Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows always freezing


  • This topic is locked This topic is locked
71 replies to this topic

#1 big239

big239

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 21 March 2012 - 05:28 PM

I get a error message that a random dll file has a bad image the file name changes constantly i did hijackthis here is the log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:28 PM, on 3/21/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

please help

Edited by Budapest, 21 March 2012 - 06:19 PM.
Moved from Vista ~Budapest


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 25 March 2012 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not able to provide accurate information for 64 bit systems.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#3 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 25 March 2012 - 11:13 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Rob n kal at 9:11:26 on 2012-03-25
.
============== Running Processes ===============
.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\Rob n kal\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hp-desktop.aol.com/?icid=notebook
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [RealtekHDAUpgrade] RealtekHDAUpgrade
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1D446D67-2EAC-4993-BCA6-35877466C5B0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{785A11EC-81A2-4B08-82B1-E6A34C31CFDF} : DhcpNameServer = 192.168.1.1
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [RealtekHDAUpgrade] RealtekHDAUpgrade
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob n kal\AppData\Roaming\Mozilla\Firefox\Profiles\ynymx220.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? MatSvc;Microsoft Automated Troubleshooting Service
R? NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit
R? NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
R? PerfHost;Performance Counter DLL Host
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AdobeARMservice;Adobe Acrobat Update Service
S? AdvancedSystemCareService5;Advanced SystemCare Service 5
S? FontCache;Windows Font Cache Service
S? MpFilter;Microsoft Malware Protection Driver
S? MpNWMon;Microsoft Malware Protection Network Driver
S? NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-25 08:45:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEB560C7-061D-4B93-9C54-0B00055E4EFE}\offreg.dll
2012-03-25 08:44:07 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEB560C7-061D-4B93-9C54-0B00055E4EFE}\mpengine.dll
2012-03-25 01:12:29 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-03-24 23:02:35 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\PCPro
2012-03-24 23:02:35 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\PC Cleaners
2012-03-24 22:59:51 5276432 ----a-w- C:\Windows\uninst.exe
2012-03-24 22:59:48 -------- d-----w- C:\ProgramData\PC1Data
2012-03-24 22:48:54 -------- d-----w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-24 21:54:48 165376 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-03-24 20:25:17 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\Malwarebytes
2012-03-24 20:24:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-24 20:11:10 -------- d-----w- C:\NVIDIA
2012-03-24 19:13:14 -------- d-----w- C:\ProgramData\Driver Utilities
2012-03-24 18:58:00 -------- d-----w- C:\Program Files (x86)\AeroSnap
2012-03-24 05:53:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-24 05:32:08 -------- d-----w- C:\Users\Rob n kal\AppData\Local\FixItCenter
2012-03-24 05:27:36 -------- d-----w- C:\Windows\MATS
2012-03-24 05:27:33 -------- d-----w- C:\Program Files\Microsoft Fix it Center
2012-03-24 05:15:20 -------- d-sh--w- C:\found.000
2012-03-24 03:41:05 -------- d-----w- C:\Program Files\Motorola
2012-03-24 00:47:26 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-03-24 00:37:51 -------- d-----w- C:\Program Files (x86)\Temp
2012-03-24 00:22:46 -------- d-----w- C:\ProgramData\IObit
2012-03-24 00:22:25 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\IObit
2012-03-24 00:22:10 -------- d-----w- C:\Program Files (x86)\IObit
2012-03-24 00:11:33 377344 ----a-w- C:\Windows\System32\NVUNINST.EXE
2012-03-24 00:09:52 -------- d-----w- C:\Intel
2012-03-23 23:52:28 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\QuickScan
2012-03-23 05:33:38 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-23 05:17:54 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-03-23 01:47:39 -------- d-----w- C:\Users\Rob n kal\AppData\Local\PackageAware
2012-03-23 01:46:06 -------- d-----w- C:\Program Files\CCleaner
2012-03-23 00:36:27 -------- d-----w- C:\Windows\msdownld.tmp
2012-03-22 14:52:09 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Microsoft Help
2012-03-22 14:43:32 -------- d-----w- C:\ProgramData\Ask
2012-03-22 14:41:58 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-22 14:32:31 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-03-21 23:47:35 -------- d-----w- C:\8c9edc483f09181410ad8fd6e6
2012-03-21 23:02:03 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68712E9D-8838-48D5-B472-3D0A74B797F1}\gapaengine.dll
2012-03-21 22:54:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-21 22:54:27 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-21 22:53:41 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-03-21 21:53:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-21 03:40:48 -------- d-----w- C:\Users\Rob n kal\AppData\Local\NPE
2012-03-21 00:28:16 -------- d-----w- C:\N360_BACKUP
2012-03-20 15:16:41 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-20 15:04:19 -------- d-----w- C:\Users\Rob n kal\AppData\Local\temp
2012-03-20 14:27:06 -------- d-----w- C:\Users\Rob n kal\AppData\Local\CrashDumps
2012-03-20 14:21:44 98816 ----a-w- C:\Windows\sed.exe
2012-03-20 14:21:44 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-20 14:21:44 256000 ----a-w- C:\Windows\PEV.exe
2012-03-20 14:21:44 208896 ----a-w- C:\Windows\MBR.exe
2012-03-20 14:12:00 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-03-16 10:00:21 -------- d-----w- C:\Windows\CheckSur
2012-03-15 22:41:27 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\HpUpdate
2012-03-15 22:41:24 -------- d-----w- C:\Windows\Hewlett-Packard
2012-03-10 22:10:55 -------- d-----w- C:\Program Files\iPod
2012-03-10 22:10:53 -------- d-----w- C:\Program Files\iTunes
2012-03-10 22:10:53 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-10 22:05:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-10 22:05:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-10 22:05:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-10 22:05:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-10 22:05:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-10 22:05:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-10 22:05:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-02 00:11:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 23:24:01 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
2012-03-01 15:33:56 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAA.DLL
2012-03-01 15:33:56 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAA.DLL
2012-03-01 15:32:48 361472 ----a-w- C:\Windows\System32\CNMLMAA.DLL
2012-03-01 15:30:07 348672 ----a-w- C:\Windows\System32\CNC280L.dll
2012-03-01 15:30:07 307200 ----a-w- C:\Windows\SysWow64\CNC280L.dll
2012-03-01 15:30:07 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2012-03-01 15:30:07 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2012-03-01 15:30:07 1354240 ----a-w- C:\Windows\System32\CNC280C.dll
2012-03-01 15:30:07 112128 ----a-w- C:\Windows\System32\CNC280I.dll
2012-03-01 15:30:07 106496 ----a-w- C:\Windows\SysWow64\CNC280U.dll
2012-03-01 14:53:59 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Apple Computer
2012-03-01 14:53:34 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-01 14:53:34 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-01 14:53:34 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-01 14:52:50 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-01 14:51:28 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Apple
2012-03-01 14:48:16 -------- d-----w- C:\Program Files\Bonjour
2012-03-01 14:48:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-01 14:29:07 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Adobe
2012-03-01 06:32:59 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Google
2012-03-01 06:32:18 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Apps
2012-03-01 06:32:17 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Deployment
2012-03-01 06:16:13 525792 ----a-w- C:\Windows\System32\difxapi.dll
2012-03-01 06:09:11 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-03-01 06:09:11 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-03-01 06:05:56 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-03-01 06:05:45 -------- d-----w- C:\ProgramData\NortonInstaller
2012-03-01 06:04:10 -------- d-----w- C:\ProgramData\Norton
2012-03-01 06:01:11 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-03-01 06:01:10 -------- d-----w- C:\Users\Rob n kal\AppData\Local\ID Vault
2012-03-01 05:59:46 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\ID Vault
2012-03-01 05:58:26 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-03-01 05:57:59 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-03-01 05:24:55 -------- d-----w- C:\Windows\SysWow64\spool
2012-03-01 05:24:54 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-03-01 05:24:48 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-03-01 05:19:33 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-03-01 04:44:07 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-03-01 04:44:07 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-03-01 04:44:07 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-03-01 04:44:06 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-03-01 04:44:06 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-03-01 04:44:06 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-03-01 04:32:59 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2012-03-01 04:31:56 559616 ----a-w- C:\Windows\System32\EncDec.dll
2012-03-01 04:29:33 76800 ----a-w- C:\Windows\System32\packager.dll
2012-03-01 04:29:33 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-01 03:56:56 -------- d-----w- C:\Windows\SysWow64\vi-VN
2012-03-01 03:56:56 -------- d-----w- C:\Windows\SysWow64\eu-ES
2012-03-01 03:56:56 -------- d-----w- C:\Windows\SysWow64\ca-ES
2012-03-01 03:56:56 -------- d-----w- C:\Windows\System32\eu-ES
2012-03-01 03:56:56 -------- d-----w- C:\Windows\System32\ca-ES
2012-03-01 03:56:54 -------- d-----w- C:\Windows\System32\vi-VN
2012-03-01 03:43:59 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-01 03:43:08 12240896 ----a-w- C:\Windows\SysWow64\NlsLexicons0007.dll
2012-03-01 03:43:07 12240896 ----a-w- C:\Windows\System32\NlsLexicons0007.dll
2012-03-01 03:43:02 710144 ----a-w- C:\Windows\System32\SLCExt.dll
2012-03-01 03:43:02 2582016 ----a-w- C:\Windows\System32\SLsvc.exe
2012-03-01 03:43:02 2146304 ----a-w- C:\Windows\System32\FunctionDiscoveryFolder.dll
2012-03-01 03:43:02 2134528 ----a-w- C:\Windows\SysWow64\FunctionDiscoveryFolder.dll
2012-03-01 03:43:00 2644480 ----a-w- C:\Windows\SysWow64\NlsLexicons0009.dll
2012-03-01 03:43:00 2644480 ----a-w- C:\Windows\System32\NlsLexicons0009.dll
2012-03-01 03:41:59 1074176 ----a-w- C:\Windows\System32\mcmde.dll
2012-03-01 03:05:15 18904 ----a-w- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
2012-03-01 03:05:15 18904 ----a-w- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2012-03-01 02:47:37 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-03-01 02:47:37 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-03-01 02:47:37 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-01 02:47:37 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-03-01 02:47:37 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-03-01 02:47:37 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-03-01 02:47:37 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-03-01 02:47:37 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-01 02:47:37 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-01 02:47:37 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-03-01 02:46:12 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2012-03-01 02:46:12 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2012-03-01 02:46:09 13312 ----a-w- C:\Windows\System32\wsmplpxy.dll
2012-03-01 02:46:09 13312 ----a-w- C:\Windows\System32\winrssrv.dll
2012-03-01 02:46:04 10240 ----a-w- C:\Windows\SysWow64\wsmplpxy.dll
2012-03-01 02:46:04 10240 ----a-w- C:\Windows\SysWow64\winrssrv.dll
2012-03-01 02:38:59 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2012-03-01 02:37:59 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-03-01 02:33:49 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2012-03-01 02:32:35 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-03-01 02:32:35 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-03-01 02:32:35 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-03-01 02:31:11 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2012-03-01 02:31:11 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2012-03-01 02:09:32 -------- d-----w- C:\PerfLogs
2012-03-01 01:23:06 6144 ----a-w- C:\Windows\System32\drivers\en-US\luafv.sys.mui
2012-03-01 01:22:57 19968 ----a-w- C:\Windows\System32\drivers\en-US\mpio.sys.mui
2012-03-01 01:22:36 4608 ----a-w- C:\Windows\System32\drivers\en-US\tpm.sys.mui
2012-03-01 01:22:28 59904 ----a-w- C:\Windows\System32\sxproxy.dll
2012-03-01 01:22:25 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-03-01 01:22:21 24064 ----a-w- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
2012-03-01 01:22:20 217088 ----a-w- C:\Windows\System32\recdisc.exe
2012-03-01 01:22:12 7680 ----a-w- C:\Windows\System32\sdspres.dll
2012-03-01 01:20:59 75264 ----a-w- C:\Windows\System32\mfvdsp.dll
2012-03-01 01:19:54 25088 ----a-w- C:\Windows\SysWow64\Nlsdl.dll
2012-03-01 01:18:57 17920 ----a-w- C:\Windows\SysWow64\PlaySndSrv.dll
2012-03-01 01:17:59 85504 ----a-w- C:\Windows\System32\nci.dll
2012-03-01 01:16:59 90112 ----a-w- C:\Windows\System32\HelpPaneProxy.dll
2012-03-01 01:15:59 92160 ----a-w- C:\Windows\System32\vsstrace.dll
2012-03-01 00:28:03 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2012-02-29 23:56:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-29 23:35:05 280576 ----a-w- C:\Windows\System32\rastls.dll
2012-02-29 23:35:05 243712 ----a-w- C:\Windows\SysWow64\rastls.dll
2012-02-29 23:30:59 3466752 ----a-w- C:\Windows\SysWow64\NlsData0013.dll
2012-02-29 23:28:52 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-02-29 23:26:54 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2012-02-29 23:26:53 84480 ----a-w- C:\Windows\System32\INETRES.dll
2012-02-29 18:50:21 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2012-02-29 18:50:21 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2012-02-29 18:50:20 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2012-02-29 18:50:20 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
2012-02-29 18:38:33 23552 ----a-w- C:\Windows\SysWow64\lpk.dll
2012-02-29 18:38:33 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-02-29 18:38:32 14336 ----a-w- C:\Windows\System32\dciman32.dll
2012-02-29 18:38:31 32768 ----a-w- C:\Windows\System32\lpk.dll
2012-02-29 18:37:06 772608 ----a-w- C:\Windows\System32\localspl.dll
2012-02-29 18:37:06 623616 ----a-w- C:\Windows\SysWow64\localspl.dll
2012-02-29 18:35:43 677376 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2012-02-29 18:35:43 1305600 ----a-w- C:\Windows\System32\rpcrt4.dll
2012-02-29 18:34:07 656896 ----a-w- C:\Windows\System32\kerberos.dll
2012-02-29 18:34:07 499712 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-02-29 18:32:35 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
2012-02-29 18:32:35 225280 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-02-29 18:32:34 18432 ----a-w- C:\Windows\System32\drivers\TUNMP.SYS
2012-02-29 18:31:09 441856 ----a-w- C:\Windows\System32\WSDApi.dll
2012-02-29 18:31:09 355328 ----a-w- C:\Windows\SysWow64\WSDApi.dll
2012-02-29 18:28:13 818688 ----a-w- C:\Windows\System32\WMSPDMOD.DLL
2012-02-29 18:28:13 604672 ----a-w- C:\Windows\SysWow64\WMSPDMOD.DLL
2012-02-29 18:25:54 7680 ----a-w- C:\Windows\SysWow64\kbd106n.dll
2012-02-29 18:25:54 7680 ----a-w- C:\Windows\System32\kbd106n.dll
2012-02-29 18:23:53 44544 ----a-w- C:\Windows\System32\printcom.dll
2012-02-29 18:23:53 37888 ----a-w- C:\Windows\SysWow64\printcom.dll
2012-02-29 18:07:56 3532088 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-29 18:07:52 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E4CEE15-7F04-44A6-9E64-717CD4947396}\mpengine.dll
2012-02-29 18:07:52 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-29 17:27:39 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-02-29 17:27:39 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-02-29 17:27:38 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-02-29 17:27:38 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-02-29 17:27:37 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2012-02-29 17:27:37 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2012-02-29 17:26:34 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2012-02-29 17:26:34 136192 ----a-w- C:\Windows\SysWow64\aaclient.dll
2012-02-29 17:26:33 45056 ----a-w- C:\Windows\System32\tsgqec.dll
2012-02-29 17:26:33 151552 ----a-w- C:\Windows\System32\aaclient.dll
2012-02-29 17:25:33 380928 ----a-w- C:\Windows\System32\polstore.dll
2012-02-29 17:25:33 100864 ----a-w- C:\Windows\System32\winipsec.dll
2012-02-29 17:22:36 880640 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-29 17:22:36 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-29 17:21:29 620032 ----a-w- C:\Windows\System32\drivers\http.sys
2012-02-29 17:21:29 33792 ----a-w- C:\Windows\System32\httpapi.dll
2012-02-29 17:21:29 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2012-02-29 17:21:29 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll
2012-02-29 17:21:29 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2012-02-29 17:11:23 60416 ----a-w- C:\Windows\System32\rrinstaller.exe
2012-02-29 17:11:23 2048 ----a-w- C:\Windows\System32\mferror.dll
2012-02-29 17:11:22 53248 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2012-02-29 17:11:22 24576 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2012-02-29 17:11:22 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2012-02-29 17:10:48 218624 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-02-29 17:10:48 205312 ----a-w- C:\Windows\System32\wdigest.dll
2012-02-29 17:10:48 175104 ----a-w- C:\Windows\SysWow64\wdigest.dll
2012-02-29 17:10:47 269312 ----a-w- C:\Windows\System32\msv1_0.dll
2012-02-29 17:10:21 88576 ----a-w- C:\Windows\System32\atl.dll
2012-02-29 17:10:21 71680 ----a-w- C:\Windows\SysWow64\atl.dll
2012-02-29 17:07:14 82944 ----a-w- C:\Windows\System32\msasn1.dll
2012-02-29 17:07:14 60928 ----a-w- C:\Windows\SysWow64\msasn1.dll
2012-02-29 17:06:31 203264 ----a-w- C:\Windows\System32\wkssvc.dll
2012-02-29 17:05:04 72192 ----a-w- C:\Windows\System32\l3codeca.acm
2012-02-29 17:05:04 62464 ----a-w- C:\Windows\SysWow64\l3codeca.acm
2012-02-29 17:05:04 220672 ----a-w- C:\Windows\SysWow64\l3codecp.acm
2012-02-29 17:05:04 181760 ----a-w- C:\Windows\System32\l3codecp.acm
2012-02-29 17:00:19 157184 ----a-w- C:\Windows\System32\L2SecHC.dll
2012-02-29 17:00:19 127488 ----a-w- C:\Windows\SysWow64\L2SecHC.dll
2012-02-29 17:00:18 68096 ----a-w- C:\Windows\SysWow64\wlanhlp.dll
2012-02-29 17:00:18 65024 ----a-w- C:\Windows\SysWow64\wlanapi.dll
2012-02-29 17:00:18 302592 ----a-w- C:\Windows\SysWow64\wlansec.dll
2012-02-29 17:00:18 293376 ----a-w- C:\Windows\SysWow64\wlanmsm.dll
2012-02-29 17:00:17 97792 ----a-w- C:\Windows\System32\wlanhlp.dll
2012-02-29 17:00:17 86528 ----a-w- C:\Windows\System32\wlanapi.dll
2012-02-29 17:00:17 615936 ----a-w- C:\Windows\System32\wlansvc.dll
2012-02-29 17:00:17 376832 ----a-w- C:\Windows\System32\wlansec.dll
2012-02-29 17:00:17 353280 ----a-w- C:\Windows\System32\wlanmsm.dll
2012-02-29 17:00:14 15181 ----a-w- C:\Windows\System32\gatherWirelessInfo.vbs
2012-02-29 16:59:23 336896 ----a-w- C:\Program Files\Movie Maker\WMM2AE.dll
2012-02-29 16:59:23 26624 ----a-w- C:\Program Files\Movie Maker\WMM2EXT.dll
2012-02-29 16:08:43 -------- d-----w- C:\23fb2934eb95baa64f8eca1f
2012-02-29 16:06:28 -------- d-----w- C:\268e79b7ed766f69bcec617465508d
2012-02-29 15:17:51 -------- d-----w- C:\f6c57c28ab7cab7a722115dbb2ed72
2012-02-29 15:10:00 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-02-29 15:10:00 104960 ----a-w- C:\Windows\System32\cabview.dll
2012-02-29 15:09:43 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-29 15:09:43 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-29 15:06:13 16200 ----a-w- C:\Windows\stinger.sys
2012-02-29 15:05:57 -------- d-----w- C:\Program Files (x86)\stinger
2012-02-29 15:05:07 -------- d-----w- C:\Users\Rob n kal\AppData\Local\ElevatedDiagnostics
2012-02-29 15:00:06 2621440 ----a-w- C:\Windows\System32\wucltux.dll
2012-02-29 14:59:52 98816 ----a-w- C:\Windows\System32\wudriver.dll
2012-02-29 14:59:52 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-02-29 14:59:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-02-29 14:59:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-02-29 14:59:32 185416 ----a-w- C:\Windows\System32\wuwebv.dll
2012-02-29 14:59:32 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-02-29 13:57:56 -------- d-----w- C:\Users\Rob n kal\AppData\Roaming\Symantec
2012-02-29 13:57:30 -------- d-----w- C:\Users\Rob n kal\AppData\Local\QuickPlay
2012-02-29 13:56:58 -------- d-----w- C:\Users\Rob n kal\AppData\Local\VirtualStore
2012-02-29 13:55:26 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-29 13:54:01 -------- d-----w- C:\ProgramData\Electronic Arts
2012-02-29 13:53:25 -------- d-----w- C:\Users\Rob n kal\AppData\Local\Downloaded Installations
2012-02-29 13:43:18 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2012-03-23 04:57:32 525792 ----a-w- C:\Windows\DIFxAPI.dll
2012-03-01 02:00:54 101888 ----a-w- C:\Windows\SysWow64\ifxcardm.dll
2012-03-01 02:00:35 82432 ----a-w- C:\Windows\SysWow64\axaltocm.dll
2012-03-01 02:00:09 134144 ----a-w- C:\Windows\System32\ifxcardm.dll
2012-03-01 01:59:40 133632 ----a-w- C:\Windows\System32\axaltocm.dll
2012-02-29 23:30:59 4497408 ----a-w- C:\Windows\SysWow64\NlsData0019.dll
2012-02-29 18:46:43 93184 ----a-w- C:\Windows\System32\mciavi32.dll
2012-02-29 18:40:12 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2012-02-29 17:09:29 9728 ----a-w- C:\Windows\SysWow64\TCPSVCS.EXE
2012-02-29 17:04:07 43520 ----a-w- C:\Windows\SysWow64\msdxm.tlb
2012-02-29 17:04:07 43520 ----a-w- C:\Windows\System32\msdxm.tlb
2012-02-29 17:04:07 368128 ----a-w- C:\Windows\System32\wmpdxm.dll
2012-02-29 17:04:07 313344 ----a-w- C:\Windows\SysWow64\wmpdxm.dll
2012-02-29 17:04:07 18432 ----a-w- C:\Windows\SysWow64\amcompat.tlb
2012-02-29 17:04:07 18432 ----a-w- C:\Windows\System32\amcompat.tlb
2012-02-29 17:04:05 7680 ----a-w- C:\Windows\SysWow64\spwmp.dll
2012-02-29 17:04:05 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2012-02-29 17:04:04 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2012-02-29 17:04:03 9216 ----a-w- C:\Windows\System32\spwmp.dll
2012-02-29 17:04:02 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2012-02-29 17:04:02 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-19 17:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE
2012-01-09 16:16:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-01-09 15:54:08 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-01-09 14:27:49 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 9:12:12.22 ===============
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advanced SystemCare 5
AeroSnap 0.61
Apple Application Support
Apple Software Update
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
DVD Suite
EA Link
ESU for Microsoft Vista
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard ACLM.NET v1.1.0.0
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Smart Web Printing
HP Update
HP User Guides 0087
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Java Auto Updater
Java™ 6 Update 31
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 11.0 (x86 en-US)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.4
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Slingbox Flash Tour
SlingPlayer
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
.
==== End Of File ===========================

