Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Happili redirect

Started by TTTTMMMM , Apr 19 2012 01:04 AM

This topic is locked

49 replies to this topic

#1 TTTTMMMM

Member

Members
32 posts

Posted 19 April 2012 - 01:04 AM

Hi, yesterday I realized that on google chrome with my windows 7 64 bit computer, google search sometimes (maybe 1 in 7 times) redirected my search to a page called Happili and various other pages that were not the links I clicked on. I researched Happili redirect and realized it was different for every computer. I could not download the DDS from the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" topic and when I opened GMER, The check boxes from system to libraries were all gray and unchecked and I could not check them.

Please help me

Thank you so much in advance

BC Ads
BleepingComputer.com

#2 B-boy/StyLe/

Bleeping Freestyler

Malware Response Team
3,570 posts

Gender:Male
Location:Bulgaria

Posted 19 April 2012 - 04:11 PM

Hello TTTTMMMM ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:

Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
Double click it & follow the prompts.
If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
When finished, it will produce a log for you.
Please include the C:\ComboFix.txt in your next reply.
Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.

Regards,
Georgi

My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here -

#3 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 12:30 AM

Hi, thanks for the fast reply.
I am still getting redirected, but I stopped getting redirected to Happili, now it is just random sites. Here is my combofix information:

ComboFix 12-04-19.02 - TTTTMMMM 04/19/2012 21:29:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.573 [GMT -7:00]
Running from: c:\users\TTTTMMMM\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20110823133140_pptv110823jiaobiao.png
c:\favoritevideo\InvisibleFolder\20111216211930_juststyle111216zanting.swf
c:\favoritevideo\InvisibleFolder\20111216212107_juststyle111216chabo.swf
c:\favoritevideo\InvisibleFolder\20120307183350_ximenzi120309zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120406145422_lining120406zanting.swf
c:\favoritevideo\InvisibleFolder\20120417112247_37wan120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120419140603_kasadichanpin120420zanting.swf
c:\favoritevideo\InvisibleFolder\20120419152453_ecco120418zanting.swf
c:\favoritevideo\InvisibleFolder\20120419154235_37wan120420zanting.swf
c:\favoritevideo\InvisibleFolder\20120419164813_qiannvyouhun120420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120419184834_zhengtu120420zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120419190323_37wan120420zantinga.swf
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 05:03 . 2012-04-20 05:03 -------- d-----w- c:\users\S\AppData\Local\temp
2012-04-20 05:03 . 2012-04-20 05:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-19 02:30 . 2012-04-19 02:37 -------- d-----w- c:\users\TTTTMMMM\AppData\Local\NPE
2012-04-18 05:38 . 2012-04-18 05:38 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-04-14 06:10 . 2012-04-14 06:10 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 05:31 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 05:31 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 05:31 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 05:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 05:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 05:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 05:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 05:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 05:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 05:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-29 23:44 . 2012-04-14 06:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-24 15:00 . 2012-03-24 15:00 -------- d-----w- c:\users\S\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 06:11 . 2011-07-02 23:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-04 23:52 . 2012-01-14 05:56 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-04 23:52 . 2012-01-14 05:56 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-04 23:52 . 2010-12-01 08:52 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-02-29 04:57 . 2012-02-29 04:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-17 06:38 . 2012-03-14 00:23 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 00:23 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 00:23 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 00:23 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 00:31 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 00:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 00:32 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 00:23 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 00:23 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 00:23 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" [2011-04-01 189880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-01-14 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:11]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3567445309-1158785481-1039964288-1003Core.job
- c:\users\TTTTMMMM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 20:09]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3567445309-1158785481-1039964288-1003UA.job
- c:\users\TTTTMMMM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 20:09]
.
2012-03-26 c:\windows\Tasks\HPCeeScheduleForS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-04-16 c:\windows\Tasks\HPCeeScheduleForS.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-04-10 c:\windows\Tasks\HPCeeScheduleForTTTTMMMM.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\TTTTMMMM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\TTTTMMMM\AppData\Roaming\Mozilla\Firefox\Profiles\xmnn7601.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EPSON Scanner - c:\program files (x86)\epson\escndv\setup\setup.exe
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-04-19 22:20:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 05:20
.
Pre-Run: 163,568,304,128 bytes free
Post-Run: 164,591,480,832 bytes free
.
- - End Of File - - 1F4564305A365830233AB224FC1EF74B

#4 B-boy/StyLe/

Bleeping Freestyler

Malware Response Team
3,570 posts

Gender:Male
Location:Bulgaria

Posted 20 April 2012 - 06:54 AM

Hi,

Please carefully follow my next set of steps:

STEP 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

STEP 2

Please download aswMBR.exe to your desktop.

Double click the aswMBR.exe icon to run it.
The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
When it's done in the AV Scan drop down options choose C:\
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note - do NOT attempt any Fix or FixMBR yet.

STEP 3

Please download OTL from the link below:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
OTL should now start. Change the following settings:
- Click on Scan All Users checkbox given at the top.
- Under File Scans, change File age to 90
- Check the boxes beside LOP Check and Purity Check

Copy and Paste the following code into the Posted Image

textbox.

netsvcs
msconfig
safebootminimal
safebootnetwork
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp\*.*
%windir%\system32\*. 
%windir%\sysnative\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\DBBK\*.* /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /90
%systemroot%\syswow64\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
/md5stop

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Regards,
Georgi

My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here -

#5 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 01:58 PM

Sorry, the post was too long so I am going to make it 5 parts:

Part 1:

From TDSS:

