 0x00000040
17:37:04.0150 0x0e84 ============================================================
17:37:04.0150 0x0e84 \Device\Harddisk0\DR0:
17:37:04.0151 0x0e84 MBR partitions:
17:37:04.0151 0x0e84 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x200800, BlocksNum 0x1EAD1800
17:37:04.0151 0x0e84 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1ECD2000, BlocksNum 0x1B6B3800
17:37:04.0151 0x0e84 ============================================================
17:37:04.0174 0x0e84 C: <-> \Device\Harddisk0\DR0\Partition1
17:37:04.0199 0x0e84 D: <-> \Device\Harddisk0\DR0\Partition2
17:37:04.0200 0x0e84 ============================================================
17:37:04.0200 0x0e84 Initialize success
17:37:04.0200 0x0e84 ============================================================
17:37:42.0386 0x13cc ============================================================
17:37:42.0386 0x13cc Scan started
17:37:42.0387 0x13cc Mode: Manual; SigCheck; TDLFS;
17:37:42.0387 0x13cc ============================================================
17:37:42.0387 0x13cc KSN ping started
17:37:45.0112 0x13cc KSN ping finished: true
17:37:45.0700 0x13cc ================ Scan system memory ========================
17:37:45.0700 0x13cc System memory - ok
17:37:45.0700 0x13cc ================ Scan services =============================
17:37:45.0825 0x13cc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:37:45.0934 0x13cc 1394ohci - ok
17:37:45.0967 0x13cc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:37:45.0989 0x13cc ACPI - ok
17:37:46.0022 0x13cc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:37:46.0060 0x13cc AcpiPmi - ok
17:37:46.0121 0x13cc [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:46.0137 0x13cc AdobeARMservice - ok
17:37:46.0179 0x13cc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:37:46.0208 0x13cc adp94xx - ok
17:37:46.0231 0x13cc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:37:46.0253 0x13cc adpahci - ok
17:37:46.0276 0x13cc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:37:46.0294 0x13cc adpu320 - ok
17:37:46.0314 0x13cc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:37:46.0374 0x13cc AeLookupSvc - ok
17:37:46.0424 0x13cc [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
17:37:46.0481 0x13cc AFD - ok
17:37:46.0517 0x13cc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:37:46.0531 0x13cc agp440 - ok
17:37:46.0550 0x13cc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:37:46.0590 0x13cc ALG - ok
17:37:46.0620 0x13cc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:37:46.0634 0x13cc aliide - ok
17:37:46.0664 0x13cc [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:37:46.0731 0x13cc AMD External Events Utility - ok
17:37:46.0743 0x13cc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:37:46.0756 0x13cc amdide - ok
17:37:46.0778 0x13cc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:37:46.0829 0x13cc AmdK8 - ok
17:37:47.0108 0x13cc [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:37:47.0464 0x13cc amdkmdag - ok
17:37:47.0512 0x13cc [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:37:47.0550 0x13cc amdkmdap - ok
17:37:47.0570 0x13cc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:37:47.0587 0x13cc AmdPPM - ok
17:37:47.0618 0x13cc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:37:47.0635 0x13cc amdsata - ok
17:37:47.0662 0x13cc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:37:47.0680 0x13cc amdsbs - ok
17:37:47.0695 0x13cc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:37:47.0709 0x13cc amdxata - ok
17:37:47.0741 0x13cc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
17:37:47.0796 0x13cc AppID - ok
17:37:47.0824 0x13cc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:37:47.0879 0x13cc AppIDSvc - ok
17:37:47.0906 0x13cc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
17:37:47.0950 0x13cc Appinfo - ok
17:37:47.0998 0x13cc [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:37:48.0011 0x13cc Apple Mobile Device - ok
17:37:48.0034 0x13cc [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
17:37:48.0086 0x13cc AppMgmt - ok
17:37:48.0112 0x13cc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:37:48.0127 0x13cc arc - ok
17:37:48.0138 0x13cc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:37:48.0154 0x13cc arcsas - ok
17:37:48.0230 0x13cc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:37:48.0267 0x13cc aspnet_state - ok
17:37:48.0293 0x13cc [ 60DD9BDD4F96FC4A1E4F528BC70EB630, 5F81F2D3873A132F2B52B6026891D95064D59F0E6FA6D3294687AA66602154F7 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
17:37:48.0314 0x13cc aswKbd - ok
17:37:48.0337 0x13cc [ 8BE618EB795A87DBFD1E09DA63F009C7, 87443A8DB2B4CA4CCA280E0BBB3EAFBD218F7B0B6485C304CAA6B0BFDCBEB3EC ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:37:48.0351 0x13cc aswMonFlt - ok
17:37:48.0397 0x13cc [ 693CB948002DD650C2CFA6BD58808FEE, C55EDDA28858523751E98A34E819E4DDEE6351A17D0BD1597959A3B70B00AB8C ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
17:37:48.0421 0x13cc aswNdisFlt - ok
17:37:48.0439 0x13cc [ D4259F75734EBCC8D815753B09EB2F0A, 93E06432F3E74B4CE606F4BECB80D11580FB72832630164427F36BD62C467103 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
17:37:48.0453 0x13cc aswRdr - ok
17:37:48.0459 0x13cc [ 8D4B8BF93C65BDBC133B20706A3B5208, BBCC103F722434DE38FD4D3DF8D543478405E139C5923B0EDFBA80A6C2762AB2 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:37:48.0473 0x13cc aswRvrt - ok
17:37:48.0515 0x13cc [ AA0D1B47BE967E1E17301DDFB66C432C, 0283A503D9875C7D51288FAD28BC3F44E4637EDBBBFD968E51D4D505E3AE97B1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:37:48.0556 0x13cc aswSnx - ok
17:37:48.0596 0x13cc [ 15C6B7D20EE0E44A4DF82183A89CCFC2, 8CCE561CF25A6ED686DDD15C6041B29A82EF52247AFAD937EA5ADBA61C6A18AF ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:37:48.0620 0x13cc aswSP - ok
17:37:48.0637 0x13cc [ 81FA56F29440406A7264CBD7B1C7CB29, 704FAC64596D949C2F83AEE9E3B235CB3E9240EEF310361691CB213A30341141 ] aswStm C:\Windows\system32\drivers\aswStm.sys
17:37:48.0651 0x13cc aswStm - ok
17:37:48.0666 0x13cc [ 0606875650850B0697D662934529F6FC, BC0D7B83888F88966F2DFC0BC26D038290FFBA83079DC7C3B67272557DA3E25D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:37:48.0684 0x13cc aswVmm - ok
17:37:48.0707 0x13cc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:48.0770 0x13cc AsyncMac - ok
17:37:48.0791 0x13cc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:37:48.0804 0x13cc atapi - ok
17:37:48.0825 0x13cc [ B63168E23AF172DD728C60F270F30D48, 1868CBF823DE3B2A8A5E431D9FF29C2E809932F004EBEEA523DA491466FA71DB ] Atc002 C:\Windows\system32\DRIVERS\l260x64.sys
17:37:48.0856 0x13cc Atc002 - ok
17:37:48.0899 0x13cc [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:37:48.0945 0x13cc AtiHDAudioService - ok
17:37:49.0223 0x13cc [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:37:49.0492 0x13cc atikmdag - ok
17:37:49.0551 0x13cc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:37:49.0632 0x13cc AudioEndpointBuilder - ok
17:37:49.0653 0x13cc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:37:49.0706 0x13cc AudioSrv - ok
17:37:49.0771 0x13cc [ BEA8D0FA8805CC2E6BB49728166699C7, 9A574A1E79DC2D472877443A92ACDA57A1206A2DAB3AF9110C844944EDC9D797 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:37:49.0785 0x13cc avast! Antivirus - ok
17:37:49.0820 0x13cc [ D58C10AFF2B5C09D615623A4DAC0E330, 9C4BDD2A959288F6CFE9DA4E0E96409AC4462A0C224E0C27CB7906C53C7E1453 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:37:49.0838 0x13cc avast! Firewall - ok
17:37:49.0869 0x13cc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:37:49.0906 0x13cc AxInstSV - ok
17:37:49.0946 0x13cc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:37:50.0001 0x13cc b06bdrv - ok
17:37:50.0040 0x13cc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:37:50.0078 0x13cc b57nd60a - ok
17:37:50.0117 0x13cc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:37:50.0149 0x13cc BDESVC - ok
17:37:50.0170 0x13cc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:37:50.0229 0x13cc Beep - ok
17:37:50.0275 0x13cc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:37:50.0326 0x13cc BFE - ok
17:37:50.0365 0x13cc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
17:37:50.0457 0x13cc BITS - ok
17:37:50.0518 0x13cc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:37:50.0603 0x13cc blbdrive - ok
17:37:50.0670 0x13cc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:37:50.0694 0x13cc Bonjour Service - ok
17:37:50.0719 0x13cc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:37:50.0760 0x13cc bowser - ok
17:37:50.0777 0x13cc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:37:50.0816 0x13cc BrFiltLo - ok
17:37:50.0833 0x13cc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:37:50.0851 0x13cc BrFiltUp - ok
17:37:50.0889 0x13cc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:37:50.0942 0x13cc BridgeMP - ok
17:37:50.0967 0x13cc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:37:51.0005 0x13cc Browser - ok
17:37:51.0030 0x13cc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:37:51.0061 0x13cc Brserid - ok
17:37:51.0071 0x13cc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:37:51.0102 0x13cc BrSerWdm - ok
17:37:51.0114 0x13cc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:37:51.0150 0x13cc BrUsbMdm - ok
17:37:51.0155 0x13cc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:37:51.0171 0x13cc BrUsbSer - ok
17:37:51.0190 0x13cc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:37:51.0220 0x13cc BTHMODEM - ok
17:37:51.0330 0x13cc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:37:51.0414 0x13cc bthserv - ok
17:37:51.0535 0x13cc [ BE531939BB6D153DB63DBBFBD398A713, CB63FD4051198A89EDB3CF45199F99F5816A672FA9374E166ED7A5D17ED47468 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
17:37:51.0607 0x13cc c2cautoupdatesvc - ok
17:37:51.0668 0x13cc [ 33E9F08F675EF94633C8EF8A7C4EADF3, E1556CF27F7FB3B03EE63F3464F5EE92E7B09E67C5D8AA4A9346FEEBD716A152 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
17:37:51.0739 0x13cc c2cpnrsvc - ok
17:37:51.0762 0x13cc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:37:51.0828 0x13cc cdfs - ok
17:37:51.0870 0x13cc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:37:51.0890 0x13cc cdrom - ok
17:37:51.0926 0x13cc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:37:51.0978 0x13cc CertPropSvc - ok
17:37:51.0995 0x13cc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:37:52.0027 0x13cc circlass - ok
17:37:52.0065 0x13cc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
17:37:52.0089 0x13cc CLFS - ok
17:37:52.0160 0x13cc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:52.0180 0x13cc clr_optimization_v2.0.50727_32 - ok
17:37:52.0223 0x13cc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:37:52.0240 0x13cc clr_optimization_v2.0.50727_64 - ok
17:37:52.0295 0x13cc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:37:52.0351 0x13cc clr_optimization_v4.0.30319_32 - ok
17:37:52.0379 0x13cc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:37:52.0511 0x13cc clr_optimization_v4.0.30319_64 - ok
17:37:52.0540 0x13cc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:37:52.0566 0x13cc CmBatt - ok
17:37:52.0588 0x13cc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:37:52.0601 0x13cc cmdide - ok
17:37:52.0638 0x13cc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
17:37:52.0682 0x13cc CNG - ok
17:37:52.0697 0x13cc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:37:52.0712 0x13cc Compbatt - ok
17:37:52.0748 0x13cc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:37:52.0788 0x13cc CompositeBus - ok
17:37:52.0804 0x13cc COMSysApp - ok
17:37:52.0816 0x13cc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:37:52.0830 0x13cc crcdisk - ok
17:37:52.0863 0x13cc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:37:52.0907 0x13cc CryptSvc - ok
17:37:52.0937 0x13cc [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
17:37:52.0994 0x13cc CSC - ok
17:37:53.0023 0x13cc [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
17:37:53.0069 0x13cc CscService - ok
17:37:53.0104 0x13cc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:37:53.0169 0x13cc DcomLaunch - ok
17:37:53.0205 0x13cc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:37:53.0265 0x13cc defragsvc - ok
17:37:53.0283 0x13cc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:37:53.0337 0x13cc DfsC - ok
17:37:53.0388 0x13cc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:37:53.0451 0x13cc Dhcp - ok
17:37:53.0474 0x13cc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:37:53.0528 0x13cc discache - ok
17:37:53.0563 0x13cc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:37:53.0578 0x13cc Disk - ok
17:37:53.0609 0x13cc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:37:53.0663 0x13cc Dnscache - ok
17:37:53.0705 0x13cc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:37:53.0760 0x13cc dot3svc - ok
17:37:53.0783 0x13cc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:37:53.0836 0x13cc DPS - ok
17:37:53.0882 0x13cc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:37:53.0919 0x13cc drmkaud - ok
17:37:53.0976 0x13cc [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:37:54.0016 0x13cc DXGKrnl - ok
17:37:54.0042 0x13cc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:37:54.0095 0x13cc EapHost - ok
17:37:54.0210 0x13cc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:37:54.0360 0x13cc ebdrv - ok
17:37:54.0388 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
17:37:54.0421 0x13cc EFS - ok
17:37:54.0511 0x13cc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:37:54.0566 0x13cc ehRecvr - ok
17:37:54.0617 0x13cc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:37:54.0671 0x13cc ehSched - ok
17:37:54.0753 0x13cc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:37:54.0794 0x13cc elxstor - ok
17:37:54.0813 0x13cc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:37:54.0849 0x13cc ErrDev - ok
17:37:54.0893 0x13cc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:37:54.0970 0x13cc EventSystem - ok
17:37:54.0988 0x13cc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:37:55.0050 0x13cc exfat - ok
17:37:55.0076 0x13cc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:37:55.0149 0x13cc fastfat - ok
17:37:55.0236 0x13cc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:37:55.0316 0x13cc Fax - ok
17:37:55.0327 0x13cc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:37:55.0353 0x13cc fdc - ok
17:37:55.0377 0x13cc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:37:55.0438 0x13cc fdPHost - ok
17:37:55.0449 0x13cc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:37:55.0535 0x13cc FDResPub - ok
17:37:55.0556 0x13cc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:37:55.0571 0x13cc FileInfo - ok
17:37:55.0649 0x13cc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:37:55.0726 0x13cc Filetrace - ok
17:37:55.0805 0x13cc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:55.0852 0x13cc flpydisk - ok
17:37:55.0898 0x13cc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:37:55.0919 0x13cc FltMgr - ok
17:37:55.0974 0x13cc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
17:37:56.0033 0x13cc FontCache - ok
17:37:56.0069 0x13cc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:37:56.0084 0x13cc FontCache3.0.0.0 - ok
17:37:56.0113 0x13cc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:37:56.0128 0x13cc FsDepends - ok
17:37:56.0146 0x13cc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:37:56.0161 0x13cc Fs_Rec - ok
17:37:56.0185 0x13cc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:37:56.0207 0x13cc fvevol - ok
17:37:56.0220 0x13cc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:37:56.0237 0x13cc gagp30kx - ok
17:37:56.0260 0x13cc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:37:56.0272 0x13cc GEARAspiWDM - ok
17:37:56.0310 0x13cc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:37:56.0380 0x13cc gpsvc - ok
17:37:56.0431 0x13cc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:37:56.0444 0x13cc gupdate - ok
17:37:56.0450 0x13cc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:37:56.0462 0x13cc gupdatem - ok
17:37:56.0475 0x13cc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:37:56.0516 0x13cc hcw85cir - ok
17:37:56.0549 0x13cc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:37:56.0579 0x13cc HdAudAddService - ok
17:37:56.0608 0x13cc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:37:56.0638 0x13cc HDAudBus - ok
17:37:56.0651 0x13cc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:37:56.0678 0x13cc HidBatt - ok
17:37:56.0698 0x13cc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:37:56.0719 0x13cc HidBth - ok
17:37:56.0735 0x13cc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:37:56.0756 0x13cc HidIr - ok
17:37:56.0782 0x13cc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
17:37:56.0868 0x13cc hidserv - ok
17:37:56.0888 0x13cc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:37:56.0917 0x13cc HidUsb - ok
17:37:56.0945 0x13cc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:37:56.0995 0x13cc hkmsvc - ok
17:37:57.0026 0x13cc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:37:57.0074 0x13cc HomeGroupListener - ok
17:37:57.0091 0x13cc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:37:57.0128 0x13cc HomeGroupProvider - ok
17:37:57.0171 0x13cc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:37:57.0193 0x13cc HpSAMD - ok
17:37:57.0274 0x13cc HPSLPSVC - ok
17:37:57.0319 0x13cc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:37:57.0396 0x13cc HTTP - ok
17:37:57.0422 0x13cc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:37:57.0435 0x13cc hwpolicy - ok
17:37:57.0471 0x13cc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:37:57.0490 0x13cc i8042prt - ok
17:37:57.0538 0x13cc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:37:57.0564 0x13cc iaStorV - ok
17:37:57.0595 0x13cc [ 929DF302F15BFE24AC66EF45D858C413, 7FC0142EABEB74344D85D3912BC311F37D4136F24C93572E5199E25B40646615 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
17:37:57.0612 0x13cc IDMWFP - ok
17:37:57.0661 0x13cc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:37:57.0696 0x13cc idsvc - ok
17:37:57.0703 0x13cc IEEtwCollectorService - ok
17:37:57.0755 0x13cc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:37:57.0770 0x13cc iirsp - ok
17:37:57.0814 0x13cc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:37:57.0870 0x13cc IKEEXT - ok
17:37:57.0899 0x13cc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:37:57.0913 0x13cc intelide - ok
17:37:57.0954 0x13cc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:37:57.0991 0x13cc intelppm - ok
17:37:58.0025 0x13cc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:37:58.0085 0x13cc IPBusEnum - ok
17:37:58.0113 0x13cc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:58.0161 0x13cc IpFilterDriver - ok
17:37:58.0202 0x13cc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:37:58.0235 0x13cc iphlpsvc - ok
17:37:58.0259 0x13cc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:37:58.0290 0x13cc IPMIDRV - ok
17:37:58.0320 0x13cc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:37:58.0371 0x13cc IPNAT - ok
17:37:58.0423 0x13cc [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:37:58.0452 0x13cc iPod Service - ok
17:37:58.0474 0x13cc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:37:58.0504 0x13cc IRENUM - ok
17:37:58.0530 0x13cc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:37:58.0543 0x13cc isapnp - ok
17:37:58.0562 0x13cc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:37:58.0583 0x13cc iScsiPrt - ok
17:37:58.0602 0x13cc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:37:58.0617 0x13cc kbdclass - ok
17:37:58.0631 0x13cc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:37:58.0660 0x13cc kbdhid - ok
17:37:58.0683 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
17:37:58.0707 0x13cc KeyIso - ok
17:37:58.0733 0x13cc [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:37:58.0970 0x13cc KSecDD - ok
17:37:59.0007 0x13cc [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:37:59.0027 0x13cc KSecPkg - ok
17:37:59.0069 0x13cc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:37:59.0121 0x13cc ksthunk - ok
17:37:59.0154 0x13cc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:37:59.0214 0x13cc KtmRm - ok
17:37:59.0257 0x13cc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:37:59.0317 0x13cc LanmanServer - ok
17:37:59.0345 0x13cc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:37:59.0404 0x13cc LanmanWorkstation - ok
17:37:59.0437 0x13cc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:37:59.0487 0x13cc lltdio - ok
17:37:59.0517 0x13cc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:37:59.0574 0x13cc lltdsvc - ok
17:37:59.0588 0x13cc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:37:59.0628 0x13cc lmhosts - ok
17:37:59.0660 0x13cc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:37:59.0676 0x13cc LSI_FC - ok
17:37:59.0684 0x13cc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:37:59.0700 0x13cc LSI_SAS - ok
17:37:59.0716 0x13cc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:37:59.0731 0x13cc LSI_SAS2 - ok
17:37:59.0747 0x13cc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:37:59.0763 0x13cc LSI_SCSI - ok
17:37:59.0780 0x13cc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:37:59.0832 0x13cc luafv - ok
17:37:59.0854 0x13cc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:37:59.0874 0x13cc Mcx2Svc - ok
17:37:59.0891 0x13cc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:37:59.0906 0x13cc megasas - ok
17:37:59.0923 0x13cc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:37:59.0946 0x13cc MegaSR - ok
17:37:59.0998 0x13cc Microsoft SharePoint Workspace Audit Service - ok
17:38:00.0013 0x13cc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:38:00.0072 0x13cc MMCSS - ok
17:38:00.0085 0x13cc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:38:00.0133 0x13cc Modem - ok
17:38:00.0151 0x13cc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:38:00.0184 0x13cc monitor - ok
17:38:00.0211 0x13cc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:38:00.0227 0x13cc mouclass - ok
17:38:00.0241 0x13cc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:38:00.0268 0x13cc mouhid - ok
17:38:00.0291 0x13cc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:38:00.0307 0x13cc mountmgr - ok
17:38:00.0327 0x13cc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:38:00.0346 0x13cc mpio - ok
17:38:00.0367 0x13cc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:38:00.0408 0x13cc mpsdrv - ok
17:38:00.0452 0x13cc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:38:00.0526 0x13cc MpsSvc - ok
17:38:00.0560 0x13cc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:38:00.0598 0x13cc MRxDAV - ok
17:38:00.0621 0x13cc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:00.0655 0x13cc mrxsmb - ok
17:38:00.0680 0x13cc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:00.0718 0x13cc mrxsmb10 - ok
17:38:00.0744 0x13cc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:00.0763 0x13cc mrxsmb20 - ok
17:38:00.0788 0x13cc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:38:00.0802 0x13cc msahci - ok