#4 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 25 March 2012 - 11:19 AM

Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java™ 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 25 March 2012 - 12:41 PM

Windows Vista x64 (UAC is enabled)
Out of date service pack!!


I strongly suggest you install these 2 service packs soon after we have cleaned this computer.

http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=WINDOWS+vista
Support for Windows Vista without any service packs has ended on April 13, 2010.
Windows Vista Service Pack 1 support ended on 12/07/2011

For continued security support from Microsoft get the Service Pack 2.
http://support.microsoft.com/kb/935791

As indicated on the Micosoft page SP1 must be installed before proceeding to install SP2.
You will find the necessary link on the page.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the log and let me know what problem persists.

#6 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 25 March 2012 - 02:05 PM

I am running combo fix and it keeps restarting the computer i will continue running it my computer says i already have SP2 for vista aswell

#7 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 25 March 2012 - 04:30 PM

Still restarting windows after every attempt to run it completes all steps then says rebooting windows instead of creating a log

#8 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 25 March 2012 - 06:38 PM

I have ran combo fix close to 20 times now will continue if i do not hear back any input would help thank you so much for your help

#9 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 26 March 2012 - 12:27 AM

no sucess combofix does nothing, some of the startups sad that another item was using this process before it started runnning i can not get a log

#10 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 26 March 2012 - 09:52 AM

I have zero progress combofix still reboots window then upon restart has to be reinitalized to start again, on information of a infection given on log. It gets to step 50 the makes 2 or 3 blank lines then reboots windows. On some restarts of the program it says it cannot be used because its being used by another process then shortly after combomfix is preparing to run appears, and it takes a long time for a restore point to be made.

#11 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 26 March 2012 - 10:30 AM

