Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exe files closing automatically after couple of seconds


  • This topic is locked This topic is locked
9 replies to this topic

#1 ExTaLyX

ExTaLyX

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 19 May 2012 - 06:09 AM

Well,
i think i have virus because strange things happen to my computer lately..
like i try to open exe file and it closing me after couple of seconds.

help me please.

here is the DDS log :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/12/2011 8:36:51 AM
System Uptime: 5/19/2012 2:32:01 AM (12 hours ago)
.
Motherboard: Hewlett-Packard |  | 163D
Processor: Intel(R) Core(TM) i5 CPU       M 480  @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 673 GiB total, 227.216 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 3.725 GiB free.
E: is CDROM ()
H: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0002
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0002
Service: tap0901
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer: 
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP238: 5/10/2012 12:36:26 AM - Installed Ventrilo Client for Windows x64
RP239: 5/10/2012 5:36:02 PM - Software Distribution Service 3.0
RP240: 5/14/2012 9:28:38 AM - Software Distribution Service 3.0
RP241: 5/17/2012 2:32:14 PM - Software Distribution Service 3.0
RP242: 5/18/2012 10:00:45 PM - Windows Modules Installer
RP243: 5/19/2012 1:39:19 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
????? Windows Live
???????? ?????????? IDT Audio
???????? ?????????? Windows Live
?????????? Windows Live
µTorrent
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6 - Russian
Adobe Shockwave Player 11.5
Advanced SystemCare 5
Agatha Christie - Peril at End House
AIMP2
AION Free-To-Play
Akamai NetSession Interface
ASIO4ALL
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Blaze Media Pro
Bounce Symphony
Bully Scholarship Edition
Cache Cleaner 4.3.3.3
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
Counter-Strike: Source
CyberLink DVD Suite
D3DX10
DAEMON Tools Lite
Deckadance
DeviceIO
Dora's World Adventure
Download Master version 5.7.2.1217
Driver Genius Professional Edition
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
ESU for Microsoft Windows 7
Fable III
Facebook Video Calling 1.2.0.159
Farm Frenzy
Fences Pro
Final Drive Nitro
FL Studio 10
Foxit Reader
Free Studio version 5.4.8
Game Booster 3
Garry's Mod
GDMO
GIMP 2.6.10
Google Chrome
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
ICA
IL Download Manager
IMVU Avatar Chat Software
Intel PC iPOS BTS 2011
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
K-Lite Mega Codec Pack 6.1.0
LabelPrint
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MixMeister Fusion Demo 7.4.4
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
NC Launcher (GameForge)
Need for Speed™ Most Wanted
Norton Online Backup
NVIDIA PhysX
OpenOffice.org 3.2
Opera 11.62
Pando Media Booster
Penguins!
PhotoNow!
Picasa 3
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PSPPContent
PSPPRO_DCRAW
PunkBuster Services
PureHD
PX Profile Update
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek PC Camera
Realtek USB 2.0 Card Reader
Recovery Manager
reFX Nexus VSTi RTAS v2.2.0
Saints Row The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Setup
Share
Skype Click to Call
Skype™ 5.8
StarCraft II
Steam
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
The KMPlayer 2.9.4.1435 (DXVA+CUDA+SVP)
The Sims™ 3
The Sims™ 3 ? ????????
The Sims™ 3 ???????
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.4053
VIO
Virtual Villagers 4 - The Tree of Life
VirtualDJ PRO Full
VSClassic
VSPro
WildTangent Games App
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRar
WinZip System Utilities Suite
World of Warcraft
Worms Reloaded
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/18/2012 9:14:46 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/18/2012 9:04:02 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/18/2012 9:03:51 PM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
5/18/2012 9:03:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8008f8a390, 0xfffff880046e8ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051812-23212-01.
5/18/2012 8:28:04 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/18/2012 8:27:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa80047d7010, 0xfffff8800461cae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051812-24882-01.
5/18/2012 11:52:27 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
5/18/2012 11:51:28 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/18/2012 11:51:28 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-2147218173.
5/18/2012 11:50:32 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
5/18/2012 11:50:32 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/18/2012 11:50:21 PM, Error: Service Control Manager [7001]  - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/18/2012 11:50:21 PM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the file specified.
5/18/2012 11:50:20 PM, Error: Service Control Manager [7001]  - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/17/2012 2:33:11 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/17/2012 12:29:48 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/17/2012 1:27:08 AM, Error: Service Control Manager [7043]  - The TCE CAD Service service did not shut down properly after receiving a preshutdown control.
5/16/2012 4:37:56 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/16/2012 4:37:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8004e06010, 0xfffff88004207ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051612-24289-01.
5/16/2012 2:12:34 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/16/2012 2:00:29 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/16/2012 12:06:57 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/16/2012 1:59:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa800931c010, 0xfffff88004007ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051612-27799-01.
5/15/2012 12:50:15 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/15/2012 12:05:59 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/15/2012 11:05:57 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/15/2012 11:00:41 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/15/2012 10:09:55 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/15/2012 10:09:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8004bd7010, 0xfffff88003e12ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051512-30544-01.
5/15/2012 1:10:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.
5/15/2012 1:00:45 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/14/2012 9:31:20 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/14/2012 9:14:50 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/14/2012 9:14:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8004e0c4e0, 0xfffff880046e0ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051412-26769-01.
5/14/2012 3:14:19 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/14/2012 3:13:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa80093294e0, 0xfffff88004623ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051412-24928-01.
5/14/2012 12:36:19 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/14/2012 11:39:23 AM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
5/14/2012 1:39:21 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/14/2012 1:38:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa80046b84e0, 0xfffff88004407ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051412-24024-01.
5/14/2012 1:04:33 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/14/2012 1:04:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8004636010, 0xfffff88004688ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051412-27003-01.
5/13/2012 12:51:02 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/13/2012 12:50:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8009e3c360, 0xfffff8800463bae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051312-21606-01.
5/13/2012 11:26:34 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 7:35:31 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/12/2012 7:22:37 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 7:22:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8004a2f010, 0xfffff88003d01ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051212-20217-01.
5/12/2012 3:40:14 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 3:39:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8004a0f4e0, 0xfffff88004178ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051212-20607-01.
5/12/2012 3:03:29 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 3:03:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa800903a4e0, 0xfffff88004007ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051212-22386-01.
5/12/2012 12:28:04 AM, Error: Microsoft-Windows-Application-Experience [205]  - The Program Compatibility Assistant service failed to perform the phase two initialization.
5/12/2012 12:05:35 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7001]  - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7001]  - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7001]  - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:  The service has not been started.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7001]  - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7001]  - The Extensible Authentication Protocol service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7001]  - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:58 AM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:02:48 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.
5/12/2012 12:02:48 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Desktop Window Manager Session Manager service to connect.
5/12/2012 12:02:48 AM, Error: Service Control Manager [7001]  - The WLAN AutoConfig service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:48 AM, Error: Service Control Manager [7001]  - The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:48 AM, Error: Service Control Manager [7000]  - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:02:48 AM, Error: Service Control Manager [7000]  - The Desktop Window Manager Session Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:02:28 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
5/12/2012 12:02:28 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.
5/12/2012 12:02:28 AM, Error: Service Control Manager [7001]  - The WWAN AutoConfig service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:28 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:28 AM, Error: Service Control Manager [7000]  - The Network Store Interface Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:02:28 AM, Error: Service Control Manager [7000]  - The Diagnostic Policy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:02:23 AM, Error: Service Control Manager [7001]  - The Function Discovery Resource Publication service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:02:18 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:02:13 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:02:08 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error:  An instance of the service is already running.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Experience service to connect.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7001]  - The wuauserv service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7001]  - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7001]  - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7000]  - The Windows Event Log service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7000]  - The Themes service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7000]  - The Server service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:58 AM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:48 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Audio Endpoint Builder service to connect.
5/12/2012 12:01:48 AM, Error: Service Control Manager [7001]  - The Program Compatibility Assistant Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:01:48 AM, Error: Service Control Manager [7000]  - The Windows Audio Endpoint Builder service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:23 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
5/12/2012 12:01:23 AM, Error: Service Control Manager [7000]  - The Windows Font Cache Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:18 AM, Error: Service Control Manager [7019]  - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
5/12/2012 12:01:18 AM, Error: Service Control Manager [7001]  - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:01:18 AM, Error: Service Control Manager [7001]  - The Portable Device Enumerator Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:01:13 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
5/12/2012 12:01:13 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:01:13 AM, Error: Service Control Manager [7001]  - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:  The service has returned a service-specific error code.
5/12/2012 12:01:13 AM, Error: Service Control Manager [7001]  - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:01:08 AM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
5/12/2012 12:01:08 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
5/12/2012 12:01:03 AM, Error: Service Control Manager [7031]  - The Windows Error Reporting Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The wuauserv service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:58 AM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:53 AM, Error: Service Control Manager [7034]  - The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 3 time(s).
5/12/2012 12:00:50 AM, Error: Service Control Manager [7034]  - The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:48 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
5/12/2012 12:00:43 AM, Error: Service Control Manager [7031]  - The Peer Networking Identity Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/12/2012 12:00:43 AM, Error: Service Control Manager [7031]  - The Peer Networking Grouping service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/12/2012 12:00:43 AM, Error: Service Control Manager [7031]  - The Peer Name Resolution Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/12/2012 12:00:38 AM, Error: Service Control Manager [7034]  - The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
5/12/2012 12:00:33 AM, Error: Service Control Manager [7031]  - The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/12/2012 12:00:28 AM, Error: Service Control Manager [7031]  - The WWAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:28 AM, Error: Service Control Manager [7031]  - The Diagnostic Policy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:23 AM, Error: Service Control Manager [7031]  - The Windows Font Cache Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:23 AM, Error: Service Control Manager [7031]  - The UPnP Device Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
5/12/2012 12:00:23 AM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
5/12/2012 12:00:23 AM, Error: Service Control Manager [7031]  - The Function Discovery Resource Publication service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:23 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
5/12/2012 12:00:23 AM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:00:23 AM, Error: Service Control Manager [7000]  - The SSDP Discovery service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:00:21 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Service Host service to connect.
5/12/2012 12:00:21 AM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 12:00:18 AM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:18 AM, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/12/2012 12:00:18 AM, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
5/12/2012 12:00:18 AM, Error: Service Control Manager [7031]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/12/2012 12:00:18 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
5/12/2012 12:00:18 AM, Error: Service Control Manager [7000]  - The TCP/IP NetBIOS Helper service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 1:58:26 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 1:41:32 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 1:41:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8004ae1010, 0xfffff880040f3ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051212-28204-01.
5/12/2012 1:30:09 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2012 1:29:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa80070fd4e0, 0xfffff88001845ae4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051212-20280-01.
.
==== End Of File ===========================