10:59:04.0843 3632 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
10:59:05.0342 3632 ============================================================
10:59:05.0342 3632 Current date / time: 2012/04/20 10:59:05.0342
10:59:05.0342 3632 SystemInfo:
10:59:05.0342 3632
10:59:05.0342 3632 OS Version: 6.1.7601 ServicePack: 1.0
10:59:05.0342 3632 Product type: Workstation
10:59:05.0342 3632 ComputerName: HP
10:59:05.0342 3632 UserName: TTTTMMMM
10:59:05.0342 3632 Windows directory: C:\Windows
10:59:05.0342 3632 System windows directory: C:\Windows
10:59:05.0342 3632 Running under WOW64
10:59:05.0342 3632 Processor architecture: Intel x64
10:59:05.0342 3632 Number of processors: 2
10:59:05.0342 3632 Page size: 0x1000
10:59:05.0342 3632 Boot type: Normal boot
10:59:05.0342 3632 ============================================================
10:59:05.0966 3632 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:59:05.0966 3632 \Device\Harddisk0\DR0:
10:59:05.0966 3632 MBR partitions:
10:59:05.0966 3632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:59:05.0966 3632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AB5B000
10:59:05.0966 3632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1ABBF000, BlocksNum 0x25D2800
10:59:05.0966 3632 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
10:59:05.0982 3632 C: <-> \Device\Harddisk0\DR0\Partition1
10:59:06.0091 3632 D: <-> \Device\Harddisk0\DR0\Partition2
10:59:06.0091 3632 Initialize success
10:59:06.0091 3632 ============================================================
10:59:33.0656 4152 ============================================================
10:59:33.0656 4152 Scan started
10:59:33.0656 4152 Mode: Manual; SigCheck; TDLFS;
10:59:33.0656 4152 ============================================================
10:59:34.0374 4152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:59:34.0530 4152 1394ohci - ok
10:59:34.0701 4152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:59:34.0732 4152 ACPI - ok
10:59:34.0826 4152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:59:34.0920 4152 AcpiPmi - ok
10:59:35.0076 4152 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:59:35.0091 4152 AdobeFlashPlayerUpdateSvc - ok
10:59:35.0200 4152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:59:35.0216 4152 adp94xx - ok
10:59:35.0310 4152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:59:35.0341 4152 adpahci - ok
10:59:35.0481 4152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:59:35.0512 4152 adpu320 - ok
10:59:35.0606 4152 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:59:35.0762 4152 AeLookupSvc - ok
10:59:35.0809 4152 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:59:35.0824 4152 AERTFilters - ok
10:59:35.0965 4152 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:59:36.0043 4152 AFD - ok
10:59:36.0152 4152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:59:36.0168 4152 agp440 - ok
10:59:36.0261 4152 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:59:36.0355 4152 ALG - ok
10:59:36.0448 4152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:59:36.0480 4152 aliide - ok
10:59:36.0573 4152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:59:36.0604 4152 amdide - ok
10:59:36.0698 4152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:59:36.0745 4152 AmdK8 - ok
10:59:36.0838 4152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:59:36.0870 4152 AmdPPM - ok
10:59:36.0963 4152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:59:36.0994 4152 amdsata - ok
10:59:37.0088 4152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:59:37.0119 4152 amdsbs - ok
10:59:37.0213 4152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:59:37.0228 4152 amdxata - ok
10:59:37.0338 4152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:59:37.0478 4152 AppID - ok
10:59:37.0556 4152 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:59:37.0650 4152 AppIDSvc - ok
10:59:37.0759 4152 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:59:37.0821 4152 Appinfo - ok
10:59:37.0946 4152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:59:37.0962 4152 arc - ok
10:59:38.0055 4152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:59:38.0086 4152 arcsas - ok
10:59:38.0180 4152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:59:38.0242 4152 AsyncMac - ok
10:59:38.0336 4152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:59:38.0367 4152 atapi - ok
10:59:38.0476 4152 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:59:38.0554 4152 AudioEndpointBuilder - ok
10:59:38.0617 4152 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:59:38.0664 4152 AudioSrv - ok
10:59:38.0773 4152 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:59:38.0866 4152 AxInstSV - ok
10:59:38.0960 4152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:59:39.0022 4152 b06bdrv - ok
10:59:39.0132 4152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:59:39.0178 4152 b57nd60a - ok
10:59:39.0256 4152 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:59:39.0319 4152 BDESVC - ok
10:59:39.0397 4152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:59:39.0490 4152 Beep - ok
10:59:39.0600 4152 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:59:39.0678 4152 BFE - ok
10:59:39.0771 4152 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:59:39.0834 4152 BITS - ok
10:59:39.0912 4152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:59:39.0943 4152 blbdrive - ok
10:59:40.0052 4152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:59:40.0083 4152 bowser - ok
10:59:40.0177 4152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:59:40.0255 4152 BrFiltLo - ok
10:59:40.0317 4152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:59:40.0348 4152 BrFiltUp - ok
10:59:40.0458 4152 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:59:40.0504 4152 BridgeMP - ok
10:59:40.0598 4152 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:59:40.0692 4152 Browser - ok
10:59:40.0770 4152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:59:40.0816 4152 Brserid - ok
10:59:40.0910 4152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:59:40.0941 4152 BrSerWdm - ok
10:59:41.0035 4152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:59:41.0082 4152 BrUsbMdm - ok
10:59:41.0160 4152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:59:41.0191 4152 BrUsbSer - ok
10:59:41.0285 4152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:59:41.0331 4152 BTHMODEM - ok
10:59:41.0441 4152 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:59:41.0519 4152 bthserv - ok
10:59:41.0565 4152 catchme - ok
10:59:41.0659 4152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:59:41.0721 4152 cdfs - ok
10:59:41.0831 4152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:59:41.0877 4152 cdrom - ok
10:59:41.0987 4152 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:59:42.0080 4152 CertPropSvc - ok
10:59:42.0158 4152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:59:42.0205 4152 circlass - ok
10:59:42.0283 4152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:59:42.0314 4152 CLFS - ok
10:59:42.0408 4152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:59:42.0423 4152 clr_optimization_v2.0.50727_32 - ok
10:59:42.0517 4152 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:59:42.0533 4152 clr_optimization_v2.0.50727_64 - ok
10:59:42.0657 4152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:59:42.0673 4152 clr_optimization_v4.0.30319_32 - ok
10:59:42.0798 4152 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:59:42.0813 4152 clr_optimization_v4.0.30319_64 - ok
10:59:42.0907 4152 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:59:42.0938 4152 clwvd - ok
10:59:42.0985 4152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:59:43.0016 4152 CmBatt - ok
10:59:43.0110 4152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:59:43.0125 4152 cmdide - ok
10:59:43.0235 4152 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:59:43.0281 4152 CNG - ok
10:59:43.0375 4152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:59:43.0391 4152 Compbatt - ok
10:59:43.0515 4152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:59:43.0562 4152 CompositeBus - ok
10:59:43.0625 4152 COMSysApp - ok
10:59:43.0671 4152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:59:43.0687 4152 crcdisk - ok
10:59:43.0796 4152 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:59:43.0843 4152 CryptSvc - ok
10:59:43.0952 4152 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:59:44.0030 4152 DcomLaunch - ok
10:59:44.0124 4152 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:59:44.0186 4152 defragsvc - ok
10:59:44.0280 4152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:59:44.0327 4152 DfsC - ok
10:59:44.0420 4152 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:59:44.0483 4152 Dhcp - ok
10:59:44.0545 4152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:59:44.0623 4152 discache - ok
10:59:44.0717 4152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:59:44.0748 4152 Disk - ok
10:59:44.0841 4152 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:59:44.0904 4152 Dnscache - ok
10:59:44.0982 4152 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:59:45.0060 4152 dot3svc - ok
10:59:45.0169 4152 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:59:45.0216 4152 DPS - ok
10:59:45.0309 4152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:59:45.0356 4152 drmkaud - ok
10:59:45.0465 4152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:59:45.0512 4152 DXGKrnl - ok
10:59:45.0606 4152 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:59:45.0668 4152 EapHost - ok
10:59:45.0840 4152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:59:45.0918 4152 ebdrv - ok
10:59:46.0043 4152 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:59:46.0167 4152 EFS - ok
10:59:46.0339 4152 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:59:46.0417 4152 ehRecvr - ok
10:59:46.0479 4152 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:59:46.0511 4152 ehSched - ok
10:59:46.0620 4152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:59:46.0635 4152 elxstor - ok
10:59:46.0729 4152 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
10:59:46.0776 4152 EPSON_EB_RPCV4_01 - ok
10:59:46.0854 4152 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
10:59:46.0885 4152 EPSON_PM_RPCV4_01 - ok
10:59:46.0994 4152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:59:47.0010 4152 ErrDev - ok
10:59:47.0135 4152 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:59:47.0228 4152 EventSystem - ok
10:59:47.0322 4152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:59:47.0384 4152 exfat - ok
10:59:47.0462 4152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:59:47.0509 4152 fastfat - ok
10:59:47.0618 4152 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:59:47.0696 4152 Fax - ok
10:59:47.0790 4152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:59:47.0821 4152 fdc - ok
10:59:47.0899 4152 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:59:47.0961 4152 fdPHost - ok
10:59:48.0039 4152 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:59:48.0102 4152 FDResPub - ok
10:59:48.0180 4152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:59:48.0195 4152 FileInfo - ok
10:59:48.0289 4152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:59:48.0336 4152 Filetrace - ok
10:59:48.0461 4152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:59:48.0507 4152 flpydisk - ok
10:59:48.0617 4152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:59:48.0632 4152 FltMgr - ok
10:59:48.0741 4152 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:59:48.0819 4152 FontCache - ok
10:59:48.0944 4152 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:59:48.0960 4152 FontCache3.0.0.0 - ok
10:59:49.0038 4152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:59:49.0053 4152 FsDepends - ok
10:59:49.0163 4152 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
10:59:49.0163 4152 fssfltr - ok
10:59:49.0287 4152 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:59:49.0334 4152 fsssvc - ok
10:59:49.0428 4152 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:59:49.0443 4152 Fs_Rec - ok
10:59:49.0584 4152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:59:49.0599 4152 fvevol - ok
10:59:49.0709 4152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:59:49.0724 4152 gagp30kx - ok
10:59:49.0849 4152 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:59:49.0865 4152 GamesAppService - ok
10:59:49.0958 4152 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:59:50.0021 4152 gpsvc - ok
10:59:50.0099 4152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:59:50.0161 4152 hcw85cir - ok
10:59:50.0255 4152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:59:50.0301 4152 HdAudAddService - ok
10:59:50.0411 4152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:59:50.0457 4152 HDAudBus - ok
10:59:50.0551 4152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:59:50.0567 4152 HidBatt - ok
10:59:50.0645 4152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:59:50.0676 4152 HidBth - ok
10:59:50.0816 4152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:59:50.0879 4152 HidIr - ok
10:59:50.0988 4152 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:59:51.0050 4152 hidserv - ok
10:59:51.0175 4152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:59:51.0191 4152 HidUsb - ok
10:59:51.0284 4152 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:59:51.0393 4152 hkmsvc - ok
10:59:51.0471 4152 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:59:51.0534 4152 HomeGroupListener - ok
10:59:51.0627 4152 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:59:51.0674 4152 HomeGroupProvider - ok
10:59:51.0783 4152 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:59:51.0799 4152 HP Support Assistant Service - ok
10:59:51.0877 4152 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:59:51.0893 4152 HP Wireless Assistant Service - ok
10:59:51.0924 4152 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:59:51.0939 4152 HPClientSvc - ok
10:59:52.0033 4152 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:59:52.0049 4152 HPDrvMntSvc.exe - ok
10:59:52.0127 4152 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:59:52.0173 4152 hpqwmiex - ok
10:59:52.0314 4152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:59:52.0345 4152 HpSAMD - ok
10:59:52.0454 4152 HPWMISVC (854197d1270d20193fe2d4b14784aade) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:59:52.0454 4152 HPWMISVC - ok
10:59:52.0579 4152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:59:52.0673 4152 HTTP - ok
10:59:52.0751 4152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:59:52.0766 4152 hwpolicy - ok
10:59:52.0875 4152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:59:52.0907 4152 i8042prt - ok
10:59:53.0000 4152 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
10:59:53.0031 4152 iaStor - ok
10:59:53.0141 4152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:59:53.0172 4152 iaStorV - ok
10:59:53.0312 4152 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:59:53.0343 4152 idsvc - ok
10:59:53.0655 4152 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:59:53.0952 4152 igfx - ok
10:59:54.0045 4152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:59:54.0077 4152 iirsp - ok
10:59:54.0170 4152 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:59:54.0248 4152 IKEEXT - ok
10:59:54.0420 4152 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
10:59:54.0482 4152 IntcAzAudAddService - ok
10:59:54.0560 4152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:59:54.0591 4152 intelide - ok
10:59:54.0685 4152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:59:54.0716 4152 intelppm - ok
10:59:54.0794 4152 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:59:54.0872 4152 IPBusEnum - ok
10:59:54.0966 4152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:59:55.0028 4152 IpFilterDriver - ok
10:59:55.0122 4152 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:59:55.0215 4152 iphlpsvc - ok
10:59:55.0325 4152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:59:55.0356 4152 IPMIDRV - ok
10:59:55.0465 4152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:59:55.0527 4152 IPNAT - ok
10:59:55.0605 4152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:59:55.0652 4152 IRENUM - ok
10:59:55.0730 4152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:59:55.0761 4152 isapnp - ok
10:59:55.0855 4152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:59:55.0886 4152 iScsiPrt - ok
10:59:55.0980 4152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:59:55.0995 4152 kbdclass - ok
10:59:56.0105 4152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:59:56.0136 4152 kbdhid - ok
10:59:56.0229 4152 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:59:56.0261 4152 KeyIso - ok
10:59:56.0370 4152 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:59:56.0385 4152 KSecDD - ok
10:59:56.0463 4152 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:59:56.0479 4152 KSecPkg - ok
10:59:56.0557 4152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:59:56.0619 4152 ksthunk - ok
10:59:56.0713 4152 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:59:56.0791 4152 KtmRm - ok
10:59:56.0900 4152 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:59:56.0994 4152 LanmanServer - ok
10:59:57.0103 4152 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:59:57.0181 4152 LanmanWorkstation - ok
10:59:57.0290 4152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:59:57.0353 4152 lltdio - ok
10:59:57.0446 4152 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:59:57.0524 4152 lltdsvc - ok
10:59:57.0602 4152 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:59:57.0649 4152 lmhosts - ok
10:59:57.0743 4152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:59:57.0758 4152 LSI_FC - ok
10:59:57.0852 4152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:59:57.0867 4152 LSI_SAS - ok
10:59:57.0961 4152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:59:57.0992 4152 LSI_SAS2 - ok
10:59:58.0086 4152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:59:58.0101 4152 LSI_SCSI - ok
10:59:58.0195 4152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:59:58.0257 4152 luafv - ok
10:59:58.0367 4152 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:59:58.0398 4152 Mcx2Svc - ok
10:59:58.0476 4152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:59:58.0491 4152 megasas - ok
10:59:58.0585 4152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:59:58.0616 4152 MegaSR - ok
10:59:58.0694 4152 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:59:58.0772 4152 MMCSS - ok
10:59:58.0866 4152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:59:58.0928 4152 Modem - ok
10:59:59.0006 4152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:59:59.0053 4152 monitor - ok
10:59:59.0147 4152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:59:59.0162 4152 mouclass - ok
10:59:59.0256 4152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:59:59.0271 4152 mouhid - ok
10:59:59.0381 4152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:59:59.0396 4152 mountmgr - ok
10:59:59.0505 4152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:59:59.0537 4152 mpio - ok
10:59:59.0615 4152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:59:59.0677 4152 mpsdrv - ok
10:59:59.0771 4152 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:59:59.0833 4152 MpsSvc - ok
10:59:59.0927 4152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:59:59.0973 4152 MRxDAV - ok
11:00:00.0051 4152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:00:00.0114 4152 mrxsmb - ok
11:00:00.0207 4152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:00:00.0254 4152 mrxsmb10 - ok
11:00:00.0332 4152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:00:00.0363 4152 mrxsmb20 - ok
11:00:00.0441 4152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:00:00.0473 4152 msahci - ok
11:00:00.0566 4152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:00:00.0597 4152 msdsm - ok
11:00:00.0675 4152 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:00:00.0722 4152 MSDTC - ok
11:00:00.0816 4152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:00:00.0878 4152 Msfs - ok
11:00:00.0941 4152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:00:01.0003 4152 mshidkmdf - ok
11:00:01.0112 4152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:00:01.0128 4152 msisadrv - ok
11:00:01.0206 4152 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:00:01.0237 4152 MSiSCSI - ok
11:00:01.0299 4152 msiserver - ok
11:00:01.0331 4152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:00:01.0393 4152 MSKSSRV - ok
11:00:01.0455 4152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:00:01.0533 4152 MSPCLOCK - ok
11:00:01.0611 4152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:00:01.0674 4152 MSPQM - ok
11:00:01.0783 4152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:00:01.0814 4152 MsRPC - ok
11:00:01.0908 4152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:00:01.0923 4152 mssmbios - ok
11:00:02.0001 4152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:00:02.0048 4152 MSTEE - ok
11:00:02.0142 4152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:00:02.0157 4152 MTConfig - ok
11:00:02.0251 4152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:00:02.0267 4152 Mup - ok
11:00:02.0360 4152 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:00:02.0469 4152 napagent - ok
11:00:02.0579 4152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:00:02.0625 4152 NativeWifiP - ok
11:00:02.0750 4152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:00:02.0797 4152 NDIS - ok
11:00:02.0875 4152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:00:02.0937 4152 NdisCap - ok
11:00:03.0031 4152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:00:03.0078 4152 NdisTapi - ok
11:00:03.0187 4152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:00:03.0249 4152 Ndisuio - ok
11:00:03.0343 4152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:00:03.0421 4152 NdisWan - ok
11:00:03.0530 4152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:00:03.0577 4152 NDProxy - ok
11:00:03.0671 4152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:00:03.0749 4152 NetBIOS - ok
11:00:03.0858 4152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:00:03.0905 4152 NetBT - ok
11:00:03.0998 4152 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:04.0014 4152 Netlogon - ok
11:00:04.0092 4152 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:00:04.0154 4152 Netman - ok
11:00:04.0248 4152 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:00:04.0341 4152 netprofm - ok
11:00:04.0466 4152 netr28x (aa1d8f9de032be4e8303af33368fdfc8) C:\Windows\system32\DRIVERS\netr28x.sys
11:00:04.0497 4152 netr28x - ok
11:00:04.0591 4152 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:00:04.0607 4152 NetTcpPortSharing - ok
11:00:04.0809 4152 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:00:04.0981 4152 netw5v64 - ok
11:00:05.0075 4152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:00:05.0090 4152 nfrd960 - ok
11:00:05.0184 4152 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:00:05.0246 4152 NlaSvc - ok
11:00:05.0402 4152 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:00:05.0465 4152 NOBU - ok
11:00:05.0543 4152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:00:05.0589 4152 Npfs - ok
11:00:05.0683 4152 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:00:05.0714 4152 nsi - ok
11:00:05.0792 4152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:00:05.0839 4152 nsiproxy - ok
11:00:05.0964 4152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:00:06.0026 4152 Ntfs - ok
11:00:06.0089 4152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:00:06.0135 4152 Null - ok
11:00:06.0229 4152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:00:06.0260 4152 nvraid - ok
11:00:06.0354 4152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:00:06.0385 4152 nvstor - ok
11:00:06.0479 4152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:00:06.0510 4152 nv_agp - ok
11:00:06.0603 4152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:00:06.0635 4152 ohci1394 - ok
11:00:06.0728 4152 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:00:06.0744 4152 ose - ok
11:00:06.0837 4152 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:00:06.0900 4152 p2pimsvc - ok
11:00:06.0993 4152 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:00:07.0025 4152 p2psvc - ok
11:00:07.0103 4152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:00:07.0134 4152 Parport - ok
11:00:07.0212 4152 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:00:07.0243 4152 partmgr - ok
11:00:07.0321 4152 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:00:07.0368 4152 PcaSvc - ok
11:00:07.0461 4152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:00:07.0493 4152 pci - ok
11:00:07.0586 4152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:00:07.0602 4152 pciide - ok
11:00:07.0695 4152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:00:07.0727 4152 pcmcia - ok
11:00:07.0805 4152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:00:07.0836 4152 pcw - ok
11:00:07.0914 4152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:00:07.0992 4152 PEAUTH - ok
11:00:08.0070 4152 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:00:08.0117 4152 PerfHost - ok
11:00:08.0241 4152 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:00:08.0319 4152 pla - ok
11:00:08.0429 4152 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:00:08.0491 4152 PlugPlay - ok
11:00:08.0569 4152 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:00:08.0616 4152 PNRPAutoReg - ok
11:00:08.0709 4152 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:00:08.0741 4152 PNRPsvc - ok
11:00:08.0834 4152 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:00:08.0850 4152 Point64 - ok
11:00:08.0959 4152 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:00:09.0037 4152 PolicyAgent - ok
11:00:09.0115 4152 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:00:09.0209 4152 Power - ok
11:00:09.0302 4152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:00:09.0396 4152 PptpMiniport - ok
11:00:09.0474 4152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:00:09.0505 4152 Processor - ok
11:00:09.0614 4152 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:00:09.0677 4152 ProfSvc - ok
11:00:09.0755 4152 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:09.0786 4152 ProtectedStorage - ok
11:00:09.0879 4152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:00:09.0942 4152 Psched - ok
11:00:10.0067 4152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:00:10.0113 4152 ql2300 - ok
11:00:10.0223 4152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:00:10.0238 4152 ql40xx - ok
11:00:10.0316 4152 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:00:10.0363 4152 QWAVE - ok
11:00:10.0441 4152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:00:10.0488 4152 QWAVEdrv - ok
11:00:10.0581 4152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:00:10.0628 4152 RasAcd - ok
11:00:10.0737 4152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:00:10.0784 4152 RasAgileVpn - ok
11:00:10.0847 4152 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:00:10.0925 4152 RasAuto - ok
11:00:11.0034 4152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:00:11.0096 4152 Rasl2tp - ok
11:00:11.0190 4152 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:00:11.0268 4152 RasMan - ok
11:00:11.0377 4152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:00:11.0439 4152 RasPppoe - ok
11:00:11.0533 4152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:00:11.0611 4152 RasSstp - ok
11:00:11.0705 4152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:00:11.0767 4152 rdbss - ok
11:00:11.0861 4152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:00:11.0907 4152 rdpbus - ok
11:00:11.0985 4152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:00:12.0048 4152 RDPCDD - ok
11:00:12.0141 4152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:00:12.0219 4152 RDPENCDD - ok
11:00:12.0297 4152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:00:12.0344 4152 RDPREFMP - ok
11:00:12.0438 4152 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:00:12.0485 4152 RDPWD - ok
11:00:12.0625 4152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:00:12.0641 4152 rdyboost - ok
11:00:12.0734 4152 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:00:12.0812 4152 RemoteAccess - ok
11:00:12.0890 4152 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:00:12.0968 4152 RemoteRegistry - ok
11:00:13.0062 4152 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:00:13.0093 4152 RoxioNow Service - ok
11:00:13.0171 4152 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:00:13.0265 4152 RpcEptMapper - ok
11:00:13.0343 4152 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:00:13.0374 4152 RpcLocator - ok
11:00:13.0483 4152 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:00:13.0530 4152 RpcSs - ok
11:00:13.0623 4152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:00:13.0686 4152 rspndr - ok
11:00:13.0795 4152 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:00:13.0826 4152 RTL8167 - ok
11:00:13.0889 4152 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
11:00:13.0904 4152 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
11:00:13.0904 4152 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
11:00:13.0967 4152 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:13.0982 4152 SamSs - ok
11:00:14.0076 4152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:00:14.0107 4152 sbp2port - ok
11:00:14.0201 4152 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:00:14.0232 4152 SBSDWSCService - ok
11:00:14.0310 4152 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:00:14.0403 4152 SCardSvr - ok
11:00:14.0497 4152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:00:14.0544 4152 scfilter - ok
11:00:14.0637 4152 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:00:14.0715 4152 Schedule - ok
11:00:14.0825 4152 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:00:14.0871 4152 SCPolicySvc - ok
11:00:14.0965 4152 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:00:15.0027 4152 sdbus - ok
11:00:15.0105 4152 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:00:15.0168 4152 SDRSVC - ok
11:00:15.0230 4152 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:00:15.0277 4152 SeaPort - ok
11:00:15.0371 4152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:00:15.0449 4152 secdrv - ok
11:00:15.0542 4152 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:00:15.0605 4152 seclogon - ok
11:00:15.0698 4152 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:00:15.0761 4152 SENS - ok
11:00:15.0839 4152 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:00:15.0917 4152 SensrSvc - ok
11:00:15.0995 4152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:00:16.0041 4152 Serenum - ok
11:00:16.0119 4152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:00:16.0151 4152 Serial - ok
11:00:16.0244 4152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:00:16.0275 4152 sermouse - ok
11:00:16.0416 4152 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:00:16.0478 4152 SessionEnv - ok
11:00:16.0572 4152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:00:16.0634 4152 sffdisk - ok
11:00:16.0728 4152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:00:16.0759 4152 sffp_mmc - ok
11:00:16.0853 4152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:00:16.0884 4152 sffp_sd - ok
11:00:16.0977 4152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:00:17.0024 4152 sfloppy - ok
11:00:17.0118 4152 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:00:17.0196 4152 SharedAccess - ok
11:00:17.0305 4152 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:00:17.0383 4152 ShellHWDetection - ok
11:00:17.0492 4152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:00:17.0508 4152 SiSRaid2 - ok
11:00:17.0601 4152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:00:17.0633 4152 SiSRaid4 - ok
11:00:17.0711 4152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:00:17.0742 4152 Smb - ok
11:00:17.0851 4152 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:00:17.0882 4152 SNMPTRAP - ok
11:00:17.0960 4152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:00:17.0991 4152 spldr - ok
11:00:18.0085 4152 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:00:18.0132 4152 Spooler - ok
11:00:18.0303 4152 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:00:18.0459 4152 sppsvc - ok
11:00:18.0537 4152 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:00:18.0600 4152 sppuinotify - ok
11:00:18.0709 4152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:00:18.0787 4152 srv - ok
11:00:18.0896 4152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:00:18.0927 4152 srv2 - ok
11:00:19.0037 4152 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:00:19.0068 4152 SrvHsfHDA - ok
11:00:19.0193 4152 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:00:19.0255 4152 SrvHsfV92 - ok
11:00:19.0364 4152 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:00:19.0411 4152 SrvHsfWinac - ok
11:00:19.0505 4152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:00:19.0536 4152 srvnet - ok
11:00:19.0614 4152 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:00:19.0692 4152 SSDPSRV - ok
11:00:19.0770 4152 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:00:19.0817 4152 SstpSvc - ok
11:00:19.0895 4152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:00:19.0926 4152 stexstor - ok
11:00:20.0019 4152 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:00:20.0082 4152 stisvc - ok
11:00:20.0191 4152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:00:20.0207 4152 swenum - ok
11:00:20.0300 4152 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:00:20.0363 4152 swprv - ok
11:00:20.0487 4152 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
11:00:20.0550 4152 SynTP - ok
11:00:20.0675 4152 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:00:20.0737 4152 SysMain - ok
11:00:20.0831 4152 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:00:20.0877 4152 TabletInputService - ok
11:00:20.0971 4152 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:00:21.0049 4152 TapiSrv - ok
11:00:21.0127 4152 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:00:21.0189 4152 TBS - ok
11:00:21.0330 4152 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:00:21.0392 4152 Tcpip - ok
11:00:21.0533 4152 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:00:21.0579 4152 TCPIP6 - ok
11:00:21.0673 4152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:00:21.0751 4152 tcpipreg - ok
11:00:21.0845 4152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:00:21.0876 4152 TDPIPE - ok
11:00:21.0969 4152 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:00:22.0001 4152 TDTCP - ok
11:00:22.0110 4152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:00:22.0172 4152 tdx - ok
11:00:22.0266 4152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:00:22.0281 4152 TermDD - ok
11:00:22.0391 4152 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:00:22.0453 4152 TermService - ok
11:00:22.0531 4152 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:00:22.0578 4152 Themes - ok
11:00:22.0656 4152 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:00:22.0718 4152 THREADORDER - ok
11:00:22.0796 4152 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:00:22.0859 4152 TrkWks - ok
11:00:22.0952 4152 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:00:22.0999 4152 TrustedInstaller - ok
11:00:23.0061 4152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:00:23.0124 4152 tssecsrv - ok
11:00:23.0233 4152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:00:23.0280 4152 TsUsbFlt - ok
11:00:23.0405 4152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:00:23.0467 4152 tunnel - ok
11:00:23.0545 4152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:00:23.0561 4152 uagp35 - ok
11:00:23.0654 4152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:00:23.0701 4152 udfs - ok
11:00:23.0795 4152 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:00:23.0826 4152 UI0Detect - ok
11:00:23.0997 4152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:00:24.0029 4152 uliagpkx - ok
11:00:24.0263 4152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:00:24.0309 4152 umbus - ok
11:00:24.0450 4152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:00:24.0512 4152 UmPass - ok
11:00:24.0606 4152 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:00:24.0668 4152 upnphost - ok
11:00:24.0840 4152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:00:24.0918 4152 usbccgp - ok
11:00:25.0136 4152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:00:25.0152 4152 usbcir - ok
11:00:25.0355 4152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:00:25.0370 4152 usbehci - ok
11:00:25.0557 4152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:00:25.0589 4152 usbhub - ok
11:00:25.0745 4152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:00:25.0791 4152 usbohci - ok
11:00:25.0932 4152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:00:25.0963 4152 usbprint - ok
11:00:26.0119 4152 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:00:26.0181 4152 usbscan - ok
11:00:26.0306 4152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:00:26.0369 4152 USBSTOR - ok
11:00:26.0634 4152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:00:26.0681 4152 usbuhci - ok
11:00:26.0805 4152 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:00:26.0883 4152 UxSms - ok
11:00:27.0008 4152 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:27.0024 4152 VaultSvc - ok
11:00:27.0149 4152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:00:27.0180 4152 vdrvroot - ok
11:00:27.0273 4152 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:00:27.0320 4152 vds - ok
11:00:27.0398 4152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:00:27.0429 4152 vga - ok
11:00:27.0507 4152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:00:27.0585 4152 VgaSave - ok
11:00:27.0679 4152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:00:27.0710 4152 vhdmp - ok
11:00:27.0788 4152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:00:27.0804 4152 viaide - ok
11:00:27.0913 4152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:00:27.0929 4152 volmgr - ok
11:00:28.0022 4152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:00:28.0069 4152 volmgrx - ok
11:00:28.0163 4152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:00:28.0194 4152 volsnap - ok
11:00:28.0287 4152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:00:28.0319 4152 vsmraid - ok
11:00:28.0459 4152 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:00:28.0568 4152 VSS - ok
11:00:28.0662 4152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:00:28.0709 4152 vwifibus - ok
11:00:28.0787 4152 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:00:28.0833 4152 vwififlt - ok
11:00:28.0927 4152 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:00:28.0974 4152 W32Time - ok
11:00:29.0067 4152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:00:29.0099 4152 WacomPen - ok
11:00:29.0208 4152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:00:29.0286 4152 WANARP - ok
11:00:29.0333 4152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:00:29.0364 4152 Wanarpv6 - ok
11:00:29.0457 4152 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:00:29.0504 4152 WatAdminSvc - ok
11:00:29.0629 4152 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:00:29.0738 4152 wbengine - ok
11:00:29.0816 4152 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:00:29.0863 4152 WbioSrvc - ok
11:00:29.0957 4152 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:00:30.0019 4152 wcncsvc - ok
11:00:30.0113 4152 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:00:30.0144 4152 WcsPlugInService - ok
11:00:30.0222 4152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:00:30.0253 4152 Wd - ok
11:00:30.0347 4152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:00:30.0378 4152 Wdf01000 - ok
11:00:30.0471 4152 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:00:30.0565 4152 WdiServiceHost - ok
11:00:30.0581 4152 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:00:30.0612 4152 WdiSystemHost - ok
11:00:30.0705 4152 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:00:30.0752 4152 WebClient - ok
11:00:30.0830 4152 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:00:30.0908 4152 Wecsvc - ok
11:00:31.0002 4152 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:00:31.0080 4152 wercplsupport - ok
11:00:31.0173 4152 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:00:31.0220 4152 WerSvc - ok
11:00:31.0314 4152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:00:31.0376 4152 WfpLwf - ok
11:00:31.0454 4152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:00:31.0485 4152 WIMMount - ok
11:00:31.0501 4152 WinDefend - ok
11:00:31.0517 4152 WinHttpAutoProxySvc - ok
11:00:31.0626 4152 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:00:31.0673 4152 Winmgmt - ok
11:00:31.0797 4152 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:00:31.0891 4152 WinRM - ok
11:00:32.0016 4152 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:00:32.0063 4152 WinUsb - ok
11:00:32.0172 4152 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:00:32.0234 4152 Wlansvc - ok
11:00:32.0312 4152 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:00:32.0328 4152 wlcrasvc - ok
11:00:32.0453 4152 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:00:32.0499 4152 wlidsvc - ok
11:00:32.0609 4152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:00:32.0640 4152 WmiAcpi - ok
11:00:32.0749 4152 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:00:32.0796 4152 wmiApSrv - ok
11:00:32.0827 4152 WMPNetworkSvc - ok
11:00:32.0921 4152 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:00:32.0952 4152 WPCSvc - ok
11:00:33.0045 4152 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:00:33.0077 4152 WPDBusEnum - ok
11:00:33.0155 4152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:00:33.0217 4152 ws2ifsl - ok
11:00:33.0295 4152 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:00:33.0342 4152 wscsvc - ok
11:00:33.0389 4152 WSearch - ok
11:00:33.0498 4152 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:00:33.0591 4152 wuauserv - ok
11:00:33.0685 4152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:00:33.0763 4152 WudfPf - ok
11:00:33.0872 4152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:00:33.0919 4152 WUDFRd - ok
11:00:33.0997 4152 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:00:34.0044 4152 wudfsvc - ok
11:00:34.0137 4152 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:00:34.0169 4152 WwanSvc - ok
11:00:34.0278 4152 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:00:34.0325 4152 yukonw7 - ok
11:00:34.0371 4152 MBR (0x1B8) (2cd07e130f4efdc6bf79e0679ce1c7d6) \Device\Harddisk0\DR0
11:00:34.0481 4152 \Device\Harddisk0\DR0 - ok
11:00:34.0481 4152 Boot (0x1200) (5001197d1b683b84671e76ff0b820fc0) \Device\Harddisk0\DR0\Partition0
11:00:34.0481 4152 \Device\Harddisk0\DR0\Partition0 - ok
11:00:34.0496 4152 Boot (0x1200) (430ff86fddcc2081dd7e4d3aa704ab19) \Device\Harddisk0\DR0\Partition1
11:00:34.0496 4152 \Device\Harddisk0\DR0\Partition1 - ok
11:00:34.0527 4152 Boot (0x1200) (6756a99271312ec3aa9fa5553b226d4e) \Device\Harddisk0\DR0\Partition2
11:00:34.0527 4152 \Device\Harddisk0\DR0\Partition2 - ok
11:00:34.0559 4152 Boot (0x1200) (fc373130f5a68415bf2a98e52a63a8f4) \Device\Harddisk0\DR0\Partition3
11:00:34.0559 4152 \Device\Harddisk0\DR0\Partition3 - ok
11:00:34.0559 4152 ============================================================
11:00:34.0559 4152 Scan finished
11:00:34.0559 4152 ============================================================
11:00:34.0574 3844 Detected object count: 1
11:00:34.0574 3844 Actual detected object count: 1
11:00:55.0556 3844 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:55.0556 3844 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:06.0209 4800 ============================================================
11:02:06.0209 4800 Scan started
11:02:06.0209 4800 Mode: Manual; SigCheck; TDLFS;
11:02:06.0209 4800 ============================================================
11:02:06.0646 4800 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:02:06.0692 4800 1394ohci - ok
11:02:06.0817 4800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:02:06.0848 4800 ACPI - ok
11:02:06.0942 4800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:02:06.0973 4800 AcpiPmi - ok
11:02:07.0067 4800 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:02:07.0098 4800 AdobeFlashPlayerUpdateSvc - ok
11:02:07.0176 4800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:02:07.0207 4800 adp94xx - ok
11:02:07.0301 4800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:02:07.0332 4800 adpahci - ok
11:02:07.0426 4800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:02:07.0457 4800 adpu320 - ok
11:02:07.0535 4800 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:02:07.0582 4800 AeLookupSvc - ok
11:02:07.0628 4800 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:02:07.0644 4800 AERTFilters - ok
11:02:07.0753 4800 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:02:07.0784 4800 AFD - ok
11:02:07.0878 4800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:02:07.0909 4800 agp440 - ok
11:02:07.0987 4800 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:02:08.0003 4800 ALG - ok
11:02:08.0096 4800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:02:08.0112 4800 aliide - ok
11:02:08.0190 4800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:02:08.0221 4800 amdide - ok
11:02:08.0299 4800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:02:08.0315 4800 AmdK8 - ok
11:02:08.0393 4800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:02:08.0408 4800 AmdPPM - ok
11:02:08.0518 4800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:02:08.0533 4800 amdsata - ok
11:02:08.0611 4800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:02:08.0642 4800 amdsbs - ok
11:02:08.0720 4800 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:02:08.0736 4800 amdxata - ok
11:02:08.0845 4800 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:02:08.0892 4800 AppID - ok
11:02:08.0970 4800 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:02:09.0017 4800 AppIDSvc - ok
11:02:09.0095 4800 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:02:09.0157 4800 Appinfo - ok
11:02:09.0235 4800 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:02:09.0251 4800 arc - ok
11:02:09.0329 4800 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:02:09.0360 4800 arcsas - ok
11:02:09.0438 4800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:02:09.0485 4800 AsyncMac - ok
11:02:09.0578 4800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:02:09.0610 4800 atapi - ok
11:02:09.0703 4800 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:02:09.0766 4800 AudioEndpointBuilder - ok
11:02:09.0766 4800 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:02:09.0812 4800 AudioSrv - ok
11:02:09.0906 4800 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:02:09.0937 4800 AxInstSV - ok
11:02:10.0031 4800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:02:10.0062 4800 b06bdrv - ok
11:02:10.0156 4800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:02:10.0171 4800 b57nd60a - ok
11:02:10.0265 4800 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:02:10.0280 4800 BDESVC - ok
11:02:10.0358 4800 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:02:10.0405 4800 Beep - ok
11:02:10.0483 4800 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:02:10.0561 4800 BFE - ok
11:02:10.0655 4800 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:02:10.0686 4800 BITS - ok
11:02:10.0764 4800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:02:10.0795 4800 blbdrive - ok
11:02:10.0873 4800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:02:10.0904 4800 bowser - ok
11:02:10.0982 4800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:02:10.0998 4800 BrFiltLo - ok
11:02:11.0076 4800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:02:11.0107 4800 BrFiltUp - ok
11:02:11.0185 4800 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:02:11.0232 4800 BridgeMP - ok
11:02:11.0326 4800 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:02:11.0372 4800 Browser - ok
11:02:11.0466 4800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:02:11.0482 4800 Brserid - ok
11:02:11.0575 4800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:02:11.0606 4800 BrSerWdm - ok
11:02:11.0684 4800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:02:11.0700 4800 BrUsbMdm - ok
11:02:11.0794 4800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:02:11.0809 4800 BrUsbSer - ok
11:02:11.0887 4800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:02:11.0918 4800 BTHMODEM - ok
11:02:12.0012 4800 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:02:12.0043 4800 bthserv - ok
11:02:12.0059 4800 catchme - ok
11:02:12.0152 4800 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:02:12.0199 4800 cdfs - ok
11:02:12.0293 4800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:02:12.0324 4800 cdrom - ok
11:02:12.0418 4800 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:02:12.0464 4800 CertPropSvc - ok
11:02:12.0527 4800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:02:12.0558 4800 circlass - ok
11:02:12.0636 4800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:02:12.0652 4800 CLFS - ok
11:02:12.0761 4800 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:02:12.0776 4800 clr_optimization_v2.0.50727_32 - ok
11:02:12.0886 4800 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:02:12.0901 4800 clr_optimization_v2.0.50727_64 - ok
11:02:13.0010 4800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:02:13.0026 4800 clr_optimization_v4.0.30319_32 - ok
11:02:13.0135 4800 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:02:13.0166 4800 clr_optimization_v4.0.30319_64 - ok
11:02:13.0213 4800 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:02:13.0229 4800 clwvd - ok
11:02:13.0276 4800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:02:13.0291 4800 CmBatt - ok
11:02:13.0369 4800 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:02:13.0385 4800 cmdide - ok
11:02:13.0494 4800 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:02:13.0525 4800 CNG - ok
11:02:13.0650 4800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:02:13.0666 4800 Compbatt - ok
11:02:13.0759 4800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:02:13.0790 4800 CompositeBus - ok
11:02:13.0837 4800 COMSysApp - ok
11:02:13.0884 4800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:02:13.0900 4800 crcdisk - ok
11:02:14.0009 4800 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:02:14.0056 4800 CryptSvc - ok
11:02:14.0149 4800 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:02:14.0212 4800 DcomLaunch - ok
11:02:14.0290 4800 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:02:14.0336 4800 defragsvc - ok
11:02:14.0414 4800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:02:14.0461 4800 DfsC - ok
11:02:14.0555 4800 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:02:14.0617 4800 Dhcp - ok
11:02:14.0695 4800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:02:14.0758 4800 discache - ok
11:02:14.0836 4800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:02:14.0851 4800 Disk - ok
11:02:14.0945 4800 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:02:14.0976 4800 Dnscache - ok
11:02:15.0070 4800 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:02:15.0101 4800 dot3svc - ok
11:02:15.0194 4800 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:02:15.0241 4800 DPS - ok
11:02:15.0319 4800 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:02:15.0335 4800 drmkaud - ok
11:02:15.0444 4800 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:02:15.0475 4800 DXGKrnl - ok
11:02:15.0569 4800 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:02:15.0616 4800 EapHost - ok
11:02:15.0772 4800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:02:15.0818 4800 ebdrv - ok
11:02:15.0912 4800 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:02:15.0928 4800 EFS - ok
11:02:16.0021 4800 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:02:16.0068 4800 ehRecvr - ok
11:02:16.0099 4800 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:02:16.0115 4800 ehSched - ok
11:02:16.0224 4800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:02:16.0255 4800 elxstor - ok
11:02:16.0318 4800 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
11:02:16.0333 4800 EPSON_EB_RPCV4_01 - ok
11:02:16.0349 4800 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
11:02:16.0364 4800 EPSON_PM_RPCV4_01 - ok
11:02:16.0442 4800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:02:16.0458 4800 ErrDev - ok
11:02:16.0567 4800 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:02:16.0614 4800 EventSystem - ok
11:02:16.0692 4800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:02:16.0723 4800 exfat - ok
11:02:16.0817 4800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:02:16.0848 4800 fastfat - ok
11:02:16.0988 4800 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:02:17.0020 4800 Fax - ok
11:02:17.0098 4800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:02:17.0113 4800 fdc - ok
11:02:17.0191 4800 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:02:17.0254 4800 fdPHost - ok
11:02:17.0347 4800 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:02:17.0378 4800 FDResPub - ok
11:02:17.0456 4800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:02:17.0472 4800 FileInfo - ok
11:02:17.0550 4800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:02:17.0597 4800 Filetrace - ok
11:02:17.0675 4800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:02:17.0690 4800 flpydisk - ok
11:02:17.0784 4800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:02:17.0815 4800 FltMgr - ok
11:02:17.0924 4800 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:02:17.0971 4800 FontCache - ok
11:02:18.0096 4800 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:02:18.0096 4800 FontCache3.0.0.0 - ok
11:02:18.0174 4800 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:02:18.0190 4800 FsDepends - ok
11:02:18.0283 4800 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
11:02:18.0299 4800 fssfltr - ok