here is a combofix log i found
ComboFix 12-03-20.01 - Rob n kal 03/20/2012 7:55.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2414 [GMT -7:00]
Running from: c:\users\Rob n kal\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\SysWow64\KBL.LOG
c:\windows\WindowsUpdate.log
.
c:\windows\SysWow64\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 15:04 . 2012-03-20 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 14:12 . 2012-03-20 14:12 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-16 10:00 . 2012-03-16 10:00 -------- d-----w- c:\windows\CheckSur
2012-03-15 22:41 . 2012-03-15 22:41 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-10 22:10 . 2012-03-10 22:10 -------- d-----w- c:\program files\iPod
2012-03-10 22:10 . 2012-03-10 22:11 -------- d-----w- c:\program files\iTunes
2012-03-10 22:10 . 2012-03-10 22:11 -------- d-----w- c:\program files (x86)\iTunes
2012-03-10 22:05 . 2012-03-10 22:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-10 22:05 . 2012-03-10 22:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-10 22:05 . 2012-03-10 22:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-10 22:05 . 2012-03-10 22:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-10 22:05 . 2012-03-10 22:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-10 22:05 . 2012-03-10 22:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-10 22:05 . 2012-03-10 22:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-10 22:05 . 2012-03-10 22:05 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-08 02:48 . 2012-03-08 02:48 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-02 00:11 . 2012-03-02 00:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-02 00:11 . 2012-03-02 00:11 -------- d-----w- c:\windows\system32\Macromed
2012-03-01 15:34 . 2012-03-01 15:34 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-03-01 15:34 . 2012-03-01 15:34 -------- d--h--w- c:\programdata\CanonBJ
2012-03-01 15:33 . 2010-08-25 13:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAA.DLL
2012-03-01 15:33 . 2010-08-25 13:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAA.DLL
2012-03-01 15:32 . 2010-08-25 13:00 361472 ----a-w- c:\windows\system32\CNMLMAA.DLL
2012-03-01 15:30 . 2010-03-19 03:26 348672 ----a-w- c:\windows\system32\CNC280L.dll
2012-03-01 15:30 . 2010-03-19 03:25 307200 ----a-w- c:\windows\SysWow64\CNC280L.dll
2012-03-01 15:30 . 2010-03-19 01:13 1354240 ----a-w- c:\windows\system32\CNC280C.dll
2012-03-01 15:30 . 2010-03-19 01:13 112128 ----a-w- c:\windows\system32\CNC280I.dll
2012-03-01 15:30 . 2010-03-19 01:11 106496 ----a-w- c:\windows\SysWow64\CNC280U.dll
2012-03-01 15:30 . 2008-08-26 02:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2012-03-01 15:30 . 2008-08-26 02:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-03-01 14:53 . 2009-05-18 21:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-01 14:53 . 2008-04-17 20:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-01 06:07 . 2012-03-01 14:37 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-01 06:05 . 2012-03-07 16:20 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-03-01 06:05 . 2012-03-01 06:05 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-03-01 06:05 . 2012-03-01 06:05 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-03-01 06:04 . 2012-03-01 06:05 -------- d-----w- c:\programdata\Norton
2012-03-01 06:01 . 2012-03-01 06:01 -------- d-----w- c:\programdata\IsolatedStorage
2012-03-01 05:58 . 2012-03-08 02:48 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-03-01 05:57 . 2012-03-01 05:57 -------- d-----w- c:\programdata\White Sky, Inc
2012-03-01 05:24 . 2012-03-01 05:24 -------- d-----w- c:\windows\SysWow64\spool
2012-03-01 05:24 . 2012-03-01 05:24 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-03-01 05:24 . 2012-03-01 05:24 -------- d-----w- c:\program files\Windows Portable Devices
2012-03-01 05:19 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2012-03-01 04:44 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-03-01 04:44 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-03-01 04:44 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-03-01 04:44 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-03-01 04:44 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-03-01 04:44 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-03-01 04:32 . 2011-01-20 16:16 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-01 04:31 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-03-01 04:29 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-03-01 04:29 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-01 03:56 . 2012-03-01 03:57 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-03-01 03:56 . 2012-03-01 03:57 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-03-01 03:56 . 2012-03-01 03:57 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-03-01 03:56 . 2012-03-01 03:57 -------- d-----w- c:\windows\system32\ca-ES
2012-03-01 03:56 . 2012-03-01 03:57 -------- d-----w- c:\windows\system32\eu-ES
2012-03-01 03:56 . 2012-03-01 03:57 -------- d-----w- c:\windows\system32\vi-VN
2012-03-01 03:43 . 2012-03-01 03:43 -------- d-----w- c:\windows\system32\EventProviders
2012-03-01 03:43 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\SysWow64\NlsLexicons0007.dll
2012-03-01 03:43 . 2009-04-11 06:12 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2012-03-01 03:43 . 2009-04-11 07:11 710144 ----a-w- c:\windows\system32\SLCExt.dll
2012-03-01 03:43 . 2009-04-11 07:11 2146304 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2012-03-01 03:43 . 2009-04-11 07:10 2582016 ----a-w- c:\windows\system32\SLsvc.exe
2012-03-01 03:43 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\SysWow64\FunctionDiscoveryFolder.dll
2012-03-01 03:43 . 2009-04-11 06:12 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2012-03-01 03:43 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\SysWow64\NlsLexicons0009.dll
2012-03-01 03:41 . 2009-04-11 07:11 1074176 ----a-w- c:\windows\system32\mcmde.dll
2012-03-01 03:05 . 2008-05-27 04:59 18904 ----a-w- c:\windows\SysWow64\StructuredQuerySchemaTrivial.bin
2012-03-01 03:05 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-03-01 02:47 . 2009-11-08 18:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-01 02:47 . 2009-11-08 18:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-01 02:47 . 2009-11-08 18:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-01 02:47 . 2009-11-08 18:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-01 02:47 . 2009-11-08 18:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-01 02:47 . 2009-11-08 18:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-01 02:47 . 2009-11-08 18:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-01 02:47 . 2009-11-08 18:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-01 02:47 . 2009-11-08 18:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-01 02:47 . 2009-11-08 18:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-01 02:46 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2012-03-01 02:46 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-03-01 02:46 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2012-03-01 02:46 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
2012-03-01 02:46 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2012-03-01 02:46 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
2012-03-01 02:38 . 2010-08-31 15:46 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-03-01 02:37 . 2011-04-29 13:41 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-03-01 02:33 . 2010-11-06 11:18 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-03-01 02:32 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-03-01 02:32 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-03-01 02:32 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2012-03-01 02:31 . 2010-08-20 16:57 1090048 ----a-w- c:\windows\system32\wmpmde.dll
2012-03-01 02:31 . 2010-08-20 16:05 867328 ----a-w- c:\windows\SysWow64\wmpmde.dll
2012-03-01 02:09 . 2012-03-01 02:09 -------- d-----w- C:\PerfLogs
2012-03-01 01:23 . 2008-01-19 07:57 6144 ----a-w- c:\windows\system32\drivers\en-US\luafv.sys.mui
2012-03-01 01:22 . 2008-01-19 08:10 19968 ----a-w- c:\windows\system32\drivers\en-US\mpio.sys.mui
2012-03-01 01:22 . 2008-01-19 08:01 4608 ----a-w- c:\windows\system32\drivers\en-US\tpm.sys.mui
2012-03-01 01:22 . 2008-01-19 08:04 59904 ----a-w- c:\windows\system32\sxproxy.dll
2012-03-01 01:22 . 2008-01-19 08:00 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-03-01 01:22 . 2008-01-19 08:03 24064 ----a-w- c:\windows\system32\drivers\en-US\volsnap.sys.mui
2012-03-01 01:22 . 2008-01-19 08:00 217088 ----a-w- c:\windows\system32\recdisc.exe
2012-03-01 01:22 . 2008-01-19 08:03 7680 ----a-w- c:\windows\system32\sdspres.dll
2012-03-01 01:20 . 2008-01-19 08:02 75264 ----a-w- c:\windows\system32\mfvdsp.dll
2012-03-01 01:19 . 2008-01-19 07:35 25088 ----a-w- c:\windows\SysWow64\Nlsdl.dll
2012-03-01 01:18 . 2008-01-19 07:36 17920 ----a-w- c:\windows\SysWow64\PlaySndSrv.dll
2012-03-01 01:17 . 2008-01-19 08:03 85504 ----a-w- c:\windows\system32\nci.dll
2012-03-01 01:16 . 2008-01-19 08:01 90112 ----a-w- c:\windows\system32\HelpPaneProxy.dll
2012-03-01 01:15 . 2008-01-19 08:04 34816 ----a-w- c:\windows\system32\werdiagcontroller.dll
2012-03-01 00:28 . 2012-03-01 00:28 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-02-29 23:56 . 2012-02-29 23:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-29 23:35 . 2012-02-29 23:35 280576 ----a-w- c:\windows\system32\rastls.dll
2012-02-29 23:35 . 2012-02-29 23:35 243712 ----a-w- c:\windows\SysWow64\rastls.dll
2012-02-29 23:30 . 2012-02-29 23:30 1965056 ----a-w- c:\windows\SysWow64\NlsData0018.dll
2012-02-29 23:28 . 2012-02-29 23:28 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-29 23:26 . 2012-02-29 23:26 84480 ----a-w- c:\windows\SysWow64\INETRES.dll
2012-02-29 23:26 . 2012-02-29 23:26 84480 ----a-w- c:\windows\system32\INETRES.dll
2012-02-29 18:50 . 2012-02-29 18:50 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2012-02-29 18:50 . 2012-02-29 18:50 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2012-02-29 18:50 . 2012-02-29 18:50 372736 ----a-w- c:\windows\system32\unregmp2.exe
2012-02-29 18:50 . 2012-02-29 18:50 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-02-29 18:38 . 2012-02-29 18:38 23552 ----a-w- c:\windows\SysWow64\lpk.dll
2012-02-29 18:38 . 2012-02-29 18:38 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 02:00 . 2006-11-02 12:39 101888 ----a-w- c:\windows\SysWow64\ifxcardm.dll
2012-03-01 02:00 . 2006-11-02 12:39 82432 ----a-w- c:\windows\SysWow64\axaltocm.dll
2012-03-01 02:00 . 2006-11-02 12:46 134144 ----a-w- c:\windows\system32\ifxcardm.dll
2012-03-01 01:59 . 2006-11-02 12:46 133632 ----a-w- c:\windows\system32\axaltocm.dll
2012-02-29 18:40 . 2012-02-29 18:40 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 120320]
"RtHDVCpl"="RAVCpl64.exe" [2007-08-17 5423104]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
c:\users\Rob n kal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPKU3U88\STOPzilla_Setup.exe
.
**************************************************************************
.
Completion time: 2012-03-20 08:12:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 15:12
.
Pre-Run: 252,677,378,048 bytes free
Post-Run: 252,460,040,192 bytes free

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 27 March 2012 - 07:53 AM

Sorry for this delay. I lost my internet connection for most of yesterday.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    userinit.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please post the logs for my review.

#13 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 27 March 2012 - 08:41 AM