atilla
2014-04-07, 17:43
17:38:00.0831 0x13cc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:38:00.0849 0x13cc msdsm - ok
17:38:00.0876 0x13cc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:38:00.0937 0x13cc MSDTC - ok
17:38:00.0980 0x13cc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:38:01.0039 0x13cc Msfs - ok
17:38:01.0051 0x13cc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:38:01.0089 0x13cc mshidkmdf - ok
17:38:01.0116 0x13cc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:38:01.0129 0x13cc msisadrv - ok
17:38:01.0157 0x13cc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:38:01.0212 0x13cc MSiSCSI - ok
17:38:01.0217 0x13cc msiserver - ok
17:38:01.0246 0x13cc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:38:01.0299 0x13cc MSKSSRV - ok
17:38:01.0320 0x13cc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:01.0373 0x13cc MSPCLOCK - ok
17:38:01.0379 0x13cc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:38:01.0425 0x13cc MSPQM - ok
17:38:01.0460 0x13cc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:38:01.0483 0x13cc MsRPC - ok
17:38:01.0501 0x13cc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:38:01.0514 0x13cc mssmbios - ok
17:38:01.0528 0x13cc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:38:01.0580 0x13cc MSTEE - ok
17:38:01.0585 0x13cc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:38:01.0600 0x13cc MTConfig - ok
17:38:01.0630 0x13cc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:38:01.0644 0x13cc Mup - ok
17:38:01.0670 0x13cc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:38:01.0733 0x13cc napagent - ok
17:38:01.0762 0x13cc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:38:01.0805 0x13cc NativeWifiP - ok
17:38:01.0863 0x13cc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:38:01.0903 0x13cc NDIS - ok
17:38:01.0920 0x13cc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:38:01.0959 0x13cc NdisCap - ok
17:38:01.0985 0x13cc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:02.0041 0x13cc NdisTapi - ok
17:38:02.0075 0x13cc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:02.0122 0x13cc Ndisuio - ok
17:38:02.0152 0x13cc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:02.0206 0x13cc NdisWan - ok
17:38:02.0221 0x13cc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:38:02.0259 0x13cc NDProxy - ok
17:38:02.0271 0x13cc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:38:02.0323 0x13cc NetBIOS - ok
17:38:02.0357 0x13cc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:38:02.0417 0x13cc NetBT - ok
17:38:02.0437 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
17:38:02.0455 0x13cc Netlogon - ok
17:38:02.0489 0x13cc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:38:02.0553 0x13cc Netman - ok
17:38:02.0587 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0615 0x13cc NetMsmqActivator - ok
17:38:02.0622 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0639 0x13cc NetPipeActivator - ok
17:38:02.0656 0x13cc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:38:02.0725 0x13cc netprofm - ok
17:38:02.0733 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0751 0x13cc NetTcpActivator - ok
17:38:02.0758 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0777 0x13cc NetTcpPortSharing - ok
17:38:02.0805 0x13cc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:38:02.0820 0x13cc nfrd960 - ok
17:38:02.0845 0x13cc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:38:02.0882 0x13cc NlaSvc - ok
17:38:02.0904 0x13cc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:38:02.0943 0x13cc Npfs - ok
17:38:02.0968 0x13cc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:38:03.0017 0x13cc nsi - ok
17:38:03.0037 0x13cc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:38:03.0075 0x13cc nsiproxy - ok
17:38:03.0142 0x13cc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:38:03.0214 0x13cc Ntfs - ok
17:38:03.0231 0x13cc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:38:03.0278 0x13cc Null - ok
17:38:03.0313 0x13cc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:38:03.0330 0x13cc nvraid - ok
17:38:03.0357 0x13cc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:38:03.0375 0x13cc nvstor - ok
17:38:03.0400 0x13cc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:38:03.0416 0x13cc nv_agp - ok
17:38:03.0446 0x13cc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:38:03.0463 0x13cc ohci1394 - ok
17:38:03.0504 0x13cc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:03.0519 0x13cc ose - ok
17:38:03.0684 0x13cc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:38:03.0865 0x13cc osppsvc - ok
17:38:03.0909 0x13cc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:38:03.0949 0x13cc p2pimsvc - ok
17:38:03.0986 0x13cc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:38:04.0018 0x13cc p2psvc - ok
17:38:04.0047 0x13cc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:38:04.0065 0x13cc Parport - ok
17:38:04.0094 0x13cc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:38:04.0109 0x13cc partmgr - ok
17:38:04.0122 0x13cc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
17:38:04.0158 0x13cc PcaSvc - ok
17:38:04.0193 0x13cc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:38:04.0212 0x13cc pci - ok
17:38:04.0233 0x13cc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:38:04.0247 0x13cc pciide - ok
17:38:04.0272 0x13cc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:04.0292 0x13cc pcmcia - ok
17:38:04.0308 0x13cc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:38:04.0323 0x13cc pcw - ok
17:38:04.0347 0x13cc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:38:04.0414 0x13cc PEAUTH - ok
17:38:04.0473 0x13cc [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:38:04.0556 0x13cc PeerDistSvc - ok
17:38:04.0611 0x13cc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:38:04.0634 0x13cc PerfHost - ok
17:38:04.0712 0x13cc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:38:04.0849 0x13cc pla - ok
17:38:04.0893 0x13cc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:38:04.0942 0x13cc PlugPlay - ok
17:38:04.0964 0x13cc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:38:04.0997 0x13cc PNRPAutoReg - ok
17:38:05.0024 0x13cc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:38:05.0051 0x13cc PNRPsvc - ok
17:38:05.0081 0x13cc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:38:05.0146 0x13cc PolicyAgent - ok
17:38:05.0178 0x13cc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:38:05.0238 0x13cc Power - ok
17:38:05.0262 0x13cc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:38:05.0301 0x13cc PptpMiniport - ok
17:38:05.0316 0x13cc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:38:05.0334 0x13cc Processor - ok
17:38:05.0359 0x13cc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
17:38:05.0409 0x13cc ProfSvc - ok
17:38:05.0426 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:38:05.0443 0x13cc ProtectedStorage - ok
17:38:05.0466 0x13cc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:38:05.0515 0x13cc Psched - ok
17:38:05.0589 0x13cc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:38:05.0655 0x13cc ql2300 - ok
17:38:05.0672 0x13cc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:38:05.0688 0x13cc ql40xx - ok
17:38:05.0706 0x13cc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:38:05.0735 0x13cc QWAVE - ok
17:38:05.0746 0x13cc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:38:05.0775 0x13cc QWAVEdrv - ok
17:38:05.0801 0x13cc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:38:05.0839 0x13cc RasAcd - ok
17:38:05.0865 0x13cc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:38:05.0915 0x13cc RasAgileVpn - ok
17:38:05.0937 0x13cc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:38:05.0990 0x13cc RasAuto - ok
17:38:06.0021 0x13cc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:06.0086 0x13cc Rasl2tp - ok
17:38:06.0115 0x13cc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:38:06.0163 0x13cc RasMan - ok
17:38:06.0178 0x13cc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:06.0232 0x13cc RasPppoe - ok
17:38:06.0267 0x13cc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:38:06.0318 0x13cc RasSstp - ok
17:38:06.0352 0x13cc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:38:06.0408 0x13cc rdbss - ok
17:38:06.0423 0x13cc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:38:06.0451 0x13cc rdpbus - ok
17:38:06.0464 0x13cc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:06.0502 0x13cc RDPCDD - ok
17:38:06.0530 0x13cc [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:38:06.0558 0x13cc RDPDR - ok
17:38:06.0586 0x13cc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:38:06.0624 0x13cc RDPENCDD - ok
17:38:06.0638 0x13cc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:38:06.0686 0x13cc RDPREFMP - ok
17:38:06.0734 0x13cc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:38:06.0771 0x13cc RdpVideoMiniport - ok
17:38:06.0795 0x13cc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:38:06.0832 0x13cc RDPWD - ok
17:38:06.0866 0x13cc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:38:06.0887 0x13cc rdyboost - ok
17:38:06.0907 0x13cc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:38:06.0949 0x13cc RemoteAccess - ok
17:38:06.0974 0x13cc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:38:07.0031 0x13cc RemoteRegistry - ok
17:38:07.0056 0x13cc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:38:07.0113 0x13cc RpcEptMapper - ok
17:38:07.0132 0x13cc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:38:07.0158 0x13cc RpcLocator - ok
17:38:07.0190 0x13cc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:38:07.0241 0x13cc RpcSs - ok
17:38:07.0264 0x13cc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:38:07.0317 0x13cc rspndr - ok
17:38:07.0341 0x13cc [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:38:07.0357 0x13cc s3cap - ok
17:38:07.0366 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
17:38:07.0383 0x13cc SamSs - ok
17:38:07.0404 0x13cc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:38:07.0419 0x13cc sbp2port - ok
17:38:07.0443 0x13cc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:38:07.0499 0x13cc SCardSvr - ok
17:38:07.0525 0x13cc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:38:07.0577 0x13cc scfilter - ok
17:38:07.0634 0x13cc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
17:38:07.0722 0x13cc Schedule - ok
17:38:07.0759 0x13cc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:38:07.0797 0x13cc SCPolicySvc - ok
17:38:07.0822 0x13cc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:38:07.0845 0x13cc SDRSVC - ok
17:38:07.0993 0x13cc [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:38:08.0140 0x13cc SDScannerService - ok
17:38:08.0195 0x13cc [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:38:08.0239 0x13cc SDUpdateService - ok
17:38:08.0269 0x13cc [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:38:08.0287 0x13cc SDWSCService - ok
17:38:08.0316 0x13cc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:38:08.0354 0x13cc secdrv - ok
17:38:08.0372 0x13cc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:38:08.0421 0x13cc seclogon - ok
17:38:08.0446 0x13cc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
17:38:08.0499 0x13cc SENS - ok
17:38:08.0518 0x13cc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:38:08.0546 0x13cc SensrSvc - ok
17:38:08.0571 0x13cc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:38:08.0601 0x13cc Serenum - ok
17:38:08.0624 0x13cc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:38:08.0643 0x13cc Serial - ok
17:38:08.0677 0x13cc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:38:08.0704 0x13cc sermouse - ok
17:38:08.0741 0x13cc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:38:08.0793 0x13cc SessionEnv - ok
17:38:08.0817 0x13cc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:38:08.0846 0x13cc sffdisk - ok
17:38:08.0862 0x13cc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:38:08.0897 0x13cc sffp_mmc - ok
17:38:08.0915 0x13cc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:38:08.0944 0x13cc sffp_sd - ok
17:38:08.0968 0x13cc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:38:08.0984 0x13cc sfloppy - ok
17:38:09.0009 0x13cc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:38:09.0070 0x13cc SharedAccess - ok
17:38:09.0100 0x13cc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:38:09.0164 0x13cc ShellHWDetection - ok
17:38:09.0184 0x13cc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:38:09.0198 0x13cc SiSRaid2 - ok
17:38:09.0209 0x13cc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:38:09.0225 0x13cc SiSRaid4 - ok
17:38:09.0263 0x13cc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:38:09.0282 0x13cc SkypeUpdate - ok
17:38:09.0298 0x13cc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:38:09.0347 0x13cc Smb - ok
17:38:09.0376 0x13cc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:38:09.0409 0x13cc SNMPTRAP - ok