and here is the GMER log :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-19 14:58:41
Windows 6.1.7601 Service Pack 1 
Running: g3lczf4p.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@!\0045\4B\0045\0042\0040\4O\4 \0:\0040\4@\4B\0040\4 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\0006\08\0D\0/\08\0001\0001\0001\0D\0 \0F\0a\0m\0i\0l\0y\0 \0P\0C\0I\0-\0E\0 \0G\0i\0g\0a\0b\0i\0t\0 \0E\0t\0h\0e\0r\0n\0e\0t\0 \0N\0I\0C\0 \0(\0N\0D\0I\0S\0 \0006\0.\0002\0000\0)  1?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0006\0t\0o\0004                                                                                                                                                                                                      1?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@"\4C\4=\4=\0045\4;\4L\4=\4K\49\4 \0000\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o                                                                                                                                                                 1?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P                                                                                                                                                                                                    1?
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0007\0040\4<\4K\4:\0040\4=\48\4O\4 \0=\0040\4 \0A\0045\0041\4O\4                                                                                                                                                     1?2?3?4?5?6?
Reg  HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@!\0045\4B\0045\0042\0040\4O\4 \0:\0040\4@\4B\0040\4 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\0006\08\0D\0/\08\0001\0001\0001\0D\0 \0F\0a\0m\0i\0l\0y\0 \0P\0C\0I\0-\0E\0 \0G\0i\0g\0a\0b\0i\0t\0 \0E\0t\0h\0e\0r\0n\0e\0t\0 \0N\0I\0C\0 \0(\0N\0D\0I\0S\0 \0006\0.\0002\0000\0)      1?
Reg  HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0006\0t\0o\0004                                                                                                                                                                                                          1?
Reg  HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@"\4C\4=\4=\0045\4;\4L\4=\4K\49\4 \0000\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o                                                                                                                                                                     1?
Reg  HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P                                                                                                                                                                                                        1?
Reg  HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0007\0040\4<\4K\4:\0040\4=\48\4O\4 \0=\0040\4 \0A\0045\0041\4O\4                                                                                                                                                         1?2?3?4?5?6?