20:30:40.0153 3092 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:30:40.0684 3092 ============================================================
20:30:40.0684 3092 Current date / time: 2012/03/26 20:30:40.0684
20:30:40.0684 3092 SystemInfo:
20:30:40.0684 3092
20:30:40.0684 3092 OS Version: 6.0.6002 ServicePack: 2.0
20:30:40.0684 3092 Product type: Workstation
20:30:40.0684 3092 ComputerName: ROBNKAL-PC
20:30:40.0684 3092 UserName: Rob n kal
20:30:40.0684 3092 Windows directory: C:\Windows
20:30:40.0684 3092 System windows directory: C:\Windows
20:30:40.0684 3092 Running under WOW64
20:30:40.0684 3092 Processor architecture: Intel x64
20:30:40.0684 3092 Number of processors: 2
20:30:40.0684 3092 Page size: 0x1000
20:30:40.0684 3092 Boot type: Normal boot
20:30:40.0684 3092 ============================================================
20:30:41.0089 3092 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:30:41.0105 3092 \Device\Harddisk0\DR0:
20:30:41.0105 3092 MBR used
20:30:41.0105 3092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23A25B9F
20:30:41.0105 3092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23A25BDE, BlocksNum 0x1A07AE3
20:30:41.0183 3092 Initialize success
20:30:41.0183 3092 ============================================================
20:30:43.0102 3988 ============================================================
20:30:43.0102 3988 Scan started
20:30:43.0102 3988 Mode: Manual;
20:30:43.0102 3988 ============================================================
20:30:45.0005 3988 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:30:45.0020 3988 ACPI - ok
20:30:45.0270 3988 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:30:45.0270 3988 AdobeARMservice - ok
20:30:45.0426 3988 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
20:30:45.0426 3988 adp94xx - ok
20:30:45.0660 3988 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
20:30:45.0676 3988 adpahci - ok
20:30:46.0222 3988 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
20:30:46.0222 3988 adpu160m - ok
20:30:46.0440 3988 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
20:30:46.0440 3988 adpu320 - ok
20:30:46.0877 3988 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
20:30:46.0877 3988 AdvancedSystemCareService5 - ok
20:30:47.0095 3988 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:30:47.0095 3988 AeLookupSvc - ok
20:30:47.0329 3988 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:30:47.0329 3988 AFD - ok
20:30:47.0548 3988 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
20:30:47.0548 3988 agp440 - ok
20:30:47.0922 3988 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:30:47.0922 3988 aic78xx - ok
20:30:48.0250 3988 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:30:48.0250 3988 ALG - ok
20:30:48.0515 3988 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:30:48.0515 3988 aliide - ok
20:30:48.0764 3988 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:30:48.0764 3988 amdide - ok
20:30:49.0295 3988 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\DRIVERS\amdk8.sys
20:30:49.0295 3988 AmdK8 - ok
20:30:49.0513 3988 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:30:49.0513 3988 Appinfo - ok
20:30:49.0747 3988 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:30:49.0763 3988 Apple Mobile Device - ok
20:30:50.0075 3988 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
20:30:50.0075 3988 arc - ok
20:30:50.0122 3988 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
20:30:50.0122 3988 arcsas - ok
20:30:50.0184 3988 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:50.0184 3988 AsyncMac - ok
20:30:50.0246 3988 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:30:50.0246 3988 atapi - ok
20:30:50.0324 3988 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:30:50.0324 3988 AudioEndpointBuilder - ok
20:30:50.0340 3988 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:30:50.0340 3988 AudioSrv - ok
20:30:50.0512 3988 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:30:50.0512 3988 BCM43XV - ok
20:30:50.0824 3988 Beep - ok
20:30:51.0011 3988 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:30:51.0011 3988 BFE - ok
20:30:51.0245 3988 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
20:30:51.0260 3988 BITS - ok
20:30:51.0448 3988 blbdrive - ok
20:30:51.0557 3988 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:30:51.0557 3988 Bonjour Service - ok
20:30:51.0791 3988 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:30:51.0791 3988 bowser - ok
20:30:52.0134 3988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:30:52.0134 3988 BrFiltLo - ok
20:30:52.0524 3988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:30:52.0524 3988 BrFiltUp - ok
20:30:52.0914 3988 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:30:52.0914 3988 Browser - ok
20:30:53.0179 3988 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:30:53.0179 3988 Brserid - ok
20:30:53.0554 3988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:30:53.0554 3988 BrSerWdm - ok
20:30:53.0554 3988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:30:53.0554 3988 BrUsbMdm - ok
20:30:53.0569 3988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:30:53.0569 3988 BrUsbSer - ok
20:30:53.0585 3988 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:30:53.0585 3988 BTHMODEM - ok
20:30:53.0944 3988 catchme - ok
20:30:54.0380 3988 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:30:54.0380 3988 cdfs - ok
20:30:54.0646 3988 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:30:54.0646 3988 cdrom - ok
20:30:54.0708 3988 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:30:54.0708 3988 CertPropSvc - ok
20:30:54.0786 3988 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
20:30:54.0786 3988 circlass - ok
20:30:54.0958 3988 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:30:54.0958 3988 CLFS - ok
20:30:55.0114 3988 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:55.0114 3988 clr_optimization_v2.0.50727_32 - ok
20:30:55.0192 3988 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:30:55.0192 3988 clr_optimization_v2.0.50727_64 - ok
20:30:55.0301 3988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:55.0301 3988 clr_optimization_v4.0.30319_32 - ok
20:30:55.0410 3988 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:30:55.0410 3988 clr_optimization_v4.0.30319_64 - ok
20:30:55.0628 3988 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
20:30:55.0628 3988 CmBatt - ok
20:30:56.0096 3988 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:30:56.0096 3988 cmdide - ok
20:30:56.0315 3988 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
20:30:56.0315 3988 Com4Qlb - ok
20:30:56.0658 3988 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
20:30:56.0658 3988 Compbatt - ok
20:30:56.0674 3988 COMSysApp - ok
20:30:56.0720 3988 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
20:30:56.0720 3988 crcdisk - ok
20:30:56.0783 3988 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
20:30:56.0783 3988 CryptSvc - ok
20:30:56.0845 3988 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:30:56.0861 3988 DcomLaunch - ok
20:30:57.0329 3988 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:30:57.0329 3988 DfsC - ok
20:30:57.0547 3988 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:30:57.0578 3988 DFSR - ok
20:30:57.0625 3988 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:30:57.0625 3988 Dhcp - ok
20:30:57.0812 3988 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:30:57.0812 3988 disk - ok
20:30:57.0922 3988 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:30:57.0922 3988 Dnscache - ok
20:30:58.0000 3988 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:30:58.0000 3988 dot3svc - ok
20:30:58.0109 3988 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:30:58.0109 3988 DPS - ok
20:30:58.0280 3988 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:30:58.0280 3988 drmkaud - ok
20:30:58.0624 3988 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:30:58.0624 3988 DXGKrnl - ok
20:30:58.0670 3988 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:30:58.0670 3988 E1G60 - ok
20:30:58.0811 3988 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:30:58.0811 3988 EapHost - ok
20:30:59.0029 3988 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:30:59.0029 3988 Ecache - ok
20:30:59.0154 3988 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:30:59.0154 3988 ehRecvr - ok
20:30:59.0216 3988 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:30:59.0216 3988 ehSched - ok
20:30:59.0419 3988 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:30:59.0419 3988 ehstart - ok
20:30:59.0700 3988 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
20:30:59.0716 3988 elxstor - ok
20:31:00.0152 3988 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:31:00.0152 3988 EMDMgmt - ok
20:31:00.0558 3988 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:31:00.0558 3988 EventSystem - ok
20:31:01.0073 3988 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:31:01.0073 3988 exfat - ok
20:31:01.0634 3988 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:31:01.0634 3988 fastfat - ok
20:31:02.0118 3988 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
20:31:02.0118 3988 fdc - ok
20:31:02.0508 3988 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:31:02.0508 3988 fdPHost - ok
20:31:02.0773 3988 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:31:02.0773 3988 FDResPub - ok
20:31:03.0241 3988 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:31:03.0241 3988 FileInfo - ok
20:31:03.0709 3988 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:31:03.0709 3988 Filetrace - ok
20:31:04.0240 3988 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:04.0240 3988 flpydisk - ok
20:31:04.0583 3988 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:31:04.0583 3988 FltMgr - ok
20:31:05.0222 3988 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:31:05.0222 3988 FontCache - ok
20:31:05.0628 3988 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:05.0628 3988 FontCache3.0.0.0 - ok
20:31:06.0080 3988 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
20:31:06.0080 3988 Fs_Rec - ok
20:31:06.0470 3988 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
20:31:06.0470 3988 gagp30kx - ok
20:31:06.0736 3988 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:06.0736 3988 GEARAspiWDM - ok
20:31:07.0188 3988 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:31:07.0204 3988 gpsvc - ok
20:31:07.0640 3988 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
20:31:07.0640 3988 HdAudAddService - ok
20:31:08.0124 3988 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:08.0124 3988 HDAudBus - ok
20:31:08.0498 3988 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:31:08.0498 3988 HidBth - ok
20:31:08.0764 3988 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:31:08.0764 3988 HidIr - ok
20:31:09.0013 3988 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
20:31:09.0013 3988 hidserv - ok
20:31:09.0372 3988 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
20:31:09.0372 3988 HidUsb - ok
20:31:09.0450 3988 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:31:09.0450 3988 hkmsvc - ok
20:31:09.0622 3988 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:31:09.0622 3988 HP Health Check Service - ok
20:31:09.0824 3988 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
20:31:09.0824 3988 HpCISSs - ok
20:31:10.0261 3988 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:31:10.0261 3988 HpqKbFiltr - ok
20:31:10.0667 3988 HpqRemHid (e53d53d66d61794af8160741946d0b43) C:\Windows\system32\DRIVERS\HpqRemHid.sys
20:31:10.0667 3988 HpqRemHid - ok
20:31:10.0823 3988 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:31:10.0823 3988 hpqwmiex - ok
20:31:11.0322 3988 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:31:11.0322 3988 HSFHWAZL - ok
20:31:11.0774 3988 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:31:11.0790 3988 HSF_DPV - ok
20:31:12.0133 3988 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:31:12.0133 3988 HTTP - ok
20:31:12.0352 3988 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
20:31:12.0352 3988 i2omp - ok
20:31:12.0539 3988 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:12.0539 3988 i8042prt - ok
20:31:12.0726 3988 IAANTMON (68431db6633ed4c9d18226384498310a) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:31:12.0726 3988 IAANTMON - ok
20:31:13.0085 3988 iaStor (ceb53bb804b41c52ab0782505c8e2994) C:\Windows\system32\DRIVERS\iaStor.sys
20:31:13.0100 3988 iaStor - ok
20:31:13.0381 3988 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
20:31:13.0381 3988 iaStorV - ok
20:31:13.0568 3988 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:31:13.0568 3988 IDriverT - ok
20:31:13.0818 3988 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:13.0818 3988 idsvc - ok
20:31:14.0489 3988 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:14.0551 3988 igfx - ok
20:31:14.0848 3988 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:31:14.0848 3988 iirsp - ok
20:31:15.0191 3988 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:31:15.0191 3988 IKEEXT - ok
20:31:15.0846 3988 IntcAzAudAddService (f0a917c80399f0dce2f07237da84c3f0) C:\Windows\system32\drivers\RTKVHD64.sys
20:31:15.0846 3988 IntcAzAudAddService - ok
20:31:16.0142 3988 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:31:16.0142 3988 intelide - ok
20:31:16.0532 3988 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:31:16.0532 3988 intelppm - ok
20:31:16.0751 3988 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:31:16.0751 3988 IPBusEnum - ok
20:31:17.0172 3988 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:17.0172 3988 IpFilterDriver - ok
20:31:17.0468 3988 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:31:17.0468 3988 iphlpsvc - ok
20:31:17.0640 3988 IpInIp - ok
20:31:17.0874 3988 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
20:31:17.0874 3988 IPMIDRV - ok
20:31:18.0030 3988 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:31:18.0030 3988 IPNAT - ok
20:31:18.0233 3988 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
20:31:18.0248 3988 iPod Service - ok
20:31:18.0779 3988 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:31:18.0794 3988 IRENUM - ok
20:31:18.0966 3988 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
20:31:18.0966 3988 isapnp - ok
20:31:19.0060 3988 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:31:19.0060 3988 iScsiPrt - ok
20:31:19.0122 3988 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:31:19.0122 3988 iteatapi - ok
20:31:19.0169 3988 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:31:19.0169 3988 iteraid - ok
20:31:19.0247 3988 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:19.0247 3988 kbdclass - ok
20:31:19.0309 3988 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:19.0309 3988 kbdhid - ok
20:31:19.0372 3988 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:31:19.0387 3988 KeyIso - ok
20:31:19.0465 3988 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
20:31:19.0465 3988 KSecDD - ok
20:31:19.0528 3988 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:31:19.0528 3988 ksthunk - ok
20:31:19.0574 3988 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:31:19.0590 3988 KtmRm - ok
20:31:19.0684 3988 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
20:31:19.0684 3988 LanmanServer - ok
20:31:19.0902 3988 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:31:19.0902 3988 LanmanWorkstation - ok
20:31:20.0027 3988 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:31:20.0027 3988 lltdio - ok
20:31:20.0120 3988 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:31:20.0120 3988 lltdsvc - ok
20:31:20.0183 3988 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:31:20.0198 3988 lmhosts - ok
20:31:20.0308 3988 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
20:31:20.0308 3988 LSI_FC - ok
20:31:20.0620 3988 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
20:31:20.0620 3988 LSI_SAS - ok
20:31:20.0932 3988 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
20:31:20.0932 3988 LSI_SCSI - ok
20:31:21.0197 3988 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:31:21.0197 3988 luafv - ok
20:31:21.0400 3988 MatSvc (ec470d91ef06a59397edc18d48899cc5) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
20:31:21.0400 3988 MatSvc - ok
20:31:21.0696 3988 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:31:21.0696 3988 Mcx2Svc - ok
20:31:21.0883 3988 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
20:31:21.0883 3988 megasas - ok
20:31:22.0024 3988 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:31:22.0024 3988 MMCSS - ok
20:31:22.0117 3988 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:31:22.0117 3988 Modem - ok
20:31:22.0180 3988 MODEMCSA (8985460fd448348f7ac748460d0a1cf4) C:\Windows\system32\drivers\MODEMCSA.sys
20:31:22.0180 3988 MODEMCSA - ok
20:31:22.0226 3988 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:31:22.0226 3988 monitor - ok
20:31:22.0273 3988 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:31:22.0273 3988 mouclass - ok
20:31:22.0320 3988 mouhid (8b723ed4d5dbbc47a5f54af0515bc245) C:\Windows\system32\DRIVERS\mouhid.sys
20:31:22.0320 3988 mouhid - ok
20:31:22.0367 3988 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:31:22.0367 3988 MountMgr - ok
20:31:22.0445 3988 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:31:22.0445 3988 MpFilter - ok
20:31:22.0492 3988 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
20:31:22.0492 3988 mpio - ok
20:31:22.0523 3988 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:31:22.0523 3988 MpNWMon - ok
20:31:22.0554 3988 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:31:22.0554 3988 mpsdrv - ok
20:31:22.0757 3988 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:31:22.0757 3988 MpsSvc - ok
20:31:22.0960 3988 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:31:22.0960 3988 Mraid35x - ok
20:31:23.0069 3988 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:31:23.0069 3988 MRxDAV - ok
20:31:23.0490 3988 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:23.0490 3988 mrxsmb - ok
20:31:23.0786 3988 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:23.0786 3988 mrxsmb10 - ok
20:31:23.0818 3988 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:23.0818 3988 mrxsmb20 - ok
20:31:23.0896 3988 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
20:31:23.0896 3988 msahci - ok
20:31:23.0974 3988 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
20:31:23.0974 3988 msdsm - ok
20:31:24.0020 3988 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:31:24.0020 3988 MSDTC - ok
20:31:24.0130 3988 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:31:24.0130 3988 Msfs - ok
20:31:24.0176 3988 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:31:24.0176 3988 msisadrv - ok
20:31:24.0504 3988 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:31:24.0504 3988 MSiSCSI - ok
20:31:24.0504 3988 msiserver - ok
20:31:24.0582 3988 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:31:24.0582 3988 MSKSSRV - ok
20:31:24.0754 3988 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:31:24.0769 3988 MsMpSvc - ok
20:31:24.0988 3988 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:24.0988 3988 MSPCLOCK - ok
20:31:25.0003 3988 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:31:25.0003 3988 MSPQM - ok
20:31:25.0128 3988 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:31:25.0128 3988 MsRPC - ok
20:31:25.0175 3988 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:25.0175 3988 mssmbios - ok
20:31:25.0222 3988 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:31:25.0222 3988 MSTEE - ok
20:31:25.0284 3988 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:31:25.0284 3988 Mup - ok
20:31:25.0346 3988 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:31:25.0362 3988 napagent - ok
20:31:25.0502 3988 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:31:25.0502 3988 NativeWifiP - ok
20:31:25.0939 3988 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:31:25.0955 3988 NDIS - ok
20:31:26.0002 3988 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:26.0002 3988 NdisTapi - ok
20:31:26.0048 3988 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:26.0048 3988 Ndisuio - ok
20:31:26.0173 3988 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:26.0173 3988 NdisWan - ok
20:31:26.0220 3988 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:31:26.0220 3988 NDProxy - ok
20:31:26.0267 3988 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:31:26.0267 3988 NetBIOS - ok
20:31:26.0392 3988 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:31:26.0392 3988 netbt - ok
20:31:26.0454 3988 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:31:26.0454 3988 Netlogon - ok
20:31:26.0501 3988 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:31:26.0516 3988 Netman - ok
20:31:26.0563 3988 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:31:26.0563 3988 netprofm - ok
20:31:26.0735 3988 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:26.0735 3988 NetTcpPortSharing - ok