17:38:09.0427 0x13cc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:38:09.0441 0x13cc spldr - ok
17:38:09.0469 0x13cc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:38:09.0513 0x13cc Spooler - ok
17:38:09.0687 0x13cc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:38:09.0908 0x13cc sppsvc - ok
17:38:09.0924 0x13cc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:38:09.0977 0x13cc sppuinotify - ok
17:38:10.0011 0x13cc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:38:10.0056 0x13cc srv - ok
17:38:10.0094 0x13cc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:38:10.0122 0x13cc srv2 - ok
17:38:10.0138 0x13cc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:38:10.0172 0x13cc srvnet - ok
17:38:10.0197 0x13cc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:38:10.0259 0x13cc SSDPSRV - ok
17:38:10.0273 0x13cc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:38:10.0315 0x13cc SstpSvc - ok
17:38:10.0330 0x13cc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:38:10.0345 0x13cc stexstor - ok
17:38:10.0388 0x13cc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:38:10.0443 0x13cc stisvc - ok
17:38:10.0484 0x13cc [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:38:10.0499 0x13cc storflt - ok
17:38:10.0511 0x13cc [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:38:10.0525 0x13cc storvsc - ok
17:38:10.0553 0x13cc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
17:38:10.0567 0x13cc swenum - ok
17:38:10.0586 0x13cc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:38:10.0655 0x13cc swprv - ok
17:38:10.0673 0x13cc Synth3dVsc - ok
17:38:10.0737 0x13cc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
17:38:10.0840 0x13cc SysMain - ok
17:38:10.0866 0x13cc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:38:10.0902 0x13cc TabletInputService - ok
17:38:10.0930 0x13cc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:38:10.0988 0x13cc TapiSrv - ok
17:38:11.0011 0x13cc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:38:11.0052 0x13cc TBS - ok
17:38:11.0171 0x13cc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:38:11.0290 0x13cc Tcpip - ok
17:38:11.0358 0x13cc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:38:11.0415 0x13cc TCPIP6 - ok
17:38:11.0443 0x13cc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:38:11.0471 0x13cc tcpipreg - ok
17:38:11.0496 0x13cc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:38:11.0527 0x13cc TDPIPE - ok
17:38:11.0554 0x13cc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:38:11.0580 0x13cc TDTCP - ok
17:38:11.0611 0x13cc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:38:11.0655 0x13cc tdx - ok
17:38:11.0676 0x13cc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
17:38:11.0690 0x13cc TermDD - ok
17:38:11.0720 0x13cc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
17:38:11.0779 0x13cc TermService - ok
17:38:11.0800 0x13cc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:38:11.0838 0x13cc Themes - ok
17:38:11.0859 0x13cc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:38:11.0899 0x13cc THREADORDER - ok
17:38:11.0916 0x13cc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:38:11.0972 0x13cc TrkWks - ok
17:38:12.0013 0x13cc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:38:12.0069 0x13cc TrustedInstaller - ok
17:38:12.0096 0x13cc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:12.0132 0x13cc tssecsrv - ok
17:38:12.0154 0x13cc [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:38:12.0198 0x13cc TsUsbFlt - ok
17:38:12.0206 0x13cc tsusbhub - ok
17:38:12.0234 0x13cc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:38:12.0274 0x13cc tunnel - ok
17:38:12.0293 0x13cc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:38:12.0308 0x13cc uagp35 - ok
17:38:12.0334 0x13cc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:38:12.0390 0x13cc udfs - ok
17:38:12.0417 0x13cc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:38:12.0438 0x13cc UI0Detect - ok
17:38:12.0456 0x13cc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:38:12.0471 0x13cc uliagpkx - ok
17:38:12.0496 0x13cc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
17:38:12.0524 0x13cc umbus - ok
17:38:12.0542 0x13cc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:38:12.0569 0x13cc UmPass - ok
17:38:12.0600 0x13cc [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:38:12.0624 0x13cc UmRdpService - ok
17:38:12.0645 0x13cc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:38:12.0709 0x13cc upnphost - ok
17:38:12.0734 0x13cc [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:38:12.0776 0x13cc USBAAPL64 - ok
17:38:12.0797 0x13cc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:12.0831 0x13cc usbccgp - ok
17:38:12.0868 0x13cc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:38:12.0907 0x13cc usbcir - ok
17:38:12.0926 0x13cc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:38:12.0953 0x13cc usbehci - ok
17:38:12.0981 0x13cc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:38:13.0017 0x13cc usbhub - ok
17:38:13.0032 0x13cc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:38:13.0058 0x13cc usbohci - ok
17:38:13.0086 0x13cc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:38:13.0118 0x13cc usbprint - ok
17:38:13.0141 0x13cc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:13.0172 0x13cc USBSTOR - ok
17:38:13.0191 0x13cc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:38:13.0207 0x13cc usbuhci - ok
17:38:13.0228 0x13cc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:38:13.0276 0x13cc usbvideo - ok
17:38:13.0294 0x13cc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:38:13.0350 0x13cc UxSms - ok
17:38:13.0368 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
17:38:13.0384 0x13cc VaultSvc - ok
17:38:13.0413 0x13cc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:38:13.0427 0x13cc vdrvroot - ok
17:38:13.0460 0x13cc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:38:13.0515 0x13cc vds - ok
17:38:13.0537 0x13cc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:13.0557 0x13cc vga - ok
17:38:13.0580 0x13cc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:38:13.0633 0x13cc VgaSave - ok
17:38:13.0653 0x13cc VGPU - ok
17:38:13.0677 0x13cc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:38:13.0695 0x13cc vhdmp - ok
17:38:13.0794 0x13cc [ A427E990AAF60801489E527447EA5947, CD69587056E1B41799C575A0AFD6BDE4DA411DF20FE395C1180DB735B2C4E77D ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
17:38:13.0883 0x13cc VIAHdAudAddService - ok
17:38:13.0907 0x13cc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:38:13.0920 0x13cc viaide - ok
17:38:13.0933 0x13cc [ 6B34F3220E4AE5D77BD42CEA94EB3892, 6BBED3FBD52935B0ECEA3A9B5B0A4B44214636840AE1EBB65AE1089B3F0C0500 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
17:38:13.0950 0x13cc VIAKaraokeService - ok
17:38:13.0965 0x13cc [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:38:13.0983 0x13cc vmbus - ok
17:38:14.0001 0x13cc [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:38:14.0028 0x13cc VMBusHID - ok
17:38:14.0042 0x13cc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:38:14.0057 0x13cc volmgr - ok
17:38:14.0084 0x13cc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:38:14.0106 0x13cc volmgrx - ok
17:38:14.0123 0x13cc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:38:14.0144 0x13cc volsnap - ok
17:38:14.0174 0x13cc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:14.0192 0x13cc vsmraid - ok
17:38:14.0256 0x13cc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:38:14.0368 0x13cc VSS - ok
17:38:14.0387 0x13cc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:38:14.0422 0x13cc vwifibus - ok
17:38:14.0453 0x13cc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:38:14.0517 0x13cc W32Time - ok
17:38:14.0540 0x13cc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:38:14.0568 0x13cc WacomPen - ok
17:38:14.0600 0x13cc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:38:14.0649 0x13cc WANARP - ok
17:38:14.0655 0x13cc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:38:14.0693 0x13cc Wanarpv6 - ok
17:38:14.0764 0x13cc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:38:14.0822 0x13cc WatAdminSvc - ok
17:38:14.0890 0x13cc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:38:14.0966 0x13cc wbengine - ok
17:38:14.0989 0x13cc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:38:15.0018 0x13cc WbioSrvc - ok
17:38:15.0047 0x13cc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:38:15.0094 0x13cc wcncsvc - ok
17:38:15.0111 0x13cc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:38:15.0141 0x13cc WcsPlugInService - ok
17:38:15.0162 0x13cc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:38:15.0176 0x13cc Wd - ok
17:38:15.0214 0x13cc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:38:15.0250 0x13cc Wdf01000 - ok
17:38:15.0272 0x13cc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:38:15.0360 0x13cc WdiServiceHost - ok
17:38:15.0365 0x13cc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:38:15.0393 0x13cc WdiSystemHost - ok
17:38:15.0418 0x13cc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
17:38:15.0444 0x13cc WebClient - ok
17:38:15.0457 0x13cc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:38:15.0516 0x13cc Wecsvc - ok
17:38:15.0536 0x13cc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:38:15.0578 0x13cc wercplsupport - ok
17:38:15.0592 0x13cc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:38:15.0645 0x13cc WerSvc - ok
17:38:15.0678 0x13cc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:15.0715 0x13cc WfpLwf - ok
17:38:15.0730 0x13cc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:38:15.0744 0x13cc WIMMount - ok
17:38:15.0757 0x13cc WinDefend - ok
17:38:15.0764 0x13cc WinHttpAutoProxySvc - ok
17:38:15.0810 0x13cc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:38:15.0858 0x13cc Winmgmt - ok
17:38:15.0930 0x13cc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
17:38:16.0049 0x13cc WinRM - ok
17:38:16.0092 0x13cc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:16.0126 0x13cc WinUsb - ok
17:38:16.0176 0x13cc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:38:16.0236 0x13cc Wlansvc - ok
17:38:16.0273 0x13cc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:38:16.0305 0x13cc WmiAcpi - ok
17:38:16.0353 0x13cc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:38:16.0434 0x13cc wmiApSrv - ok
17:38:16.0457 0x13cc WMPNetworkSvc - ok
17:38:16.0471 0x13cc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:38:16.0499 0x13cc WPCSvc - ok
17:38:16.0523 0x13cc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:38:16.0545 0x13cc WPDBusEnum - ok
17:38:16.0560 0x13cc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:38:16.0610 0x13cc ws2ifsl - ok
17:38:16.0628 0x13cc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
17:38:16.0666 0x13cc wscsvc - ok
17:38:16.0670 0x13cc WSearch - ok
17:38:16.0767 0x13cc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
17:38:16.0867 0x13cc wuauserv - ok
17:38:16.0896 0x13cc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:38:16.0942 0x13cc WudfPf - ok
17:38:16.0970 0x13cc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:17.0003 0x13cc WUDFRd - ok
17:38:17.0020 0x13cc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:38:17.0052 0x13cc wudfsvc - ok
17:38:17.0081 0x13cc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:38:17.0135 0x13cc WwanSvc - ok
17:38:17.0149 0x13cc ================ Scan global ===============================
17:38:17.0170 0x13cc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:38:17.0199 0x13cc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:38:17.0217 0x13cc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:38:17.0247 0x13cc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:38:17.0264 0x13cc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:38:17.0275 0x13cc [ Global ] - ok
17:38:17.0276 0x13cc ================ Scan MBR ==================================
17:38:17.0284 0x13cc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:38:17.0501 0x13cc \Device\Harddisk0\DR0 - ok
17:38:17.0501 0x13cc ================ Scan VBR ==================================
17:38:17.0504 0x13cc [ 826EB766CF8485757E348521E62B0AAF ] \Device\Harddisk0\DR0\Partition1
17:38:17.0506 0x13cc \Device\Harddisk0\DR0\Partition1 - ok
17:38:17.0509 0x13cc [ 92A2AB3B62FA8C4968B7BF66BAC67207 ] \Device\Harddisk0\DR0\Partition2
17:38:17.0529 0x13cc \Device\Harddisk0\DR0\Partition2 - ok
17:38:17.0645 0x13cc AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2016.330 ), 0x40000 ( disabled : updated )
17:38:17.0647 0x13cc FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2016.330 ), 0x40010 ( disabled )
17:38:17.0663 0x13cc Win FW state via NFP2: enabled
17:38:17.0664 0x13cc ============================================================
17:38:17.0664 0x13cc Scan finished
17:38:17.0664 0x13cc ============================================================
17:38:17.0673 0x02f8 Detected object count: 0
17:38:17.0673 0x02f8 Actual detected object count: 0