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 19 May 2012 - 11:14 AM.
Moved to log forum and removed font coding for ease of reading. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 21 May 2012 - 01:28 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download the tools. (DO NOT RUN THEM JUST NOW)

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 2 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When the you have run the file do not restart the computer.

Run the other 2 tools you just downloaded.

Please post the logs for my review.

#3 ExTaLyX

ExTaLyX
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 23 May 2012 - 06:06 AM

Here is the aswMBR log :

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 15:02:40
-----------------------------
15:02:40.431 OS Version: Windows x64 6.1.7601 Service Pack 1
15:02:40.431 Number of processors: 4 586 0x2505
15:02:40.432 ComputerName: MAXXX UserName: ???
15:03:04.203 Initialize success
15:03:09.776 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:03:09.778 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
15:03:09.851 Disk 0 MBR read successfully
15:03:09.854 Disk 0 MBR scan
15:03:09.856 Disk 0 unknown MBR code
15:03:09.879 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:03:09.896 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 689036 MB offset 409600
15:03:09.949 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 26065 MB offset 1411555328
15:03:10.040 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
15:03:10.141 Disk 0 scanning C:\Windows\system32\drivers
15:03:37.657 Service scanning
15:04:03.283 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:04:25.118 Modules scanning
15:04:25.118 Disk 0 trace - called modules:
15:04:25.649 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
15:04:25.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005297060]
15:04:25.664 3 CLASSPNP.SYS[fffff88001bc443f] -> nt!IofCallDriver -> [0xfffffa8005121a70]
15:04:25.664 5 hpdskflt.sys[fffff88001b6b289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd2050]
15:04:25.680 Scan finished successfully
15:04:47.448 Disk 0 MBR has been saved successfully to "C:\Users\MaxXx\Desktop\MBR.dat"
15:04:47.464 The log file has been saved successfully to "C:\Users\MaxXx\Desktop\aswMBR.txt"

Edited by nasdaq, 23 May 2012 - 12:06 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 23 May 2012 - 12:07 PM

Did you execute the TDSSKiller.exe?
Can you post the log please.

#5 ExTaLyX

ExTaLyX
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 23 May 2012 - 04:45 PM

Did you execute the TDSSKiller.exe?
Can you post the log please.


Yeah,
here is the report :