#6 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 02:00 PM

Part 2:

TDSS continued

11:02:18.0392 4800 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:02:18.0439 4800 fsssvc - ok
11:02:18.0517 4800 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:02:18.0533 4800 Fs_Rec - ok
11:02:18.0658 4800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:02:18.0689 4800 fvevol - ok
11:02:18.0751 4800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:02:18.0767 4800 gagp30kx - ok
11:02:18.0860 4800 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:02:18.0876 4800 GamesAppService - ok
11:02:18.0985 4800 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:02:19.0032 4800 gpsvc - ok
11:02:19.0110 4800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:02:19.0126 4800 hcw85cir - ok
11:02:19.0235 4800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:02:19.0266 4800 HdAudAddService - ok
11:02:19.0375 4800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:02:19.0391 4800 HDAudBus - ok
11:02:19.0484 4800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:02:19.0500 4800 HidBatt - ok
11:02:19.0578 4800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:02:19.0609 4800 HidBth - ok
11:02:19.0687 4800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:02:19.0718 4800 HidIr - ok
11:02:19.0796 4800 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:02:19.0843 4800 hidserv - ok
11:02:19.0952 4800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:02:19.0968 4800 HidUsb - ok
11:02:20.0062 4800 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:02:20.0108 4800 hkmsvc - ok
11:02:20.0202 4800 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:02:20.0218 4800 HomeGroupListener - ok
11:02:20.0311 4800 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:02:20.0342 4800 HomeGroupProvider - ok
11:02:20.0420 4800 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:02:20.0436 4800 HP Support Assistant Service - ok
11:02:20.0514 4800 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:02:20.0530 4800 HP Wireless Assistant Service - ok
11:02:20.0561 4800 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:02:20.0576 4800 HPClientSvc - ok
11:02:20.0654 4800 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:02:20.0670 4800 HPDrvMntSvc.exe - ok
11:02:20.0701 4800 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:02:20.0732 4800 hpqwmiex - ok
11:02:20.0826 4800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:02:20.0842 4800 HpSAMD - ok
11:02:20.0904 4800 HPWMISVC (854197d1270d20193fe2d4b14784aade) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:02:20.0920 4800 HPWMISVC - ok
11:02:21.0029 4800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:02:21.0076 4800 HTTP - ok
11:02:21.0169 4800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:02:21.0185 4800 hwpolicy - ok
11:02:21.0263 4800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:02:21.0294 4800 i8042prt - ok
11:02:21.0388 4800 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
11:02:21.0419 4800 iaStor - ok
11:02:21.0528 4800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:02:21.0559 4800 iaStorV - ok
11:02:21.0700 4800 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:02:21.0731 4800 idsvc - ok
11:02:22.0012 4800 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:02:22.0136 4800 igfx - ok
11:02:22.0214 4800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:02:22.0230 4800 iirsp - ok
11:02:22.0339 4800 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:02:22.0402 4800 IKEEXT - ok
11:02:22.0558 4800 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
11:02:22.0620 4800 IntcAzAudAddService - ok
11:02:22.0698 4800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:02:22.0714 4800 intelide - ok
11:02:22.0792 4800 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:02:22.0823 4800 intelppm - ok
11:02:22.0885 4800 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:02:22.0948 4800 IPBusEnum - ok
11:02:23.0041 4800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:02:23.0104 4800 IpFilterDriver - ok
11:02:23.0197 4800 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:02:23.0244 4800 iphlpsvc - ok
11:02:23.0353 4800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:02:23.0369 4800 IPMIDRV - ok
11:02:23.0447 4800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:02:23.0494 4800 IPNAT - ok
11:02:23.0587 4800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:02:23.0618 4800 IRENUM - ok
11:02:23.0712 4800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:02:23.0743 4800 isapnp - ok
11:02:23.0852 4800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:02:23.0868 4800 iScsiPrt - ok
11:02:23.0946 4800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:02:23.0977 4800 kbdclass - ok
11:02:24.0071 4800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:02:24.0086 4800 kbdhid - ok
11:02:24.0180 4800 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:24.0196 4800 KeyIso - ok
11:02:24.0305 4800 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:02:24.0320 4800 KSecDD - ok
11:02:24.0398 4800 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:02:24.0414 4800 KSecPkg - ok
11:02:24.0508 4800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:02:24.0554 4800 ksthunk - ok
11:02:24.0632 4800 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:02:24.0679 4800 KtmRm - ok
11:02:24.0788 4800 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:02:24.0835 4800 LanmanServer - ok
11:02:24.0991 4800 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:02:25.0038 4800 LanmanWorkstation - ok
11:02:25.0210 4800 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:02:25.0272 4800 lltdio - ok
11:02:25.0412 4800 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:02:25.0459 4800 lltdsvc - ok
11:02:25.0553 4800 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:02:25.0584 4800 lmhosts - ok
11:02:25.0771 4800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:02:25.0787 4800 LSI_FC - ok
11:02:26.0036 4800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:02:26.0068 4800 LSI_SAS - ok
11:02:26.0146 4800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:02:26.0161 4800 LSI_SAS2 - ok
11:02:26.0208 4800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:02:26.0224 4800 LSI_SCSI - ok
11:02:26.0458 4800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:02:26.0504 4800 luafv - ok
11:02:26.0660 4800 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:02:26.0676 4800 Mcx2Svc - ok
11:02:26.0957 4800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:02:26.0988 4800 megasas - ok
11:02:27.0113 4800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:02:27.0128 4800 MegaSR - ok
11:02:27.0253 4800 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:02:27.0300 4800 MMCSS - ok
11:02:27.0472 4800 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:02:27.0518 4800 Modem - ok
11:02:27.0659 4800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:02:27.0690 4800 monitor - ok
11:02:27.0799 4800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:02:27.0815 4800 mouclass - ok
11:02:27.0924 4800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:02:27.0940 4800 mouhid - ok
11:02:28.0127 4800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:02:28.0142 4800 mountmgr - ok
11:02:28.0330 4800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:02:28.0345 4800 mpio - ok
11:02:28.0470 4800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:02:28.0517 4800 mpsdrv - ok
11:02:28.0673 4800 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:02:28.0735 4800 MpsSvc - ok
11:02:28.0907 4800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:02:28.0938 4800 MRxDAV - ok
11:02:29.0110 4800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:02:29.0141 4800 mrxsmb - ok
11:02:29.0328 4800 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:02:29.0359 4800 mrxsmb10 - ok
11:02:29.0453 4800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:02:29.0484 4800 mrxsmb20 - ok
11:02:29.0671 4800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:02:29.0687 4800 msahci - ok
11:02:29.0843 4800 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:02:29.0858 4800 msdsm - ok
11:02:29.0999 4800 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:02:30.0030 4800 MSDTC - ok
11:02:30.0124 4800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:02:30.0170 4800 Msfs - ok
11:02:30.0295 4800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:02:30.0342 4800 mshidkmdf - ok
11:02:30.0451 4800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:02:30.0482 4800 msisadrv - ok
11:02:30.0576 4800 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:02:30.0623 4800 MSiSCSI - ok
11:02:30.0716 4800 msiserver - ok
11:02:30.0982 4800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:02:31.0028 4800 MSKSSRV - ok
11:02:31.0138 4800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:02:31.0184 4800 MSPCLOCK - ok
11:02:31.0278 4800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:02:31.0309 4800 MSPQM - ok
11:02:31.0450 4800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:02:31.0481 4800 MsRPC - ok
11:02:31.0621 4800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:02:31.0652 4800 mssmbios - ok
11:02:31.0746 4800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:02:31.0808 4800 MSTEE - ok
11:02:31.0886 4800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:02:31.0918 4800 MTConfig - ok
11:02:31.0996 4800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:02:31.0996 4800 Mup - ok
11:02:32.0136 4800 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:02:32.0183 4800 napagent - ok
11:02:32.0339 4800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:02:32.0370 4800 NativeWifiP - ok
11:02:32.0526 4800 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:02:32.0557 4800 NDIS - ok
11:02:32.0651 4800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:02:32.0698 4800 NdisCap - ok
11:02:32.0822 4800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:02:32.0869 4800 NdisTapi - ok
11:02:33.0025 4800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:02:33.0072 4800 Ndisuio - ok
11:02:33.0197 4800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:02:33.0244 4800 NdisWan - ok
11:02:33.0368 4800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:02:33.0400 4800 NDProxy - ok
11:02:33.0509 4800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:02:33.0556 4800 NetBIOS - ok
11:02:33.0680 4800 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:02:33.0727 4800 NetBT - ok
11:02:33.0852 4800 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:33.0868 4800 Netlogon - ok
11:02:34.0008 4800 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:02:34.0055 4800 Netman - ok
11:02:34.0211 4800 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:02:34.0273 4800 netprofm - ok
11:02:34.0507 4800 netr28x (aa1d8f9de032be4e8303af33368fdfc8) C:\Windows\system32\DRIVERS\netr28x.sys
11:02:34.0538 4800 netr28x - ok
11:02:34.0694 4800 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:02:34.0710 4800 NetTcpPortSharing - ok
11:02:34.0928 4800 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:02:35.0006 4800 netw5v64 - ok
11:02:35.0162 4800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:02:35.0178 4800 nfrd960 - ok
11:02:35.0272 4800 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:02:35.0334 4800 NlaSvc - ok
11:02:35.0474 4800 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:02:35.0537 4800 NOBU - ok
11:02:35.0646 4800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:02:35.0693 4800 Npfs - ok
11:02:35.0880 4800 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:02:35.0942 4800 nsi - ok
11:02:36.0145 4800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:02:36.0192 4800 nsiproxy - ok
11:02:36.0379 4800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:02:36.0410 4800 Ntfs - ok
11:02:36.0535 4800 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:02:36.0582 4800 Null - ok
11:02:36.0691 4800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:02:36.0707 4800 nvraid - ok
11:02:36.0847 4800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:02:36.0878 4800 nvstor - ok
11:02:37.0034 4800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:02:37.0050 4800 nv_agp - ok
11:02:37.0175 4800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:02:37.0206 4800 ohci1394 - ok
11:02:37.0284 4800 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:02:37.0300 4800 ose - ok
11:02:37.0424 4800 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:02:37.0456 4800 p2pimsvc - ok
11:02:37.0549 4800 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:02:37.0580 4800 p2psvc - ok
11:02:37.0690 4800 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:02:37.0705 4800 Parport - ok
11:02:37.0830 4800 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:02:37.0846 4800 partmgr - ok
11:02:37.0955 4800 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:02:37.0986 4800 PcaSvc - ok
11:02:38.0111 4800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:02:38.0142 4800 pci - ok
11:02:38.0298 4800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:02:38.0314 4800 pciide - ok
11:02:38.0438 4800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:02:38.0470 4800 pcmcia - ok
11:02:38.0579 4800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:02:38.0594 4800 pcw - ok
11:02:38.0719 4800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:02:38.0782 4800 PEAUTH - ok
11:02:38.0875 4800 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:02:38.0891 4800 PerfHost - ok
11:02:39.0078 4800 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:02:39.0140 4800 pla - ok
11:02:39.0281 4800 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:02:39.0312 4800 PlugPlay - ok
11:02:39.0437 4800 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:02:39.0452 4800 PNRPAutoReg - ok
11:02:39.0577 4800 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:02:39.0608 4800 PNRPsvc - ok
11:02:39.0702 4800 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:02:39.0718 4800 Point64 - ok
11:02:39.0842 4800 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:02:39.0889 4800 PolicyAgent - ok
11:02:39.0983 4800 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:02:40.0045 4800 Power - ok
11:02:40.0201 4800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:02:40.0248 4800 PptpMiniport - ok
11:02:40.0373 4800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:02:40.0388 4800 Processor - ok
11:02:40.0498 4800 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:02:40.0544 4800 ProfSvc - ok
11:02:40.0654 4800 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:40.0685 4800 ProtectedStorage - ok
11:02:40.0919 4800 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:02:40.0966 4800 Psched - ok
11:02:41.0246 4800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:02:41.0293 4800 ql2300 - ok
11:02:41.0465 4800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:02:41.0480 4800 ql40xx - ok
11:02:41.0683 4800 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:02:41.0714 4800 QWAVE - ok
11:02:41.0902 4800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:02:41.0917 4800 QWAVEdrv - ok
11:02:42.0073 4800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:02:42.0120 4800 RasAcd - ok
11:02:42.0245 4800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:02:42.0307 4800 RasAgileVpn - ok
11:02:42.0401 4800 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:02:42.0448 4800 RasAuto - ok
11:02:42.0619 4800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:02:42.0666 4800 Rasl2tp - ok
11:02:42.0775 4800 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:02:42.0838 4800 RasMan - ok
11:02:42.0962 4800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:02:43.0009 4800 RasPppoe - ok
11:02:43.0165 4800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:02:43.0212 4800 RasSstp - ok
11:02:43.0321 4800 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:02:43.0368 4800 rdbss - ok
11:02:43.0508 4800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:02:43.0524 4800 rdpbus - ok
11:02:43.0664 4800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:02:43.0727 4800 RDPCDD - ok
11:02:43.0836 4800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:02:43.0883 4800 RDPENCDD - ok
11:02:44.0039 4800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:02:44.0086 4800 RDPREFMP - ok
11:02:44.0226 4800 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:02:44.0257 4800 RDPWD - ok
11:02:44.0413 4800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:02:44.0444 4800 rdyboost - ok
11:02:44.0538 4800 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:02:44.0585 4800 RemoteAccess - ok
11:02:44.0710 4800 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:02:44.0741 4800 RemoteRegistry - ok
11:02:44.0850 4800 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:02:44.0881 4800 RoxioNow Service - ok
11:02:44.0975 4800 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:02:45.0037 4800 RpcEptMapper - ok
11:02:45.0131 4800 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:02:45.0146 4800 RpcLocator - ok
11:02:45.0271 4800 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:02:45.0318 4800 RpcSs - ok
11:02:45.0427 4800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:02:45.0474 4800 rspndr - ok
11:02:45.0614 4800 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:02:45.0646 4800 RTL8167 - ok
11:02:45.0755 4800 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
11:02:45.0755 4800 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
11:02:45.0770 4800 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
11:02:45.0895 4800 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:45.0926 4800 SamSs - ok
11:02:46.0067 4800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:02:46.0082 4800 sbp2port - ok
11:02:46.0223 4800 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:02:46.0254 4800 SBSDWSCService - ok
11:02:46.0363 4800 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:02:46.0394 4800 SCardSvr - ok
11:02:46.0519 4800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:02:46.0550 4800 scfilter - ok
11:02:46.0691 4800 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:02:46.0738 4800 Schedule - ok
11:02:46.0831 4800 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:02:46.0878 4800 SCPolicySvc - ok
11:02:47.0018 4800 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:02:47.0050 4800 sdbus - ok
11:02:47.0159 4800 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:02:47.0190 4800 SDRSVC - ok
11:02:47.0268 4800 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:02:47.0284 4800 SeaPort - ok
11:02:47.0424 4800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:02:47.0471 4800 secdrv - ok
11:02:47.0564 4800 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:02:47.0627 4800 seclogon - ok
11:02:47.0720 4800 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:02:47.0767 4800 SENS - ok
11:02:47.0845 4800 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:02:47.0861 4800 SensrSvc - ok
11:02:47.0970 4800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:02:48.0001 4800 Serenum - ok
11:02:48.0079 4800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:02:48.0110 4800 Serial - ok
11:02:48.0282 4800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:02:48.0298 4800 sermouse - ok
11:02:48.0454 4800 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:02:48.0500 4800 SessionEnv - ok
11:02:48.0641 4800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:02:48.0656 4800 sffdisk - ok
11:02:48.0797 4800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:02:48.0812 4800 sffp_mmc - ok
11:02:48.0953 4800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:02:48.0984 4800 sffp_sd - ok
11:02:49.0093 4800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:02:49.0109 4800 sfloppy - ok
11:02:49.0234 4800 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:02:49.0280 4800 SharedAccess - ok
11:02:49.0405 4800 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:02:49.0452 4800 ShellHWDetection - ok
11:02:49.0561 4800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:02:49.0592 4800 SiSRaid2 - ok
11:02:49.0702 4800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:02:49.0717 4800 SiSRaid4 - ok
11:02:49.0858 4800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:02:49.0904 4800 Smb - ok
11:02:49.0998 4800 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:02:50.0014 4800 SNMPTRAP - ok
11:02:50.0138 4800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:02:50.0154 4800 spldr - ok
11:02:50.0263 4800 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:02:50.0326 4800 Spooler - ok
11:02:50.0513 4800 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:02:50.0591 4800 sppsvc - ok
11:02:50.0700 4800 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:02:50.0747 4800 sppuinotify - ok
11:02:50.0918 4800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:02:50.0950 4800 srv - ok
11:02:51.0059 4800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:02:51.0090 4800 srv2 - ok
11:02:51.0199 4800 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:02:51.0230 4800 SrvHsfHDA - ok
11:02:51.0371 4800 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:02:51.0402 4800 SrvHsfV92 - ok
11:02:51.0542 4800 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:02:51.0574 4800 SrvHsfWinac - ok
11:02:51.0698 4800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:02:51.0730 4800 srvnet - ok
11:02:51.0839 4800 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:02:51.0886 4800 SSDPSRV - ok
11:02:51.0995 4800 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:02:52.0042 4800 SstpSvc - ok
11:02:52.0135 4800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:02:52.0135 4800 stexstor - ok
11:02:52.0260 4800 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:02:52.0291 4800 stisvc - ok
11:02:52.0432 4800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:02:52.0447 4800 swenum - ok
11:02:52.0572 4800 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:02:52.0634 4800 swprv - ok
11:02:52.0790 4800 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
11:02:52.0822 4800 SynTP - ok
11:02:52.0993 4800 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:02:53.0040 4800 SysMain - ok
11:02:53.0134 4800 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:02:53.0165 4800 TabletInputService - ok
11:02:53.0290 4800 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:02:53.0352 4800 TapiSrv - ok
11:02:53.0461 4800 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:02:53.0508 4800 TBS - ok
11:02:53.0680 4800 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:02:53.0726 4800 Tcpip - ok
11:02:53.0882 4800 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:02:53.0929 4800 TCPIP6 - ok
11:02:54.0054 4800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:02:54.0101 4800 tcpipreg - ok
11:02:54.0194 4800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:02:54.0210 4800 TDPIPE - ok
11:02:54.0335 4800 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:02:54.0350 4800 TDTCP - ok
11:02:54.0460 4800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:02:54.0491 4800 tdx - ok
11:02:54.0647 4800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:02:54.0662 4800 TermDD - ok
11:02:54.0881 4800 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:02:54.0943 4800 TermService - ok
11:02:55.0084 4800 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:02:55.0115 4800 Themes - ok
11:02:55.0224 4800 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:02:55.0271 4800 THREADORDER - ok
11:02:55.0411 4800 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:02:55.0458 4800 TrkWks - ok
11:02:55.0614 4800 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:02:55.0645 4800 TrustedInstaller - ok
11:02:55.0801 4800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:02:55.0848 4800 tssecsrv - ok
11:02:56.0160 4800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:02:56.0176 4800 TsUsbFlt - ok
11:02:56.0363 4800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:02:56.0410 4800 tunnel - ok
11:02:56.0519 4800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:02:56.0534 4800 uagp35 - ok
11:02:56.0644 4800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:02:56.0690 4800 udfs - ok
11:02:56.0831 4800 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:02:56.0862 4800 UI0Detect - ok
11:02:56.0956 4800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:02:56.0971 4800 uliagpkx - ok
11:02:57.0065 4800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:02:57.0080 4800 umbus - ok
11:02:57.0252 4800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:02:57.0268 4800 UmPass - ok
11:02:57.0346 4800 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:02:57.0392 4800 upnphost - ok
11:02:57.0470 4800 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:02:57.0486 4800 usbccgp - ok
11:02:57.0595 4800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:02:57.0611 4800 usbcir - ok
11:02:57.0814 4800 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:02:57.0829 4800 usbehci - ok
11:02:58.0001 4800 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:02:58.0016 4800 usbhub - ok
11:02:58.0204 4800 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:02:58.0235 4800 usbohci - ok
11:02:58.0422 4800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:02:58.0453 4800 usbprint - ok
11:02:58.0656 4800 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:02:58.0703 4800 usbscan - ok
11:02:58.0812 4800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:02:58.0828 4800 USBSTOR - ok
11:02:58.0937 4800 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:02:59.0015 4800 usbuhci - ok
11:02:59.0093 4800 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:02:59.0296 4800 UxSms - ok
11:02:59.0374 4800 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:59.0420 4800 VaultSvc - ok
11:02:59.0498 4800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:02:59.0514 4800 vdrvroot - ok
11:02:59.0623 4800 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:02:59.0686 4800 vds - ok
11:02:59.0764 4800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:02:59.0779 4800 vga - ok
11:02:59.0873 4800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:02:59.0920 4800 VgaSave - ok
11:03:00.0013 4800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:03:00.0029 4800 vhdmp - ok
11:03:00.0107 4800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:03:00.0122 4800 viaide - ok
11:03:00.0232 4800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:03:00.0247 4800 volmgr - ok
11:03:00.0341 4800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:03:00.0372 4800 volmgrx - ok
11:03:00.0497 4800 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:03:00.0512 4800 volsnap - ok
11:03:00.0746 4800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:03:00.0762 4800 vsmraid - ok
11:03:00.0887 4800 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:03:01.0105 4800 VSS - ok
11:03:01.0277 4800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:03:01.0308 4800 vwifibus - ok
11:03:01.0464 4800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:03:01.0495 4800 vwififlt - ok
11:03:01.0573 4800 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:03:01.0682 4800 W32Time - ok
11:03:01.0792 4800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:03:01.0792 4800 WacomPen - ok
11:03:01.0901 4800 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:03:02.0026 4800 WANARP - ok
11:03:02.0026 4800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:03:02.0166 4800 Wanarpv6 - ok
11:03:02.0262 4800 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:03:02.0294 4800 WatAdminSvc - ok
11:03:02.0426 4800 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:03:02.0515 4800 wbengine - ok
11:03:02.0602 4800 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:03:02.0648 4800 WbioSrvc - ok
11:03:02.0757 4800 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:03:02.0888 4800 wcncsvc - ok
11:03:02.0965 4800 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:03:02.0981 4800 WcsPlugInService - ok
11:03:03.0097 4800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:03:03.0110 4800 Wd - ok
11:03:03.0190 4800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:03:03.0221 4800 Wdf01000 - ok
11:03:03.0299 4800 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:03:03.0315 4800 WdiServiceHost - ok
11:03:03.0330 4800 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:03:03.0346 4800 WdiSystemHost - ok
11:03:03.0471 4800 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:03:03.0502 4800 WebClient - ok
11:03:03.0596 4800 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:03:03.0658 4800 Wecsvc - ok
11:03:03.0783 4800 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:03:03.0861 4800 wercplsupport - ok
11:03:03.0939 4800 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:03:04.0032 4800 WerSvc - ok
11:03:04.0110 4800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:03:04.0157 4800 WfpLwf - ok
11:03:04.0251 4800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:03:04.0251 4800 WIMMount - ok
11:03:04.0313 4800 WinDefend - ok
11:03:04.0329 4800 WinHttpAutoProxySvc - ok
11:03:04.0422 4800 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:03:04.0516 4800 Winmgmt - ok
11:03:04.0688 4800 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:03:04.0781 4800 WinRM - ok
11:03:04.0890 4800 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:03:04.0922 4800 WinUsb - ok
11:03:05.0031 4800 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:03:05.0078 4800 Wlansvc - ok
11:03:05.0156 4800 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:03:05.0156 4800 wlcrasvc - ok
11:03:05.0327 4800 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:03:05.0358 4800 wlidsvc - ok
11:03:05.0483 4800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:03:05.0499 4800 WmiAcpi - ok
11:03:05.0608 4800 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:03:05.0655 4800 wmiApSrv - ok
11:03:05.0686 4800 WMPNetworkSvc - ok
11:03:05.0795 4800 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:03:05.0811 4800 WPCSvc - ok
11:03:05.0904 4800 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:03:05.0967 4800 WPDBusEnum - ok
11:03:06.0060 4800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:03:06.0092 4800 ws2ifsl - ok
11:03:06.0216 4800 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:03:06.0263 4800 wscsvc - ok
11:03:06.0341 4800 WSearch - ok
11:03:06.0435 4800 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:03:06.0591 4800 wuauserv - ok
11:03:06.0700 4800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:03:06.0747 4800 WudfPf - ok
11:03:06.0840 4800 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:03:06.0887 4800 WUDFRd - ok
11:03:06.0965 4800 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:03:07.0028 4800 wudfsvc - ok
11:03:07.0121 4800 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:03:07.0168 4800 WwanSvc - ok
11:03:07.0277 4800 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:03:07.0293 4800 yukonw7 - ok
11:03:07.0324 4800 MBR (0x1B8) (2cd07e130f4efdc6bf79e0679ce1c7d6) \Device\Harddisk0\DR0
11:03:07.0480 4800 \Device\Harddisk0\DR0 - ok
11:03:07.0480 4800 Boot (0x1200) (5001197d1b683b84671e76ff0b820fc0) \Device\Harddisk0\DR0\Partition0
11:03:07.0480 4800 \Device\Harddisk0\DR0\Partition0 - ok
11:03:07.0511 4800 Boot (0x1200) (430ff86fddcc2081dd7e4d3aa704ab19) \Device\Harddisk0\DR0\Partition1
11:03:07.0511 4800 \Device\Harddisk0\DR0\Partition1 - ok
11:03:07.0558 4800 Boot (0x1200) (6756a99271312ec3aa9fa5553b226d4e) \Device\Harddisk0\DR0\Partition2
11:03:07.0558 4800 \Device\Harddisk0\DR0\Partition2 - ok
11:03:07.0574 4800 Boot (0x1200) (fc373130f5a68415bf2a98e52a63a8f4) \Device\Harddisk0\DR0\Partition3
11:03:07.0574 4800 \Device\Harddisk0\DR0\Partition3 - ok
11:03:07.0574 4800 ============================================================
11:03:07.0574 4800 Scan finished
11:03:07.0574 4800 ============================================================
11:03:07.0589 3364 Detected object count: 1
11:03:07.0589 3364 Actual detected object count: 1
11:03:14.0718 3364 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:14.0718 3364 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:44.0974 4588 ============================================================
11:04:44.0974 4588 Scan started
11:04:44.0974 4588 Mode: Manual; SigCheck; TDLFS;
11:04:44.0974 4588 ============================================================
11:04:45.0302 4588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:04:45.0318 4588 1394ohci - ok
11:04:45.0380 4588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:04:45.0411 4588 ACPI - ok
11:04:45.0520 4588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:04:45.0552 4588 AcpiPmi - ok
11:04:45.0692 4588 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:04:45.0708 4588 AdobeFlashPlayerUpdateSvc - ok
11:04:45.0817 4588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:04:45.0832 4588 adp94xx - ok
11:04:45.0926 4588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:04:45.0942 4588 adpahci - ok
11:04:46.0020 4588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:04:46.0035 4588 adpu320 - ok
11:04:46.0144 4588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:04:46.0176 4588 AeLookupSvc - ok
11:04:46.0222 4588 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:04:46.0238 4588 AERTFilters - ok
11:04:46.0378 4588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:04:46.0394 4588 AFD - ok
11:04:46.0472 4588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:04:46.0488 4588 agp440 - ok
11:04:46.0581 4588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:04:46.0597 4588 ALG - ok
11:04:46.0690 4588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:04:46.0706 4588 aliide - ok
11:04:46.0784 4588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:04:46.0800 4588 amdide - ok
11:04:46.0878 4588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:04:46.0893 4588 AmdK8 - ok
11:04:46.0971 4588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:04:46.0987 4588 AmdPPM - ok
11:04:47.0080 4588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:04:47.0112 4588 amdsata - ok
11:04:47.0190 4588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:04:47.0221 4588 amdsbs - ok
11:04:47.0299 4588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:04:47.0330 4588 amdxata - ok
11:04:47.0408 4588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:04:47.0455 4588 AppID - ok
11:04:47.0595 4588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:04:47.0642 4588 AppIDSvc - ok
11:04:47.0720 4588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:04:47.0767 4588 Appinfo - ok
11:04:47.0860 4588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:04:47.0876 4588 arc - ok
11:04:47.0970 4588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:04:48.0001 4588 arcsas - ok
11:04:48.0079 4588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:04:48.0126 4588 AsyncMac - ok
11:04:48.0219 4588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:04:48.0250 4588 atapi - ok
11:04:48.0344 4588 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:04:48.0375 4588 AudioEndpointBuilder - ok
11:04:48.0391 4588 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:04:48.0438 4588 AudioSrv - ok
11:04:48.0531 4588 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:04:48.0562 4588 AxInstSV - ok
11:04:48.0672 4588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:04:48.0703 4588 b06bdrv - ok
11:04:48.0843 4588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:04:48.0874 4588 b57nd60a - ok
11:04:48.0937 4588 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:04:48.0952 4588 BDESVC - ok
11:04:49.0046 4588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:04:49.0093 4588 Beep - ok
11:04:49.0171 4588 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:04:49.0218 4588 BFE - ok
11:04:49.0311 4588 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:04:49.0374 4588 BITS - ok
11:04:49.0452 4588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:04:49.0483 4588 blbdrive - ok
11:04:49.0561 4588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:04:49.0592 4588 bowser - ok
11:04:49.0670 4588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:04:49.0686 4588 BrFiltLo - ok
11:04:49.0764 4588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:04:49.0795 4588 BrFiltUp - ok
11:04:49.0873 4588 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:04:49.0920 4588 BridgeMP - ok
11:04:50.0013 4588 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:04:50.0076 4588 Browser - ok
11:04:50.0154 4588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:04:50.0185 4588 Brserid - ok
11:04:50.0278 4588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:04:50.0294 4588 BrSerWdm - ok
11:04:50.0372 4588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:04:50.0403 4588 BrUsbMdm - ok
11:04:50.0497 4588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:04:50.0512 4588 BrUsbSer - ok
11:04:50.0606 4588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:04:50.0622 4588 BTHMODEM - ok
11:04:50.0700 4588 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:04:50.0762 4588 bthserv - ok
11:04:50.0778 4588 catchme - ok
11:04:50.0871 4588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:04:50.0918 4588 cdfs - ok