atilla
2014-04-07, 17:46
2-) internet access available
17:36:53.0234 0x0e84 TDSS rootkit removing tool 3.0.0.30 Apr 7 2014 15:39:12
17:37:02.0466 0x0e84 ============================================================
17:37:02.0466 0x0e84 Current date / time: 2014/04/07 17:37:02.0466
17:37:02.0466 0x0e84 SystemInfo:
17:37:02.0466 0x0e84
17:37:02.0466 0x0e84 OS Version: 6.1.7601 ServicePack: 1.0
17:37:02.0466 0x0e84 Product type: Workstation
17:37:02.0466 0x0e84 ComputerName: ESMEN-PC
17:37:02.0466 0x0e84 UserName: ESMEN
17:37:02.0466 0x0e84 Windows directory: C:\Windows
17:37:02.0466 0x0e84 System windows directory: C:\Windows
17:37:02.0466 0x0e84 Running under WOW64
17:37:02.0466 0x0e84 Processor architecture: Intel x64
17:37:02.0466 0x0e84 Number of processors: 4
17:37:02.0466 0x0e84 Page size: 0x1000
17:37:02.0466 0x0e84 Boot type: Normal boot
17:37:02.0466 0x0e84 ============================================================
17:37:03.0696 0x0e84 KLMD registered as C:\Windows\system32\drivers\66413394.sys
17:37:03.0738 0x0e84 System UUID: {1BE76FDF-5BB3-FE7F-1023-085BB72C6983}
17:37:04.0127 0x0e84 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x22DD3, SectorsPerTrack: 0x28, TracksPerCylinder: 0xAB, Type 'K0', Flags 0x00000040
17:37:04.0150 0x0e84 ============================================================
17:37:04.0150 0x0e84 \Device\Harddisk0\DR0:
17:37:04.0151 0x0e84 MBR partitions:
17:37:04.0151 0x0e84 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x200800, BlocksNum 0x1EAD1800
17:37:04.0151 0x0e84 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1ECD2000, BlocksNum 0x1B6B3800
17:37:04.0151 0x0e84 ============================================================
17:37:04.0174 0x0e84 C: <-> \Device\Harddisk0\DR0\Partition1
17:37:04.0199 0x0e84 D: <-> \Device\Harddisk0\DR0\Partition2
17:37:04.0200 0x0e84 ============================================================
17:37:04.0200 0x0e84 Initialize success
17:37:04.0200 0x0e84 ============================================================
17:37:42.0386 0x13cc ============================================================
17:37:42.0386 0x13cc Scan started
17:37:42.0387 0x13cc Mode: Manual; SigCheck; TDLFS;
17:37:42.0387 0x13cc ============================================================
17:37:42.0387 0x13cc KSN ping started
17:37:45.0112 0x13cc KSN ping finished: true
17:37:45.0700 0x13cc ================ Scan system memory ========================
17:37:45.0700 0x13cc System memory - ok
17:37:45.0700 0x13cc ================ Scan services =============================
17:37:45.0825 0x13cc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:37:45.0934 0x13cc 1394ohci - ok
17:37:45.0967 0x13cc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:37:45.0989 0x13cc ACPI - ok
17:37:46.0022 0x13cc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:37:46.0060 0x13cc AcpiPmi - ok
17:37:46.0121 0x13cc [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:46.0137 0x13cc AdobeARMservice - ok
17:37:46.0179 0x13cc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:37:46.0208 0x13cc adp94xx - ok
17:37:46.0231 0x13cc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:37:46.0253 0x13cc adpahci - ok
17:37:46.0276 0x13cc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:37:46.0294 0x13cc adpu320 - ok
17:37:46.0314 0x13cc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:37:46.0374 0x13cc AeLookupSvc - ok
17:37:46.0424 0x13cc [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
17:37:46.0481 0x13cc AFD - ok
17:37:46.0517 0x13cc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:37:46.0531 0x13cc agp440 - ok
17:37:46.0550 0x13cc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:37:46.0590 0x13cc ALG - ok
17:37:46.0620 0x13cc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:37:46.0634 0x13cc aliide - ok
17:37:46.0664 0x13cc [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:37:46.0731 0x13cc AMD External Events Utility - ok
17:37:46.0743 0x13cc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:37:46.0756 0x13cc amdide - ok
17:37:46.0778 0x13cc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:37:46.0829 0x13cc AmdK8 - ok
17:37:47.0108 0x13cc [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:37:47.0464 0x13cc amdkmdag - ok
17:37:47.0512 0x13cc [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:37:47.0550 0x13cc amdkmdap - ok
17:37:47.0570 0x13cc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:37:47.0587 0x13cc AmdPPM - ok
17:37:47.0618 0x13cc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:37:47.0635 0x13cc amdsata - ok
17:37:47.0662 0x13cc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:37:47.0680 0x13cc amdsbs - ok
17:37:47.0695 0x13cc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:37:47.0709 0x13cc amdxata - ok
17:37:47.0741 0x13cc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
17:37:47.0796 0x13cc AppID - ok
17:37:47.0824 0x13cc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:37:47.0879 0x13cc AppIDSvc - ok
17:37:47.0906 0x13cc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
17:37:47.0950 0x13cc Appinfo - ok
17:37:47.0998 0x13cc [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:37:48.0011 0x13cc Apple Mobile Device - ok
17:37:48.0034 0x13cc [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
17:37:48.0086 0x13cc AppMgmt - ok
17:37:48.0112 0x13cc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:37:48.0127 0x13cc arc - ok
17:37:48.0138 0x13cc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:37:48.0154 0x13cc arcsas - ok
17:37:48.0230 0x13cc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:37:48.0267 0x13cc aspnet_state - ok
17:37:48.0293 0x13cc [ 60DD9BDD4F96FC4A1E4F528BC70EB630, 5F81F2D3873A132F2B52B6026891D95064D59F0E6FA6D3294687AA66602154F7 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
17:37:48.0314 0x13cc aswKbd - ok
17:37:48.0337 0x13cc [ 8BE618EB795A87DBFD1E09DA63F009C7, 87443A8DB2B4CA4CCA280E0BBB3EAFBD218F7B0B6485C304CAA6B0BFDCBEB3EC ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:37:48.0351 0x13cc aswMonFlt - ok
17:37:48.0397 0x13cc [ 693CB948002DD650C2CFA6BD58808FEE, C55EDDA28858523751E98A34E819E4DDEE6351A17D0BD1597959A3B70B00AB8C ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
17:37:48.0421 0x13cc aswNdisFlt - ok
17:37:48.0439 0x13cc [ D4259F75734EBCC8D815753B09EB2F0A, 93E06432F3E74B4CE606F4BECB80D11580FB72832630164427F36BD62C467103 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
17:37:48.0453 0x13cc aswRdr - ok
17:37:48.0459 0x13cc [ 8D4B8BF93C65BDBC133B20706A3B5208, BBCC103F722434DE38FD4D3DF8D543478405E139C5923B0EDFBA80A6C2762AB2 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:37:48.0473 0x13cc aswRvrt - ok
17:37:48.0515 0x13cc [ AA0D1B47BE967E1E17301DDFB66C432C, 0283A503D9875C7D51288FAD28BC3F44E4637EDBBBFD968E51D4D505E3AE97B1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:37:48.0556 0x13cc aswSnx - ok
17:37:48.0596 0x13cc [ 15C6B7D20EE0E44A4DF82183A89CCFC2, 8CCE561CF25A6ED686DDD15C6041B29A82EF52247AFAD937EA5ADBA61C6A18AF ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:37:48.0620 0x13cc aswSP - ok
17:37:48.0637 0x13cc [ 81FA56F29440406A7264CBD7B1C7CB29, 704FAC64596D949C2F83AEE9E3B235CB3E9240EEF310361691CB213A30341141 ] aswStm C:\Windows\system32\drivers\aswStm.sys
17:37:48.0651 0x13cc aswStm - ok
17:37:48.0666 0x13cc [ 0606875650850B0697D662934529F6FC, BC0D7B83888F88966F2DFC0BC26D038290FFBA83079DC7C3B67272557DA3E25D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:37:48.0684 0x13cc aswVmm - ok
17:37:48.0707 0x13cc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:48.0770 0x13cc AsyncMac - ok
17:37:48.0791 0x13cc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:37:48.0804 0x13cc atapi - ok
17:37:48.0825 0x13cc [ B63168E23AF172DD728C60F270F30D48, 1868CBF823DE3B2A8A5E431D9FF29C2E809932F004EBEEA523DA491466FA71DB ] Atc002 C:\Windows\system32\DRIVERS\l260x64.sys
17:37:48.0856 0x13cc Atc002 - ok
17:37:48.0899 0x13cc [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:37:48.0945 0x13cc AtiHDAudioService - ok
17:37:49.0223 0x13cc [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:37:49.0492 0x13cc atikmdag - ok
17:37:49.0551 0x13cc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:37:49.0632 0x13cc AudioEndpointBuilder - ok
17:37:49.0653 0x13cc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:37:49.0706 0x13cc AudioSrv - ok
17:37:49.0771 0x13cc [ BEA8D0FA8805CC2E6BB49728166699C7, 9A574A1E79DC2D472877443A92ACDA57A1206A2DAB3AF9110C844944EDC9D797 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:37:49.0785 0x13cc avast! Antivirus - ok
17:37:49.0820 0x13cc [ D58C10AFF2B5C09D615623A4DAC0E330, 9C4BDD2A959288F6CFE9DA4E0E96409AC4462A0C224E0C27CB7906C53C7E1453 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:37:49.0838 0x13cc avast! Firewall - ok
17:37:49.0869 0x13cc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:37:49.0906 0x13cc AxInstSV - ok
17:37:49.0946 0x13cc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:37:50.0001 0x13cc b06bdrv - ok
17:37:50.0040 0x13cc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:37:50.0078 0x13cc b57nd60a - ok
17:37:50.0117 0x13cc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:37:50.0149 0x13cc BDESVC - ok
17:37:50.0170 0x13cc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:37:50.0229 0x13cc Beep - ok
17:37:50.0275 0x13cc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:37:50.0326 0x13cc BFE - ok
17:37:50.0365 0x13cc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
17:37:50.0457 0x13cc BITS - ok
17:37:50.0518 0x13cc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:37:50.0603 0x13cc blbdrive - ok
17:37:50.0670 0x13cc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:37:50.0694 0x13cc Bonjour Service - ok
17:37:50.0719 0x13cc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:37:50.0760 0x13cc bowser - ok
17:37:50.0777 0x13cc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:37:50.0816 0x13cc BrFiltLo - ok
17:37:50.0833 0x13cc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:37:50.0851 0x13cc BrFiltUp - ok
17:37:50.0889 0x13cc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:37:50.0942 0x13cc BridgeMP - ok
17:37:50.0967 0x13cc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:37:51.0005 0x13cc Browser - ok
17:37:51.0030 0x13cc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:37:51.0061 0x13cc Brserid - ok
17:37:51.0071 0x13cc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:37:51.0102 0x13cc BrSerWdm - ok
17:37:51.0114 0x13cc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:37:51.0150 0x13cc BrUsbMdm - ok
17:37:51.0155 0x13cc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:37:51.0171 0x13cc BrUsbSer - ok
17:37:51.0190 0x13cc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:37:51.0220 0x13cc BTHMODEM - ok
17:37:51.0330 0x13cc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:37:51.0414 0x13cc bthserv - ok
17:37:51.0535 0x13cc [ BE531939BB6D153DB63DBBFBD398A713, CB63FD4051198A89EDB3CF45199F99F5816A672FA9374E166ED7A5D17ED47468 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
17:37:51.0607 0x13cc c2cautoupdatesvc - ok
17:37:51.0668 0x13cc [ 33E9F08F675EF94633C8EF8A7C4EADF3, E1556CF27F7FB3B03EE63F3464F5EE92E7B09E67C5D8AA4A9346FEEBD716A152 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
17:37:51.0739 0x13cc c2cpnrsvc - ok
17:37:51.0762 0x13cc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:37:51.0828 0x13cc cdfs - ok
17:37:51.0870 0x13cc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:37:51.0890 0x13cc cdrom - ok
17:37:51.0926 0x13cc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:37:51.0978 0x13cc CertPropSvc - ok
17:37:51.0995 0x13cc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:37:52.0027 0x13cc circlass - ok
17:37:52.0065 0x13cc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
17:37:52.0089 0x13cc CLFS - ok
17:37:52.0160 0x13cc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:52.0180 0x13cc clr_optimization_v2.0.50727_32 - ok
17:37:52.0223 0x13cc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:37:52.0240 0x13cc clr_optimization_v2.0.50727_64 - ok
17:37:52.0295 0x13cc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:37:52.0351 0x13cc clr_optimization_v4.0.30319_32 - ok
17:37:52.0379 0x13cc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:37:52.0511 0x13cc clr_optimization_v4.0.30319_64 - ok
17:37:52.0540 0x13cc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:37:52.0566 0x13cc CmBatt - ok
17:37:52.0588 0x13cc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:37:52.0601 0x13cc cmdide - ok
17:37:52.0638 0x13cc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