20:31:27.0016 3988 NETw4v64 (dae4178cf30cf07df3c53837ee5e96a7) C:\Windows\system32\DRIVERS\NETw4v64.sys
20:31:27.0047 3988 NETw4v64 - ok
20:31:28.0076 3988 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:31:28.0108 3988 NETw5v64 - ok
20:31:29.0293 3988 NETwLv64 (e217d3335bead351b8c48f439366061c) C:\Windows\system32\DRIVERS\NETwLv64.sys
20:31:29.0340 3988 NETwLv64 - ok
20:31:29.0730 3988 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:31:29.0730 3988 nfrd960 - ok
20:31:29.0777 3988 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:31:29.0777 3988 NisDrv - ok
20:31:29.0995 3988 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:31:29.0995 3988 NisSrv - ok
20:31:30.0229 3988 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:31:30.0229 3988 NlaSvc - ok
20:31:30.0292 3988 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:31:30.0292 3988 Npfs - ok
20:31:30.0385 3988 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:31:30.0385 3988 nsi - ok
20:31:30.0401 3988 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:31:30.0401 3988 nsiproxy - ok
20:31:30.0775 3988 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:31:30.0775 3988 Ntfs - ok
20:31:31.0103 3988 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:31:31.0103 3988 Null - ok
20:31:31.0571 3988 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
20:31:31.0571 3988 NVENETFD - ok
20:31:31.0976 3988 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
20:31:31.0976 3988 nvraid - ok
20:31:32.0086 3988 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
20:31:32.0086 3988 nvstor - ok
20:31:32.0117 3988 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
20:31:32.0117 3988 nv_agp - ok
20:31:32.0117 3988 NwlnkFlt - ok
20:31:32.0132 3988 NwlnkFwd - ok
20:31:32.0507 3988 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:31:32.0507 3988 odserv - ok
20:31:32.0710 3988 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:31:32.0710 3988 ohci1394 - ok
20:31:33.0053 3988 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:33.0053 3988 ose - ok
20:31:33.0256 3988 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:31:33.0256 3988 p2pimsvc - ok
20:31:33.0287 3988 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:31:33.0287 3988 p2psvc - ok
20:31:33.0630 3988 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:31:33.0630 3988 Parport - ok
20:31:33.0677 3988 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
20:31:33.0677 3988 partmgr - ok
20:31:33.0724 3988 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:31:33.0724 3988 PcaSvc - ok
20:31:33.0848 3988 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:31:33.0848 3988 pci - ok
20:31:34.0114 3988 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
20:31:34.0114 3988 pciide - ok
20:31:34.0457 3988 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:31:34.0457 3988 pcmcia - ok
20:31:34.0691 3988 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:31:34.0691 3988 PEAUTH - ok
20:31:34.0847 3988 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:31:34.0847 3988 PerfHost - ok
20:31:35.0112 3988 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:31:35.0112 3988 pla - ok
20:31:35.0346 3988 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:31:35.0346 3988 PlugPlay - ok
20:31:35.0533 3988 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:31:35.0533 3988 PNRPAutoReg - ok
20:31:35.0549 3988 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:31:35.0564 3988 PNRPsvc - ok
20:31:36.0001 3988 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:31:36.0017 3988 PolicyAgent - ok
20:31:36.0126 3988 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:31:36.0126 3988 PptpMiniport - ok
20:31:36.0173 3988 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
20:31:36.0173 3988 Processor - ok
20:31:36.0422 3988 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:31:36.0422 3988 ProfSvc - ok
20:31:36.0719 3988 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:31:36.0719 3988 ProtectedStorage - ok
20:31:36.0859 3988 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:31:36.0859 3988 PSched - ok
20:31:37.0109 3988 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
20:31:37.0109 3988 ql2300 - ok
20:31:37.0374 3988 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:31:37.0390 3988 ql40xx - ok
20:31:37.0702 3988 QPCapSvc (599ff0b96561ca4f0899fe7f1c4cce9a) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
20:31:37.0717 3988 QPCapSvc - ok
20:31:37.0951 3988 QPSched (8ff5cad74c3c5e692e1610e861609a3b) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
20:31:37.0951 3988 QPSched - ok
20:31:38.0154 3988 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:31:38.0154 3988 QWAVE - ok
20:31:38.0216 3988 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:31:38.0216 3988 QWAVEdrv - ok
20:31:38.0326 3988 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:31:38.0341 3988 RasAcd - ok
20:31:38.0372 3988 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:31:38.0372 3988 RasAuto - ok
20:31:38.0419 3988 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:38.0419 3988 Rasl2tp - ok
20:31:38.0513 3988 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:31:38.0513 3988 RasMan - ok
20:31:38.0575 3988 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:38.0575 3988 RasPppoe - ok
20:31:38.0638 3988 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:31:38.0638 3988 RasSstp - ok
20:31:38.0762 3988 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:31:38.0762 3988 rdbss - ok
20:31:38.0825 3988 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:38.0825 3988 RDPCDD - ok
20:31:38.0950 3988 rdpdr (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
20:31:38.0965 3988 rdpdr - ok
20:31:39.0199 3988 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:31:39.0199 3988 RDPENCDD - ok
20:31:39.0496 3988 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
20:31:39.0496 3988 RDPWD - ok
20:31:39.0667 3988 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:31:39.0667 3988 RemoteAccess - ok
20:31:39.0714 3988 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:31:39.0730 3988 RemoteRegistry - ok
20:31:39.0932 3988 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:31:39.0932 3988 RichVideo - ok
20:31:40.0166 3988 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:31:40.0166 3988 rimmptsk - ok
20:31:40.0525 3988 rimsptsk (82356915157ab59064a24993ae5be8aa) C:\Windows\system32\DRIVERS\rimspx64.sys
20:31:40.0525 3988 rimsptsk - ok
20:31:40.0556 3988 rismxdp (c01a92a546854a3e34103b642f0f94a1) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:31:40.0556 3988 rismxdp - ok
20:31:40.0603 3988 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:31:40.0603 3988 RpcLocator - ok
20:31:40.0666 3988 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:31:40.0666 3988 RpcSs - ok
20:31:40.0775 3988 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:31:40.0775 3988 rspndr - ok
20:31:41.0071 3988 RTL8169 (479f29909b9a48726a07971662f77316) C:\Windows\system32\DRIVERS\Rtlh64.sys
20:31:41.0071 3988 RTL8169 - ok
20:31:41.0227 3988 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:31:41.0243 3988 SamSs - ok
20:31:41.0352 3988 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:31:41.0352 3988 sbp2port - ok
20:31:41.0711 3988 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:31:41.0711 3988 SCardSvr - ok
20:31:41.0945 3988 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:31:41.0960 3988 Schedule - ok
20:31:42.0210 3988 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:31:42.0210 3988 SCPolicySvc - ok
20:31:42.0475 3988 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
20:31:42.0475 3988 sdbus - ok
20:31:42.0647 3988 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:31:42.0647 3988 SDRSVC - ok
20:31:42.0740 3988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:31:42.0740 3988 secdrv - ok
20:31:42.0803 3988 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:31:42.0803 3988 seclogon - ok
20:31:42.0865 3988 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
20:31:42.0865 3988 SENS - ok
20:31:42.0881 3988 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
20:31:42.0881 3988 Serenum - ok
20:31:42.0912 3988 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
20:31:42.0912 3988 Serial - ok
20:31:42.0974 3988 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:31:42.0974 3988 sermouse - ok
20:31:43.0052 3988 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:31:43.0052 3988 SessionEnv - ok
20:31:43.0084 3988 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
20:31:43.0084 3988 sffdisk - ok
20:31:43.0115 3988 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
20:31:43.0115 3988 sffp_mmc - ok
20:31:43.0146 3988 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
20:31:43.0146 3988 sffp_sd - ok
20:31:43.0177 3988 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:31:43.0177 3988 sfloppy - ok
20:31:43.0255 3988 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:31:43.0255 3988 SharedAccess - ok
20:31:43.0302 3988 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:31:43.0302 3988 ShellHWDetection - ok
20:31:43.0474 3988 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
20:31:43.0474 3988 SiSRaid2 - ok
20:31:43.0676 3988 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
20:31:43.0676 3988 SiSRaid4 - ok
20:31:44.0222 3988 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:31:44.0238 3988 slsvc - ok
20:31:44.0332 3988 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:31:44.0332 3988 SLUINotify - ok
20:31:44.0488 3988 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:31:44.0488 3988 Smb - ok
20:31:44.0924 3988 smserial (22631aaf0ac9e9881ce76beac27d8030) C:\Windows\system32\DRIVERS\smserial.sys
20:31:44.0924 3988 smserial - ok
20:31:45.0096 3988 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:31:45.0112 3988 SNMPTRAP - ok
20:31:45.0221 3988 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:31:45.0221 3988 spldr - ok
20:31:45.0330 3988 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:31:45.0330 3988 Spooler - ok
20:31:45.0470 3988 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:31:45.0470 3988 srv - ok
20:31:45.0814 3988 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:31:45.0829 3988 srv2 - ok
20:31:45.0892 3988 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:31:45.0892 3988 srvnet - ok
20:31:45.0938 3988 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:31:45.0938 3988 SSDPSRV - ok
20:31:45.0970 3988 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:31:45.0970 3988 SstpSvc - ok
20:31:46.0126 3988 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:31:46.0141 3988 stisvc - ok
20:31:46.0406 3988 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:31:46.0406 3988 swenum - ok
20:31:46.0531 3988 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:31:46.0547 3988 swprv - ok
20:31:46.0609 3988 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:31:46.0609 3988 Symc8xx - ok
20:31:46.0625 3988 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:31:46.0625 3988 Sym_hi - ok
20:31:46.0625 3988 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:31:46.0625 3988 Sym_u3 - ok
20:31:46.0796 3988 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
20:31:46.0796 3988 SynTP - ok
20:31:47.0108 3988 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:31:47.0124 3988 SysMain - ok
20:31:47.0514 3988 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:31:47.0514 3988 TabletInputService - ok
20:31:47.0904 3988 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:31:47.0904 3988 TapiSrv - ok
20:31:48.0278 3988 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:31:48.0278 3988 TBS - ok
20:31:48.0668 3988 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
20:31:48.0684 3988 Tcpip - ok
20:31:49.0292 3988 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
20:31:49.0308 3988 Tcpip6 - ok
20:31:49.0698 3988 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
20:31:49.0698 3988 tcpipreg - ok
20:31:49.0760 3988 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:31:49.0760 3988 TDPIPE - ok
20:31:49.0807 3988 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:31:49.0807 3988 TDTCP - ok
20:31:49.0870 3988 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:31:49.0870 3988 tdx - ok
20:31:49.0932 3988 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:31:49.0932 3988 TermDD - ok
20:31:50.0104 3988 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:31:50.0104 3988 TermService - ok
20:31:50.0416 3988 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:31:50.0431 3988 Themes - ok
20:31:50.0494 3988 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:31:50.0494 3988 THREADORDER - ok
20:31:50.0556 3988 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:31:50.0572 3988 TrkWks - ok
20:31:50.0696 3988 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:31:50.0696 3988 TrustedInstaller - ok
20:31:50.0790 3988 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:50.0790 3988 tssecsrv - ok
20:31:50.0868 3988 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:31:50.0868 3988 tunmp - ok
20:31:50.0930 3988 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:31:50.0930 3988 tunnel - ok
20:31:50.0993 3988 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
20:31:50.0993 3988 uagp35 - ok
20:31:51.0118 3988 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:31:51.0118 3988 udfs - ok
20:31:51.0164 3988 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:31:51.0164 3988 UI0Detect - ok
20:31:51.0242 3988 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
20:31:51.0242 3988 uliagpkx - ok
20:31:51.0305 3988 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
20:31:51.0305 3988 uliahci - ok
20:31:51.0320 3988 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:31:51.0320 3988 UlSata - ok
20:31:51.0398 3988 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:31:51.0398 3988 ulsata2 - ok
20:31:51.0461 3988 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:31:51.0461 3988 umbus - ok
20:31:51.0586 3988 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:31:51.0586 3988 upnphost - ok
20:31:51.0695 3988 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:51.0695 3988 usbccgp - ok
20:31:51.0757 3988 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:31:51.0757 3988 usbcir - ok
20:31:51.0820 3988 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:31:51.0820 3988 usbehci - ok
20:31:51.0960 3988 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:31:51.0960 3988 usbhub - ok
20:31:52.0022 3988 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\DRIVERS\usbohci.sys
20:31:52.0022 3988 usbohci - ok
20:31:52.0069 3988 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
20:31:52.0069 3988 usbprint - ok
20:31:52.0132 3988 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
20:31:52.0132 3988 usbscan - ok
20:31:52.0241 3988 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:52.0241 3988 USBSTOR - ok
20:31:52.0303 3988 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:31:52.0303 3988 usbuhci - ok
20:31:52.0350 3988 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
20:31:52.0350 3988 usbvideo - ok
20:31:52.0412 3988 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:31:52.0412 3988 UxSms - ok
20:31:52.0537 3988 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:31:52.0553 3988 vds - ok
20:31:52.0709 3988 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:52.0709 3988 vga - ok
20:31:52.0802 3988 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:31:52.0802 3988 VgaSave - ok
20:31:52.0834 3988 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:31:52.0834 3988 viaide - ok
20:31:52.0912 3988 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:31:52.0912 3988 volmgr - ok
20:31:53.0036 3988 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:31:53.0036 3988 volmgrx - ok
20:31:53.0114 3988 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:31:53.0114 3988 volsnap - ok
20:31:53.0458 3988 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
20:31:53.0473 3988 vsmraid - ok
20:31:53.0582 3988 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:31:53.0598 3988 VSS - ok
20:31:53.0832 3988 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:31:53.0832 3988 W32Time - ok
20:31:54.0097 3988 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:31:54.0097 3988 WacomPen - ok
20:31:54.0503 3988 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:54.0503 3988 Wanarp - ok
20:31:54.0503 3988 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:54.0503 3988 Wanarpv6 - ok
20:31:55.0111 3988 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:31:55.0127 3988 wcncsvc - ok
20:31:55.0470 3988 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:31:55.0486 3988 WcsPlugInService - ok
20:31:55.0829 3988 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
20:31:55.0829 3988 Wd - ok
20:31:56.0032 3988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:31:56.0032 3988 Wdf01000 - ok
20:31:56.0390 3988 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:31:56.0406 3988 WdiServiceHost - ok
20:31:56.0406 3988 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:31:56.0406 3988 WdiSystemHost - ok
20:31:56.0687 3988 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:31:56.0687 3988 WebClient - ok
20:31:56.0952 3988 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:31:56.0952 3988 Wecsvc - ok
20:31:57.0248 3988 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:31:57.0248 3988 wercplsupport - ok
20:31:57.0638 3988 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:31:57.0638 3988 WerSvc - ok
20:31:58.0122 3988 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:31:58.0138 3988 winachsf - ok
20:31:58.0231 3988 WinDefend - ok
20:31:58.0247 3988 WinHttpAutoProxySvc - ok
20:31:58.0465 3988 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:31:58.0465 3988 Winmgmt - ok
20:31:58.0855 3988 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:31:58.0871 3988 WinRM - ok
20:31:59.0214 3988 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:31:59.0230 3988 Wlansvc - ok
20:31:59.0495 3988 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:31:59.0495 3988 WmiAcpi - ok
20:31:59.0854 3988 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:31:59.0854 3988 wmiApSrv - ok
20:32:00.0072 3988 WMPNetworkSvc - ok
20:32:00.0306 3988 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:32:00.0322 3988 WPCSvc - ok
20:32:00.0462 3988 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:32:00.0462 3988 WPDBusEnum - ok
20:32:00.0790 3988 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:32:00.0805 3988 WPFFontCache_v0400 - ok
20:32:01.0117 3988 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:32:01.0117 3988 ws2ifsl - ok
20:32:01.0336 3988 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
20:32:01.0336 3988 wscsvc - ok
20:32:01.0492 3988 WSearch - ok
20:32:01.0616 3988 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
20:32:01.0632 3988 wuauserv - ok
20:32:01.0991 3988 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:32:01.0991 3988 wudfsvc - ok
20:32:02.0022 3988 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
20:32:02.0147 3988 \Device\Harddisk0\DR0 - ok
20:32:02.0194 3988 Boot (0x1200) (d188785e1b0b8b9c16be1a17d192f182) \Device\Harddisk0\DR0\Partition0
20:32:02.0194 3988 \Device\Harddisk0\DR0\Partition0 - ok
20:32:02.0240 3988 Boot (0x1200) (d377f96f6c1311c344fd7b27cf7895c0) \Device\Harddisk0\DR0\Partition1
20:32:02.0240 3988 \Device\Harddisk0\DR0\Partition1 - ok
20:32:02.0240 3988 ============================================================
20:32:02.0240 3988 Scan finished
20:32:02.0240 3988 ============================================================
20:32:02.0256 3980 Detected object count: 0
20:32:02.0256 3980 Actual detected object count: 0
20:33:36.0137 3972 ============================================================
20:33:36.0137 3972 Scan started
20:33:36.0137 3972 Mode: Manual; SigCheck; TDLFS;
20:33:36.0137 3972 ============================================================
20:33:36.0511 3972 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:33:36.0605 3972 ACPI - ok
20:33:36.0745 3972 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:33:36.0761 3972 AdobeARMservice - ok
20:33:36.0979 3972 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
20:33:36.0995 3972 adp94xx - ok
20:33:37.0010 3972 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
20:33:37.0026 3972 adpahci - ok
20:33:37.0026 3972 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
20:33:37.0042 3972 adpu160m - ok
20:33:37.0073 3972 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
20:33:37.0073 3972 adpu320 - ok
20:33:37.0276 3972 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
20:33:37.0354 3972 AdvancedSystemCareService5 - ok
20:33:37.0463 3972 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:33:37.0494 3972 AeLookupSvc - ok
20:33:37.0619 3972 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:33:37.0666 3972 AFD - ok
20:33:37.0712 3972 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
20:33:37.0728 3972 agp440 - ok