11:04:51.0012 4588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:04:51.0043 4588 cdrom - ok
11:04:51.0136 4588 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:04:51.0183 4588 CertPropSvc - ok
11:04:51.0261 4588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:04:51.0277 4588 circlass - ok
11:04:51.0370 4588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:04:51.0402 4588 CLFS - ok
11:04:51.0480 4588 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:04:51.0495 4588 clr_optimization_v2.0.50727_32 - ok
11:04:51.0589 4588 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:04:51.0604 4588 clr_optimization_v2.0.50727_64 - ok
11:04:51.0714 4588 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:04:51.0729 4588 clr_optimization_v4.0.30319_32 - ok
11:04:51.0854 4588 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:04:51.0870 4588 clr_optimization_v4.0.30319_64 - ok
11:04:51.0948 4588 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:04:51.0963 4588 clwvd - ok
11:04:52.0010 4588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:04:52.0041 4588 CmBatt - ok
11:04:52.0119 4588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:04:52.0135 4588 cmdide - ok
11:04:52.0228 4588 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:04:52.0260 4588 CNG - ok
11:04:52.0338 4588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:04:52.0369 4588 Compbatt - ok
11:04:52.0462 4588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:04:52.0494 4588 CompositeBus - ok
11:04:52.0556 4588 COMSysApp - ok
11:04:52.0650 4588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:04:52.0665 4588 crcdisk - ok
11:04:52.0774 4588 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:04:52.0821 4588 CryptSvc - ok
11:04:52.0915 4588 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:04:52.0962 4588 DcomLaunch - ok
11:04:53.0055 4588 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:04:53.0102 4588 defragsvc - ok
11:04:53.0211 4588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:04:53.0258 4588 DfsC - ok
11:04:53.0367 4588 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:04:53.0430 4588 Dhcp - ok
11:04:53.0508 4588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:04:53.0539 4588 discache - ok
11:04:53.0617 4588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:04:53.0632 4588 Disk - ok
11:04:53.0726 4588 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:04:53.0757 4588 Dnscache - ok
11:04:53.0851 4588 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:04:53.0898 4588 dot3svc - ok
11:04:53.0976 4588 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:04:54.0022 4588 DPS - ok
11:04:54.0100 4588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:04:54.0116 4588 drmkaud - ok
11:04:54.0241 4588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:04:54.0272 4588 DXGKrnl - ok
11:04:54.0366 4588 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:04:54.0412 4588 EapHost - ok
11:04:54.0568 4588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:04:54.0631 4588 ebdrv - ok
11:04:54.0724 4588 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:04:54.0740 4588 EFS - ok
11:04:54.0834 4588 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:04:54.0865 4588 ehRecvr - ok
11:04:54.0896 4588 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:04:54.0912 4588 ehSched - ok
11:04:55.0005 4588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:04:55.0052 4588 elxstor - ok
11:04:55.0114 4588 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
11:04:55.0130 4588 EPSON_EB_RPCV4_01 - ok
11:04:55.0208 4588 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
11:04:55.0224 4588 EPSON_PM_RPCV4_01 - ok
11:04:55.0302 4588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:04:55.0317 4588 ErrDev - ok
11:04:55.0411 4588 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:04:55.0473 4588 EventSystem - ok
11:04:55.0551 4588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:04:55.0598 4588 exfat - ok
11:04:55.0676 4588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:04:55.0723 4588 fastfat - ok
11:04:55.0816 4588 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:04:55.0863 4588 Fax - ok
11:04:55.0941 4588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:04:55.0957 4588 fdc - ok
11:04:56.0035 4588 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:04:56.0082 4588 fdPHost - ok
11:04:56.0144 4588 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:04:56.0206 4588 FDResPub - ok
11:04:56.0269 4588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:04:56.0284 4588 FileInfo - ok
11:04:56.0362 4588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:04:56.0409 4588 Filetrace - ok
11:04:56.0487 4588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:04:56.0503 4588 flpydisk - ok
11:04:56.0612 4588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:04:56.0628 4588 FltMgr - ok
11:04:56.0752 4588 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:04:56.0784 4588 FontCache - ok
11:04:56.0893 4588 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:04:56.0908 4588 FontCache3.0.0.0 - ok
11:04:56.0986 4588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:04:57.0002 4588 FsDepends - ok
11:04:57.0096 4588 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
11:04:57.0111 4588 fssfltr - ok
11:04:57.0220 4588 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:04:57.0252 4588 fsssvc - ok
11:04:57.0330 4588 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:04:57.0361 4588 Fs_Rec - ok
11:04:57.0470 4588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:04:57.0501 4588 fvevol - ok
11:04:57.0564 4588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:04:57.0595 4588 gagp30kx - ok
11:04:57.0688 4588 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:04:57.0704 4588 GamesAppService - ok
11:04:57.0813 4588 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:04:57.0860 4588 gpsvc - ok
11:04:57.0938 4588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:04:57.0969 4588 hcw85cir - ok
11:04:58.0063 4588 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:04:58.0094 4588 HdAudAddService - ok
11:04:58.0219 4588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:04:58.0250 4588 HDAudBus - ok
11:04:58.0328 4588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:04:58.0359 4588 HidBatt - ok
11:04:58.0437 4588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:04:58.0453 4588 HidBth - ok
11:04:58.0546 4588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:04:58.0562 4588 HidIr - ok
11:04:58.0656 4588 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:04:58.0702 4588 hidserv - ok
11:04:58.0796 4588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:04:58.0827 4588 HidUsb - ok
11:04:58.0921 4588 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:04:58.0968 4588 hkmsvc - ok
11:04:59.0046 4588 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:04:59.0077 4588 HomeGroupListener - ok
11:04:59.0170 4588 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:04:59.0186 4588 HomeGroupProvider - ok
11:04:59.0264 4588 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:04:59.0280 4588 HP Support Assistant Service - ok
11:04:59.0358 4588 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:04:59.0373 4588 HP Wireless Assistant Service - ok
11:04:59.0420 4588 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:04:59.0436 4588 HPClientSvc - ok
11:04:59.0514 4588 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:04:59.0529 4588 HPDrvMntSvc.exe - ok
11:04:59.0560 4588 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:04:59.0592 4588 hpqwmiex - ok
11:04:59.0685 4588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:04:59.0701 4588 HpSAMD - ok
11:04:59.0763 4588 HPWMISVC (854197d1270d20193fe2d4b14784aade) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:04:59.0779 4588 HPWMISVC - ok
11:04:59.0888 4588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:04:59.0935 4588 HTTP - ok
11:05:00.0028 4588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:05:00.0044 4588 hwpolicy - ok
11:05:00.0138 4588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:05:00.0169 4588 i8042prt - ok
11:05:00.0262 4588 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
11:05:00.0294 4588 iaStor - ok
11:05:00.0387 4588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:05:00.0418 4588 iaStorV - ok
11:05:00.0559 4588 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:05:00.0590 4588 idsvc - ok
11:05:00.0886 4588 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:05:01.0011 4588 igfx - ok
11:05:01.0089 4588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:05:01.0105 4588 iirsp - ok
11:05:01.0214 4588 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:05:01.0276 4588 IKEEXT - ok
11:05:01.0432 4588 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
11:05:01.0479 4588 IntcAzAudAddService - ok
11:05:01.0573 4588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:05:01.0588 4588 intelide - ok
11:05:01.0666 4588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:05:01.0698 4588 intelppm - ok
11:05:01.0776 4588 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:05:01.0822 4588 IPBusEnum - ok
11:05:01.0916 4588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:05:01.0978 4588 IpFilterDriver - ok
11:05:02.0072 4588 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:05:02.0119 4588 iphlpsvc - ok
11:05:02.0220 4588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:05:02.0243 4588 IPMIDRV - ok
11:05:02.0325 4588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:05:02.0390 4588 IPNAT - ok
11:05:02.0476 4588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:05:02.0506 4588 IRENUM - ok
11:05:02.0590 4588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:05:02.0611 4588 isapnp - ok
11:05:02.0718 4588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:05:02.0745 4588 iScsiPrt - ok
11:05:02.0824 4588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:05:02.0845 4588 kbdclass - ok
11:05:02.0942 4588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:05:02.0965 4588 kbdhid - ok
11:05:03.0049 4588 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:05:03.0068 4588 KeyIso - ok
11:05:03.0153 4588 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:05:03.0184 4588 KSecDD - ok
11:05:03.0246 4588 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:05:03.0262 4588 KSecPkg - ok
11:05:03.0340 4588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:05:03.0387 4588 ksthunk - ok
11:05:03.0480 4588 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:05:03.0527 4588 KtmRm - ok
11:05:03.0605 4588 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:05:03.0668 4588 LanmanServer - ok
11:05:03.0761 4588 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:05:03.0808 4588 LanmanWorkstation - ok
11:05:03.0902 4588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:05:03.0948 4588 lltdio - ok
11:05:04.0026 4588 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:05:04.0073 4588 lltdsvc - ok
11:05:04.0151 4588 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:05:04.0198 4588 lmhosts - ok
11:05:04.0292 4588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:05:04.0307 4588 LSI_FC - ok
11:05:04.0401 4588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:05:04.0416 4588 LSI_SAS - ok
11:05:04.0510 4588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:05:04.0526 4588 LSI_SAS2 - ok
11:05:04.0604 4588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:05:04.0635 4588 LSI_SCSI - ok
11:05:04.0713 4588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:05:04.0760 4588 luafv - ok
11:05:04.0838 4588 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:05:04.0869 4588 Mcx2Svc - ok
11:05:04.0947 4588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:05:04.0962 4588 megasas - ok
11:05:05.0056 4588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:05:05.0087 4588 MegaSR - ok
11:05:05.0165 4588 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:05:05.0228 4588 MMCSS - ok
11:05:05.0306 4588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:05:05.0352 4588 Modem - ok
11:05:05.0430 4588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:05:05.0446 4588 monitor - ok
11:05:05.0540 4588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:05:05.0571 4588 mouclass - ok
11:05:05.0633 4588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:05:05.0664 4588 mouhid - ok
11:05:05.0742 4588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:05:05.0758 4588 mountmgr - ok
11:05:05.0867 4588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:05:05.0883 4588 mpio - ok
11:05:05.0976 4588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:05:06.0023 4588 mpsdrv - ok
11:05:06.0117 4588 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:05:06.0164 4588 MpsSvc - ok
11:05:06.0257 4588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:05:06.0288 4588 MRxDAV - ok
11:05:06.0366 4588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:05:06.0382 4588 mrxsmb - ok
11:05:06.0491 4588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:05:06.0507 4588 mrxsmb10 - ok
11:05:06.0585 4588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:05:06.0616 4588 mrxsmb20 - ok
11:05:06.0694 4588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:05:06.0725 4588 msahci - ok
11:05:06.0819 4588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:05:06.0834 4588 msdsm - ok
11:05:06.0928 4588 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:05:06.0944 4588 MSDTC - ok
11:05:07.0022 4588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:05:07.0084 4588 Msfs - ok
11:05:07.0146 4588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:05:07.0193 4588 mshidkmdf - ok
11:05:07.0271 4588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:05:07.0302 4588 msisadrv - ok
11:05:07.0365 4588 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:05:07.0427 4588 MSiSCSI - ok
11:05:07.0474 4588 msiserver - ok
11:05:07.0505 4588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:05:07.0552 4588 MSKSSRV - ok
11:05:07.0630 4588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:05:07.0677 4588 MSPCLOCK - ok
11:05:07.0755 4588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:05:07.0802 4588 MSPQM - ok
11:05:07.0895 4588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:05:07.0926 4588 MsRPC - ok
11:05:08.0004 4588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:05:08.0036 4588 mssmbios - ok
11:05:08.0098 4588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:05:08.0145 4588 MSTEE - ok
11:05:08.0223 4588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:05:08.0238 4588 MTConfig - ok
11:05:08.0316 4588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:05:08.0348 4588 Mup - ok
11:05:08.0441 4588 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:05:08.0488 4588 napagent - ok
11:05:08.0582 4588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:05:08.0613 4588 NativeWifiP - ok
11:05:08.0722 4588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:05:08.0769 4588 NDIS - ok
11:05:08.0847 4588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:05:08.0894 4588 NdisCap - ok
11:05:08.0956 4588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:05:09.0018 4588 NdisTapi - ok
11:05:09.0112 4588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:05:09.0159 4588 Ndisuio - ok
11:05:09.0252 4588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:05:09.0299 4588 NdisWan - ok
11:05:09.0393 4588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:05:09.0455 4588 NDProxy - ok
11:05:09.0533 4588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:05:09.0580 4588 NetBIOS - ok
11:05:09.0689 4588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:05:09.0736 4588 NetBT - ok
11:05:09.0814 4588 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:05:09.0845 4588 Netlogon - ok
11:05:09.0939 4588 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:05:09.0986 4588 Netman - ok
11:05:10.0079 4588 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:05:10.0126 4588 netprofm - ok
11:05:10.0235 4588 netr28x (aa1d8f9de032be4e8303af33368fdfc8) C:\Windows\system32\DRIVERS\netr28x.sys
11:05:10.0266 4588 netr28x - ok
11:05:10.0376 4588 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:05:10.0391 4588 NetTcpPortSharing - ok
11:05:10.0594 4588 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:05:10.0672 4588 netw5v64 - ok
11:05:10.0750 4588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:05:10.0781 4588 nfrd960 - ok
11:05:10.0859 4588 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:05:10.0906 4588 NlaSvc - ok
11:05:11.0031 4588 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:05:11.0078 4588 NOBU - ok
11:05:11.0171 4588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:05:11.0218 4588 Npfs - ok
11:05:11.0296 4588 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:05:11.0358 4588 nsi - ok
11:05:11.0436 4588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:05:11.0483 4588 nsiproxy - ok
11:05:11.0608 4588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:05:11.0655 4588 Ntfs - ok
11:05:11.0717 4588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:05:11.0780 4588 Null - ok
11:05:11.0873 4588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:05:11.0889 4588 nvraid - ok
11:05:12.0014 4588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:05:12.0029 4588 nvstor - ok
11:05:12.0123 4588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:05:12.0138 4588 nv_agp - ok
11:05:12.0248 4588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:05:12.0263 4588 ohci1394 - ok
11:05:12.0341 4588 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:05:12.0357 4588 ose - ok
11:05:12.0450 4588 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:05:12.0482 4588 p2pimsvc - ok
11:05:12.0560 4588 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:05:12.0591 4588 p2psvc - ok
11:05:12.0684 4588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:05:12.0700 4588 Parport - ok
11:05:12.0809 4588 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:05:12.0825 4588 partmgr - ok
11:05:12.0903 4588 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:05:12.0934 4588 PcaSvc - ok
11:05:13.0028 4588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:05:13.0043 4588 pci - ok
11:05:13.0137 4588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:05:13.0152 4588 pciide - ok
11:05:13.0230 4588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:05:13.0262 4588 pcmcia - ok
11:05:13.0355 4588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:05:13.0371 4588 pcw - ok
11:05:13.0464 4588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:05:13.0511 4588 PEAUTH - ok
11:05:13.0589 4588 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:05:13.0620 4588 PerfHost - ok
11:05:13.0761 4588 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:05:13.0808 4588 pla - ok
11:05:13.0901 4588 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:05:13.0932 4588 PlugPlay - ok
11:05:14.0010 4588 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:05:14.0042 4588 PNRPAutoReg - ok
11:05:14.0120 4588 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:05:14.0135 4588 PNRPsvc - ok
11:05:14.0229 4588 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:05:14.0244 4588 Point64 - ok
11:05:14.0354 4588 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:05:14.0400 4588 PolicyAgent - ok
11:05:14.0478 4588 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:05:14.0525 4588 Power - ok
11:05:14.0619 4588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:05:14.0650 4588 PptpMiniport - ok
11:05:14.0728 4588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:05:14.0759 4588 Processor - ok
11:05:14.0837 4588 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:05:14.0900 4588 ProfSvc - ok
11:05:14.0993 4588 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:05:15.0009 4588 ProtectedStorage - ok
11:05:15.0102 4588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:05:15.0149 4588 Psched - ok
11:05:15.0274 4588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:05:15.0321 4588 ql2300 - ok
11:05:15.0430 4588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:05:15.0446 4588 ql40xx - ok
11:05:15.0524 4588 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:05:15.0555 4588 QWAVE - ok
11:05:15.0633 4588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:05:15.0664 4588 QWAVEdrv - ok
11:05:15.0742 4588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:05:15.0789 4588 RasAcd - ok
11:05:15.0882 4588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:05:15.0929 4588 RasAgileVpn - ok
11:05:16.0007 4588 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:05:16.0054 4588 RasAuto - ok
11:05:16.0148 4588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:05:16.0210 4588 Rasl2tp - ok
11:05:16.0304 4588 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:05:16.0350 4588 RasMan - ok
11:05:16.0428 4588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:05:16.0475 4588 RasPppoe - ok
11:05:16.0553 4588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:05:16.0600 4588 RasSstp - ok
11:05:16.0694 4588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:05:16.0740 4588 rdbss - ok
11:05:16.0834 4588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:05:16.0865 4588 rdpbus - ok
11:05:16.0928 4588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:05:16.0990 4588 RDPCDD - ok
11:05:17.0068 4588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:05:17.0115 4588 RDPENCDD - ok
11:05:17.0193 4588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:05:17.0240 4588 RDPREFMP - ok
11:05:17.0333 4588 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:05:17.0349 4588 RDPWD - ok
11:05:17.0442 4588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:05:17.0474 4588 rdyboost - ok
11:05:17.0552 4588 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:05:17.0598 4588 RemoteAccess - ok
11:05:17.0676 4588 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:05:17.0708 4588 RemoteRegistry - ok
11:05:17.0801 4588 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:05:17.0817 4588 RoxioNow Service - ok
11:05:17.0895 4588 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:05:17.0942 4588 RpcEptMapper - ok
11:05:18.0020 4588 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:05:18.0035 4588 RpcLocator - ok
11:05:18.0129 4588 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:05:18.0176 4588 RpcSs - ok
11:05:18.0254 4588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:05:18.0300 4588 rspndr - ok
11:05:18.0394 4588 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:05:18.0425 4588 RTL8167 - ok
11:05:18.0488 4588 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
11:05:18.0488 4588 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
11:05:18.0488 4588 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
11:05:18.0550 4588 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:05:18.0566 4588 SamSs - ok
11:05:18.0659 4588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:05:18.0675 4588 sbp2port - ok
11:05:18.0768 4588 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:05:18.0815 4588 SBSDWSCService - ok
11:05:18.0893 4588 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:05:18.0924 4588 SCardSvr - ok
11:05:19.0018 4588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:05:19.0080 4588 scfilter - ok
11:05:19.0174 4588 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:05:19.0252 4588 Schedule - ok
11:05:19.0330 4588 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:05:19.0377 4588 SCPolicySvc - ok
11:05:19.0470 4588 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:05:19.0502 4588 sdbus - ok
11:05:19.0595 4588 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:05:19.0611 4588 SDRSVC - ok
11:05:19.0689 4588 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:05:19.0704 4588 SeaPort - ok
11:05:19.0767 4588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:05:19.0814 4588 secdrv - ok
11:05:19.0907 4588 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:05:19.0954 4588 seclogon - ok
11:05:20.0032 4588 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:05:20.0079 4588 SENS - ok
11:05:20.0157 4588 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:05:20.0172 4588 SensrSvc - ok
11:05:20.0266 4588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:05:20.0282 4588 Serenum - ok
11:05:20.0360 4588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:05:20.0375 4588 Serial - ok
11:05:20.0469 4588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:05:20.0500 4588 sermouse - ok
11:05:20.0609 4588 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:05:20.0656 4588 SessionEnv - ok
11:05:20.0750 4588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:05:20.0765 4588 sffdisk - ok
11:05:20.0859 4588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:05:20.0890 4588 sffp_mmc - ok
11:05:20.0984 4588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:05:20.0999 4588 sffp_sd - ok
11:05:21.0093 4588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:05:21.0108 4588 sfloppy - ok
11:05:21.0186 4588 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:05:21.0264 4588 SharedAccess - ok
11:05:21.0358 4588 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:05:21.0405 4588 ShellHWDetection - ok
11:05:21.0498 4588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:05:21.0514 4588 SiSRaid2 - ok
11:05:21.0608 4588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:05:21.0623 4588 SiSRaid4 - ok
11:05:21.0717 4588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:05:21.0764 4588 Smb - ok
11:05:21.0842 4588 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:05:21.0857 4588 SNMPTRAP - ok
11:05:21.0935 4588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:05:21.0951 4588 spldr - ok
11:05:22.0060 4588 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:05:22.0107 4588 Spooler - ok
11:05:22.0263 4588 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:05:22.0325 4588 sppsvc - ok
11:05:22.0419 4588 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:05:22.0466 4588 sppuinotify - ok
11:05:22.0559 4588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:05:22.0590 4588 srv - ok
11:05:22.0700 4588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:05:22.0715 4588 srv2 - ok
11:05:22.0793 4588 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:05:22.0824 4588 SrvHsfHDA - ok
11:05:22.0949 4588 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:05:22.0980 4588 SrvHsfV92 - ok
11:05:23.0090 4588 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:05:23.0121 4588 SrvHsfWinac - ok
11:05:23.0214 4588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:05:23.0246 4588 srvnet - ok
11:05:23.0324 4588 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:05:23.0370 4588 SSDPSRV - ok
11:05:23.0448 4588 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:05:23.0511 4588 SstpSvc - ok
11:05:23.0573 4588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:05:23.0604 4588 stexstor - ok
11:05:23.0698 4588 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:05:23.0729 4588 stisvc - ok
11:05:23.0823 4588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:05:23.0838 4588 swenum - ok
11:05:23.0963 4588 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:05:24.0026 4588 swprv - ok
11:05:24.0135 4588 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
11:05:24.0166 4588 SynTP - ok
11:05:24.0291 4588 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:05:24.0322 4588 SysMain - ok
11:05:24.0416 4588 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:05:24.0447 4588 TabletInputService - ok
11:05:24.0540 4588 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:05:24.0603 4588 TapiSrv - ok
11:05:24.0696 4588 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:05:24.0728 4588 TBS - ok
11:05:24.0868 4588 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:05:24.0915 4588 Tcpip - ok
11:05:25.0071 4588 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:05:25.0102 4588 TCPIP6 - ok
11:05:25.0196 4588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:05:25.0258 4588 tcpipreg - ok
11:05:25.0336 4588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:05:25.0352 4588 TDPIPE - ok
11:05:25.0445 4588 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:05:25.0476 4588 TDTCP - ok
11:05:25.0570 4588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:05:25.0601 4588 tdx - ok
11:05:25.0679 4588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:05:25.0710 4588 TermDD - ok
11:05:25.0820 4588 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:05:25.0866 4588 TermService - ok
11:05:25.0929 4588 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:05:25.0960 4588 Themes - ok
11:05:26.0022 4588 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:05:26.0085 4588 THREADORDER - ok
11:05:26.0163 4588 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:05:26.0194 4588 TrkWks - ok
11:05:26.0256 4588 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:05:26.0319 4588 TrustedInstaller - ok
11:05:26.0381 4588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:05:26.0428 4588 tssecsrv - ok
11:05:26.0522 4588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:05:26.0537 4588 TsUsbFlt - ok
11:05:26.0646 4588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:05:26.0693 4588 tunnel - ok
11:05:26.0771 4588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:05:26.0787 4588 uagp35 - ok
11:05:26.0880 4588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:05:26.0927 4588 udfs - ok
11:05:27.0005 4588 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:05:27.0036 4588 UI0Detect - ok
11:05:27.0114 4588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:05:27.0130 4588 uliagpkx - ok
11:05:27.0224 4588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:05:27.0255 4588 umbus - ok
11:05:27.0348 4588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:05:27.0364 4588 UmPass - ok
11:05:27.0442 4588 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:05:27.0504 4588 upnphost - ok
11:05:27.0598 4588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:05:27.0614 4588 usbccgp - ok
11:05:27.0707 4588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:05:27.0738 4588 usbcir - ok
11:05:27.0832 4588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:05:27.0848 4588 usbehci - ok
11:05:27.0941 4588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:05:27.0972 4588 usbhub - ok
11:05:28.0066 4588 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:05:28.0082 4588 usbohci - ok
11:05:28.0175 4588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:05:28.0191 4588 usbprint - ok
11:05:28.0300 4588 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:05:28.0316 4588 usbscan - ok
11:05:28.0409 4588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:05:28.0440 4588 USBSTOR - ok
11:05:28.0518 4588 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:05:28.0534 4588 usbuhci - ok
11:05:28.0628 4588 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:05:28.0674 4588 UxSms - ok
11:05:28.0752 4588 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:05:28.0784 4588 VaultSvc - ok
11:05:28.0862 4588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:05:28.0893 4588 vdrvroot - ok
11:05:29.0002 4588 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:05:29.0064 4588 vds - ok
11:05:29.0127 4588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:05:29.0158 4588 vga - ok
11:05:29.0236 4588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:05:29.0283 4588 VgaSave - ok
11:05:29.0423 4588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:05:29.0454 4588 vhdmp - ok
11:05:29.0579 4588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:05:29.0595 4588 viaide - ok
11:05:29.0688 4588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:05:29.0720 4588 volmgr - ok
11:05:29.0813 4588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:05:29.0844 4588 volmgrx - ok
11:05:29.0938 4588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:05:29.0969 4588 volsnap - ok
11:05:30.0047 4588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:05:30.0078 4588 vsmraid - ok
11:05:30.0203 4588 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:05:30.0250 4588 VSS - ok
11:05:30.0344 4588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:05:30.0359 4588 vwifibus - ok
11:05:30.0453 4588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:05:30.0468 4588 vwififlt - ok
11:05:30.0562 4588 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:05:30.0624 4588 W32Time - ok
11:05:30.0702 4588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:05:30.0718 4588 WacomPen - ok
11:05:30.0812 4588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:30.0874 4588 WANARP - ok
11:05:30.0874 4588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:30.0905 4588 Wanarpv6 - ok
11:05:30.0983 4588 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:05:31.0014 4588 WatAdminSvc - ok
11:05:31.0139 4588 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:05:31.0186 4588 wbengine - ok
11:05:31.0264 4588 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:05:31.0280 4588 WbioSrvc - ok
11:05:31.0389 4588 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:05:31.0420 4588 wcncsvc - ok
11:05:31.0498 4588 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:05:31.0529 4588 WcsPlugInService - ok
11:05:31.0607 4588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:05:31.0623 4588 Wd - ok
11:05:31.0732 4588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:05:31.0748 4588 Wdf01000 - ok
11:05:31.0841 4588 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:05:31.0872 4588 WdiServiceHost - ok
11:05:31.0872 4588 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:05:31.0904 4588 WdiSystemHost - ok
11:05:31.0997 4588 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:05:32.0044 4588 WebClient - ok
11:05:32.0122 4588 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:05:32.0169 4588 Wecsvc - ok
11:05:32.0262 4588 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:05:32.0309 4588 wercplsupport - ok
11:05:32.0387 4588 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:05:32.0450 4588 WerSvc - ok
11:05:32.0528 4588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:05:32.0574 4588 WfpLwf - ok
11:05:32.0652 4588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:05:32.0668 4588 WIMMount - ok
11:05:32.0699 4588 WinDefend - ok
11:05:32.0715 4588 WinHttpAutoProxySvc - ok
11:05:32.0824 4588 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:05:32.0871 4588 Winmgmt - ok
11:05:32.0996 4588 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:05:33.0074 4588 WinRM - ok
11:05:33.0167 4588 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:05:33.0198 4588 WinUsb - ok
11:05:33.0308 4588 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:05:33.0339 4588 Wlansvc - ok
11:05:33.0401 4588 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:05:33.0417 4588 wlcrasvc - ok
11:05:33.0542 4588 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:05:33.0588 4588 wlidsvc - ok
11:05:33.0682 4588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:05:33.0698 4588 WmiAcpi - ok
11:05:33.0807 4588 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:05:33.0838 4588 wmiApSrv - ok
11:05:33.0854 4588 WMPNetworkSvc - ok
11:05:33.0947 4588 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:05:33.0978 4588 WPCSvc - ok
11:05:34.0056 4588 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:05:34.0088 4588 WPDBusEnum - ok
11:05:34.0197 4588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:05:34.0244 4588 ws2ifsl - ok
11:05:34.0322 4588 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:05:34.0353 4588 wscsvc - ok
11:05:34.0400 4588 WSearch - ok
11:05:34.0493 4588 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:05:34.0571 4588 wuauserv - ok
11:05:34.0665 4588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:05:34.0712 4588 WudfPf - ok
11:05:34.0821 4588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:05:34.0868 4588 WUDFRd - ok
11:05:34.0946 4588 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:05:35.0008 4588 wudfsvc - ok
11:05:35.0086 4588 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:05:35.0102 4588 WwanSvc - ok
11:05:35.0195 4588 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:05:35.0226 4588 yukonw7 - ok
11:05:35.0242 4588 MBR (0x1B8) (2cd07e130f4efdc6bf79e0679ce1c7d6) \Device\Harddisk0\DR0
11:05:35.0351 4588 \Device\Harddisk0\DR0 - ok
11:05:35.0367 4588 Boot (0x1200) (5001197d1b683b84671e76ff0b820fc0) \Device\Harddisk0\DR0\Partition0
11:05:35.0367 4588 \Device\Harddisk0\DR0\Partition0 - ok
11:05:35.0382 4588 Boot (0x1200) (430ff86fddcc2081dd7e4d3aa704ab19) \Device\Harddisk0\DR0\Partition1
11:05:35.0382 4588 \Device\Harddisk0\DR0\Partition1 - ok
11:05:35.0414 4588 Boot (0x1200) (6756a99271312ec3aa9fa5553b226d4e) \Device\Harddisk0\DR0\Partition2
11:05:35.0414 4588 \Device\Harddisk0\DR0\Partition2 - ok
11:05:35.0445 4588 Boot (0x1200) (fc373130f5a68415bf2a98e52a63a8f4) \Device\Harddisk0\DR0\Partition3
11:05:35.0445 4588 \Device\Harddisk0\DR0\Partition3 - ok
11:05:35.0445 4588 ============================================================
11:05:35.0445 4588 Scan finished
11:05:35.0445 4588 ============================================================
11:05:35.0445 1680 Detected object count: 1
11:05:35.0445 1680 Actual detected object count: 1
11:05:55.0272 1680 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:55.0272 1680 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