17:37:52.0682 0x13cc CNG - ok
17:37:52.0697 0x13cc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:37:52.0712 0x13cc Compbatt - ok
17:37:52.0748 0x13cc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:37:52.0788 0x13cc CompositeBus - ok
17:37:52.0804 0x13cc COMSysApp - ok
17:37:52.0816 0x13cc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:37:52.0830 0x13cc crcdisk - ok
17:37:52.0863 0x13cc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:37:52.0907 0x13cc CryptSvc - ok
17:37:52.0937 0x13cc [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
17:37:52.0994 0x13cc CSC - ok
17:37:53.0023 0x13cc [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
17:37:53.0069 0x13cc CscService - ok
17:37:53.0104 0x13cc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:37:53.0169 0x13cc DcomLaunch - ok
17:37:53.0205 0x13cc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:37:53.0265 0x13cc defragsvc - ok
17:37:53.0283 0x13cc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:37:53.0337 0x13cc DfsC - ok
17:37:53.0388 0x13cc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:37:53.0451 0x13cc Dhcp - ok
17:37:53.0474 0x13cc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:37:53.0528 0x13cc discache - ok
17:37:53.0563 0x13cc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:37:53.0578 0x13cc Disk - ok
17:37:53.0609 0x13cc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:37:53.0663 0x13cc Dnscache - ok
17:37:53.0705 0x13cc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:37:53.0760 0x13cc dot3svc - ok
17:37:53.0783 0x13cc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:37:53.0836 0x13cc DPS - ok
17:37:53.0882 0x13cc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:37:53.0919 0x13cc drmkaud - ok
17:37:53.0976 0x13cc [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:37:54.0016 0x13cc DXGKrnl - ok
17:37:54.0042 0x13cc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:37:54.0095 0x13cc EapHost - ok
17:37:54.0210 0x13cc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:37:54.0360 0x13cc ebdrv - ok
17:37:54.0388 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
17:37:54.0421 0x13cc EFS - ok
17:37:54.0511 0x13cc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:37:54.0566 0x13cc ehRecvr - ok
17:37:54.0617 0x13cc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:37:54.0671 0x13cc ehSched - ok
17:37:54.0753 0x13cc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:37:54.0794 0x13cc elxstor - ok
17:37:54.0813 0x13cc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:37:54.0849 0x13cc ErrDev - ok
17:37:54.0893 0x13cc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:37:54.0970 0x13cc EventSystem - ok
17:37:54.0988 0x13cc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:37:55.0050 0x13cc exfat - ok
17:37:55.0076 0x13cc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:37:55.0149 0x13cc fastfat - ok
17:37:55.0236 0x13cc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:37:55.0316 0x13cc Fax - ok
17:37:55.0327 0x13cc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:37:55.0353 0x13cc fdc - ok
17:37:55.0377 0x13cc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:37:55.0438 0x13cc fdPHost - ok
17:37:55.0449 0x13cc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:37:55.0535 0x13cc FDResPub - ok
17:37:55.0556 0x13cc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:37:55.0571 0x13cc FileInfo - ok
17:37:55.0649 0x13cc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:37:55.0726 0x13cc Filetrace - ok
17:37:55.0805 0x13cc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:55.0852 0x13cc flpydisk - ok
17:37:55.0898 0x13cc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:37:55.0919 0x13cc FltMgr - ok
17:37:55.0974 0x13cc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
17:37:56.0033 0x13cc FontCache - ok
17:37:56.0069 0x13cc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:37:56.0084 0x13cc FontCache3.0.0.0 - ok
17:37:56.0113 0x13cc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:37:56.0128 0x13cc FsDepends - ok
17:37:56.0146 0x13cc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:37:56.0161 0x13cc Fs_Rec - ok
17:37:56.0185 0x13cc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:37:56.0207 0x13cc fvevol - ok
17:37:56.0220 0x13cc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:37:56.0237 0x13cc gagp30kx - ok
17:37:56.0260 0x13cc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:37:56.0272 0x13cc GEARAspiWDM - ok
17:37:56.0310 0x13cc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:37:56.0380 0x13cc gpsvc - ok
17:37:56.0431 0x13cc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:37:56.0444 0x13cc gupdate - ok
17:37:56.0450 0x13cc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:37:56.0462 0x13cc gupdatem - ok
17:37:56.0475 0x13cc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:37:56.0516 0x13cc hcw85cir - ok
17:37:56.0549 0x13cc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:37:56.0579 0x13cc HdAudAddService - ok
17:37:56.0608 0x13cc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:37:56.0638 0x13cc HDAudBus - ok
17:37:56.0651 0x13cc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:37:56.0678 0x13cc HidBatt - ok
17:37:56.0698 0x13cc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:37:56.0719 0x13cc HidBth - ok
17:37:56.0735 0x13cc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:37:56.0756 0x13cc HidIr - ok
17:37:56.0782 0x13cc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
17:37:56.0868 0x13cc hidserv - ok
17:37:56.0888 0x13cc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:37:56.0917 0x13cc HidUsb - ok
17:37:56.0945 0x13cc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:37:56.0995 0x13cc hkmsvc - ok
17:37:57.0026 0x13cc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:37:57.0074 0x13cc HomeGroupListener - ok
17:37:57.0091 0x13cc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:37:57.0128 0x13cc HomeGroupProvider - ok
17:37:57.0171 0x13cc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:37:57.0193 0x13cc HpSAMD - ok
17:37:57.0274 0x13cc HPSLPSVC - ok
17:37:57.0319 0x13cc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:37:57.0396 0x13cc HTTP - ok
17:37:57.0422 0x13cc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:37:57.0435 0x13cc hwpolicy - ok
17:37:57.0471 0x13cc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:37:57.0490 0x13cc i8042prt - ok
17:37:57.0538 0x13cc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:37:57.0564 0x13cc iaStorV - ok
17:37:57.0595 0x13cc [ 929DF302F15BFE24AC66EF45D858C413, 7FC0142EABEB74344D85D3912BC311F37D4136F24C93572E5199E25B40646615 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
17:37:57.0612 0x13cc IDMWFP - ok
17:37:57.0661 0x13cc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:37:57.0696 0x13cc idsvc - ok
17:37:57.0703 0x13cc IEEtwCollectorService - ok
17:37:57.0755 0x13cc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:37:57.0770 0x13cc iirsp - ok
17:37:57.0814 0x13cc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:37:57.0870 0x13cc IKEEXT - ok
17:37:57.0899 0x13cc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:37:57.0913 0x13cc intelide - ok
17:37:57.0954 0x13cc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:37:57.0991 0x13cc intelppm - ok
17:37:58.0025 0x13cc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:37:58.0085 0x13cc IPBusEnum - ok
17:37:58.0113 0x13cc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:58.0161 0x13cc IpFilterDriver - ok
17:37:58.0202 0x13cc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:37:58.0235 0x13cc iphlpsvc - ok
17:37:58.0259 0x13cc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:37:58.0290 0x13cc IPMIDRV - ok
17:37:58.0320 0x13cc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:37:58.0371 0x13cc IPNAT - ok
17:37:58.0423 0x13cc [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:37:58.0452 0x13cc iPod Service - ok
17:37:58.0474 0x13cc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:37:58.0504 0x13cc IRENUM - ok
17:37:58.0530 0x13cc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:37:58.0543 0x13cc isapnp - ok
17:37:58.0562 0x13cc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:37:58.0583 0x13cc iScsiPrt - ok
17:37:58.0602 0x13cc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:37:58.0617 0x13cc kbdclass - ok
17:37:58.0631 0x13cc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:37:58.0660 0x13cc kbdhid - ok
17:37:58.0683 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
17:37:58.0707 0x13cc KeyIso - ok
17:37:58.0733 0x13cc [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:37:58.0970 0x13cc KSecDD - ok
17:37:59.0007 0x13cc [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:37:59.0027 0x13cc KSecPkg - ok
17:37:59.0069 0x13cc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:37:59.0121 0x13cc ksthunk - ok
17:37:59.0154 0x13cc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:37:59.0214 0x13cc KtmRm - ok
17:37:59.0257 0x13cc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:37:59.0317 0x13cc LanmanServer - ok
17:37:59.0345 0x13cc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:37:59.0404 0x13cc LanmanWorkstation - ok
17:37:59.0437 0x13cc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:37:59.0487 0x13cc lltdio - ok
17:37:59.0517 0x13cc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:37:59.0574 0x13cc lltdsvc - ok
17:37:59.0588 0x13cc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:37:59.0628 0x13cc lmhosts - ok
17:37:59.0660 0x13cc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:37:59.0676 0x13cc LSI_FC - ok
17:37:59.0684 0x13cc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:37:59.0700 0x13cc LSI_SAS - ok
17:37:59.0716 0x13cc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:37:59.0731 0x13cc LSI_SAS2 - ok
17:37:59.0747 0x13cc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:37:59.0763 0x13cc LSI_SCSI - ok
17:37:59.0780 0x13cc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:37:59.0832 0x13cc luafv - ok
17:37:59.0854 0x13cc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:37:59.0874 0x13cc Mcx2Svc - ok
17:37:59.0891 0x13cc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:37:59.0906 0x13cc megasas - ok
17:37:59.0923 0x13cc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:37:59.0946 0x13cc MegaSR - ok
17:37:59.0998 0x13cc Microsoft SharePoint Workspace Audit Service - ok
17:38:00.0013 0x13cc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:38:00.0072 0x13cc MMCSS - ok
17:38:00.0085 0x13cc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:38:00.0133 0x13cc Modem - ok
17:38:00.0151 0x13cc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:38:00.0184 0x13cc monitor - ok
17:38:00.0211 0x13cc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:38:00.0227 0x13cc mouclass - ok
17:38:00.0241 0x13cc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:38:00.0268 0x13cc mouhid - ok
17:38:00.0291 0x13cc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:38:00.0307 0x13cc mountmgr - ok
17:38:00.0327 0x13cc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:38:00.0346 0x13cc mpio - ok
17:38:00.0367 0x13cc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:38:00.0408 0x13cc mpsdrv - ok
17:38:00.0452 0x13cc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:38:00.0526 0x13cc MpsSvc - ok
17:38:00.0560 0x13cc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:38:00.0598 0x13cc MRxDAV - ok
17:38:00.0621 0x13cc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:00.0655 0x13cc mrxsmb - ok
17:38:00.0680 0x13cc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:00.0718 0x13cc mrxsmb10 - ok
17:38:00.0744 0x13cc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:00.0763 0x13cc mrxsmb20 - ok
17:38:00.0788 0x13cc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:38:00.0802 0x13cc msahci - ok
17:38:00.0831 0x13cc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:38:00.0849 0x13cc msdsm - ok
17:38:00.0876 0x13cc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:38:00.0937 0x13cc MSDTC - ok
17:38:00.0980 0x13cc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:38:01.0039 0x13cc Msfs - ok
17:38:01.0051 0x13cc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:38:01.0089 0x13cc mshidkmdf - ok
17:38:01.0116 0x13cc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:38:01.0129 0x13cc msisadrv - ok
17:38:01.0157 0x13cc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:38:01.0212 0x13cc MSiSCSI - ok
17:38:01.0217 0x13cc msiserver - ok
17:38:01.0246 0x13cc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:38:01.0299 0x13cc MSKSSRV - ok