01:42:40.0016 4516	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
01:42:42.0016 4516	============================================================
01:42:42.0016 4516	Current date / time: 2012/05/24 01:42:42.0016
01:42:42.0016 4516	SystemInfo:
01:42:42.0016 4516	
01:42:42.0016 4516	OS Version: 6.1.7601 ServicePack: 1.0
01:42:42.0016 4516	Product type: Workstation
01:42:42.0016 4516	ComputerName: MAXXX
01:42:42.0016 4516	UserName: Дом
01:42:42.0016 4516	Windows directory: C:\Windows
01:42:42.0016 4516	System windows directory: C:\Windows
01:42:42.0016 4516	Running under WOW64
01:42:42.0016 4516	Processor architecture: Intel x64
01:42:42.0016 4516	Number of processors: 4
01:42:42.0016 4516	Page size: 0x1000
01:42:42.0016 4516	Boot type: Normal boot
01:42:42.0016 4516	============================================================
01:42:42.0686 4516	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:42:42.0696 4516	============================================================
01:42:42.0696 4516	\Device\Harddisk0\DR0:
01:42:42.0696 4516	MBR partitions:
01:42:42.0696 4516	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
01:42:42.0696 4516	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x541C6000
01:42:42.0696 4516	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5422A000, BlocksNum 0x32E8800
01:42:42.0696 4516	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
01:42:42.0696 4516	============================================================
01:42:42.0746 4516	C: <-> \Device\Harddisk0\DR0\Partition1
01:42:42.0846 4516	D: <-> \Device\Harddisk0\DR0\Partition2
01:42:42.0856 4516	H: <-> \Device\Harddisk0\DR0\Partition3
01:42:42.0856 4516	============================================================
01:42:42.0856 4516	Initialize success
01:42:42.0856 4516	============================================================
01:42:46.0396 2092	============================================================
01:42:46.0396 2092	Scan started
01:42:46.0396 2092	Mode: Manual; 
01:42:46.0396 2092	============================================================
01:42:48.0386 2092	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:42:48.0386 2092	1394ohci - ok
01:42:48.0446 2092	Accelerometer   (5aa055fe5ae506e19e9a8f537756ee10) C:\Windows\system32\DRIVERS\Accelerometer.sys
01:42:48.0446 2092	Accelerometer - ok
01:42:48.0566 2092	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:42:48.0576 2092	ACPI - ok
01:42:48.0606 2092	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:42:48.0616 2092	AcpiPmi - ok
01:42:48.0766 2092	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:42:48.0776 2092	adp94xx - ok
01:42:48.0866 2092	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:42:48.0876 2092	adpahci - ok
01:42:48.0976 2092	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:42:48.0986 2092	adpu320 - ok
01:42:49.0126 2092	AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
01:42:49.0136 2092	AdvancedSystemCareService5 - ok
01:42:49.0186 2092	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:42:49.0186 2092	AeLookupSvc - ok
01:42:49.0296 2092	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
01:42:49.0306 2092	AESTFilters - ok
01:42:49.0396 2092	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:42:49.0406 2092	AFD - ok
01:42:49.0446 2092	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:42:49.0446 2092	agp440 - ok
01:42:49.0476 2092	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:42:49.0476 2092	ALG - ok
01:42:49.0516 2092	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:42:49.0516 2092	aliide - ok
01:42:49.0566 2092	AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
01:42:49.0566 2092	AMD External Events Utility - ok
01:42:49.0596 2092	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:42:49.0596 2092	amdide - ok
01:42:49.0626 2092	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:42:49.0626 2092	AmdK8 - ok
01:42:50.0236 2092	amdkmdag        (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
01:42:50.0386 2092	amdkmdag - ok
01:42:50.0586 2092	amdkmdap        (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
01:42:50.0586 2092	amdkmdap - ok
01:42:50.0616 2092	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:42:50.0616 2092	AmdPPM - ok
01:42:50.0656 2092	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:42:50.0656 2092	amdsata - ok
01:42:50.0686 2092	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:42:50.0686 2092	amdsbs - ok
01:42:50.0716 2092	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:42:50.0716 2092	amdxata - ok
01:42:50.0736 2092	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:42:50.0746 2092	AppID - ok
01:42:50.0786 2092	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:42:50.0786 2092	AppIDSvc - ok
01:42:50.0816 2092	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:42:50.0816 2092	Appinfo - ok
01:42:50.0856 2092	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:42:50.0856 2092	arc - ok
01:42:50.0866 2092	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:42:50.0866 2092	arcsas - ok
01:42:50.0986 2092	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:42:50.0986 2092	aspnet_state - ok
01:42:51.0036 2092	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:42:51.0036 2092	AsyncMac - ok
01:42:51.0086 2092	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:42:51.0086 2092	atapi - ok
01:42:51.0176 2092	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
01:42:51.0186 2092	AtiHDAudioService - ok
01:42:51.0226 2092	AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
01:42:51.0226 2092	AtiHdmiService - ok
01:42:51.0326 2092	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:42:51.0336 2092	AudioEndpointBuilder - ok
01:42:51.0336 2092	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:42:51.0346 2092	AudioSrv - ok
01:42:51.0386 2092	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:42:51.0386 2092	AxInstSV - ok
01:42:51.0446 2092	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:42:51.0446 2092	b06bdrv - ok
01:42:51.0506 2092	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:42:51.0506 2092	b57nd60a - ok
01:42:51.0886 2092	BCM43XX         (fbc76c8d561d0ad159ef9452d9f328f6) C:\Windows\system32\DRIVERS\bcmwl664.sys
01:42:51.0946 2092	BCM43XX - ok
01:42:52.0146 2092	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:42:52.0146 2092	BDESVC - ok
01:42:52.0186 2092	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:42:52.0186 2092	Beep - ok
01:42:52.0266 2092	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:42:52.0266 2092	BFE - ok
01:42:52.0356 2092	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
01:42:52.0366 2092	BITS - ok
01:42:52.0416 2092	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:42:52.0416 2092	blbdrive - ok
01:42:52.0456 2092	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:42:52.0466 2092	bowser - ok
01:42:52.0526 2092	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:42:52.0526 2092	BrFiltLo - ok
01:42:52.0546 2092	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:42:52.0546 2092	BrFiltUp - ok
01:42:52.0586 2092	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:42:52.0586 2092	Browser - ok
01:42:52.0626 2092	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:42:52.0626 2092	Brserid - ok
01:42:52.0646 2092	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:42:52.0666 2092	BrSerWdm - ok
01:42:52.0686 2092	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:42:52.0696 2092	BrUsbMdm - ok
01:42:52.0726 2092	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:42:52.0726 2092	BrUsbSer - ok
01:42:52.0736 2092	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:42:52.0746 2092	BTHMODEM - ok
01:42:52.0776 2092	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:42:52.0776 2092	bthserv - ok