20:33:37.0775 3972 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:33:37.0775 3972 aic78xx - ok
20:33:37.0837 3972 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:33:37.0868 3972 ALG - ok
20:33:37.0900 3972 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:33:37.0900 3972 aliide - ok
20:33:37.0915 3972 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:33:37.0931 3972 amdide - ok
20:33:37.0931 3972 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\DRIVERS\amdk8.sys
20:33:38.0118 3972 AmdK8 - ok
20:33:38.0305 3972 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:33:38.0321 3972 Appinfo - ok
20:33:38.0508 3972 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:33:38.0524 3972 Apple Mobile Device - ok
20:33:38.0664 3972 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
20:33:38.0680 3972 arc - ok
20:33:38.0680 3972 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
20:33:38.0695 3972 arcsas - ok
20:33:38.0742 3972 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:33:38.0773 3972 AsyncMac - ok
20:33:38.0820 3972 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:33:38.0836 3972 atapi - ok
20:33:38.0882 3972 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:33:38.0914 3972 AudioEndpointBuilder - ok
20:33:38.0960 3972 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:33:38.0992 3972 AudioSrv - ok
20:33:39.0054 3972 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:33:39.0116 3972 BCM43XV - ok
20:33:39.0116 3972 Beep - ok
20:33:39.0163 3972 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:33:39.0194 3972 BFE - ok
20:33:39.0272 3972 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
20:33:39.0366 3972 BITS - ok
20:33:39.0413 3972 blbdrive - ok
20:33:39.0475 3972 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:33:39.0491 3972 Bonjour Service - ok
20:33:39.0522 3972 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:33:39.0569 3972 bowser - ok
20:33:39.0631 3972 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:33:39.0662 3972 BrFiltLo - ok
20:33:39.0662 3972 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:33:39.0694 3972 BrFiltUp - ok
20:33:39.0725 3972 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:33:39.0772 3972 Browser - ok
20:33:39.0772 3972 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:33:39.0834 3972 Brserid - ok
20:33:39.0834 3972 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:33:39.0896 3972 BrSerWdm - ok
20:33:39.0896 3972 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:33:39.0959 3972 BrUsbMdm - ok
20:33:39.0959 3972 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:33:40.0021 3972 BrUsbSer - ok
20:33:40.0021 3972 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:33:40.0084 3972 BTHMODEM - ok
20:33:40.0208 3972 catchme - ok
20:33:40.0474 3972 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:33:40.0505 3972 cdfs - ok
20:33:40.0536 3972 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:33:40.0567 3972 cdrom - ok
20:33:40.0614 3972 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:33:40.0630 3972 CertPropSvc - ok
20:33:40.0676 3972 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
20:33:40.0723 3972 circlass - ok
20:33:40.0770 3972 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:33:40.0801 3972 CLFS - ok
20:33:40.0864 3972 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:33:40.0879 3972 clr_optimization_v2.0.50727_32 - ok
20:33:40.0988 3972 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:33:41.0004 3972 clr_optimization_v2.0.50727_64 - ok
20:33:41.0066 3972 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:33:41.0082 3972 clr_optimization_v4.0.30319_32 - ok
20:33:41.0113 3972 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:33:41.0113 3972 clr_optimization_v4.0.30319_64 - ok
20:33:41.0300 3972 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
20:33:41.0332 3972 CmBatt - ok
20:33:41.0410 3972 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:33:41.0410 3972 cmdide - ok
20:33:41.0566 3972 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
20:33:41.0566 3972 Com4Qlb ( UnsignedFile.Multi.Generic ) - warning
20:33:41.0566 3972 Com4Qlb - detected UnsignedFile.Multi.Generic (1)
20:33:41.0722 3972 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
20:33:41.0722 3972 Compbatt - ok
20:33:41.0737 3972 COMSysApp - ok
20:33:41.0768 3972 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
20:33:41.0768 3972 crcdisk - ok
20:33:41.0815 3972 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
20:33:41.0846 3972 CryptSvc - ok
20:33:41.0909 3972 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:33:41.0940 3972 DcomLaunch - ok
20:33:41.0987 3972 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:33:42.0018 3972 DfsC - ok
20:33:42.0096 3972 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:33:42.0205 3972 DFSR - ok
20:33:42.0252 3972 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:33:42.0283 3972 Dhcp - ok
20:33:42.0330 3972 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:33:42.0346 3972 disk - ok
20:33:42.0392 3972 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:33:42.0424 3972 Dnscache - ok
20:33:42.0455 3972 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:33:42.0486 3972 dot3svc - ok
20:33:42.0533 3972 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:33:42.0564 3972 DPS - ok
20:33:42.0595 3972 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:33:42.0626 3972 drmkaud - ok
20:33:42.0689 3972 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:33:42.0704 3972 DXGKrnl - ok
20:33:42.0751 3972 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:33:42.0798 3972 E1G60 - ok
20:33:42.0845 3972 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:33:42.0876 3972 EapHost - ok
20:33:42.0923 3972 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:33:42.0938 3972 Ecache - ok
20:33:43.0016 3972 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:33:43.0048 3972 ehRecvr - ok
20:33:43.0079 3972 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:33:43.0094 3972 ehSched - ok
20:33:43.0126 3972 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:33:43.0141 3972 ehstart - ok
20:33:43.0297 3972 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
20:33:43.0313 3972 elxstor - ok
20:33:43.0391 3972 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:33:43.0438 3972 EMDMgmt - ok
20:33:43.0516 3972 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:33:43.0547 3972 EventSystem - ok
20:33:43.0625 3972 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:33:43.0656 3972 exfat - ok
20:33:43.0687 3972 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:33:43.0703 3972 fastfat - ok
20:33:43.0750 3972 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
20:33:43.0796 3972 fdc - ok
20:33:43.0843 3972 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:33:43.0890 3972 fdPHost - ok
20:33:43.0921 3972 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:33:43.0968 3972 FDResPub - ok
20:33:44.0015 3972 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:33:44.0015 3972 FileInfo - ok
20:33:44.0046 3972 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:33:44.0077 3972 Filetrace - ok
20:33:44.0108 3972 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
20:33:44.0171 3972 flpydisk - ok
20:33:44.0218 3972 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:33:44.0233 3972 FltMgr - ok
20:33:44.0296 3972 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:33:44.0342 3972 FontCache - ok
20:33:44.0389 3972 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:33:44.0405 3972 FontCache3.0.0.0 - ok
20:33:44.0576 3972 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
20:33:44.0608 3972 Fs_Rec - ok
20:33:44.0686 3972 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
20:33:44.0686 3972 gagp30kx - ok
20:33:44.0748 3972 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:33:44.0748 3972 GEARAspiWDM - ok
20:33:44.0810 3972 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:33:44.0842 3972 gpsvc - ok
20:33:44.0888 3972 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
20:33:44.0951 3972 HdAudAddService - ok
20:33:44.0998 3972 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:33:45.0029 3972 HDAudBus - ok
20:33:45.0044 3972 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:33:45.0091 3972 HidBth - ok
20:33:45.0107 3972 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:33:45.0154 3972 HidIr - ok
20:33:45.0200 3972 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
20:33:45.0216 3972 hidserv - ok
20:33:45.0232 3972 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
20:33:45.0278 3972 HidUsb - ok
20:33:45.0325 3972 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:33:45.0372 3972 hkmsvc - ok
20:33:45.0497 3972 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:33:45.0497 3972 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
20:33:45.0497 3972 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
20:33:45.0637 3972 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
20:33:45.0653 3972 HpCISSs - ok
20:33:45.0684 3972 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:33:45.0715 3972 HpqKbFiltr - ok
20:33:45.0762 3972 HpqRemHid (e53d53d66d61794af8160741946d0b43) C:\Windows\system32\DRIVERS\HpqRemHid.sys
20:33:45.0778 3972 HpqRemHid - ok
20:33:45.0887 3972 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:33:45.0887 3972 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
20:33:45.0887 3972 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
20:33:46.0027 3972 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:33:46.0058 3972 HSFHWAZL - ok
20:33:46.0105 3972 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:33:46.0168 3972 HSF_DPV - ok
20:33:46.0214 3972 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:33:46.0246 3972 HTTP - ok
20:33:46.0292 3972 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
20:33:46.0308 3972 i2omp - ok
20:33:46.0370 3972 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:33:46.0402 3972 i8042prt - ok
20:33:46.0495 3972 IAANTMON (68431db6633ed4c9d18226384498310a) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:33:46.0526 3972 IAANTMON - ok
20:33:46.0620 3972 iaStor (ceb53bb804b41c52ab0782505c8e2994) C:\Windows\system32\DRIVERS\iaStor.sys
20:33:46.0636 3972 iaStor - ok
20:33:46.0682 3972 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
20:33:46.0698 3972 iaStorV - ok
20:33:46.0885 3972 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:33:46.0885 3972 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:33:46.0885 3972 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:33:47.0010 3972 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:33:47.0026 3972 idsvc - ok
20:33:47.0447 3972 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:33:48.0430 3972 igfx - ok
20:33:48.0632 3972 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:33:48.0648 3972 iirsp - ok
20:33:48.0695 3972 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:33:48.0726 3972 IKEEXT - ok
20:33:48.0882 3972 IntcAzAudAddService (f0a917c80399f0dce2f07237da84c3f0) C:\Windows\system32\drivers\RTKVHD64.sys
20:33:48.0913 3972 IntcAzAudAddService - ok
20:33:48.0960 3972 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:33:48.0960 3972 intelide - ok
20:33:49.0022 3972 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:33:49.0054 3972 intelppm - ok
20:33:49.0100 3972 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:33:49.0132 3972 IPBusEnum - ok
20:33:49.0178 3972 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:33:49.0210 3972 IpFilterDriver - ok
20:33:49.0241 3972 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:33:49.0272 3972 iphlpsvc - ok
20:33:49.0288 3972 IpInIp - ok
20:33:49.0350 3972 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
20:33:49.0397 3972 IPMIDRV - ok
20:33:49.0444 3972 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:33:49.0475 3972 IPNAT - ok
20:33:49.0584 3972 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
20:33:49.0662 3972 iPod Service - ok
20:33:49.0865 3972 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:33:49.0896 3972 IRENUM - ok
20:33:49.0958 3972 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
20:33:49.0974 3972 isapnp - ok
20:33:50.0021 3972 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:33:50.0036 3972 iScsiPrt - ok
20:33:50.0052 3972 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:33:50.0068 3972 iteatapi - ok
20:33:50.0068 3972 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:33:50.0083 3972 iteraid - ok
20:33:50.0114 3972 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:33:50.0130 3972 kbdclass - ok
20:33:50.0161 3972 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:33:50.0192 3972 kbdhid - ok
20:33:50.0239 3972 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:33:50.0270 3972 KeyIso - ok
20:33:50.0302 3972 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
20:33:50.0317 3972 KSecDD - ok
20:33:50.0364 3972 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:33:50.0395 3972 ksthunk - ok
20:33:50.0442 3972 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:33:50.0473 3972 KtmRm - ok
20:33:50.0520 3972 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
20:33:50.0536 3972 LanmanServer - ok
20:33:50.0598 3972 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:33:50.0614 3972 LanmanWorkstation - ok
20:33:50.0676 3972 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:33:50.0707 3972 lltdio - ok
20:33:50.0738 3972 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:33:50.0770 3972 lltdsvc - ok
20:33:50.0785 3972 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:33:50.0832 3972 lmhosts - ok
20:33:50.0863 3972 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
20:33:50.0879 3972 LSI_FC - ok
20:33:50.0879 3972 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
20:33:50.0894 3972 LSI_SAS - ok
20:33:50.0910 3972 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
20:33:50.0910 3972 LSI_SCSI - ok
20:33:50.0957 3972 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:33:50.0988 3972 luafv - ok
20:33:51.0097 3972 MatSvc (ec470d91ef06a59397edc18d48899cc5) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
20:33:51.0113 3972 MatSvc - ok
20:33:51.0284 3972 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:33:51.0300 3972 Mcx2Svc - ok
20:33:51.0331 3972 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
20:33:51.0347 3972 megasas - ok
20:33:51.0378 3972 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:33:51.0409 3972 MMCSS - ok
20:33:51.0440 3972 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:33:51.0472 3972 Modem - ok
20:33:51.0518 3972 MODEMCSA (8985460fd448348f7ac748460d0a1cf4) C:\Windows\system32\drivers\MODEMCSA.sys
20:33:51.0550 3972 MODEMCSA - ok
20:33:51.0596 3972 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:33:51.0628 3972 monitor - ok
20:33:51.0659 3972 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:33:51.0674 3972 mouclass - ok
20:33:51.0706 3972 mouhid (8b723ed4d5dbbc47a5f54af0515bc245) C:\Windows\system32\DRIVERS\mouhid.sys
20:33:51.0752 3972 mouhid - ok
20:33:51.0799 3972 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:33:51.0815 3972 MountMgr - ok
20:33:51.0846 3972 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:33:51.0862 3972 MpFilter - ok
20:33:51.0893 3972 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
20:33:51.0908 3972 mpio - ok
20:33:51.0940 3972 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:33:51.0940 3972 MpNWMon - ok
20:33:51.0971 3972 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:33:52.0002 3972 mpsdrv - ok
20:33:52.0064 3972 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:33:52.0096 3972 MpsSvc - ok
20:33:52.0142 3972 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:33:52.0158 3972 Mraid35x - ok
20:33:52.0205 3972 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:33:52.0220 3972 MRxDAV - ok
20:33:52.0267 3972 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:33:52.0298 3972 mrxsmb - ok
20:33:52.0330 3972 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:33:52.0345 3972 mrxsmb10 - ok
20:33:52.0361 3972 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:33:52.0376 3972 mrxsmb20 - ok
20:33:52.0392 3972 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
20:33:52.0408 3972 msahci - ok
20:33:52.0439 3972 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
20:33:52.0439 3972 msdsm - ok
20:33:52.0470 3972 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:33:52.0501 3972 MSDTC - ok
20:33:52.0548 3972 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:33:52.0579 3972 Msfs - ok
20:33:52.0610 3972 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:33:52.0626 3972 msisadrv - ok
20:33:52.0657 3972 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:33:52.0688 3972 MSiSCSI - ok
20:33:52.0704 3972 msiserver - ok
20:33:52.0735 3972 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:33:52.0766 3972 MSKSSRV - ok
20:33:52.0860 3972 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:33:52.0876 3972 MsMpSvc - ok
20:33:52.0907 3972 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:33:52.0938 3972 MSPCLOCK - ok
20:33:52.0954 3972 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:33:53.0000 3972 MSPQM - ok
20:33:53.0063 3972 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:33:53.0078 3972 MsRPC - ok
20:33:53.0110 3972 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:33:53.0125 3972 mssmbios - ok
20:33:53.0156 3972 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:33:53.0203 3972 MSTEE - ok
20:33:53.0234 3972 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:33:53.0250 3972 Mup - ok
20:33:53.0297 3972 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:33:53.0328 3972 napagent - ok
20:33:53.0375 3972 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:33:53.0390 3972 NativeWifiP - ok
20:33:53.0453 3972 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:33:53.0500 3972 NDIS - ok
20:33:53.0562 3972 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:33:53.0578 3972 NdisTapi - ok
20:33:53.0593 3972 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:33:53.0640 3972 Ndisuio - ok
20:33:53.0671 3972 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:33:53.0702 3972 NdisWan - ok
20:33:53.0702 3972 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:33:53.0734 3972 NDProxy - ok
20:33:53.0749 3972 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:33:53.0780 3972 NetBIOS - ok
20:33:53.0827 3972 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:33:53.0858 3972 netbt - ok
20:33:53.0890 3972 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:33:53.0905 3972 Netlogon - ok
20:33:53.0968 3972 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:33:53.0999 3972 Netman - ok
20:33:54.0030 3972 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:33:54.0061 3972 netprofm - ok
20:33:54.0124 3972 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:33:54.0139 3972 NetTcpPortSharing - ok
20:33:54.0389 3972 NETw4v64 (dae4178cf30cf07df3c53837ee5e96a7) C:\Windows\system32\DRIVERS\NETw4v64.sys
20:33:54.0482 3972 NETw4v64 - ok
20:33:54.0857 3972 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:33:54.0997 3972 NETw5v64 - ok
20:33:55.0387 3972 NETwLv64 (e217d3335bead351b8c48f439366061c) C:\Windows\system32\DRIVERS\NETwLv64.sys
20:33:56.0308 3972 NETwLv64 - ok
20:33:56.0479 3972 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:33:56.0479 3972 nfrd960 - ok
20:33:56.0526 3972 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:33:56.0542 3972 NisDrv - ok
20:33:56.0666 3972 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:33:56.0682 3972 NisSrv - ok
20:33:56.0791 3972 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:33:56.0822 3972 NlaSvc - ok
20:33:56.0900 3972 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:33:56.0932 3972 Npfs - ok
20:33:56.0978 3972 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:33:57.0010 3972 nsi - ok
20:33:57.0041 3972 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:33:57.0072 3972 nsiproxy - ok
20:33:57.0244 3972 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:33:57.0306 3972 Ntfs - ok
20:33:57.0353 3972 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:33:57.0384 3972 Null - ok
20:33:57.0415 3972 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
20:33:57.0446 3972 NVENETFD - ok
20:33:57.0446 3972 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
20:33:57.0462 3972 nvraid - ok
20:33:57.0462 3972 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
20:33:57.0478 3972 nvstor - ok
20:33:57.0493 3972 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
20:33:57.0509 3972 nv_agp - ok
20:33:57.0509 3972 NwlnkFlt - ok
20:33:57.0524 3972 NwlnkFwd - ok
20:33:57.0680 3972 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:33:57.0696 3972 odserv - ok
20:33:57.0758 3972 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:33:57.0790 3972 ohci1394 - ok
20:33:57.0914 3972 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:57.0930 3972 ose - ok