atilla
2014-04-07, 17:46
17:38:01.0320 0x13cc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:01.0373 0x13cc MSPCLOCK - ok
17:38:01.0379 0x13cc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:38:01.0425 0x13cc MSPQM - ok
17:38:01.0460 0x13cc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:38:01.0483 0x13cc MsRPC - ok
17:38:01.0501 0x13cc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:38:01.0514 0x13cc mssmbios - ok
17:38:01.0528 0x13cc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:38:01.0580 0x13cc MSTEE - ok
17:38:01.0585 0x13cc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:38:01.0600 0x13cc MTConfig - ok
17:38:01.0630 0x13cc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:38:01.0644 0x13cc Mup - ok
17:38:01.0670 0x13cc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:38:01.0733 0x13cc napagent - ok
17:38:01.0762 0x13cc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:38:01.0805 0x13cc NativeWifiP - ok
17:38:01.0863 0x13cc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:38:01.0903 0x13cc NDIS - ok
17:38:01.0920 0x13cc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:38:01.0959 0x13cc NdisCap - ok
17:38:01.0985 0x13cc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:02.0041 0x13cc NdisTapi - ok
17:38:02.0075 0x13cc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:02.0122 0x13cc Ndisuio - ok
17:38:02.0152 0x13cc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:02.0206 0x13cc NdisWan - ok
17:38:02.0221 0x13cc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:38:02.0259 0x13cc NDProxy - ok
17:38:02.0271 0x13cc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:38:02.0323 0x13cc NetBIOS - ok
17:38:02.0357 0x13cc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:38:02.0417 0x13cc NetBT - ok
17:38:02.0437 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
17:38:02.0455 0x13cc Netlogon - ok
17:38:02.0489 0x13cc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:38:02.0553 0x13cc Netman - ok
17:38:02.0587 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0615 0x13cc NetMsmqActivator - ok
17:38:02.0622 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0639 0x13cc NetPipeActivator - ok
17:38:02.0656 0x13cc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:38:02.0725 0x13cc netprofm - ok
17:38:02.0733 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0751 0x13cc NetTcpActivator - ok
17:38:02.0758 0x13cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:02.0777 0x13cc NetTcpPortSharing - ok
17:38:02.0805 0x13cc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:38:02.0820 0x13cc nfrd960 - ok
17:38:02.0845 0x13cc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:38:02.0882 0x13cc NlaSvc - ok
17:38:02.0904 0x13cc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:38:02.0943 0x13cc Npfs - ok
17:38:02.0968 0x13cc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:38:03.0017 0x13cc nsi - ok
17:38:03.0037 0x13cc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:38:03.0075 0x13cc nsiproxy - ok
17:38:03.0142 0x13cc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:38:03.0214 0x13cc Ntfs - ok
17:38:03.0231 0x13cc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:38:03.0278 0x13cc Null - ok
17:38:03.0313 0x13cc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:38:03.0330 0x13cc nvraid - ok
17:38:03.0357 0x13cc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:38:03.0375 0x13cc nvstor - ok
17:38:03.0400 0x13cc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:38:03.0416 0x13cc nv_agp - ok
17:38:03.0446 0x13cc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:38:03.0463 0x13cc ohci1394 - ok
17:38:03.0504 0x13cc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:03.0519 0x13cc ose - ok
17:38:03.0684 0x13cc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:38:03.0865 0x13cc osppsvc - ok
17:38:03.0909 0x13cc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:38:03.0949 0x13cc p2pimsvc - ok
17:38:03.0986 0x13cc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:38:04.0018 0x13cc p2psvc - ok
17:38:04.0047 0x13cc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:38:04.0065 0x13cc Parport - ok
17:38:04.0094 0x13cc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:38:04.0109 0x13cc partmgr - ok
17:38:04.0122 0x13cc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
17:38:04.0158 0x13cc PcaSvc - ok
17:38:04.0193 0x13cc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:38:04.0212 0x13cc pci - ok
17:38:04.0233 0x13cc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:38:04.0247 0x13cc pciide - ok
17:38:04.0272 0x13cc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:04.0292 0x13cc pcmcia - ok
17:38:04.0308 0x13cc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:38:04.0323 0x13cc pcw - ok
17:38:04.0347 0x13cc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:38:04.0414 0x13cc PEAUTH - ok
17:38:04.0473 0x13cc [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:38:04.0556 0x13cc PeerDistSvc - ok
17:38:04.0611 0x13cc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:38:04.0634 0x13cc PerfHost - ok
17:38:04.0712 0x13cc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:38:04.0849 0x13cc pla - ok
17:38:04.0893 0x13cc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:38:04.0942 0x13cc PlugPlay - ok
17:38:04.0964 0x13cc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:38:04.0997 0x13cc PNRPAutoReg - ok
17:38:05.0024 0x13cc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:38:05.0051 0x13cc PNRPsvc - ok
17:38:05.0081 0x13cc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:38:05.0146 0x13cc PolicyAgent - ok
17:38:05.0178 0x13cc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:38:05.0238 0x13cc Power - ok
17:38:05.0262 0x13cc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:38:05.0301 0x13cc PptpMiniport - ok
17:38:05.0316 0x13cc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:38:05.0334 0x13cc Processor - ok
17:38:05.0359 0x13cc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
17:38:05.0409 0x13cc ProfSvc - ok
17:38:05.0426 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:38:05.0443 0x13cc ProtectedStorage - ok
17:38:05.0466 0x13cc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:38:05.0515 0x13cc Psched - ok
17:38:05.0589 0x13cc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:38:05.0655 0x13cc ql2300 - ok
17:38:05.0672 0x13cc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:38:05.0688 0x13cc ql40xx - ok
17:38:05.0706 0x13cc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:38:05.0735 0x13cc QWAVE - ok
17:38:05.0746 0x13cc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:38:05.0775 0x13cc QWAVEdrv - ok
17:38:05.0801 0x13cc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:38:05.0839 0x13cc RasAcd - ok
17:38:05.0865 0x13cc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:38:05.0915 0x13cc RasAgileVpn - ok
17:38:05.0937 0x13cc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:38:05.0990 0x13cc RasAuto - ok
17:38:06.0021 0x13cc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:06.0086 0x13cc Rasl2tp - ok
17:38:06.0115 0x13cc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:38:06.0163 0x13cc RasMan - ok
17:38:06.0178 0x13cc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:06.0232 0x13cc RasPppoe - ok
17:38:06.0267 0x13cc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:38:06.0318 0x13cc RasSstp - ok
17:38:06.0352 0x13cc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:38:06.0408 0x13cc rdbss - ok
17:38:06.0423 0x13cc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:38:06.0451 0x13cc rdpbus - ok
17:38:06.0464 0x13cc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:06.0502 0x13cc RDPCDD - ok
17:38:06.0530 0x13cc [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:38:06.0558 0x13cc RDPDR - ok
17:38:06.0586 0x13cc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:38:06.0624 0x13cc RDPENCDD - ok
17:38:06.0638 0x13cc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:38:06.0686 0x13cc RDPREFMP - ok
17:38:06.0734 0x13cc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:38:06.0771 0x13cc RdpVideoMiniport - ok
17:38:06.0795 0x13cc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:38:06.0832 0x13cc RDPWD - ok
17:38:06.0866 0x13cc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:38:06.0887 0x13cc rdyboost - ok
17:38:06.0907 0x13cc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:38:06.0949 0x13cc RemoteAccess - ok
17:38:06.0974 0x13cc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:38:07.0031 0x13cc RemoteRegistry - ok
17:38:07.0056 0x13cc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:38:07.0113 0x13cc RpcEptMapper - ok
17:38:07.0132 0x13cc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:38:07.0158 0x13cc RpcLocator - ok
17:38:07.0190 0x13cc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:38:07.0241 0x13cc RpcSs - ok
17:38:07.0264 0x13cc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:38:07.0317 0x13cc rspndr - ok
17:38:07.0341 0x13cc [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:38:07.0357 0x13cc s3cap - ok
17:38:07.0366 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
17:38:07.0383 0x13cc SamSs - ok
17:38:07.0404 0x13cc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:38:07.0419 0x13cc sbp2port - ok
17:38:07.0443 0x13cc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:38:07.0499 0x13cc SCardSvr - ok
17:38:07.0525 0x13cc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:38:07.0577 0x13cc scfilter - ok
17:38:07.0634 0x13cc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
17:38:07.0722 0x13cc Schedule - ok
17:38:07.0759 0x13cc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:38:07.0797 0x13cc SCPolicySvc - ok
17:38:07.0822 0x13cc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:38:07.0845 0x13cc SDRSVC - ok
17:38:07.0993 0x13cc [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:38:08.0140 0x13cc SDScannerService - ok
17:38:08.0195 0x13cc [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:38:08.0239 0x13cc SDUpdateService - ok
17:38:08.0269 0x13cc [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:38:08.0287 0x13cc SDWSCService - ok
17:38:08.0316 0x13cc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:38:08.0354 0x13cc secdrv - ok
17:38:08.0372 0x13cc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:38:08.0421 0x13cc seclogon - ok
17:38:08.0446 0x13cc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
17:38:08.0499 0x13cc SENS - ok
17:38:08.0518 0x13cc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:38:08.0546 0x13cc SensrSvc - ok
17:38:08.0571 0x13cc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:38:08.0601 0x13cc Serenum - ok
17:38:08.0624 0x13cc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:38:08.0643 0x13cc Serial - ok
17:38:08.0677 0x13cc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:38:08.0704 0x13cc sermouse - ok
17:38:08.0741 0x13cc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:38:08.0793 0x13cc SessionEnv - ok
17:38:08.0817 0x13cc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:38:08.0846 0x13cc sffdisk - ok
17:38:08.0862 0x13cc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:38:08.0897 0x13cc sffp_mmc - ok
17:38:08.0915 0x13cc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:38:08.0944 0x13cc sffp_sd - ok
17:38:08.0968 0x13cc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:38:08.0984 0x13cc sfloppy - ok
17:38:09.0009 0x13cc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:38:09.0070 0x13cc SharedAccess - ok
17:38:09.0100 0x13cc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:38:09.0164 0x13cc ShellHWDetection - ok
17:38:09.0184 0x13cc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:38:09.0198 0x13cc SiSRaid2 - ok
17:38:09.0209 0x13cc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:38:09.0225 0x13cc SiSRaid4 - ok
17:38:09.0263 0x13cc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:38:09.0282 0x13cc SkypeUpdate - ok
17:38:09.0298 0x13cc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:38:09.0347 0x13cc Smb - ok
17:38:09.0376 0x13cc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:38:09.0409 0x13cc SNMPTRAP - ok
17:38:09.0427 0x13cc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:38:09.0441 0x13cc spldr - ok
17:38:09.0469 0x13cc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:38:09.0513 0x13cc Spooler - ok
17:38:09.0687 0x13cc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:38:09.0908 0x13cc sppsvc - ok
17:38:09.0924 0x13cc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:38:09.0977 0x13cc sppuinotify - ok
17:38:10.0011 0x13cc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:38:10.0056 0x13cc srv - ok
17:38:10.0094 0x13cc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:38:10.0122 0x13cc srv2 - ok
17:38:10.0138 0x13cc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:38:10.0172 0x13cc srvnet - ok
17:38:10.0197 0x13cc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:38:10.0259 0x13cc SSDPSRV - ok
17:38:10.0273 0x13cc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:38:10.0315 0x13cc SstpSvc - ok
17:38:10.0330 0x13cc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:38:10.0345 0x13cc stexstor - ok
17:38:10.0388 0x13cc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:38:10.0443 0x13cc stisvc - ok
17:38:10.0484 0x13cc [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:38:10.0499 0x13cc storflt - ok
17:38:10.0511 0x13cc [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:38:10.0525 0x13cc storvsc - ok
17:38:10.0553 0x13cc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
17:38:10.0567 0x13cc swenum - ok
17:38:10.0586 0x13cc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:38:10.0655 0x13cc swprv - ok
17:38:10.0673 0x13cc Synth3dVsc - ok
17:38:10.0737 0x13cc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
17:38:10.0840 0x13cc SysMain - ok
17:38:10.0866 0x13cc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:38:10.0902 0x13cc TabletInputService - ok
17:38:10.0930 0x13cc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:38:10.0988 0x13cc TapiSrv - ok
17:38:11.0011 0x13cc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:38:11.0052 0x13cc TBS - ok
17:38:11.0171 0x13cc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:38:11.0290 0x13cc Tcpip - ok
17:38:11.0358 0x13cc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:38:11.0415 0x13cc TCPIP6 - ok
17:38:11.0443 0x13cc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:38:11.0471 0x13cc tcpipreg - ok
17:38:11.0496 0x13cc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:38:11.0527 0x13cc TDPIPE - ok
17:38:11.0554 0x13cc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:38:11.0580 0x13cc TDTCP - ok
17:38:11.0611 0x13cc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:38:11.0655 0x13cc tdx - ok
17:38:11.0676 0x13cc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
17:38:11.0690 0x13cc TermDD - ok
17:38:11.0720 0x13cc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
17:38:11.0779 0x13cc TermService - ok
17:38:11.0800 0x13cc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:38:11.0838 0x13cc Themes - ok
17:38:11.0859 0x13cc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:38:11.0899 0x13cc THREADORDER - ok
17:38:11.0916 0x13cc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:38:11.0972 0x13cc TrkWks - ok
17:38:12.0013 0x13cc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:38:12.0069 0x13cc TrustedInstaller - ok
17:38:12.0096 0x13cc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:12.0132 0x13cc tssecsrv - ok
17:38:12.0154 0x13cc [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:38:12.0198 0x13cc TsUsbFlt - ok
17:38:12.0206 0x13cc tsusbhub - ok
17:38:12.0234 0x13cc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:38:12.0274 0x13cc tunnel - ok
17:38:12.0293 0x13cc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:38:12.0308 0x13cc uagp35 - ok
17:38:12.0334 0x13cc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:38:12.0390 0x13cc udfs - ok
17:38:12.0417 0x13cc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:38:12.0438 0x13cc UI0Detect - ok
17:38:12.0456 0x13cc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:38:12.0471 0x13cc uliagpkx - ok
17:38:12.0496 0x13cc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
17:38:12.0524 0x13cc umbus - ok
17:38:12.0542 0x13cc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:38:12.0569 0x13cc UmPass - ok
17:38:12.0600 0x13cc [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:38:12.0624 0x13cc UmRdpService - ok
17:38:12.0645 0x13cc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:38:12.0709 0x13cc upnphost - ok
17:38:12.0734 0x13cc [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:38:12.0776 0x13cc USBAAPL64 - ok
17:38:12.0797 0x13cc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:12.0831 0x13cc usbccgp - ok
17:38:12.0868 0x13cc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:38:12.0907 0x13cc usbcir - ok
17:38:12.0926 0x13cc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:38:12.0953 0x13cc usbehci - ok
17:38:12.0981 0x13cc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:38:13.0017 0x13cc usbhub - ok
17:38:13.0032 0x13cc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:38:13.0058 0x13cc usbohci - ok
17:38:13.0086 0x13cc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:38:13.0118 0x13cc usbprint - ok
17:38:13.0141 0x13cc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:13.0172 0x13cc USBSTOR - ok
17:38:13.0191 0x13cc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:38:13.0207 0x13cc usbuhci - ok
17:38:13.0228 0x13cc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:38:13.0276 0x13cc usbvideo - ok
17:38:13.0294 0x13cc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:38:13.0350 0x13cc UxSms - ok
17:38:13.0368 0x13cc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
17:38:13.0384 0x13cc VaultSvc - ok
17:38:13.0413 0x13cc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:38:13.0427 0x13cc vdrvroot - ok
17:38:13.0460 0x13cc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:38:13.0515 0x13cc vds - ok
17:38:13.0537 0x13cc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:13.0557 0x13cc vga - ok
17:38:13.0580 0x13cc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:38:13.0633 0x13cc VgaSave - ok
17:38:13.0653 0x13cc VGPU - ok
17:38:13.0677 0x13cc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:38:13.0695 0x13cc vhdmp - ok
17:38:13.0794 0x13cc [ A427E990AAF60801489E527447EA5947, CD69587056E1B41799C575A0AFD6BDE4DA411DF20FE395C1180DB735B2C4E77D ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
17:38:13.0883 0x13cc VIAHdAudAddService - ok
17:38:13.0907 0x13cc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:38:13.0920 0x13cc viaide - ok
17:38:13.0933 0x13cc [ 6B34F3220E4AE5D77BD42CEA94EB3892, 6BBED3FBD52935B0ECEA3A9B5B0A4B44214636840AE1EBB65AE1089B3F0C0500 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
17:38:13.0950 0x13cc VIAKaraokeService - ok
17:38:13.0965 0x13cc [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:38:13.0983 0x13cc vmbus - ok
17:38:14.0001 0x13cc [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:38:14.0028 0x13cc VMBusHID - ok
17:38:14.0042 0x13cc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:38:14.0057 0x13cc volmgr - ok
17:38:14.0084 0x13cc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:38:14.0106 0x13cc volmgrx - ok
17:38:14.0123 0x13cc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:38:14.0144 0x13cc volsnap - ok
17:38:14.0174 0x13cc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:14.0192 0x13cc vsmraid - ok
17:38:14.0256 0x13cc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:38:14.0368 0x13cc VSS - ok
17:38:14.0387 0x13cc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:38:14.0422 0x13cc vwifibus - ok
17:38:14.0453 0x13cc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:38:14.0517 0x13cc W32Time - ok
17:38:14.0540 0x13cc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:38:14.0568 0x13cc WacomPen - ok
17:38:14.0600 0x13cc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:38:14.0649 0x13cc WANARP - ok
17:38:14.0655 0x13cc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:38:14.0693 0x13cc Wanarpv6 - ok
17:38:14.0764 0x13cc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:38:14.0822 0x13cc WatAdminSvc - ok
17:38:14.0890 0x13cc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:38:14.0966 0x13cc wbengine - ok
17:38:14.0989 0x13cc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:38:15.0018 0x13cc WbioSrvc - ok
17:38:15.0047 0x13cc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:38:15.0094 0x13cc wcncsvc - ok
17:38:15.0111 0x13cc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:38:15.0141 0x13cc WcsPlugInService - ok
17:38:15.0162 0x13cc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:38:15.0176 0x13cc Wd - ok
17:38:15.0214 0x13cc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:38:15.0250 0x13cc Wdf01000 - ok
17:38:15.0272 0x13cc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:38:15.0360 0x13cc WdiServiceHost - ok
17:38:15.0365 0x13cc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:38:15.0393 0x13cc WdiSystemHost - ok
17:38:15.0418 0x13cc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
17:38:15.0444 0x13cc WebClient - ok
17:38:15.0457 0x13cc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:38:15.0516 0x13cc Wecsvc - ok
17:38:15.0536 0x13cc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:38:15.0578 0x13cc wercplsupport - ok
17:38:15.0592 0x13cc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:38:15.0645 0x13cc WerSvc - ok
17:38:15.0678 0x13cc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:15.0715 0x13cc WfpLwf - ok
17:38:15.0730 0x13cc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:38:15.0744 0x13cc WIMMount - ok
17:38:15.0757 0x13cc WinDefend - ok
17:38:15.0764 0x13cc WinHttpAutoProxySvc - ok
17:38:15.0810 0x13cc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:38:15.0858 0x13cc Winmgmt - ok
17:38:15.0930 0x13cc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
17:38:16.0049 0x13cc WinRM - ok
17:38:16.0092 0x13cc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:16.0126 0x13cc WinUsb - ok
17:38:16.0176 0x13cc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:38:16.0236 0x13cc Wlansvc - ok
17:38:16.0273 0x13cc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:38:16.0305 0x13cc WmiAcpi - ok
17:38:16.0353 0x13cc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:38:16.0434 0x13cc wmiApSrv - ok
17:38:16.0457 0x13cc WMPNetworkSvc - ok
17:38:16.0471 0x13cc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:38:16.0499 0x13cc WPCSvc - ok
17:38:16.0523 0x13cc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:38:16.0545 0x13cc WPDBusEnum - ok
17:38:16.0560 0x13cc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:38:16.0610 0x13cc ws2ifsl - ok
17:38:16.0628 0x13cc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
17:38:16.0666 0x13cc wscsvc - ok
17:38:16.0670 0x13cc WSearch - ok
17:38:16.0767 0x13cc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
17:38:16.0867 0x13cc wuauserv - ok
17:38:16.0896 0x13cc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:38:16.0942 0x13cc WudfPf - ok
17:38:16.0970 0x13cc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:17.0003 0x13cc WUDFRd - ok
17:38:17.0020 0x13cc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:38:17.0052 0x13cc wudfsvc - ok
17:38:17.0081 0x13cc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:38:17.0135 0x13cc WwanSvc - ok
17:38:17.0149 0x13cc ================ Scan global ===============================
17:38:17.0170 0x13cc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:38:17.0199 0x13cc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