01:42:52.0806 2092	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:42:52.0806 2092	cdfs - ok
01:42:52.0866 2092	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:42:52.0866 2092	cdrom - ok
01:42:52.0906 2092	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:42:52.0906 2092	CertPropSvc - ok
01:42:52.0936 2092	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:42:52.0936 2092	circlass - ok
01:42:53.0036 2092	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:42:53.0036 2092	CLFS - ok
01:42:53.0136 2092	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:42:53.0136 2092	clr_optimization_v2.0.50727_32 - ok
01:42:53.0216 2092	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:42:53.0216 2092	clr_optimization_v2.0.50727_64 - ok
01:42:53.0316 2092	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:42:53.0316 2092	clr_optimization_v4.0.30319_32 - ok
01:42:53.0376 2092	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:42:53.0376 2092	clr_optimization_v4.0.30319_64 - ok
01:42:53.0406 2092	clwvd           (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
01:42:53.0406 2092	clwvd - ok
01:42:53.0426 2092	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:42:53.0446 2092	CmBatt - ok
01:42:53.0486 2092	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:42:53.0486 2092	cmdide - ok
01:42:53.0556 2092	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:42:53.0556 2092	CNG - ok
01:42:53.0606 2092	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:42:53.0606 2092	Compbatt - ok
01:42:53.0666 2092	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:42:53.0666 2092	CompositeBus - ok
01:42:53.0676 2092	COMSysApp - ok
01:42:53.0676 2092	cpuz135 - ok
01:42:53.0686 2092	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:42:53.0686 2092	crcdisk - ok
01:42:53.0736 2092	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:42:53.0746 2092	CryptSvc - ok
01:42:53.0836 2092	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:42:53.0836 2092	DcomLaunch - ok
01:42:53.0876 2092	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:42:53.0876 2092	defragsvc - ok
01:42:53.0926 2092	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:42:53.0926 2092	DfsC - ok
01:42:54.0006 2092	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:42:54.0006 2092	Dhcp - ok
01:42:54.0036 2092	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:42:54.0036 2092	discache - ok
01:42:54.0066 2092	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:42:54.0066 2092	Disk - ok
01:42:54.0116 2092	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:42:54.0116 2092	Dnscache - ok
01:42:54.0176 2092	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:42:54.0186 2092	dot3svc - ok
01:42:54.0311 2092	DpHost          (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
01:42:54.0358 2092	DpHost - ok
01:42:54.0403 2092	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:42:54.0418 2092	DPS - ok
01:42:54.0446 2092	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:42:54.0461 2092	drmkaud - ok
01:42:54.0521 2092	dtsoftbus01     (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
01:42:54.0525 2092	dtsoftbus01 - ok
01:42:54.0528 2092	dump_wmimmc - ok
01:42:54.0614 2092	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:42:54.0624 2092	DXGKrnl - ok
01:42:54.0633 2092	EagleX64 - ok
01:42:54.0685 2092	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:42:54.0687 2092	EapHost - ok
01:42:55.0410 2092	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:42:55.0483 2092	ebdrv - ok
01:42:55.0783 2092	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:42:55.0785 2092	EFS - ok
01:42:56.0083 2092	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:42:56.0091 2092	ehRecvr - ok
01:42:56.0215 2092	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:42:56.0232 2092	ehSched - ok
01:42:56.0510 2092	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:42:56.0538 2092	elxstor - ok
01:42:56.0588 2092	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:42:56.0590 2092	ErrDev - ok
01:42:56.0595 2092	etwhgbta - ok
01:42:56.0847 2092	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:42:56.0867 2092	EventSystem - ok
01:42:56.0870 2092	ewusbnet - ok
01:42:56.0960 2092	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:42:56.0995 2092	exfat - ok
01:42:57.0003 2092	ezSharedSvc - ok
01:42:57.0091 2092	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:42:57.0094 2092	fastfat - ok
01:42:57.0301 2092	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:42:57.0326 2092	Fax - ok
01:42:57.0358 2092	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:42:57.0359 2092	fdc - ok
01:42:57.0386 2092	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:42:57.0387 2092	fdPHost - ok
01:42:57.0421 2092	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:42:57.0423 2092	FDResPub - ok
01:42:57.0481 2092	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:42:57.0492 2092	FileInfo - ok
01:42:57.0518 2092	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:42:57.0519 2092	Filetrace - ok
01:42:57.0567 2092	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:42:57.0569 2092	flpydisk - ok
01:42:57.0640 2092	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:42:57.0644 2092	FltMgr - ok
01:42:57.0925 2092	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:42:57.0961 2092	FontCache - ok
01:42:58.0121 2092	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:42:58.0122 2092	FontCache3.0.0.0 - ok
01:42:58.0239 2092	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:42:58.0240 2092	FsDepends - ok
01:42:58.0304 2092	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:42:58.0306 2092	Fs_Rec - ok
01:42:58.0360 2092	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:42:58.0362 2092	fvevol - ok
01:42:58.0419 2092	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:42:58.0420 2092	gagp30kx - ok
01:42:58.0538 2092	GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
01:42:58.0591 2092	GameConsoleService - ok
01:42:58.0689 2092	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
01:42:58.0692 2092	GamesAppService - ok
01:42:58.0695 2092	gcscllig - ok
01:42:58.0748 2092	GEARAspiWDM     (58e581a98a85587e9f5a297d4ad44cc0) C:\Windows\system32\Drivers\GEARAspiWDM.sys
01:42:58.0749 2092	GEARAspiWDM - ok
01:42:58.0919 2092	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:42:58.0939 2092	gpsvc - ok
01:42:58.0999 2092	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:42:58.0999 2092	gusvc - ok
01:42:59.0039 2092	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
01:42:59.0049 2092	hamachi - ok
01:42:59.0089 2092	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:42:59.0099 2092	hcw85cir - ok
01:42:59.0179 2092	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:42:59.0189 2092	HdAudAddService - ok
01:42:59.0249 2092	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:42:59.0259 2092	HDAudBus - ok
01:42:59.0329 2092	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
01:42:59.0329 2092	HECIx64 - ok
01:42:59.0369 2092	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:42:59.0369 2092	HidBatt - ok
01:42:59.0429 2092	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:42:59.0449 2092	HidBth - ok
01:42:59.0519 2092	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:42:59.0519 2092	HidIr - ok
01:42:59.0589 2092	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
01:42:59.0599 2092	hidserv - ok
01:42:59.0629 2092	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:42:59.0629 2092	HidUsb - ok
01:42:59.0739 2092	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:42:59.0739 2092	hkmsvc - ok
01:42:59.0809 2092	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:42:59.0819 2092	HomeGroupListener - ok