#7 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 02:02 PM

Part 3

MBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 11:10:05
-----------------------------
11:10:05.146 OS Version: Windows x64 6.1.7601 Service Pack 1
11:10:05.146 Number of processors: 2 586 0x170A
11:10:05.146 ComputerName: HP UserName:
11:10:05.770 Initialize success
11:20:38.562 The log file has been saved successfully to "C:\Users\TTTTMMMM\Documents\aswMBR.txt"
11:21:10.303 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:21:10.303 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 3
11:21:10.318 Disk 0 MBR read successfully
11:21:10.318 Disk 0 MBR scan
11:21:10.318 Disk 0 unknown MBR code
11:21:10.334 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:21:10.350 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218806 MB offset 409600
11:21:10.381 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19365 MB offset 448524288
11:21:10.412 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
11:21:10.443 Disk 0 scanning C:\Windows\system32\drivers
11:21:18.337 Service scanning
11:21:44.997 Modules scanning
11:21:45.013 Disk 0 trace - called modules:
11:21:45.044 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:21:45.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024586d0]
11:21:45.044 3 CLASSPNP.SYS[fffff88001b6a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80022af050]
11:21:45.060 Scan finished successfully
11:24:33.824 Disk 0 MBR has been saved successfully to "C:\Users\TTTTMMMM\Documents\MBR.dat"
11:24:33.824 The log file has been saved successfully to "C:\Users\TTTTMMMM\Documents\aswMBR.txt"