20:33:58.0117 3972 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:33:58.0164 3972 p2pimsvc - ok
20:33:58.0180 3972 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:33:58.0211 3972 p2psvc - ok
20:33:58.0258 3972 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:33:58.0304 3972 Parport - ok
20:33:58.0336 3972 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
20:33:58.0351 3972 partmgr - ok
20:33:58.0398 3972 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:33:58.0445 3972 PcaSvc - ok
20:33:58.0460 3972 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:33:58.0476 3972 pci - ok
20:33:58.0523 3972 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
20:33:58.0538 3972 pciide - ok
20:33:58.0538 3972 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:33:58.0554 3972 pcmcia - ok
20:33:58.0585 3972 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:33:58.0648 3972 PEAUTH - ok
20:33:58.0726 3972 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:33:58.0757 3972 PerfHost - ok
20:33:58.0835 3972 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:33:58.0882 3972 pla - ok
20:33:58.0928 3972 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:33:58.0960 3972 PlugPlay - ok
20:33:59.0006 3972 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:33:59.0038 3972 PNRPAutoReg - ok
20:33:59.0084 3972 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:33:59.0100 3972 PNRPsvc - ok
20:33:59.0147 3972 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:33:59.0178 3972 PolicyAgent - ok
20:33:59.0256 3972 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:33:59.0287 3972 PptpMiniport - ok
20:33:59.0318 3972 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
20:33:59.0365 3972 Processor - ok
20:33:59.0412 3972 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:33:59.0443 3972 ProfSvc - ok
20:33:59.0474 3972 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:33:59.0490 3972 ProtectedStorage - ok
20:33:59.0552 3972 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:33:59.0584 3972 PSched - ok
20:33:59.0630 3972 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
20:33:59.0662 3972 ql2300 - ok
20:33:59.0662 3972 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:33:59.0677 3972 ql40xx - ok
20:33:59.0833 3972 QPCapSvc (599ff0b96561ca4f0899fe7f1c4cce9a) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
20:33:59.0849 3972 QPCapSvc - ok
20:34:00.0005 3972 QPSched (8ff5cad74c3c5e692e1610e861609a3b) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
20:34:00.0005 3972 QPSched - ok
20:34:00.0223 3972 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:34:00.0239 3972 QWAVE - ok
20:34:00.0254 3972 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:34:00.0270 3972 QWAVEdrv - ok
20:34:00.0301 3972 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:34:00.0332 3972 RasAcd - ok
20:34:00.0379 3972 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:34:00.0410 3972 RasAuto - ok
20:34:00.0457 3972 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:34:00.0488 3972 Rasl2tp - ok
20:34:00.0504 3972 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:34:00.0535 3972 RasMan - ok
20:34:00.0566 3972 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:34:00.0598 3972 RasPppoe - ok
20:34:00.0613 3972 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:34:00.0629 3972 RasSstp - ok
20:34:00.0676 3972 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:34:00.0707 3972 rdbss - ok
20:34:00.0754 3972 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:34:00.0785 3972 RDPCDD - ok
20:34:00.0832 3972 rdpdr (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
20:34:00.0878 3972 rdpdr - ok
20:34:00.0894 3972 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:34:00.0925 3972 RDPENCDD - ok
20:34:00.0972 3972 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
20:34:00.0988 3972 RDPWD - ok
20:34:01.0034 3972 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:34:01.0081 3972 RemoteAccess - ok
20:34:01.0128 3972 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:34:01.0144 3972 RemoteRegistry - ok
20:34:01.0315 3972 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:34:01.0331 3972 RichVideo - ok
20:34:01.0502 3972 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:34:01.0534 3972 rimmptsk - ok
20:34:01.0549 3972 rimsptsk (82356915157ab59064a24993ae5be8aa) C:\Windows\system32\DRIVERS\rimspx64.sys
20:34:01.0565 3972 rimsptsk - ok
20:34:01.0580 3972 rismxdp (c01a92a546854a3e34103b642f0f94a1) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:34:01.0612 3972 rismxdp - ok
20:34:01.0643 3972 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:34:01.0674 3972 RpcLocator - ok
20:34:01.0721 3972 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:34:01.0768 3972 RpcSs - ok
20:34:01.0814 3972 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:34:01.0846 3972 rspndr - ok
20:34:01.0892 3972 RTL8169 (479f29909b9a48726a07971662f77316) C:\Windows\system32\DRIVERS\Rtlh64.sys
20:34:01.0924 3972 RTL8169 - ok
20:34:01.0970 3972 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:34:01.0986 3972 SamSs - ok
20:34:02.0017 3972 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:34:02.0017 3972 sbp2port - ok
20:34:02.0064 3972 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:34:02.0095 3972 SCardSvr - ok
20:34:02.0142 3972 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:34:02.0236 3972 Schedule - ok
20:34:02.0329 3972 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:34:02.0345 3972 SCPolicySvc - ok
20:34:02.0438 3972 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
20:34:02.0454 3972 sdbus - ok
20:34:02.0501 3972 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:34:02.0516 3972 SDRSVC - ok
20:34:02.0548 3972 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:34:02.0594 3972 secdrv - ok
20:34:02.0641 3972 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:34:02.0688 3972 seclogon - ok
20:34:02.0719 3972 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
20:34:02.0750 3972 SENS - ok
20:34:02.0782 3972 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
20:34:02.0844 3972 Serenum - ok
20:34:02.0844 3972 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
20:34:02.0906 3972 Serial - ok
20:34:02.0938 3972 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:34:02.0969 3972 sermouse - ok
20:34:03.0016 3972 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:34:03.0062 3972 SessionEnv - ok
20:34:03.0094 3972 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
20:34:03.0140 3972 sffdisk - ok
20:34:03.0156 3972 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
20:34:03.0203 3972 sffp_mmc - ok
20:34:03.0218 3972 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
20:34:03.0265 3972 sffp_sd - ok
20:34:03.0281 3972 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:34:03.0328 3972 sfloppy - ok
20:34:03.0359 3972 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:34:03.0406 3972 SharedAccess - ok
20:34:03.0452 3972 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:34:03.0468 3972 ShellHWDetection - ok
20:34:03.0499 3972 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
20:34:03.0515 3972 SiSRaid2 - ok
20:34:03.0515 3972 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
20:34:03.0530 3972 SiSRaid4 - ok
20:34:03.0624 3972 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:34:03.0749 3972 slsvc - ok
20:34:03.0952 3972 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:34:03.0967 3972 SLUINotify - ok
20:34:04.0061 3972 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:34:04.0076 3972 Smb - ok
20:34:04.0154 3972 smserial (22631aaf0ac9e9881ce76beac27d8030) C:\Windows\system32\DRIVERS\smserial.sys
20:34:04.0232 3972 smserial - ok
20:34:04.0279 3972 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:34:04.0295 3972 SNMPTRAP - ok
20:34:04.0342 3972 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:34:04.0357 3972 spldr - ok
20:34:04.0388 3972 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:34:04.0420 3972 Spooler - ok
20:34:04.0466 3972 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:34:04.0498 3972 srv - ok
20:34:04.0529 3972 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:34:04.0560 3972 srv2 - ok
20:34:04.0638 3972 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:34:04.0654 3972 srvnet - ok
20:34:04.0716 3972 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:34:04.0747 3972 SSDPSRV - ok
20:34:04.0763 3972 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:34:04.0778 3972 SstpSvc - ok
20:34:04.0825 3972 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:34:04.0856 3972 stisvc - ok
20:34:04.0903 3972 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:34:04.0903 3972 swenum - ok
20:34:04.0966 3972 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:34:04.0997 3972 swprv - ok
20:34:05.0028 3972 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:34:05.0044 3972 Symc8xx - ok
20:34:05.0044 3972 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:34:05.0059 3972 Sym_hi - ok
20:34:05.0075 3972 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:34:05.0075 3972 Sym_u3 - ok
20:34:05.0122 3972 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
20:34:05.0137 3972 SynTP - ok
20:34:05.0200 3972 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:34:05.0246 3972 SysMain - ok
20:34:05.0293 3972 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:34:05.0309 3972 TabletInputService - ok
20:34:05.0356 3972 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:34:05.0387 3972 TapiSrv - ok
20:34:05.0418 3972 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:34:05.0465 3972 TBS - ok
20:34:05.0527 3972 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
20:34:05.0636 3972 Tcpip - ok
20:34:05.0808 3972 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
20:34:05.0855 3972 Tcpip6 - ok
20:34:05.0902 3972 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
20:34:05.0933 3972 tcpipreg - ok
20:34:05.0964 3972 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:34:06.0011 3972 TDPIPE - ok
20:34:06.0042 3972 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:34:06.0089 3972 TDTCP - ok
20:34:06.0136 3972 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:34:06.0167 3972 tdx - ok
20:34:06.0214 3972 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:34:06.0214 3972 TermDD - ok
20:34:06.0276 3972 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:34:06.0307 3972 TermService - ok
20:34:06.0385 3972 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:34:06.0401 3972 Themes - ok
20:34:06.0432 3972 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:34:06.0463 3972 THREADORDER - ok
20:34:06.0526 3972 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:34:06.0557 3972 TrkWks - ok
20:34:06.0635 3972 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:34:06.0666 3972 TrustedInstaller - ok
20:34:06.0697 3972 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:34:06.0728 3972 tssecsrv - ok
20:34:06.0775 3972 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:34:06.0791 3972 tunmp - ok
20:34:06.0806 3972 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:34:06.0822 3972 tunnel - ok
20:34:06.0869 3972 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
20:34:06.0869 3972 uagp35 - ok
20:34:06.0900 3972 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:34:06.0931 3972 udfs - ok
20:34:06.0962 3972 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:34:07.0009 3972 UI0Detect - ok
20:34:07.0040 3972 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
20:34:07.0056 3972 uliagpkx - ok
20:34:07.0072 3972 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
20:34:07.0087 3972 uliahci - ok
20:34:07.0103 3972 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:34:07.0118 3972 UlSata - ok
20:34:07.0134 3972 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:34:07.0150 3972 ulsata2 - ok
20:34:07.0181 3972 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:34:07.0228 3972 umbus - ok
20:34:07.0259 3972 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:34:07.0306 3972 upnphost - ok
20:34:07.0352 3972 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:34:07.0368 3972 usbccgp - ok
20:34:07.0415 3972 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:34:07.0462 3972 usbcir - ok
20:34:07.0508 3972 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:34:07.0524 3972 usbehci - ok
20:34:07.0571 3972 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:34:07.0602 3972 usbhub - ok
20:34:07.0633 3972 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\DRIVERS\usbohci.sys
20:34:07.0696 3972 usbohci - ok
20:34:07.0742 3972 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
20:34:07.0774 3972 usbprint - ok
20:34:07.0805 3972 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
20:34:07.0820 3972 usbscan - ok
20:34:07.0867 3972 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:34:07.0883 3972 USBSTOR - ok
20:34:07.0930 3972 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:34:07.0961 3972 usbuhci - ok
20:34:07.0992 3972 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
20:34:08.0023 3972 usbvideo - ok
20:34:08.0070 3972 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:34:08.0101 3972 UxSms - ok
20:34:08.0148 3972 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:34:08.0179 3972 vds - ok
20:34:08.0210 3972 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
20:34:08.0273 3972 vga - ok
20:34:08.0304 3972 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:34:08.0335 3972 VgaSave - ok
20:34:08.0351 3972 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:34:08.0366 3972 viaide - ok
20:34:08.0429 3972 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:34:08.0444 3972 volmgr - ok
20:34:08.0476 3972 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:34:08.0491 3972 volmgrx - ok
20:34:08.0538 3972 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:34:08.0554 3972 volsnap - ok
20:34:08.0585 3972 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
20:34:08.0600 3972 vsmraid - ok
20:34:08.0678 3972 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:34:08.0741 3972 VSS - ok
20:34:08.0803 3972 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:34:08.0834 3972 W32Time - ok
20:34:08.0881 3972 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:34:08.0928 3972 WacomPen - ok
20:34:08.0975 3972 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:34:09.0006 3972 Wanarp - ok
20:34:09.0006 3972 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:34:09.0037 3972 Wanarpv6 - ok
20:34:09.0084 3972 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:34:09.0115 3972 wcncsvc - ok
20:34:09.0162 3972 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:34:09.0178 3972 WcsPlugInService - ok
20:34:09.0224 3972 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
20:34:09.0224 3972 Wd - ok
20:34:09.0271 3972 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:34:09.0302 3972 Wdf01000 - ok
20:34:09.0349 3972 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:34:09.0396 3972 WdiServiceHost - ok
20:34:09.0396 3972 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:34:09.0427 3972 WdiSystemHost - ok
20:34:09.0474 3972 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:34:09.0490 3972 WebClient - ok
20:34:09.0536 3972 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:34:09.0568 3972 Wecsvc - ok
20:34:09.0583 3972 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:34:09.0614 3972 wercplsupport - ok
20:34:09.0661 3972 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:34:09.0677 3972 WerSvc - ok
20:34:09.0724 3972 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:34:09.0770 3972 winachsf - ok
20:34:09.0895 3972 WinDefend - ok
20:34:09.0895 3972 WinHttpAutoProxySvc - ok
20:34:10.0176 3972 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:34:10.0207 3972 Winmgmt - ok
20:34:10.0270 3972 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:34:10.0379 3972 WinRM - ok
20:34:10.0426 3972 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:34:10.0457 3972 Wlansvc - ok
20:34:10.0504 3972 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:34:10.0535 3972 WmiAcpi - ok
20:34:10.0582 3972 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:34:10.0613 3972 wmiApSrv - ok
20:34:10.0691 3972 WMPNetworkSvc - ok
20:34:10.0831 3972 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:34:10.0862 3972 WPCSvc - ok
20:34:10.0894 3972 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:34:10.0925 3972 WPDBusEnum - ok
20:34:11.0065 3972 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:34:11.0096 3972 WPFFontCache_v0400 - ok
20:34:11.0252 3972 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:34:11.0284 3972 ws2ifsl - ok
20:34:11.0346 3972 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
20:34:11.0362 3972 wscsvc - ok
20:34:11.0362 3972 WSearch - ok
20:34:11.0471 3972 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
20:34:11.0642 3972 wuauserv - ok
20:34:11.0830 3972 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:34:11.0861 3972 wudfsvc - ok
20:34:11.0939 3972 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
20:34:12.0064 3972 \Device\Harddisk0\DR0 - ok
20:34:12.0064 3972 Boot (0x1200) (d188785e1b0b8b9c16be1a17d192f182) \Device\Harddisk0\DR0\Partition0
20:34:12.0064 3972 \Device\Harddisk0\DR0\Partition0 - ok
20:34:12.0064 3972 Boot (0x1200) (d377f96f6c1311c344fd7b27cf7895c0) \Device\Harddisk0\DR0\Partition1
20:34:12.0064 3972 \Device\Harddisk0\DR0\Partition1 - ok
20:34:12.0079 3972 ============================================================
20:34:12.0079 3972 Scan finished
20:34:12.0079 3972 ============================================================
20:34:12.0079 1432 Detected object count: 4
20:34:12.0079 1432 Actual detected object count: 4
20:34:43.0747 1432 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe - copied to quarantine
20:34:43.0747 1432 HKLM\SYSTEM\ControlSet001\services\Com4Qlb - will be deleted on reboot
20:34:43.0810 1432 HKLM\SYSTEM\ControlSet002\services\Com4Qlb - will be deleted on reboot
20:34:44.0028 1432 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe - will be deleted on reboot
20:34:44.0028 1432 Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:34:44.0200 1432 c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe - copied to quarantine
20:34:44.0200 1432 HKLM\SYSTEM\ControlSet001\services\HP Health Check Service - will be deleted on reboot
20:34:44.0231 1432 HKLM\SYSTEM\ControlSet002\services\HP Health Check Service - will be deleted on reboot
20:34:44.0231 1432 c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe - will be deleted on reboot
20:34:44.0231 1432 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:34:44.0293 1432 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - copied to quarantine
20:34:44.0293 1432 HKLM\SYSTEM\ControlSet001\services\hpqwmiex - will be deleted on reboot
20:34:44.0309 1432 HKLM\SYSTEM\ControlSet002\services\hpqwmiex - will be deleted on reboot
20:34:44.0309 1432 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - will be deleted on reboot
20:34:44.0309 1432 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:34:44.0465 1432 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine
20:34:44.0465 1432 HKLM\SYSTEM\ControlSet001\services\IDriverT - will be deleted on reboot
20:34:44.0465 1432 HKLM\SYSTEM\ControlSet002\services\IDriverT - will be deleted on reboot
20:34:44.0465 1432 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - will be deleted on reboot
20:34:44.0465 1432 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:34:52.0733 3840 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 06:32:59
-----------------------------
06:32:59.208 OS Version: Windows x64 6.0.6002 Service Pack 2
06:32:59.208 Number of processors: 2 586 0xF0D
06:32:59.208 ComputerName: ROBNKAL-PC UserName: Rob n kal
06:33:05.183 Initialize success
06:34:50.942 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
06:34:50.958 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
06:34:50.974 Disk 0 MBR read successfully
06:34:50.974 Disk 0 MBR scan
06:34:50.974 Disk 0 unknown MBR code
06:34:50.989 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291915 MB offset 63
06:34:51.020 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13327 MB offset 597842910
06:34:51.083 Disk 0 scanning C:\Windows\system32\drivers
06:35:14.926 Service scanning
06:35:39.349 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
06:36:05.869 Modules scanning
06:36:05.869 Disk 0 trace - called modules:
06:36:05.900 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
06:36:05.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e1a790]
06:36:06.415 3 CLASSPNP.SYS[fffffa6000fc5c33] -> nt!IofCallDriver -> [0xfffffa80055823d0]
06:36:06.415 5 acpi.sys[fffffa60008c3fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bc2050]
06:36:06.415 Scan finished successfully
06:37:14.928 Disk 0 MBR has been saved successfully to "C:\Users\Rob n kal\Desktop\MBR.dat"
06:37:14.928 The log file has been saved successfully to "C:\Users\Rob n kal\Desktop\aswMBR.txt"