01:42:59.0919 2092	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:42:59.0919 2092	HomeGroupProvider - ok
01:43:00.0079 2092	HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
01:43:00.0079 2092	HP Support Assistant Service - ok
01:43:00.0249 2092	HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
01:43:00.0249 2092	HP Wireless Assistant Service - ok
01:43:00.0409 2092	HPClientSvc     (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
01:43:00.0419 2092	HPClientSvc - ok
01:43:00.0519 2092	HPDrvMntSvc.exe (d17f9e527f01770bd04a9223bc40ec22) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
01:43:00.0519 2092	HPDrvMntSvc.exe - ok
01:43:00.0589 2092	hpdskflt        (0ac88fbe4bf315f5f8fd862426c11540) C:\Windows\system32\DRIVERS\hpdskflt.sys
01:43:00.0589 2092	hpdskflt - ok
01:43:00.0879 2092	hpqwmiex        (0955c23c041451fb4e7099d6b2cf1c06) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
01:43:00.0899 2092	hpqwmiex - ok
01:43:00.0959 2092	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:43:00.0959 2092	HpSAMD - ok
01:43:00.0999 2092	hpsrv           (778ce2c015dec896c5c9323342bd71d4) C:\Windows\system32\Hpservice.exe
01:43:00.0999 2092	hpsrv - ok
01:43:01.0069 2092	HPWMISVC        (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
01:43:01.0069 2092	HPWMISVC - ok
01:43:01.0339 2092	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:43:01.0369 2092	HTTP - ok
01:43:01.0379 2092	hwdatacard - ok
01:43:01.0429 2092	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:43:01.0429 2092	hwpolicy - ok
01:43:01.0509 2092	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:43:01.0509 2092	i8042prt - ok
01:43:01.0769 2092	iaStor          (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
01:43:01.0779 2092	iaStor - ok
01:43:01.0909 2092	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:43:01.0919 2092	iaStorV - ok
01:43:02.0109 2092	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:43:02.0149 2092	IDriverT - ok
01:43:02.0659 2092	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:43:02.0699 2092	idsvc - ok
01:43:05.0839 2092	igfx            (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:43:05.0999 2092	igfx - ok
01:43:06.0359 2092	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:43:06.0379 2092	iirsp - ok
01:43:06.0629 2092	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:43:06.0659 2092	IKEEXT - ok
01:43:06.0729 2092	Impcd           (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
01:43:06.0729 2092	Impcd - ok
01:43:06.0779 2092	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:43:06.0779 2092	intelide - ok
01:43:08.0819 2092	intelkmd        (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
01:43:09.0019 2092	intelkmd - ok
01:43:09.0309 2092	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:43:09.0319 2092	intelppm - ok
01:43:09.0469 2092	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:43:09.0479 2092	IPBusEnum - ok
01:43:09.0539 2092	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:43:09.0539 2092	IpFilterDriver - ok
01:43:09.0589 2092	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:43:09.0599 2092	IPMIDRV - ok
01:43:09.0649 2092	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:43:09.0649 2092	IPNAT - ok
01:43:09.0699 2092	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:43:09.0699 2092	IRENUM - ok
01:43:09.0759 2092	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:43:09.0759 2092	isapnp - ok
01:43:09.0919 2092	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:43:09.0919 2092	iScsiPrt - ok
01:43:09.0999 2092	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:43:09.0999 2092	kbdclass - ok
01:43:10.0079 2092	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:43:10.0079 2092	kbdhid - ok
01:43:10.0149 2092	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:43:10.0149 2092	KeyIso - ok
01:43:10.0239 2092	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:43:10.0249 2092	KSecDD - ok
01:43:10.0449 2092	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:43:10.0459 2092	KSecPkg - ok
01:43:10.0569 2092	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:43:10.0569 2092	ksthunk - ok
01:43:10.0799 2092	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:43:10.0799 2092	KtmRm - ok
01:43:10.0999 2092	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
01:43:11.0019 2092	LanmanServer - ok
01:43:11.0119 2092	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:43:11.0139 2092	LanmanWorkstation - ok
01:43:11.0169 2092	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
01:43:11.0189 2092	LGBusEnum - ok
01:43:11.0239 2092	LGSHidFilt      (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
01:43:11.0239 2092	LGSHidFilt - ok
01:43:11.0279 2092	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
01:43:11.0279 2092	LGVirHid - ok
01:43:11.0339 2092	LHidFilt        (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:43:11.0339 2092	LHidFilt - ok
01:43:11.0559 2092	LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:43:11.0589 2092	LightScribeService - ok
01:43:11.0649 2092	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:43:11.0649 2092	lltdio - ok
01:43:11.0859 2092	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:43:11.0869 2092	lltdsvc - ok
01:43:11.0919 2092	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:43:11.0939 2092	lmhosts - ok
01:43:11.0969 2092	LMIInfo - ok
01:43:12.0009 2092	lmimirr         (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
01:43:12.0009 2092	lmimirr - ok
01:43:12.0019 2092	LMIRfsClientNP - ok
01:43:12.0109 2092	LMIRfsDriver    (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
01:43:12.0109 2092	LMIRfsDriver - ok
01:43:12.0219 2092	LMouFilt        (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:43:12.0219 2092	LMouFilt - ok
01:43:12.0539 2092	LMS             (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:43:12.0579 2092	LMS - ok
01:43:12.0619 2092	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:43:12.0639 2092	LSI_FC - ok
01:43:12.0679 2092	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:43:12.0679 2092	LSI_SAS - ok
01:43:12.0699 2092	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:43:12.0699 2092	LSI_SAS2 - ok
01:43:12.0719 2092	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:43:12.0719 2092	LSI_SCSI - ok
01:43:12.0809 2092	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:43:12.0809 2092	luafv - ok
01:43:12.0899 2092	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:43:12.0899 2092	Mcx2Svc - ok
01:43:12.0939 2092	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:43:12.0939 2092	megasas - ok
01:43:13.0079 2092	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:43:13.0079 2092	MegaSR - ok
01:43:13.0129 2092	mkmhqniy - ok
01:43:13.0229 2092	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:43:13.0249 2092	MMCSS - ok
01:43:13.0309 2092	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:43:13.0319 2092	Modem - ok
01:43:13.0329 2092	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:43:13.0329 2092	monitor - ok
01:43:13.0369 2092	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:43:13.0369 2092	mouclass - ok
01:43:13.0409 2092	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:43:13.0409 2092	mouhid - ok
01:43:13.0459 2092	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:43:13.0459 2092	mountmgr - ok
01:43:13.0519 2092	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
01:43:13.0519 2092	MpFilter - ok
01:43:13.0579 2092	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:43:13.0599 2092	mpio - ok
01:43:13.0699 2092	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:43:13.0699 2092	MpNWMon - ok
01:43:13.0759 2092	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:43:13.0769 2092	mpsdrv - ok
01:43:13.0809 2092	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:43:13.0809 2092	MRxDAV - ok