#8 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 02:05 PM

Part 4

OTL:
OTL logfile created on: 4/20/2012 11:29:04 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\TTTTMMMM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 41.34% Memory free
3.87 Gb Paging File | 2.27 Gb Available in Paging File | 58.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213.68 Gb Total Space | 153.27 Gb Free Space | 71.73% Space Free | Partition Type: NTFS
Drive D: | 18.91 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: TTTTMMMM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 11:27:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\TTTTMMMM\Desktop\OTL.exe
PRC - [2012/04/20 11:09:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\TTTTMMMM\Desktop\aswMBR.exe
PRC - [2012/01/13 22:56:21 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/31 20:24:54 | 000,189,880 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
PRC - [2011/03/31 20:24:42 | 000,189,880 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/29 00:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/28 18:08:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/09/28 18:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/28 12:59:06 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 00:37:34 | 000,444,400 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 00:37:33 | 003,915,248 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 00:36:08 | 000,122,880 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 00:36:06 | 000,220,672 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 00:36:05 | 001,747,456 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/03/06 22:07:38 | 000,034,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2012/02/02 20:44:16 | 000,349,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/11/30 23:43:27 | 000,038,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/07/03 10:32:42 | 000,928,104 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\admodule.dll
MOD - [2011/03/31 22:00:44 | 000,540,520 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\PPFrame.dll
MOD - [2011/03/31 20:24:54 | 000,591,320 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\PPVodDownload.dll
MOD - [2011/03/31 20:24:54 | 000,374,192 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\PPP.dll
MOD - [2011/03/31 20:24:50 | 000,632,248 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\Plugin\mframe.dll
MOD - [2011/03/31 20:24:42 | 000,912,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/03/31 20:24:42 | 000,516,864 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\sqlite3.dll
MOD - [2011/03/31 20:24:38 | 000,143,720 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2011/03/31 20:23:34 | 001,377,720 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\chctrl.dll
MOD - [2011/03/31 20:23:34 | 000,827,240 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\NCList.dll
MOD - [2011/03/31 20:23:34 | 000,538,048 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\PPOptions.dll
MOD - [2011/03/31 20:23:34 | 000,270,696 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\PPChLocalManager.dll
MOD - [2011/03/31 20:23:34 | 000,234,952 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\IEProxy.dll
MOD - [2011/03/31 20:23:34 | 000,214,464 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\IEBrowser.dll
MOD - [2011/03/31 20:23:34 | 000,079,296 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\PPFlvCom.dll
MOD - [2011/03/31 20:23:34 | 000,075,176 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\filepick.dll
MOD - [2011/03/31 20:23:34 | 000,062,912 | ---- | M] () -- C:\Program Files (x86)\PPLive\PPTV\components\Gallop.dll
MOD - [2010/09/28 13:10:14 | 001,699,384 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/09/28 12:59:20 | 012,286,008 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/13 23:11:13 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/28 18:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/29 00:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/13 11:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/10 19:20:28 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/20 22:54:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3567445309-1158785481-1039964288-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-3567445309-1158785481-1039964288-1003\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-3567445309-1158785481-1039964288-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TTTTMMMM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TTTTMMMM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/12/01 02:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/01 02:02:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/01 02:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/13 22:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/13 22:56:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 12:45:24 | 000,000,000 | ---D | M]

[2011/12/11 14:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TTTTMMMM\AppData\Roaming\Mozilla\Extensions
[2012/04/17 21:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TTTTMMMM\AppData\Roaming\Mozilla\Firefox\Profiles\xmnn7601.default\extensions
[2012/01/20 23:27:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\TTTTMMMM\AppData\Roaming\Mozilla\Firefox\Profiles\xmnn7601.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/12/17 22:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/17 22:33:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPLGN
[2012/01/13 22:56:40 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\TTTTMMMM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Gmail: Email from Google = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahijggofdpjllpghfbajcochgmdhmnph\2011.11.29.9747_0\
CHR - Extension: Google = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\akadbbccfpogllggihohbkgjmgpdhdia\2011.11.29.9729_0\
CHR - Extension: Family Connection = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbofamcdloghdlogclnenjmdgjceenom\2011.11.29.13656_0\
CHR - Extension: AP: Macroeconomics = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfhghblnmkbhildphbbgoiedjhmjlphf\2012.4.12.8831_0\
CHR - Extension: Google Translate = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjmngbfeoahignmbagincnmpgodpfjm\2011.11.29.9761_0\
CHR - Extension: English to French, Italian, German & Spanish Dictionary - WordReference.com = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\eigkhialgobgcbmbliipenfhchjnnaio\2011.11.29.9740_0\
CHR - Extension: Homestead High School: Home Page = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljeoibhijlekchdhelmnnjcmjoaphci\2011.11.29.9736_0\
CHR - Extension: Yahoo! Mail: The best web-based email! = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgimbbppiimgccikhbmlelkjkaggnak\2011.11.29.9756_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AP: Microeconomics = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghegkkkpjggglhfhjbohgggncfgbeej\2012.4.12.8834_0\
CHR - Extension: Turnitin : Leading Plag = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmnikbgaajpcfknekeifieegldinmokf\2012.4.12.8828_0\
CHR - Extension: verb2verbe - Learn the French language: French verb conjugation. Tests to learn French verbs. = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnflgeipoheneafnhajlhnloaclllfkp\2011.11.30.3151_0\
CHR - Extension: https://www.commonapp.org/ = C:\Users\TTTTMMMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfocligknlmfajccglobemjbgbcafpml\2011.11.29.13677_0\

O1 HOSTS File: ([2012/04/19 22:05:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3567445309-1158785481-1039964288-1003..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3567445309-1158785481-1039964288-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3567445309-1158785481-1039964288-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TTTTMMMM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TTTTMMMM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1843EC0-48EC-4F01-BC62-03D86DE24ACE}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2012/04/20 11:27:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\TTTTMMMM\Desktop\OTL.exe
[2012/04/20 11:08:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\TTTTMMMM\Desktop\aswMBR.exe
[2012/04/20 10:57:46 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\TTTTMMMM\Desktop\tdsskiller.exe
[2012/04/19 22:23:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/19 22:20:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/19 21:25:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/19 21:25:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/19 21:25:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/18 20:10:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/18 20:00:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/18 19:30:18 | 000,000,000 | ---D | C] -- C:\Users\TTTTMMMM\AppData\Local\NPE
[2012/04/17 23:38:37 | 000,000,000 | ---D | C] -- C:\Users\TTTTMMMM\Documents\Symantec
[2012/04/17 22:38:32 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2012/04/13 23:10:56 | 008,766,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/10 22:32:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/10 22:32:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/10 22:32:05 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/10 22:32:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/10 22:32:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/10 22:32:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/10 22:32:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/10 22:32:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/10 22:32:03 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/10 22:32:03 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/10 22:32:03 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/10 22:31:47 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/10 22:31:47 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/10 22:31:47 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/10 22:28:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/10 22:28:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/10 22:28:01 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/03/29 16:44:45 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/13 17:31:58 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 17:23:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 17:23:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 17:23:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 17:23:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 17:23:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/04 16:53:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012/02/28 22:59:06 | 000,000,000 | ---D | C] -- C:\Users\TTTTMMMM\AppData\Local\{69DF405D-5988-4F78-A1F0-21476EA82B7C}
[2012/02/28 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\TTTTMMMM\AppData\Local\{BD8BB67A-D710-47A3-BF7C-BD28AE342F76}
[2012/02/28 22:18:03 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/02/28 21:59:04 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/02/28 21:59:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/02/28 21:56:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/02/28 21:56:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/02/28 21:56:26 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/02/28 21:56:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/02/28 21:56:08 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/02/28 21:56:08 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/02/28 21:51:45 | 000,000,000 | ---D | C] -- C:\Users\TTTTMMMM\AppData\Local\Windows Live
[2012/02/28 21:51:45 | 000,000,000 | ---D | C] -- C:\Users\TTTTMMMM\AppData\Local\{19AAC0C2-D101-4D96-A538-ABACF1D7405C}
[2012/02/17 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games
[2012/02/17 18:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
[2012/02/15 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\TTTTMMMM\AppData\Local\Hewlett-Packard_Company
[2012/02/14 20:40:21 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 20:40:09 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 20:40:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 20:39:48 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/01/25 18:49:15 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/25 18:49:15 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/25 18:49:15 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/25 18:49:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/25 18:49:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/25 18:49:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[1 C:\Users\TTTTMMMM\Documents\*.tmp files -> C:\Users\TTTTMMMM\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/04/20 11:28:13 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3567445309-1158785481-1039964288-1003UA.job
[2012/04/20 11:27:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\TTTTMMMM\Desktop\OTL.exe
[2012/04/20 11:24:33 | 000,000,512 | ---- | M] () -- C:\Users\TTTTMMMM\Documents\MBR.dat
[2012/04/20 11:09:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\TTTTMMMM\Desktop\aswMBR.exe
[2012/04/20 11:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 10:59:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 10:59:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 10:58:13 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\TTTTMMMM\Desktop\tdsskiller.exe
[2012/04/20 10:52:33 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/04/20 10:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 10:52:14 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 22:05:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/19 21:28:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3567445309-1158785481-1039964288-1003Core.job
[2012/04/19 21:24:06 | 000,001,137 | ---- | M] () -- C:\Users\TTTTMMMM\Desktop\ComboFix - Shortcut.lnk
[2012/04/18 22:25:40 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 22:25:40 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/18 22:25:37 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 19:46:40 | 000,000,000 | ---- | M] () -- C:\Users\TTTTMMMM\defogger_reenable
[2012/04/16 07:42:36 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForS.job
[2012/04/13 23:11:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 23:11:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 23:10:56 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 13:30:18 | 000,002,397 | ---- | M] () -- C:\Users\TTTTMMMM\Desktop\Google Chrome.lnk
[2012/04/09 18:00:56 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTTTTMMMM.job
[2012/03/25 20:19:26 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForS-HP$.job
[2012/03/14 11:06:01 | 000,377,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/05 23:53:37 | 005,559,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/05 22:59:47 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/05 22:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/04 16:52:01 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/02/29 23:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/02/29 23:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/27 23:56:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/27 23:48:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/27 23:48:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/27 23:45:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/27 23:43:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/27 23:39:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/27 18:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/27 18:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/27 18:06:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/27 18:03:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/27 17:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/19 15:49:09 | 000,002,532 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/02/17 20:38:30 | 000,002,564 | ---- | M] () -- C:\Users\TTTTMMMM\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk
[2012/02/16 23:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/16 22:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/09 23:36:07 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/01/24 23:38:39 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/01/24 23:38:38 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/01/24 23:33:30 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[1 C:\Users\TTTTMMMM\Documents\*.tmp files -> C:\Users\TTTTMMMM\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/20 11:24:33 | 000,000,512 | ---- | C] () -- C:\Users\TTTTMMMM\Documents\MBR.dat
[2012/04/19 21:25:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/19 21:25:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/19 21:25:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/19 21:25:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/19 21:25:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/19 21:24:06 | 000,001,137 | ---- | C] () -- C:\Users\TTTTMMMM\Desktop\ComboFix - Shortcut.lnk
[2012/04/18 19:46:40 | 000,000,000 | ---- | C] () -- C:\Users\TTTTMMMM\defogger_reenable
[2012/04/15 18:26:17 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForS.job
[2012/04/08 20:03:20 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTTTTMMMM.job
[2012/03/29 16:44:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/02/17 20:38:29 | 000,002,564 | ---- | C] () -- C:\Users\TTTTMMMM\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk
[2012/02/17 20:38:29 | 000,002,532 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/12/08 21:28:48 | 000,004,096 | -H-- | C] () -- C:\Users\TTTTMMMM\AppData\Local\keyfile3.drm
[2011/09/18 21:20:04 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/09/18 21:20:04 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/09/18 21:20:04 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/09/18 21:20:04 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/09/18 21:20:04 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/09/18 21:20:04 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/09/18 21:20:04 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/09/18 21:20:04 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/09/18 21:20:04 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/09/18 21:20:04 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/09/18 21:20:04 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/09/18 21:20:04 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/09/18 21:20:04 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/09/18 21:20:04 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/09/18 21:20:04 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/09/18 21:20:04 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/28 08:00:30 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/03 20:25:50 | 000,001,854 | ---- | C] () -- C:\Users\TTTTMMMM\AppData\Roaming\GhostObjGAFix.xml
[2011/04/02 21:56:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/01 01:39:44 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/12/01 01:35:48 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/12/01 01:35:48 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/10/16 12:40:15 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2011/09/02 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Blio
[2011/04/02 18:01:28 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\PictureMover
[2011/04/03 18:40:58 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\PPLive
[2011/12/22 13:44:47 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\Blio
[2012/01/20 23:27:10 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\DVDVideoSoft
[2012/01/20 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/05 13:14:50 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\EPSON
[2011/07/03 11:15:18 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\Flood Light Games
[2011/07/02 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\PictureMover
[2011/07/21 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\PPLive
[2011/08/28 10:45:08 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\SoftGrid Client
[2011/08/28 08:01:36 | 000,000,000 | ---D | M] -- C:\Users\TTTTMMMM\AppData\Roaming\TP
[2012/02/14 20:09:34 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/04/19 22:20:31 | 000,018,571 | ---- | M] () -- C:\ComboFix.txt
[2012/04/20 10:52:14 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/25 22:45:45 | 000,000,160 | ---- | M] () -- C:\log.txt
[2012/04/20 10:52:19 | 2075,041,792 | -HS- | M] () -- C:\pagefile.sys
[2012/04/20 11:08:02 | 000,361,406 | ---- | M] () -- C:\TDSSKiller.2.7.30.0_20.04.2012_10.59.04_log.txt

< %USERPROFILE%\*.* >
[2012/04/18 19:46:40 | 000,000,000 | ---- | M] () -- C:\Users\TTTTMMMM\defogger_reenable
[2012/04/20 11:31:22 | 004,980,736 | -HS- | M] () -- C:\Users\TTTTMMMM\NTUSER.DAT
[2012/04/20 11:31:22 | 000,262,144 | -HS- | M] () -- C:\Users\TTTTMMMM\ntuser.dat.LOG1
[2011/07/02 21:13:51 | 000,000,000 | -HS- | M] () -- C:\Users\TTTTMMMM\ntuser.dat.LOG2
[2011/07/02 22:34:58 | 000,065,536 | -HS- | M] () -- C:\Users\TTTTMMMM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/07/02 22:34:58 | 000,524,288 | -HS- | M] () -- C:\Users\TTTTMMMM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/07/02 22:34:58 | 000,524,288 | -HS- | M] () -- C:\Users\TTTTMMMM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/07/02 21:13:52 | 000,000,020 | -HS- | M] () -- C:\Users\TTTTMMMM\ntuser.ini
[2011/10/28 16:00:30 | 000,000,000 | ---- | M] () -- C:\Users\TTTTMMMM\Sti_Trace.log

< %USERPROFILE%\AppData\Local\*.* >
[2011/12/22 12:49:32 | 000,093,360 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/04/19 22:24:18 | 001,812,498 | -H-- | M] () -- C:\Users\TTTTMMMM\AppData\Local\IconCache.db
[2011/12/08 21:28:48 | 000,004,096 | -H-- | M] () -- C:\Users\TTTTMMMM\AppData\Local\keyfile3.drm

< %USERPROFILE%\AppData\Roaming\*.* >
[2011/09/18 16:40:11 | 000,001,854 | ---- | M] () -- C:\Users\TTTTMMMM\AppData\Roaming\GhostObjGAFix.xml

< %ProgramData%\*.* >
[2010/12/01 01:48:59 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/10/16 12:31:45 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/12/01 01:48:32 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/10/16 12:25:13 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/12/01 01:47:59 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/12/01 01:48:48 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/10/16 12:23:57 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/10/16 12:30:49 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/12/01 01:49:26 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >
[2012/04/20 11:06:29 | 000,001,150 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log

< %windir%\temp\*.* >
[2012/04/19 22:46:02 | 000,000,608 | ---- | M] () -- C:\Windows\temp\fwtsqmfile00.sqm
[2012/04/20 10:59:46 | 000,000,608 | ---- | M] () -- C:\Windows\temp\fwtsqmfile01.sqm
[2012/04/20 11:03:29 | 000,032,750 | ---- | M] () -- C:\Windows\temp\MpCmdRun.log
[2012/04/19 22:45:13 | 000,004,342 | ---- | M] () -- C:\Windows\temp\MpSigStub.log
[2012/04/19 22:57:41 | 000,003,586 | ---- | M] () -- C:\Windows\temp\WER3053.tmp.WERInternalMetadata.xml
[2012/04/19 22:57:41 | 000,000,000 | ---- | M] () -- C:\Windows\temp\WER3054.tmp.hdmp
[12 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %windir%\system32\*. >
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2010/10/16 12:16:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\Adobe
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/13 19:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/13 19:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2011/07/25 19:52:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2011/07/25 19:52:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2012/04/19 21:54:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2011/12/14 14:13:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/13 19:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2010/10/16 12:16:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2012/04/11 18:27:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2011/07/25 19:52:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/13 19:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2010/12/01 01:38:22 | 000,000,000 | ---D | M] -- C:\Windows\system32\RTCOM
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2011/04/03 08:56:35 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2011/07/25 19:52:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2009/07/13 20:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2009/07/13 20:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2009/07/13 20:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

< %windir%\sysnative\*. >
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2009/07/13 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2009/07/13 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2011/07/25 19:51:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2012/04/10 22:32:25 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2012/04/19 21:23:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2009/09/06 18:11:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2012/04/19 22:57:32 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2011/07/25 19:52:23 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2009/07/13 20:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2011/07/25 19:52:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2012/04/20 10:59:05 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2011/12/21 18:36:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2012/02/28 21:59:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2011/12/14 14:13:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2011/07/25 19:29:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\EventProviders
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2009/07/13 22:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/13 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/13 19:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2011/04/16 19:13:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2011/12/22 12:49:24 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2009/07/13 21:45:42 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
[2012/04/11 18:27:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2011/07/25 19:52:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2012/04/20 10:57:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2009/07/13 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2011/07/25 19:52:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2011/04/02 17:51:24 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2011/04/02 17:51:28 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/13 20:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2009/07/13 21:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/13 20:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2011/07/25 19:33:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SPReview
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2010/12/01 02:12:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2012/04/19 21:21:58 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2011/04/03 08:56:34 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2011/07/25 19:52:18 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2012/04/18 19:34:58 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2009/07/13 22:09:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< %systemroot%\system32\DBBK\*.* /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\syswow64\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\syswow64\drivers\*.sys /90 >