atilla
2014-04-07, 18:02
----combofix----
ComboFix 14-04-06.01 - ESMEN 07.04.2014 17:50:37.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.1933 [GMT 3:00]
Running from: c:\users\ESMEN\Desktop\ComboFix.exe
Command switches used :: c:\users\ESMEN\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-07 14:56 . 2014-04-07 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 17:31 . 2014-04-07 14:56 -------- d-----w- c:\users\ESMEN\AppData\Local\temp
2014-04-06 16:28 . 2014-04-06 17:01 -------- d-----w- C:\FRST
2014-04-06 14:21 . 2014-04-06 14:21 -------- d-----w- c:\program files (x86)\ERUNT
2014-04-06 11:03 . 2014-04-06 11:03 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:03 . 2014-04-06 11:03 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-04-06 10:49 . 2014-04-06 10:49 -------- d-----w- c:\windows\jumpshot.com
2014-04-05 16:40 . 2013-09-20 07:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-04-05 16:39 . 2014-04-05 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-05 16:39 . 2014-04-05 16:39 -------- d-----w- c:\users\ESMEN\AppData\Local\Programs
2014-04-04 18:47 . 2014-04-04 18:47 -------- d-----w- c:\program files (x86)\Internet Download Manager
2014-04-04 09:31 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
2014-03-27 16:21 . 2014-03-27 16:21 -------- d-----w- c:\users\ESMEN\AppData\Roaming\The Creative Assembly
2014-03-27 16:04 . 2014-03-27 16:20 -------- d-----w- c:\program files (x86)\Napoleon Total War
2014-03-12 19:35 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 19:35 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 19:35 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 19:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 19:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 11:08 . 2014-04-07 14:20 -------- d-----r- c:\users\ESMEN\Dropbox
2014-03-09 11:06 . 2014-04-07 14:20 -------- d-----w- c:\users\ESMEN\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-06 11:03 . 2014-01-27 22:10 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:03 . 2014-01-27 22:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:03 . 2014-01-27 22:10 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:03 . 2014-01-27 22:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:03 . 2014-01-27 22:10 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:03 . 2014-01-27 22:10 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:03 . 2014-01-27 22:10 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-06 11:03 . 2014-01-27 22:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:03 . 2014-01-28 14:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-18 16:14 . 2013-12-06 22:46 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-14 07:30 . 2013-12-06 22:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 07:30 . 2013-12-06 22:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-19 17:09 . 2013-12-07 15:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-19 17:09 . 2013-12-07 15:26 14848 ----a-w- c:\windows\system32\slwga.dll
2014-02-19 17:09 . 2013-12-07 15:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-01-30 22:09 . 2014-01-30 22:09 119808 ----a-r- c:\users\ESMEN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-01-09 02:22 . 2014-02-26 12:00 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-12-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-12-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 57125628
*Deregistered* - 57125628
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:13 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-06 16:15]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-05 5670448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bütün Bağlantıları IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: NameServer = 213.74.0.1,213.74.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{3b625d9c-6e60-4dff-ae0d-c5f64fdd5a59}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002f
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,1e,1d,69,8b,94,af,4f,37,e7,78,f4,b8,ed,25,ea,3d,b1,c4,a6,fb,
f6,e7,c9,49,8a,f5,df,20,48,4c,a6,b4,2b,27,23,07,6b,12,74,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-07 17:58:44
ComboFix-quarantined-files.txt 2014-04-07 14:58
ComboFix2.txt 2014-04-07 11:09
ComboFix3.txt 2014-04-06 17:30
.
Pre-Run: 135.237.603.328 bayt boş
Post-Run: 135.152.963.584 bayt boş
.
- - End Of File - - F78402416048FB1986AB834CD0EDB438
A36C5E4F47E84449FF07ED3517B43A31