01:43:13.0849 2092	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:43:13.0889 2092	mrxsmb - ok
01:43:13.0929 2092	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:43:13.0939 2092	mrxsmb10 - ok
01:43:13.0949 2092	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:43:13.0949 2092	mrxsmb20 - ok
01:43:13.0989 2092	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:43:13.0989 2092	msahci - ok
01:43:14.0029 2092	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:43:14.0029 2092	msdsm - ok
01:43:14.0059 2092	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:43:14.0069 2092	MSDTC - ok
01:43:14.0089 2092	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:43:14.0089 2092	Msfs - ok
01:43:14.0099 2092	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:43:14.0099 2092	mshidkmdf - ok
01:43:14.0129 2092	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:43:14.0129 2092	msisadrv - ok
01:43:14.0159 2092	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:43:14.0159 2092	MSiSCSI - ok
01:43:14.0169 2092	msiserver - ok
01:43:14.0199 2092	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:43:14.0199 2092	MSKSSRV - ok
01:43:14.0229 2092	msloop          (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys
01:43:14.0229 2092	msloop - ok
01:43:14.0319 2092	MsMpSvc         (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
01:43:14.0319 2092	MsMpSvc - ok
01:43:14.0329 2092	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:43:14.0329 2092	MSPCLOCK - ok
01:43:14.0349 2092	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:43:14.0349 2092	MSPQM - ok
01:43:14.0439 2092	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:43:14.0439 2092	MsRPC - ok
01:43:14.0489 2092	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:43:14.0489 2092	mssmbios - ok
01:43:14.0509 2092	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:43:14.0519 2092	MSTEE - ok
01:43:14.0519 2092	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:43:14.0529 2092	MTConfig - ok
01:43:14.0539 2092	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:43:14.0539 2092	Mup - ok
01:43:14.0589 2092	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:43:14.0599 2092	napagent - ok
01:43:14.0649 2092	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:43:14.0649 2092	NativeWifiP - ok
01:43:14.0729 2092	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:43:14.0729 2092	NDIS - ok
01:43:14.0759 2092	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:43:14.0759 2092	NdisCap - ok
01:43:14.0769 2092	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:43:14.0769 2092	NdisTapi - ok
01:43:14.0809 2092	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:43:14.0809 2092	Ndisuio - ok
01:43:14.0849 2092	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:43:14.0849 2092	NdisWan - ok
01:43:14.0889 2092	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:43:14.0889 2092	NDProxy - ok
01:43:14.0919 2092	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:43:14.0919 2092	NetBIOS - ok
01:43:14.0969 2092	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:43:14.0979 2092	NetBT - ok
01:43:15.0009 2092	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:43:15.0009 2092	Netlogon - ok
01:43:15.0059 2092	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:43:15.0059 2092	Netman - ok
01:43:15.0159 2092	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:43:15.0159 2092	NetMsmqActivator - ok
01:43:15.0169 2092	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:43:15.0169 2092	NetPipeActivator - ok
01:43:15.0219 2092	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:43:15.0219 2092	netprofm - ok
01:43:15.0229 2092	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:43:15.0229 2092	NetTcpActivator - ok
01:43:15.0229 2092	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:43:15.0229 2092	NetTcpPortSharing - ok
01:43:15.0559 2092	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
01:43:15.0669 2092	netw5v64 - ok
01:43:15.0799 2092	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:43:15.0799 2092	nfrd960 - ok
01:43:15.0839 2092	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:43:15.0849 2092	NisDrv - ok
01:43:15.0969 2092	NisSrv          (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
01:43:15.0969 2092	NisSrv - ok
01:43:16.0079 2092	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:43:16.0089 2092	NlaSvc - ok
01:43:16.0209 2092	NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\MaxXx\Programs\Blaze Media Pro\NMSAccess32.exe
01:43:16.0239 2092	NMSAccess - ok
01:43:16.0697 2092	NOBU            (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
01:43:16.0753 2092	NOBU - ok
01:43:17.0011 2092	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:43:17.0013 2092	Npfs - ok
01:43:17.0017 2092	npggsvc - ok
01:43:17.0022 2092	NPPTNT2 - ok
01:43:17.0045 2092	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:43:17.0046 2092	nsi - ok
01:43:17.0061 2092	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:43:17.0062 2092	nsiproxy - ok
01:43:17.0176 2092	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:43:17.0192 2092	Ntfs - ok
01:43:17.0312 2092	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:43:17.0313 2092	Null - ok
01:43:17.0356 2092	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:43:17.0358 2092	nvraid - ok
01:43:17.0399 2092	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:43:17.0402 2092	nvstor - ok
01:43:17.0439 2092	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:43:17.0441 2092	nv_agp - ok
01:43:17.0491 2092	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:43:17.0492 2092	ohci1394 - ok
01:43:17.0585 2092	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:43:17.0587 2092	ose - ok
01:43:17.0659 2092	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:43:17.0663 2092	p2pimsvc - ok
01:43:17.0704 2092	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:43:17.0714 2092	p2psvc - ok
01:43:17.0767 2092	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:43:17.0769 2092	Parport - ok
01:43:17.0819 2092	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:43:17.0820 2092	partmgr - ok
01:43:17.0824 2092	PBDOWNFORCE_TEST_SERVICE - ok
01:43:17.0850 2092	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:43:17.0860 2092	PcaSvc - ok
01:43:17.0910 2092	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:43:17.0920 2092	pci - ok
01:43:17.0930 2092	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:43:17.0930 2092	pciide - ok
01:43:17.0970 2092	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:43:17.0970 2092	pcmcia - ok
01:43:18.0010 2092	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:43:18.0010 2092	pcw - ok
01:43:18.0060 2092	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:43:18.0060 2092	PEAUTH - ok
01:43:18.0150 2092	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:43:18.0150 2092	PerfHost - ok
01:43:18.0310 2092	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:43:18.0320 2092	pla - ok
01:43:18.0400 2092	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:43:18.0410 2092	PlugPlay - ok
01:43:18.0410 2092	PnkBstrA - ok
01:43:18.0450 2092	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:43:18.0450 2092	PNRPAutoReg - ok
01:43:18.0480 2092	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:43:18.0480 2092	PNRPsvc - ok
01:43:18.0560 2092	Point64         (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
01:43:18.0570 2092	Point64 - ok
01:43:18.0620 2092	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:43:18.0630 2092	PolicyAgent - ok
01:43:18.0660 2092	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:43:18.0670 2092	Power - ok
01:43:18.0710 2092	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:43:18.0710 2092	PptpMiniport - ok