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2010/11/20 05:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/04 18:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2009/07/13 18:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
[2009/07/13 14:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
[2010/11/04 18:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/20 05:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2009/07/13 18:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/13 18:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2010/11/04 18:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2009/07/13 18:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2009/06/10 14:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 14:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009/06/10 14:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 14:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 14:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2011/07/08 15:33:43 | 004,550,656 | ---- | M] () MD5=67A80B7ABA247E0B6D8FE0E85A58F001 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 14:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 14:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 14:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 14:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 14:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 14:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 14:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 14:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 14:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 14:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/20 05:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/20 05:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/07/13 15:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2009/07/13 18:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2009/06/10 14:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 14:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 15:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2009/07/13 18:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2009/07/13 15:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/13 18:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2010/11/04 18:53:22 | 004,218,880 | ---- | M] () MD5=8A68B7F6F17377EFC0E7B12ABE54A8A4 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 14:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2010/11/04 18:53:31 | 001,736,536 | ---- | M] () MD5=189EF45EB56724A888159C084588155D -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/04 18:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/04 18:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/04 18:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/19 21:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2010/11/04 18:53:24 | 000,372,736 | ---- | M] () MD5=D5DB261885C0FEBF106DD3921C764F1E -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 14:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/25 13:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >
[2010/11/20 06:39:41 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/04 18:56:37 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2010/11/04 18:56:43 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/20 06:44:11 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2010/11/20 06:44:11 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
[2010/11/20 06:44:11 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2009/07/13 18:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/13 18:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2011/08/16 22:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
[2010/11/20 06:44:11 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
[2010/11/20 06:44:11 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
[2010/11/20 06:44:11 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
[2010/11/20 06:44:12 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2010/11/04 18:52:15 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2009/07/13 18:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2010/11/20 06:39:46 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2010/11/04 18:53:34 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 13:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009/06/10 13:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 13:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 13:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2011/07/08 15:31:14 | 004,567,040 | ---- | M] () MD5=86AC5ED8B664B0929ACCAF500E8A3E49 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 13:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 13:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 13:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 13:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 13:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 13:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 13:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 13:40:02 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 13:40:02 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 13:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/20 06:44:12 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/20 06:44:13 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/06/10 13:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 13:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 14:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/13 18:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2010/11/04 18:52:53 | 003,997,696 | ---- | M] () MD5=B3B14A927ECE4440D58052E0B5679B8C -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 13:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2010/11/04 18:53:03 | 002,255,192 | ---- | M] () MD5=04A7A2D3B9AC06609AA93834785F0C92 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/04 18:56:58 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/04 18:56:58 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/04 18:57:00 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/04 18:57:02 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2010/11/04 18:52:57 | 000,358,912 | ---- | M] () MD5=183FCB53541A77FCCF22CAAC19DD2BA0 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 13:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/25 13:40:47 | 005,263,360 | ---- | M] () MD5=5566D4BABE2900CDB906F470F098188B -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >
[2009/06/10 14:22:40 | 000,010,752 | ---- | M] () MD5=7E8C840853FB6EBD5CC16D3C10C7C127 -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
[2011/09/18 18:35:50 | 000,077,368 | ---- | M] () MD5=423300472FF3272E2889C16CD096FAB5 -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
[2010/11/04 18:52:35 | 000,165,720 | ---- | M] () MD5=501E961FEEBBDE040FB836CB5DE122C2 -- C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
[2009/06/10 14:22:50 | 000,013,312 | ---- | M] () MD5=AAD128271C76C6596E69CFA81D765C2C -- C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
[2009/06/10 14:22:50 | 000,005,120 | ---- | M] () MD5=BA86FDE9C3B5BD2FF5EA7A99BF648E82 -- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
[2010/11/20 05:32:20 | 000,094,208 | ---- | M] () MD5=3AC3967EB34A432332FF4E2D971397E8 -- C:\Windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
[2010/11/20 05:32:20 | 000,143,360 | ---- | M] () MD5=7F404ED2BAD3365F1A6452DBE40024FD -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
[2009/07/13 14:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe.config
[2009/07/13 18:46:13 | 000,015,872 | ---- | M] () MD5=CC471B699BEF83A45837119601B70B78 -- C:\Windows\assembly\GAC_MSIL\ehiActivScp\6.1.0.0__31bf3856ad364e35\ehiActivScp.dll
[2009/07/13 18:46:13 | 000,011,776 | ---- | M] () MD5=357EB8AECD2A0F8BD6DB22485DDDE5B9 -- C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ehiBmlDataCarousel.dll
[2009/07/13 18:20:15 | 000,077,824 | ---- | M] () MD5=598383C42098DF7D0FFD61F459B6CBAF -- C:\Windows\assembly\GAC_MSIL\ehiExtens\6.1.0.0__31bf3856ad364e35\ehiExtens.dll
[2009/07/13 18:46:06 | 000,040,960 | ---- | M] () MD5=7CDDCF15C57641475340FEDEE86D69DE -- C:\Windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\ehiiTV.dll
[2010/11/20 05:32:20 | 000,172,032 | ---- | M] () MD5=3B813FB741DF5CD45EB4EA36AE0F83B3 -- C:\Windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
[2009/07/13 18:46:06 | 000,086,016 | ---- | M] () MD5=712FF5DB0DAC5697ABCA9AC6472EAC8B -- C:\Windows\assembly\GAC_MSIL\ehiTVMSMusic\6.1.0.0__31bf3856ad364e35\ehiTVMSMusic.dll
[2009/07/13 18:46:06 | 000,006,144 | ---- | M] () MD5=7F93BA47D13A831EBC7AE6EA6B7C7EFF -- C:\Windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ehiUPnP.dll
[2009/07/13 18:20:38 | 000,032,768 | ---- | M] () MD5=62F20E48B43B44D9C6E9B4CF08FB120D -- C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ehiUserXp.dll
[2009/07/13 18:20:51 | 000,335,872 | ---- | M] () MD5=DB2189BF0B4D192F70605F50EC30037B -- C:\Windows\assembly\GAC_MSIL\ehiVidCtl\6.1.0.0__31bf3856ad364e35\ehiVidCtl.dll
[2009/07/13 18:21:00 | 000,143,360 | ---- | M] () MD5=391EF4FF1EF376B4408C0DEFE2041DBF -- C:\Windows\assembly\GAC_MSIL\ehiwmp\6.1.0.0__31bf3856ad364e35\ehiwmp.dll
[2009/07/13 18:22:59 | 000,086,016 | ---- | M] () MD5=82A5798BD1A2FE8678A51CC9CE493F7F -- C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ehiWUapi.dll
[2010/11/20 05:32:21 | 000,196,608 | ---- | M] () MD5=641443B48D34539ED0F58C1FC3A379F0 -- C:\Windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
[2010/11/20 05:32:21 | 006,307,840 | ---- | M] () MD5=89AFF2261ECF21647B126E596675E302 -- C:\Windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
[2010/11/20 05:19:48 | 000,008,192 | ---- | M] () MD5=D7081D68005C975549685E8BF129794E -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_en_31bf3856ad364e35\EventViewer.resources.dll
[2010/11/20 05:32:20 | 000,368,640 | ---- | M] () MD5=F046EB4BBFC631D178C6DF20819C1DE5 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.1.0.0__31bf3856ad364e35\EventViewer.dll
[2011/09/18 18:37:00 | 000,032,312 | ---- | M] () MD5=EC167AF1BD33C6F10538EAED0AF7DC9C -- C:\Windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.ServiceFacade\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.ServiceFacade.dll
[2011/09/18 18:37:00 | 000,036,920 | ---- | M] () MD5=7ED577FCC6D65F113138A3400F93B1DE -- C:\Windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.SessionManager\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.SessionManager.dll
[2011/09/18 18:35:17 | 000,036,920 | ---- | M] () MD5=93F71FC5CD23D0C68CB05704FEFDB3F8 -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
[2011/09/18 18:35:17 | 000,073,272 | ---- | M] () MD5=F25CBFA4CC7637378FB89B5C6F6F4FEE -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll
[2011/09/18 18:35:17 | 000,150,584 | ---- | M] () MD5=B872EC1B11732C5E49C6DC3575D83BB2 -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Engine\6.0.1.1__e1eab6ede003577a\HP.SupportAssistant.Engine.dll
[2011/09/18 18:35:17 | 002,430,008 | ---- | M] () MD5=4817AAEC0BE07D4514B231E862E01DED -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Localization\6.0.1.1__a2352a4c73e11587\HP.SupportAssistant.Localization.dll
[2011/09/18 18:35:18 | 000,025,144 | ---- | M] () MD5=3CC1C1F572C0628A3BC470C743A44547 -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.ServiceManager\6.0.1.1__afd7346f05a57c11\HP.SupportAssistant.ServiceManager.dll
[2011/09/18 18:35:18 | 000,013,368 | ---- | M] () MD5=148A040DE905FB18034489FE1C2FE127 -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant\6.0.1.1__ff8a51a3dda870ab\HP.SupportAssistant.dll
[2011/09/18 18:35:18 | 000,022,584 | ---- | M] () MD5=7C7E3185520724F1540AF4D1E870C8EA -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Communicator\1.0.0.0__370cd15173f7ac8f\HP.SupportFramework.Communicator.dll
[2011/09/18 18:35:18 | 000,098,872 | ---- | M] () MD5=82D16E47EBB9956EFBF91035A47FB732 -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll
[2011/09/18 18:35:18 | 000,877,112 | ---- | M] () MD5=3A8811678D8EBBA57B9C5314D1647EAD -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
[2011/09/18 18:35:45 | 000,092,728 | ---- | M] () MD5=8C454C8BCDD229DB4372B3E78C079447 -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
[2010/10/16 12:40:15 | 000,236,600 | ---- | M] () MD5=5E9DCB8EB61AE774BA0FB519041441A1 -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
[2009/06/10 14:22:54 | 000,008,192 | ---- | M] () MD5=96D9E7E468D537443DE037A7E15CB804 -- C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
[2009/06/10 14:22:55 | 000,077,824 | ---- | M] () MD5=AF29AA7F2F613951A9E913B4290B2ECE -- C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
[2009/06/10 14:22:55 | 000,006,656 | ---- | M] () MD5=D051642D0ED61E2886FD8917E8B6FAFD -- C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
[2010/10/16 12:40:15 | 000,012,856 | ---- | M] () MD5=5AE4CA7F75EB71A6BCB83315A83CE77C -- C:\Windows\assembly\GAC_MSIL\Interop.HPQTOASTERLib\1.0.0.0__67b8d1b5179ba5f8\Interop.HPQTOASTERLib.dll
[2010/10/16 12:40:15 | 000,010,808 | ---- | M] () MD5=0F8D05D6B4F8B6CE2C95B3A26B8F078F -- C:\Windows\assembly\GAC_MSIL\Interop.HPQWMIEXLib\1.0.0.0__67b8d1b5179ba5f8\Interop.HPQWMIEXLib.dll
[2009/07/13 18:50:20 | 000,106,496 | ---- | M] () MD5=F76D606A61706863C800159442F3E9DA -- C:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe
[2010/11/20 06:44:11 | 000,741,376 | ---- | M] () MD5=F3A7B22F00F8E2F9383338BF4FF4F786 -- C:\Windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
[2009/07/13 18:47:33 | 000,053,248 | ---- | M] () MD5=49F7D995FB172163A378CFAD66296694 -- C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\MCESidebarCtrl.dll
[2009/07/13 18:47:44 | 000,118,784 | ---- | M] () MD5=32169C979FCC2937779F1299C26FFE0A -- C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\mcglidhostobj.dll
[2010/11/20 06:44:11 | 000,207,872 | ---- | M] () MD5=C97FCB65C600CBE7A78C409DC10736FE -- C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
[2010/11/20 05:32:22 | 000,638,976 | ---- | M] () MD5=F338EC894AA0CE005156B4AB2FF77CCC -- C:\Windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
[2010/11/20 06:16:44 | 000,007,168 | ---- | M] () MD5=EE0FEDAA1ECF70EC7C201BC6FB7D256A -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
[2009/07/13 18:46:31 | 000,057,344 | ---- | M] () MD5=6F07957980012E2C639A1469CC82BE68 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
[2009/06/10 14:14:36 | 000,106,496 | ---- | M] () MD5=550E75434C424A17A1E06669D8335C26 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
[2010/11/04 18:57:44 | 000,348,160 | ---- | M] () MD5=24FDCD95121E59D39DCB1585EC8C5901 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 18:53:30 | 000,733,184 | ---- | M] () MD5=DC6476726F4A15BF5BC8CF2C235B17C6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 18:57:44 | 000,036,864 | ---- | M] () MD5=4B177641BEBC8965220EC474D65981A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2009/06/10 14:14:40 | 000,036,864 | ---- | M] () MD5=80F89EC03B39E5A6700C9CA5A5545230 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2010/11/04 18:53:36 | 000,802,816 | ---- | M] () MD5=9EBE67131D1776B86410B56FFC95A5BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
[2010/11/04 18:57:45 | 000,655,360 | ---- | M] () MD5=5B5AEB3CEB1FC6D77E57821E6A42DE72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
[2010/11/04 18:53:30 | 000,094,208 | ---- | M] () MD5=B6EF0B4C1898D03FC7814B890FCE9B72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
[2010/11/04 18:57:45 | 000,077,824 | ---- | M] () MD5=D7A537839EAB83BAD8F3C053098198E8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
[2009/07/13 19:33:04 | 000,036,864 | ---- | M] () MD5=00BAFAF60E0E5EFCB34BF360FF65FA0F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll
[2009/06/10 14:23:03 | 000,749,568 | ---- | M] () MD5=3CF65928E67E362D5B25424EBCC27B12 -- C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
[2009/07/13 19:13:00 | 000,016,384 | ---- | M] () MD5=4D9D34F0204D5DF8EF1DBBD704735EEB -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
[2009/07/13 18:21:42 | 000,188,416 | ---- | M] () MD5=F8B72BFD1D8C36E1A2C98E25C9CF2504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
[2009/07/13 18:52:03 | 001,159,168 | ---- | M] () MD5=4184F48A2A7F0E8349BFC82734313D73 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Bml.dll
[2009/07/13 18:51:58 | 000,024,576 | ---- | M] () MD5=675B4FDF8010FB917CC3810D4CBF7F7D -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTv.Hosting\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTv.Hosting.dll
[2009/07/13 18:51:44 | 000,086,016 | ---- | M] () MD5=CA7C89AEAC56920195226101750DBCD9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.dll
[2009/07/13 18:52:21 | 000,045,056 | ---- | M] () MD5=7BCAA93888177CF3C58EA93EFB648E54 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.ITVVM\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.ITVVM.dll
[2010/11/20 05:35:58 | 001,572,864 | ---- | M] () MD5=0CFCDCFB9D28CE7AFC3F1823250ABE71 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
[2010/11/20 05:35:58 | 000,241,664 | ---- | M] () MD5=3E1A7D201A38D73F14FFE90909B38A86 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
[2010/11/20 05:35:59 | 002,596,864 | ---- | M] () MD5=732807787D6FA99791370D934360AE4C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
[2010/11/20 05:35:59 | 000,385,024 | ---- | M] () MD5=2F4797433A371756FE937CE802C2F313 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
[2009/07/13 19:33:06 | 000,010,752 | ---- | M] () MD5=379089FDE4608B9401EC95B274542576 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
[2010/11/20 06:44:11 | 000,102,400 | ---- | M] () MD5=6EAAC822D547374E6262AFBA30401E5F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
[2010/11/20 06:16:44 | 000,036,864 | ---- | M] () MD5=FFA7D0C210B6E1B47E15525053B725D4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
[2010/11/20 06:44:11 | 000,290,816 | ---- | M] () MD5=801F0D419E2B3602218348BFB45C230D -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
[2009/07/13 19:33:06 | 000,049,152 | ---- | M] () MD5=B32152DF054633A28F4D5E2AEDDF5F19 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
[2010/11/20 06:44:12 | 000,667,648 | ---- | M] () MD5=2B291883E64693401A7DD55A5F35B249 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
[2010/11/20 06:16:44 | 000,040,960 | ---- | M] () MD5=951B942088F27F3895B8B3A08E8530A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
[2009/07/13 18:46:58 | 000,200,704 | ---- | M] () MD5=4A096A4B77AE0C49D3628CE164EEC3C2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
[2009/07/13 19:33:08 | 000,069,632 | ---- | M] () MD5=2CF04D9D956AF6FC9381271E55AEAA91 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
[2010/11/20 06:44:12 | 000,991,232 | ---- | M] () MD5=B4D0FCD1E5681E61534CD0DE182BB88A -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
[2009/07/13 19:33:10 | 000,040,960 | ---- | M] () MD5=E2D60DEED2AA1F403CC63739AEF5E4A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
[2009/07/13 18:47:40 | 000,651,264 | ---- | M] () MD5=031F6012ED32D35DCE00CCAB160C75CF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
[2009/07/13 19:33:08 | 000,016,896 | ---- | M] () MD5=C197070E1F609DD5F6D0D903D8ADE915 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
[2009/07/13 18:47:11 | 000,278,528 | ---- | M] () MD5=D05827F60C018DA99938BFAF3659C9DB -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
[2009/07/13 19:33:08 | 000,009,216 | ---- | M] () MD5=C4A74FA93F0FDAE5E72E4AE147FE242B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
[2010/11/20 06:44:12 | 000,077,824 | ---- | M] () MD5=EAB08B2E94E52E818B1892C64607AB58 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
[2009/07/13 19:33:10 | 000,073,728 | ---- | M] () MD5=AD97A4CA111C67B9CC070DD073776B3B -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll
[2009/07/13 18:48:24 | 000,192,512 | ---- | M] () MD5=05DD252C92F92A1CFCFF84903D0225B6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.1.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
[2009/06/10 14:14:03 | 000,397,312 | ---- | M] () MD5=130FF58B6245F78097E7619EFB61CDD2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
[2009/06/10 14:23:03 | 000,110,592 | ---- | M] () MD5=A070FD9509392CEB84A3ED8F8A42A504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
[2010/11/04 18:57:46 | 000,372,736 | ---- | M] () MD5=B424A0AF636B1D3DAE3A664285EF9795 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
[2009/06/10 14:23:04 | 000,028,672 | ---- | M] () MD5=A5B5F03020C0A01276801CF2C807FF8C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
[2010/11/04 18:57:46 | 000,610,304 | ---- | M] () MD5=DF1F3AFE18D254F759BB1A000B811C15 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
[2009/06/10 14:14:40 | 000,041,984 | ---- | M] () MD5=DD26812B72AF01116F7A1DDD4FA21E49 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
[2009/06/10 14:23:04 | 000,005,632 | ---- | M] () MD5=BBAEF0C6E310A25D3BCCAA2ADC538F82 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
[2009/06/10 14:23:04 | 000,012,800 | ---- | M] () MD5=71C2F1A0F8FFD6D017F039AC023DE81C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
[2009/06/10 14:23:04 | 000,032,768 | ---- | M] () MD5=45F2E4914DDCDA6F468D99FAA91911F2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
[2010/12/01 01:52:12 | 000,884,736 | ---- | M] () MD5=E42998E3BB92E6696A82EF796EFAC507 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=E935C47D0C44352C7D6525A1325ABED3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll
[2009/07/13 18:51:58 | 000,009,728 | ---- | M] () MD5=4D851ACFD99800153B512F98DE8EE53F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=3CC03A1C2E1969B4EF4659D07A955BD5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll
[2009/07/13 18:49:05 | 000,010,752 | ---- | M] () MD5=22C1F179C2141626AF5AA4EE3B466F70 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=83CB16FC8537B2D0A47A0D7728074CF7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll
[2009/07/13 18:49:19 | 000,009,216 | ---- | M] () MD5=3E54B66D932C3B9ACF9A85DCBCB9012A -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=C7B89E6373CAA6563CC190AF83AB8189 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll
[2009/07/13 18:49:36 | 000,008,192 | ---- | M] () MD5=46F52892AE2A9F422A992E67109C26B3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll
[2010/11/20 06:16:44 | 000,004,096 | ---- | M] () MD5=4F99E7FCEBE740F038392F993D910CAE -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.resources.dll
[2009/07/13 18:49:35 | 000,024,576 | ---- | M] () MD5=D63EFE70138DD63ED305547E154185DB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.dll
[2009/07/13 19:33:12 | 000,006,656 | ---- | M] () MD5=332AB4925318F2B2CA3E6D31D69BBA74 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll
[2009/07/13 18:49:35 | 000,049,152 | ---- | M] () MD5=C7266BF807067847FE533B5130F3476E -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll
[2012/01/20 23:26:44 | 000,546,968 | ---- | M] () MD5=A1719B8A4F51EBF721388C1007902216 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll
[2012/01/20 23:26:43 | 000,110,232 | ---- | M] () MD5=B6C35618A22EA2132508613B9AA055FB -- C:\Windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll

#9 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 02:07 PM

Part 5:
OTL Continued:

[2009/07/13 19:33:12 | 000,013,824 | ---- | M] () MD5=DD6902F80F16E9EBDC289FFB376F921A -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
[2010/11/20 06:44:12 | 000,286,720 | ---- | M] () MD5=045923382F35E9C922AC8693F1240645 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
[2009/07/13 18:49:51 | 000,007,168 | ---- | M] () MD5=FD9DC207646A40F715B2E3FA12FF8B2F -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
[2009/06/10 14:23:04 | 000,007,168 | ---- | M] () MD5=E5640EF09DA87B03E78F18F850CFF728 -- C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
[2009/07/13 19:13:12 | 001,552,384 | ---- | M] () MD5=5D85FA66189E6832466C8DEE97CA8C3F -- C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll
[2010/11/20 05:36:00 | 003,416,064 | ---- | M] () MD5=CD35B1936F50990D1FCEAE31E2D1553F -- C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
[2010/11/20 05:19:49 | 000,036,864 | ---- | M] () MD5=E5956455F8A07B174CF146247EC6315E -- C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll
[2009/07/13 18:26:50 | 000,421,888 | ---- | M] () MD5=A9D4275CE5EA165C267AE05A6821CB54 -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
[2010/11/20 05:19:49 | 000,004,096 | ---- | M] () MD5=930887F063E075C31E38E435F9C3D94C -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll
[2009/07/13 18:26:07 | 000,110,592 | ---- | M] () MD5=E72BF459A519312B4FF7F3FA8A85BA13 -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
[2009/07/13 19:32:00 | 000,049,152 | ---- | M] () MD5=341507487E1AD54BE8079C7637810C9E -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.1.0.0_en_31bf3856ad364e35\napinit.Resources.dll
[2009/07/13 18:50:10 | 000,073,728 | ---- | M] () MD5=2E112025F72F2BF1302D8D5AA9014977 -- C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\NAPINIT.DLL
[2009/07/13 19:32:16 | 000,233,472 | ---- | M] () MD5=6B24C82334B7A52A1349E6E5BB162D88 -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_en_31bf3856ad364e35\napsnap.resources.dll
[2009/07/13 18:50:24 | 000,454,656 | ---- | M] () MD5=6F6170493DADDBAE1AFF0A2E2FABAE34 -- C:\Windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL
[2010/11/20 06:44:13 | 001,077,248 | ---- | M] () MD5=AFA10DB13B9A0537297AEEF2CD66352F -- C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe
[2010/12/01 01:33:23 | 000,000,815 | ---- | M] () MD5=0A33273323603FCBD8DDD74758163161 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config
[2010/12/01 01:33:23 | 000,005,632 | ---- | M] () MD5=841736FAB112AC493646E4399E684D38 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
[2010/12/01 01:33:23 | 000,000,831 | ---- | M] () MD5=A9C1035129544B3867E06A8F02874FE4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config
[2010/12/01 01:33:23 | 000,005,632 | ---- | M] () MD5=1A49D09BD80C023A771214DA826FF6B6 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
[2010/12/01 01:33:23 | 000,000,828 | ---- | M] () MD5=52B88C0916FAFF34E0174CD718980AC4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config
[2010/12/01 01:33:23 | 000,005,632 | ---- | M] () MD5=0C8F794B0C057EB421569A4E5B8E98C5 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
[2010/11/04 18:53:21 | 000,598,016 | ---- | M] () MD5=AEFD96A1A087027A7EDC21F83F1B4727 -- C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
[2009/06/10 14:14:50 | 000,032,768 | ---- | M] () MD5=24F02A6A94DC8AE6F2ACDA7950CBEEB3 -- C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
[2009/06/10 14:14:51 | 000,042,856 | ---- | M] () MD5=E56F39F6B7FDA0AC77A79B0FD3DE1A2F -- C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2009/06/10 14:14:43 | 000,196,608 | ---- | M] () MD5=C9DF30B6F5D99C8147C528528B9CC498 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
[2009/06/10 14:14:44 | 000,139,264 | ---- | M] () MD5=98F2493B40E00061B4A4369E63790293 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
[2010/11/04 18:53:23 | 000,397,312 | ---- | M] () MD5=4E9FDA223530F931AC1F03ABB58E4DA5 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
[2009/06/10 14:14:44 | 000,163,840 | ---- | M] () MD5=13E8EC241CA1402C923DF3A1DA9CAF70 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
[2010/11/04 18:53:23 | 005,279,744 | ---- | M] () MD5=1D362AE9606BF7D4E3342EB7F7671CD0 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
[2009/06/10 14:14:52 | 000,864,256 | ---- | M] () MD5=0F8242348EBA698FF93193A6BDC55362 -- C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
[2010/11/04 18:53:24 | 000,532,480 | ---- | M] () MD5=270045542C06E099B22F8EF6577B8C09 -- C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
[2009/06/10 14:15:18 | 000,005,632 | ---- | M] () MD5=AA7004ABA8C37DDCA200E16F1570EF62 -- C:\Windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
[2010/11/04 18:52:39 | 000,110,592 | ---- | M] () MD5=6F145DEF09821EB6614C501430CB838C -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
[2010/11/04 18:52:39 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
[2009/07/13 18:48:50 | 000,086,016 | ---- | M] () MD5=6B16E2A529A703956915122B895DA5F6 -- C:\Windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.1.0.0__31bf3856ad364e35\SonicMCEBurnEngine.dll
[2009/06/10 14:23:17 | 000,110,592 | ---- | M] () MD5=3C8AF820562CC8E3A1CF82650518F66C -- C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
[2010/11/04 18:53:30 | 000,045,056 | ---- | M] () MD5=6D593E9AE74E39A62F8184515B27DF28 -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
[2010/11/04 18:53:30 | 000,163,840 | ---- | M] () MD5=949408949F9C8FF4FDB82A8EB14792EE -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
[2010/11/04 18:53:30 | 000,057,344 | ---- | M] () MD5=27E76A55FA5C3586297C2D42986304AC -- C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
[2010/11/04 18:58:04 | 000,081,920 | ---- | M] () MD5=ED2D3B032733BFC7A68FCE05BC7F93B4 -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
[2010/11/04 18:58:04 | 000,425,984 | ---- | M] () MD5=5A7A33F7F9DFC0C0A8B8E000F4D9D898 -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
[2010/11/04 18:53:30 | 000,667,648 | ---- | M] () MD5=FC114C6C8AB34F1A357069AD3E4477F8 -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
[2010/11/04 18:53:31 | 000,053,248 | ---- | M] () MD5=82D34DEB3105E63981A0306B03C10A07 -- C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
[2010/11/04 18:53:31 | 000,229,376 | ---- | M] () MD5=02B81AAEB463E966372AF6A1C0B6038E -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
[2010/11/04 18:53:31 | 002,879,488 | ---- | M] () MD5=EEDCBC7607D2852BBF74409B49A8D1C1 -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
[2010/11/04 18:53:31 | 000,684,032 | ---- | M] () MD5=8AB40EB71BB5D5F4641AA5895712B981 -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
[2010/11/04 18:53:32 | 000,462,848 | ---- | M] () MD5=606ACF1553423BFDD3CABEBA3DF264B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
[2010/11/04 18:53:32 | 000,163,840 | ---- | M] () MD5=0ACA904F87E674CF3CB6746D9D3AB321 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
[2010/11/04 18:53:32 | 000,692,224 | ---- | M] () MD5=4BA482E447D6096E8D4348AAE306CE1B -- C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
[2010/10/16 12:19:50 | 000,236,392 | ---- | M] () MD5=A200E7209B42BAA18F438695CE45B0B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
[2010/11/04 18:58:05 | 000,745,472 | ---- | M] () MD5=800484A3335EACDAA9600120385CCBDC -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
[2010/11/04 18:58:05 | 000,970,752 | ---- | M] () MD5=418EC83A2FC441A3D40F3FDCDA851392 -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
[2010/11/04 18:58:06 | 004,927,488 | ---- | M] () MD5=2D7D124DCC4E7643F2B8AB4592150950 -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
[2010/11/04 18:53:32 | 000,290,816 | ---- | M] () MD5=CD86BDCB5E115635E6AB7DFE77FC1D11 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
[2009/06/10 14:23:18 | 000,188,416 | ---- | M] () MD5=EE1DCDAA3EA8F53DA56116875CD01653 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
[2010/11/04 18:58:06 | 000,401,408 | ---- | M] () MD5=AF1F47FBADABB9134002359970F5FD1C -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
[2009/06/10 14:23:18 | 000,081,920 | ---- | M] () MD5=D195A195E3D16A867FD4382D786313B8 -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
[2012/01/26 16:33:25 | 000,630,784 | ---- | M] () MD5=25279D7FAF0F1BE97EA477EB939A1469 -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
[2010/11/04 18:52:27 | 000,126,976 | ---- | M] () MD5=DF7FEE2563BF2D59926B786FBF636510 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
[2010/11/04 18:52:27 | 000,442,368 | ---- | M] () MD5=9638C20A92962CAFC45E8F48AE6238F5 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
[2009/06/10 14:13:54 | 000,131,072 | ---- | M] () MD5=AC45DB17E166ECEBD320D4FA2820C1B6 -- C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
[2009/07/13 19:32:38 | 000,253,952 | ---- | M] () MD5=49D669DD9F8F3D4D8600D94EFB46EDF8 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll
[2010/11/20 06:44:13 | 003,010,560 | ---- | M] () MD5=54ECF49D6A42B61AA582216AAEB9657D -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
[2010/11/04 18:53:32 | 000,143,360 | ---- | M] () MD5=BCD4761D6E2290B490498126C67A35D0 -- C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
[2010/11/04 18:58:09 | 000,385,024 | ---- | M] () MD5=52C875E8F96E4F9E69914A538C129C6E -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
[2010/11/04 18:58:09 | 000,258,048 | ---- | M] () MD5=3035497DE3B9208633BC7F3604D781FB -- C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
[2010/11/04 18:53:32 | 000,237,568 | ---- | M] () MD5=74446FB0C54CB43A279E735F9C335752 -- C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
[2010/11/04 18:58:10 | 000,303,104 | ---- | M] () MD5=1D4DA021B0AD837B35AFB772CC7C636D -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
[2009/06/10 14:23:19 | 000,131,072 | ---- | M] () MD5=C9781DA4EE6A5BBAE271CC0AC4B25D7C -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/04 18:52:27 | 000,970,752 | ---- | M] () MD5=01D4E1005C901889517EED7F438DB501 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2010/11/04 18:58:10 | 000,258,048 | ---- | M] () MD5=A15491BE2D672FCDBFEB250E9594D7ED -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
[2010/11/04 18:52:40 | 000,073,728 | ---- | M] () MD5=4E0883AF9D5B4F2AAFD19F6663CBAF5F -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
[2010/11/04 18:52:41 | 000,032,768 | ---- | M] () MD5=9A9827B4F896F40607DF8103B9C438C0 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
[2010/11/04 18:52:44 | 000,569,344 | ---- | M] () MD5=EA5213E7090668C917EEB947FDC3CD46 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
[2010/11/04 18:52:30 | 005,988,352 | ---- | M] () MD5=196D093057DE9D765FF8DDFA24215D3B -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
[2010/11/04 18:58:10 | 000,114,688 | ---- | M] () MD5=F68CAFF425A9F37E498193BDDC5CC652 -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
[2009/06/10 14:14:45 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
[2010/11/04 18:53:32 | 000,077,824 | ---- | M] () MD5=DE8831D65E92BC50304F37CC75EC31D5 -- C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
[2010/11/04 18:53:32 | 000,032,768 | ---- | M] () MD5=4A1EF32D7C394D8400870C73B40CA2A4 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
[2010/11/04 18:53:32 | 000,229,376 | ---- | M] () MD5=054F8B86C1258EDDB833A38B54155CF7 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
[2010/11/04 18:53:32 | 000,131,072 | ---- | M] () MD5=A282147F21B0DB24DB3B3566E828A8AE -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
[2010/11/04 18:53:33 | 000,139,264 | ---- | M] () MD5=A5722B31B8454EE1CC50753C93CFDB4E -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
[2010/11/04 18:53:33 | 000,335,872 | ---- | M] () MD5=C935E89C6F71F188282632F35A04D0C1 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
[2011/12/25 13:42:15 | 001,277,952 | ---- | M] () MD5=58AD1FECFBAEE633D6326377D8E0982E -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
[2010/11/04 18:58:11 | 000,835,584 | ---- | M] () MD5=18FDA35C607C486C0D5B91D7DD06CD17 -- C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
[2009/06/10 14:23:20 | 000,077,824 | ---- | M] () MD5=1CDB3B55F1330F85A674B0B5927399F4 -- C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
[2010/11/04 18:53:33 | 000,061,440 | ---- | M] () MD5=6D138BD2348457A5097F2772C78FE094 -- C:\Windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
[2010/11/04 18:58:12 | 000,839,680 | ---- | M] () MD5=8C0B098B41A27B08D58CAE7A61A3BA19 -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
[2011/03/29 15:33:52 | 005,025,792 | ---- | M] () MD5=2228FA05BCC728E116663A5E11ED6301 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
[2009/06/10 14:15:18 | 000,012,288 | ---- | M] () MD5=1CCEE8037C8EF9A08DD0ADB7E3E38D78 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
[2010/11/04 18:53:45 | 001,142,784 | ---- | M] () MD5=A422312AE61E44B166FAC615786296A1 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
[2010/11/04 18:53:46 | 001,630,208 | ---- | M] () MD5=BD0B0F768E7E74C5CD7A34B8B4BCC81D -- C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
[2010/11/04 18:53:46 | 000,540,672 | ---- | M] () MD5=32FF0E945F51F5147A8304026B5C19EA -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
[2010/11/04 18:52:45 | 000,507,904 | ---- | M] () MD5=CC3B424ED10A8E477B5D466188531F26 -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
[2010/11/04 18:53:34 | 000,139,264 | ---- | M] () MD5=EF6CEBC989FBDAEEB83E5662F1499FC0 -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
[2010/11/04 18:58:14 | 002,048,000 | ---- | M] () MD5=5B3FA17E1CD6FBBDF41AC34DAEECC256 -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
[2011/10/31 16:16:22 | 003,190,784 | ---- | M] () MD5=162AC985F452724D8CE7CCEFC842809F -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
[2009/07/13 19:12:46 | 000,007,168 | ---- | M] () MD5=ABBF43F681EF160CAAB7C41BC289DA06 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll
[2010/11/20 05:36:00 | 000,167,936 | ---- | M] () MD5=1D264989FFABEF36745304F5DD216DC7 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35\TaskScheduler.dll
[2009/06/10 14:14:45 | 000,172,032 | ---- | M] () MD5=3F47DB8D603A84FBF1154901AAC177CD -- C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
[2009/06/10 14:14:46 | 000,380,928 | ---- | M] () MD5=32D7B8CC805D2DA70D01DA89982DCE1D -- C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
[2009/06/10 14:14:46 | 000,040,960 | ---- | M] () MD5=0D2A84FF4383B4F41EDA8B4DE2D45D6C -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
[2009/06/10 14:14:46 | 000,098,304 | ---- | M] () MD5=62DF8C1D169752DF885E44D21309F7E6 -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
[2010/11/04 18:53:26 | 001,253,376 | ---- | M] () MD5=30E46D54FB2938CCF04BE99F1D4FBE3D -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
[2009/06/10 14:14:47 | 000,094,208 | ---- | M] () MD5=D9673C241B14E5526A81B3ABAD3FD3BA -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
[2010/11/04 18:52:42 | 000,149,328 | ---- | M] () MD5=8AB248DD85018CC3232D2F20E45A30E7 -- C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: HP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 199 MB Healthy System
Volume 2 C NTFS Partition 213 GB Healthy Boot
Volume 3 D RECOVERY NTFS Partition 18 GB Healthy
Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSC.SYS >
[2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) MD5=4A6173C2279B498CD8F57CAE504564CB -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_fa3d3a8e759850bd\csc.sys
[2010/11/20 02:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys

< MD5 for: DFSC.SYS >
[2009/07/13 16:23:44 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=3F1DC527070ACB87E40AFE46EF6DA749 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_e38f1f84ffcceb85\dfsc.sys
[2011/04/26 19:45:11 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=59E1C75E5DDBB70BF5A9C6A34D31B4AC -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_e43734fe18d3f691\dfsc.sys
[2010/11/20 02:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
[2010/11/20 02:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
[2011/04/26 19:57:40 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9C253CE7311CA60FC11C774692A13208 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_e3e4a818ff8ce469\dfsc.sys

< MD5 for: DISK.SYS >
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/16 12:50:20 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/16 12:47:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/16 12:50:20 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/16 12:47:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/16 12:50:20 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/16 12:47:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/16 12:50:20 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/16 12:47:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: I8042PRT.SYS >
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys

< MD5 for: LSASS.EXE >
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/16 23:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011/11/17 00:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\ERDNT\cache64\lsass.exe
[2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\SysNative\lsass.exe
[2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/16 23:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe

< MD5 for: NETBT.SYS >
[2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: SERIAL.SYS >
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/24 22:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 10:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 06:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/20 23:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/10/16 12:51:59 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/24 22:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/10/16 12:51:59 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 18:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 22:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/20 23:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 09:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011/04/24 23:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/20 23:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/20 23:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 09:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/10/16 12:50:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/16 12:50:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

Extras:

OTL Extras logfile created on: 4/20/2012 11:29:04 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\TTTTMMMM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 41.34% Memory free
3.87 Gb Paging File | 2.27 Gb Available in Paging File | 58.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213.68 Gb Total Space | 153.27 Gb Free Space | 71.73% Space Free | Partition Type: NTFS
Drive D: | 18.91 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: TTTTMMMM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}" = HP Documentation
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}" = HP Software Framework
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF682D1C-591D-48B5-9803-628DA622C281}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD89FF09-6C2A-46D6-8798-46218F753B87}" = Epson Easy Photo Print 2
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Origin 6.0" = Origin 6.0
"PPLive" = PPTV V2.7.1.0009
"RealPlayer 15.0" = RealPlayer
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3567445309-1158785481-1039964288-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2012 1:39:59 AM | Computer Name = S-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 4/7/2012 1:40:13 AM | Computer Name = S-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 4/7/2012 1:41:24 AM | Computer Name = S-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 4/7/2012 1:41:38 AM | Computer Name = S-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 4/7/2012 1:41:56 AM | Computer Name = S-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 4/7/2012 3:15:19 AM | Computer Name = S-HP | Source = Application Error | ID = 1000
Description = Faulting application name: PowerDVD9.exe, version: 9.0.3903.0, time
stamp: 0x4d6f7d02 Faulting module name: PowerDVD9.exe, version: 9.0.3903.0, time
stamp: 0x4d6f7d02 Exception code: 0xc0000005 Fault offset: 0x000cb229 Faulting process
id: 0x1628 Faulting application start time: 0x01cd14814aa27298 Faulting application
path: C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe Faulting module path:
C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe Report Id: 6e3972ee-8081-11e1-9303-984be1b3cf8e

Error - 4/7/2012 1:10:14 PM | Computer Name = S-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 4/7/2012 2:24:30 PM | Computer Name = S-HP | Source = Application Error | ID = 1000
Description = Faulting application name: PowerDVD9.exe, version: 9.0.3903.0, time
stamp: 0x4d6f7d02 Faulting module name: PowerDVD9.exe, version: 9.0.3903.0, time
stamp: 0x4d6f7d02 Exception code: 0xc0000005 Fault offset: 0x000cb229 Faulting process
id: 0x135c Faulting application start time: 0x01cd14e16d4a8d9b Faulting application
path: C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe Faulting module path:
C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe Report Id: ea21eed0-80de-11e1-9835-984be1b3cf8e

Error - 4/8/2012 4:03:48 PM | Computer Name = S-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 4/8/2012 10:35:11 PM | Computer Name = S-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 10/5/2011 10:55:50 AM | Computer Name = S-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/a33710ae_ca17_494e_a00d_d2d093fbf699/_vb0cwdl4r5tscq6ieio182q_15.rem'
has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1978 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 11/25/2011 8:32:13 PM | Computer Name = S-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/12/2012 6:14:35 PM | Computer Name = S-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/12/2012 6:14:35 PM | Computer Name = S-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/12/2012 6:14:35 PM | Computer Name = S-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/11/2012 6:33:00 PM | Computer Name = S-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1978 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 3/18/2012 5:10:27 PM | Computer Name = S-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1978 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 3/25/2012 7:48:06 PM | Computer Name = S-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1978 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 4/1/2012 5:56:06 PM | Computer Name = S-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1978 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 4/8/2012 5:16:06 PM | Computer Name = S-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1978 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]
Error - 4/2/2011 9:00:28 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:00:40 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:00:53 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:01:06 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:01:19 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:01:33 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:01:46 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:01:58 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:02:11 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/2/2011 9:02:24 PM | Computer Name = S-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 2/11/2012 1:09:47 AM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/11/2012 12:26:21 PM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/11/2012 10:12:33 PM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/11/2012 10:13:41 PM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/11/2012 10:15:23 PM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/11/2012 10:15:23 PM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/12/2012 12:52:48 AM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/12/2012 2:04:36 PM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/12/2012 5:28:19 PM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

Error - 2/15/2012 12:52:39 AM | Computer Name = S-HP | Source = ipnathlp | ID = 31004
Description =

< End of report >

#10 B-boy/StyLe/

Bleeping Freestyler

Malware Response Team
3,570 posts

Gender:Male
Location:Bulgaria

Posted 20 April 2012 - 02:39 PM

Hello,

It looks like you didn't let aswMBR to download the avast! virus definitions?

When you run aswMBR you will be given the option to download the Avast viral data base.

Please repeat the scan using the instructions below:

Please download aswMBR.exe to your desktop.

Double click the aswMBR.exe icon to run it.
The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
When it's done in the AV Scan drop down options choose C:\
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note - do NOT attempt any Fix or FixMBR yet.

Also: There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To => Compressed (zipped) folder. Please attach that zipped file in your next reply.

Regards,
Georgi

My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here -

#11 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 05:26 PM

I don't have the AV scan drop down option.
Am I allowed to put up a screenshot to show you?
Thanks

#12 B-boy/StyLe/

Bleeping Freestyler

Malware Response Team
3,570 posts

Gender:Male
Location:Bulgaria

Posted 20 April 2012 - 06:45 PM

Hi,

Don't worry. I trust you. Sometimes it does happens.

STEP 1

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
[2012/04/20 10:52:33 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
:commands
[resethosts]
[emptytemp]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
Copy/paste the content of the log back here in your next post.

STEP 2

Please download Malwarebytes Anti-Malware 1.61.0.1400 Final and save it to your desktop.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the Run ESET Online Scanner button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Also, “please do NOT forget to DO this”:

Also: There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To => Compressed (zipped) folder. Please attach that zipped file in your next reply

Regards,
Georgi

Edited by B-boy/StyLe/, 20 April 2012 - 06:47 PM.

My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here -

#13 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 07:20 PM

Sorry, I clicked yes, but I was not downloading the virus definition fully, I think I might have clicked inside the box and froze it while it was downloading. Thank you for the help.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 15:24:19
-----------------------------
15:24:19.522 OS Version: Windows x64 6.1.7601 Service Pack 1
15:24:19.522 Number of processors: 2 586 0x170A
15:24:19.522 ComputerName: HP UserName:
15:24:21.924 Initialize success
15:35:41.789 AVAST engine defs: 12042001
15:35:50.915 The log file has been saved successfully to "C:\Users\TTTTMMMM\Documents\aswMBR4.txt"
15:36:58.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:36:58.193 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 3
15:36:58.208 Disk 0 MBR read successfully
15:36:58.224 Disk 0 MBR scan
15:36:58.224 Disk 0 unknown MBR code
15:36:58.240 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:36:58.240 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218806 MB offset 409600
15:36:58.286 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19365 MB offset 448524288
15:36:58.302 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
15:36:58.364 Disk 0 scanning C:\Windows\system32\drivers
15:37:10.419 Service scanning
15:37:47.406 Modules scanning
15:37:47.921 Disk 0 trace - called modules:
15:37:47.937 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:37:47.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044bf060]
15:37:47.952 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800223d050]
15:37:51.244 AVAST engine scan C:\
17:03:43.027 Scan finished successfully
17:13:38.948 Disk 0 MBR has been saved successfully to "C:\Users\TTTTMMMM\Documents\MBR.dat"
17:13:38.964 The log file has been saved successfully to "C:\Users\TTTTMMMM\Documents\aswMBR.txt"

#14 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 07:23 PM

Did my attached zip file go through?

#15 TTTTMMMM

Member

Members
32 posts

Posted 20 April 2012 - 10:43 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TTTTMMMM :: HP [administrator]

Protection: Enabled

4/20/2012 5:42:17 PM
mbam-log-2012-04-20 (17-42-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217097
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
C:\Windows\SysNative\drivers\etc\hosts.ics moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: S
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 259432677 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 63315 bytes

User: TTTTMMMM
->Temp folder emptied: 56645633 bytes
->Temporary Internet Files folder emptied: 89416182 bytes
->Java cache emptied: 591381 bytes
->FireFox cache emptied: 46512669 bytes
->Google Chrome cache emptied: 16659140 bytes
->Flash cache emptied: 57224 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42502 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 14391 bytes

Total Files Cleaned = 448.00 mb

OTL by OldTimer - Version 3.2.40.0 log created on 04202012_172519

Files\Folders moved on Reboot...
C:\Users\TTTTMMMM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

ESET found no threats