SystemLook 30.07.11 by jpshortstuff
Log created at 06:36 on 27/03/2012 by Rob n kal
Administrator - Elevation successful

========== filefind ==========

Searching for " userinit.exe"
No files found.

Searching for " "
No files found.

-= EOF =-

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 27 March 2012 - 10:33 AM

Please run ComboFix again and post a fresh log.

Let me know what problem persists.

#15 big239

big239
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spokane, WA
  • Local time:11:09 AM

Posted 27 March 2012 - 05:16 PM

Still recieving bad image error, combofix on had a last auto run log[StartupItem_65537]





AutoType=6
State=0
SelfID=65537
UseState=16
ObjName=TW9iaWxlRG9jdW1lbnRz
RunCmdLine=c:\program files (x86)\common files\apple\internet services\ubd.exe
ObjPath=HKEY_USERS\S-1-5-21-2821757563-1174031297-986264838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\program files (x86)\common files\apple\internet services\ubd.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65538]
AutoType=2
State=0
SelfID=65538
UseState=16
ObjName=QWRvYmUgQVJN
RunCmdLine="c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath="c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65539]
AutoType=2
State=0
SelfID=65539
UseState=16
ObjName=U3VuSmF2YVVwZGF0ZVNjaGVk
RunCmdLine="c:\program files (x86)\common files\java\java update\jusched.exe"
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath="c:\program files (x86)\common files\java\java update\jusched.exe"
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65540]
AutoType=2
State=0
SelfID=65540
UseState=16
ObjName=SFAgU29mdHdhcmUgVXBkYXRl
RunCmdLine=c:\program files (x86)\hp\hp software update\hpwuschd2.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\program files (x86)\hp\hp software update\hpwuschd2.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65541]
AutoType=2
State=0
SelfID=65541
UseState=16
ObjName=aVR1bmVzSGVscGVy
RunCmdLine="c:\program files (x86)\itunes\ituneshelper.exe"
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath="c:\program files (x86)\itunes\ituneshelper.exe"
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65542]
AutoType=2
State=0
SelfID=65542
UseState=16
ObjName=UXVpY2tUaW1lIFRhc2s=
RunCmdLine="c:\program files (x86)\quicktime\qttask.exe" -atboottime
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath="c:\program files (x86)\quicktime\qttask.exe" -atboottime
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65543]
AutoType=2
State=0
SelfID=65543
UseState=16
ObjName=QVBTRGFlbW9u
RunCmdLine="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65544]
AutoType=2
State=0
SelfID=65544
UseState=16
ObjName=V0FXaWZpTWVzc2FnZQ==
RunCmdLine=c:\program files (x86)\hewlett-packard\hp wireless assistant\wifimsg.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\program files (x86)\hewlett-packard\hp wireless assistant\wifimsg.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65545]
AutoType=2
State=0
SelfID=65545
UseState=16
ObjName=aHBXaXJlbGVzc0Fzc2lzdGFudA==
RunCmdLine=c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65546]
AutoType=2
State=0
SelfID=65546
UseState=16
ObjName=UVBTZXJ2aWNl
RunCmdLine="c:\program files (x86)\hp\quickplay\qpservice.exe"
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath="c:\program files (x86)\hp\quickplay\qpservice.exe"
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65547]
AutoType=3
State=0
SelfID=65547
UseState=16
ObjName=UGVyc2lzdGVuY2U=
RunCmdLine=c:\windows\system32\igfxpers.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\windows\system32\igfxpers.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65548]
AutoType=3
State=0
SelfID=65548
UseState=16
ObjName=SG90S2V5c0NtZHM=
RunCmdLine=c:\windows\system32\hkcmd.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\windows\system32\hkcmd.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65549]
AutoType=3
State=0
SelfID=65549
UseState=16
ObjName=SWdmeFRyYXk=
RunCmdLine=c:\windows\system32\igfxtray.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\windows\system32\igfxtray.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65550]
AutoType=3
State=0
SelfID=65550
UseState=16
ObjName=UnRIRFZDcGw=
RunCmdLine=ravcpl64.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=ravcpl64.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65551]
AutoType=3
State=0
SelfID=65551
UseState=16
ObjName=SFAgSGVhbHRoIENoZWNrIFNjaGVkdWxlcg==
RunCmdLine=[programfilesfolder]hewlett-packard\hp health check\hphc_scheduler.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=[programfilesfolder]hewlett-packard\hp health check\hphc_scheduler.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65552]
AutoType=3
State=0
SelfID=65552
UseState=16
ObjName=T25TY3JlZW5EaXNwbGF5
RunCmdLine=c:\program files\hewlett-packard\hp quicktouch\hpkbdapp.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\program files\hewlett-packard\hp quicktouch\hpkbdapp.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65553]
AutoType=3
State=0
SelfID=65553
UseState=16
ObjName=SUFBbm90aWY=
RunCmdLine="c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath="c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65554]
AutoType=3
State=0
SelfID=65554
UseState=16
ObjName=U3luVFBTdGFydA==
RunCmdLine=c:\program files\synaptics\syntp\syntpstart.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\program files\synaptics\syntp\syntpstart.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65555]
AutoType=3
State=0
SelfID=65555
UseState=16
ObjName=U01TRVJJQUw=
RunCmdLine=c:\program files\motorola\smserial\sm56hlpr.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\program files\motorola\smserial\sm56hlpr.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65556]
AutoType=3
State=0
SelfID=65556
UseState=16
ObjName=U3luVFBFbmg=
RunCmdLine=%programfiles%\synaptics\syntp\syntpenh.exe
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=%programfiles%\synaptics\syntp\syntpenh.exe
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65557]
AutoType=2
State=0
SelfID=65557
UseState=16
ObjName=Y29tYm9maXg=
RunCmdLine=c:\combofix\cf1994.3xe /c c:\combofix\combobatch.bat
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\combofix\cf1994.3xe /c c:\combofix\combobatch.bat
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65558]
AutoType=2
State=0
SelfID=65558
UseState=16
ObjName=Y29tYm9maXg=
RunCmdLine=c:\combofix\cf10315.3xe /c c:\combofix\combobatch.bat
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\combofix\cf10315.3xe /c c:\combofix\combobatch.bat
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65559]
AutoType=2
State=0
SelfID=65559
UseState=16
ObjName=Y29tYm9maXg=
RunCmdLine=c:\combofix\cf18985.3xe /c c:\combofix\combobatch.bat
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\combofix\cf18985.3xe /c c:\combofix\combobatch.bat
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=
[StartupItem_65560]
AutoType=2
State=0
SelfID=65560
UseState=16
ObjName=Y29tYm9maXg=
RunCmdLine=c:\combofix\cf27330.3xe /c c:\combofix\combobatch.bat
ObjPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunImagePath=c:\combofix\cf27330.3xe /c c:\combofix\combobatch.bat
OperaDate=1899-12-30 00:00:00:000
SystemStartTime=1899-12-30 00:00:00:000
MemoryMax=0
IoReadMax=0
IoReadBits=0
CpuMax=0.00%
Boottime=1899-12-30 00:00:00:000
CommpanyName=
FileDescription=




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users