Juliet
2014-04-07, 20:19
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
Replace: C:\Windows\SysWOW64\user32.dll C:\Windows\System32\user32.dll
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~~~~~~`

Please download and run RogueKiller 32 Bit (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.

RogueKiller 64 Bit (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) <---use this one for 64 bit systems

Which system am I using? (http://support.microsoft.com/kb/827218)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

atilla
2014-04-07, 20:39
I run your code with FRST64 as admin my computer restarts itseler and then it restarts itself again and again i restore my startup now with startup repair

atilla
2014-04-07, 21:32
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by ESMEN at 2014-04-07 20:55:09 Run:3
Running from C:\Users\ESMEN\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Replace: C:\Windows\SysWOW64\user32.dll C:\Windows\System32\user32.dll
Reboot:
end
*****************

C:\Windows\System32\user32.dll => Moved successfully.
C:\Windows\SysWOW64\user32.dll copied successfully to C:\Windows\System32\user32.dll


The system needed a reboot.

==== End of Fixlog ====

atilla
2014-04-07, 21:36
RogueKiller 64 Bit isn't work. where i can download it

atilla
2014-04-07, 21:45
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
eposta : http://www.adlice.com/contact/
Geribesleme : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

İşletim Sistemi : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Zamanında başladı : Normal mod
Kullanıcı : ESMEN [Yönetici Hakları]
Mod : Tarama yap -- Tarih : 04/07/2014 21:43:28
| ARK || FAK || MBR |

¤¤¤ Kötü Niyetli İşlemler : 0 ¤¤¤

¤¤¤ Kayıt Defteri Girişleri : 7 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : NameServer (213.74.0.1,213.74.1.1 [TURKEY (TR) - TURKEY (TR)]) -> BULUNDU
[DNS][PUM] HKLM\[...]\CS001\[...]\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : NameServer (213.74.0.1,213.74.1.1 [TURKEY (TR) - TURKEY (TR)]) -> BULUNDU
[DNS][PUM] HKLM\[...]\CS002\[...]\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : NameServer (213.74.0.1,213.74.1.1 [TURKEY (TR) - TURKEY (TR)]) -> BULUNDU
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> BULUNDU
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> BULUNDU
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> BULUNDU
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> BULUNDU

¤¤¤ Planlanmış Görevler : 0 ¤¤¤

¤¤¤ Başlangıç girişleri : 0 ¤¤¤

¤¤¤ Web Tarayıcıları : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Sürücü : [YÜKLENMEDİ 0x0] ¤¤¤

¤¤¤ Dışarıdaki kovanlar: ¤¤¤

¤¤¤ Bulaşma var : ¤¤¤

¤¤¤ HOSTS Dosyası: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Denetimi: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] 86360bd85a6a612dd49b0489f0803345
[BSP] 7fe22c2e578b30a0550966b8256f3552 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1024 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2099200 | Size: 251299 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 516759552 | Size: 224615 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB SD Reader USB Device +++++
Error reading User MBR! ([0x15] Ayg?t haz?r de?il. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] ?stek desteklenmiyor. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB CF Reader USB Device +++++
Error reading User MBR! ([0x15] Ayg?t haz?r de?il. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] ?stek desteklenmiyor. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic USB SM Reader USB Device +++++
Error reading User MBR! ([0x15] Ayg?t haz?r de?il. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] ?stek desteklenmiyor. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic USB MS Reader USB Device +++++
Error reading User MBR! ([0x15] Ayg?t haz?r de?il. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] ?stek desteklenmiyor. )

Tamamlandı : << RKreport[0]_S_04072014_214328.txt >>

Juliet
2014-04-07, 21:46
Please download and run RogueKiller 32 Bit (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe)

RogueKiller 64 Bit (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) <---use this one for 64 bit systems

Which system am I using? (http://support.microsoft.com/kb/827218) <-- will do a check to see which version you need.

atilla
2014-04-07, 21:50
Please download and run RogueKiller 32 Bit (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe)

RogueKiller 64 Bit (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) <---use this one for 64 bit systems

Which system am I using? (http://support.microsoft.com/kb/827218) <-- will do a check to see which version you need.

Yes and i am using 64 bit and found a nother link from RogueKiller's web site and i scanned my computer also sent the report my pre. post

Juliet
2014-04-07, 22:00
If you're in TURKEY (I can assume this if I believe the language displayed by RogueKiller), then I'd say no you're DNS is not infected.
Your DNS are probably pointing to your internet access provider. NameServer (213.74.0.1,213.74.1.1 [TURKEY (TR) - TURKEY (TR)]) -> BULUNDU

I am not seeing any malware in your logs.

Please tell me how the computer is now.

atilla
2014-04-07, 22:08
the computer is better now. i am scanning rootkits with spybot if i found the invisible folder again can i neglet it or have i to format my computer ?
the RogueKillerX64 found some thing and quantinate it. its name is ''PhysicalDrive0_User.dat'' can i delete it or save it ?

atilla
2014-04-07, 22:19
Thank you for everything Juliet. my computer is as faster as when i bought it :):):):):):)

Juliet
2014-04-08, 00:34
PhysicalDrive0_User.dat That's just a copy of some info, nothing to worry about.
RK_Quarantine <---it's in my clean-up instructions...you can delete this any other file or folder associated with RogueKiller.

The RogueKiller log looks OK

Good to hear the computer is good now.

I think we're ready to remove tools and folders and let you see my preventive tips?

Juliet
2014-04-10, 00:33
we still need to remove tools and quarantine folders, are you still with me?

Juliet
2014-04-21, 16:01
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.