01:43:18.0750 2092	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:43:18.0750 2092	Processor - ok
01:43:18.0800 2092	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:43:18.0810 2092	ProfSvc - ok
01:43:18.0850 2092	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:43:18.0850 2092	ProtectedStorage - ok
01:43:18.0890 2092	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:43:18.0890 2092	Psched - ok
01:43:18.0950 2092	PSI_SVC_2       (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
01:43:19.0010 2092	PSI_SVC_2 - ok
01:43:19.0120 2092	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:43:19.0130 2092	ql2300 - ok
01:43:19.0240 2092	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:43:19.0250 2092	ql40xx - ok
01:43:19.0280 2092	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:43:19.0290 2092	QWAVE - ok
01:43:19.0320 2092	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:43:19.0320 2092	QWAVEdrv - ok
01:43:19.0330 2092	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:43:19.0340 2092	RasAcd - ok
01:43:19.0360 2092	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:43:19.0360 2092	RasAgileVpn - ok
01:43:19.0390 2092	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:43:19.0390 2092	RasAuto - ok
01:43:19.0440 2092	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:43:19.0440 2092	Rasl2tp - ok
01:43:19.0480 2092	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:43:19.0490 2092	RasMan - ok
01:43:19.0520 2092	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:43:19.0520 2092	RasPppoe - ok
01:43:19.0540 2092	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:43:19.0560 2092	RasSstp - ok
01:43:19.0710 2092	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:43:19.0720 2092	rdbss - ok
01:43:19.0770 2092	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:43:19.0780 2092	rdpbus - ok
01:43:19.0810 2092	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:43:19.0810 2092	RDPCDD - ok
01:43:19.0830 2092	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:43:19.0830 2092	RDPENCDD - ok
01:43:19.0860 2092	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:43:19.0860 2092	RDPREFMP - ok
01:43:19.0930 2092	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:43:19.0930 2092	RDPWD - ok
01:43:19.0980 2092	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:43:19.0980 2092	rdyboost - ok
01:43:20.0020 2092	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:43:20.0020 2092	RemoteAccess - ok
01:43:20.0060 2092	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:43:20.0060 2092	RemoteRegistry - ok
01:43:20.0090 2092	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:43:20.0090 2092	RpcEptMapper - ok
01:43:20.0140 2092	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:43:20.0140 2092	RpcLocator - ok
01:43:20.0220 2092	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:43:20.0220 2092	RpcSs - ok
01:43:20.0260 2092	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:43:20.0260 2092	rspndr - ok
01:43:20.0290 2092	RSUSBSTOR       (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
01:43:20.0300 2092	RSUSBSTOR - ok
01:43:20.0350 2092	RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
01:43:20.0360 2092	RTHDMIAzAudService - ok
01:43:20.0400 2092	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:43:20.0400 2092	RTL8167 - ok
01:43:20.0450 2092	rtsuvc          (bb683119ba5011e170978c0958bcf17f) C:\Windows\system32\DRIVERS\rtsuvc.sys
01:43:20.0460 2092	rtsuvc - ok
01:43:20.0490 2092	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:43:20.0490 2092	SamSs - ok
01:43:20.0540 2092	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:43:20.0540 2092	sbp2port - ok
01:43:20.0570 2092	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:43:20.0580 2092	SCardSvr - ok
01:43:20.0610 2092	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:43:20.0610 2092	scfilter - ok
01:43:20.0680 2092	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:43:20.0700 2092	Schedule - ok
01:43:20.0730 2092	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:43:20.0730 2092	SCPolicySvc - ok
01:43:20.0760 2092	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
01:43:20.0760 2092	sdbus - ok
01:43:20.0810 2092	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:43:20.0810 2092	SDRSVC - ok
01:43:20.0830 2092	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:43:20.0830 2092	secdrv - ok
01:43:20.0860 2092	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:43:20.0870 2092	seclogon - ok
01:43:20.0890 2092	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
01:43:20.0890 2092	SENS - ok
01:43:20.0910 2092	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:43:20.0910 2092	SensrSvc - ok
01:43:20.0930 2092	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:43:20.0930 2092	Serenum - ok
01:43:20.0960 2092	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:43:20.0960 2092	Serial - ok
01:43:21.0000 2092	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:43:21.0000 2092	sermouse - ok
01:43:21.0050 2092	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:43:21.0060 2092	SessionEnv - ok
01:43:21.0090 2092	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:43:21.0090 2092	sffdisk - ok
01:43:21.0110 2092	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:43:21.0110 2092	sffp_mmc - ok
01:43:21.0120 2092	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:43:21.0120 2092	sffp_sd - ok
01:43:21.0150 2092	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:43:21.0150 2092	sfloppy - ok
01:43:21.0210 2092	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:43:21.0210 2092	SharedAccess - ok
01:43:21.0280 2092	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:43:21.0290 2092	ShellHWDetection - ok
01:43:21.0310 2092	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:43:21.0310 2092	SiSRaid2 - ok
01:43:21.0340 2092	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:43:21.0340 2092	SiSRaid4 - ok
01:43:21.0400 2092	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
01:43:21.0400 2092	SkypeUpdate - ok
01:43:21.0430 2092	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:43:21.0430 2092	Smb - ok
01:43:21.0450 2092	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:43:21.0460 2092	SNMPTRAP - ok
01:43:21.0530 2092	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:43:21.0530 2092	spldr - ok
01:43:21.0620 2092	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:43:21.0630 2092	Spooler - ok
01:43:21.0900 2092	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:43:21.0910 2092	sppsvc - ok
01:43:22.0090 2092	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:43:22.0090 2092	sppuinotify - ok
01:43:22.0220 2092	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:43:22.0230 2092	srv - ok
01:43:22.0290 2092	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:43:22.0290 2092	srv2 - ok
01:43:22.0420 2092	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
01:43:22.0420 2092	SrvHsfHDA - ok
01:43:22.0520 2092	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
01:43:22.0540 2092	SrvHsfV92 - ok
01:43:22.0690 2092	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
01:43:22.0700 2092	SrvHsfWinac - ok
01:43:22.0740 2092	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:43:22.0740 2092	srvnet - ok
01:43:22.0780 2092	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:43:22.0790 2092	SSDPSRV - ok
01:43:22.0810 2092	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:43:22.0810 2092	SstpSvc - ok
01:43:22.0950 2092	STacSV          (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
01:43:22.0950 2092	STacSV - ok
01:43:23.0040 2092	Steam Client Service - ok
01:43:23.0090 2092	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:43:23.0090 2092	stexstor - ok
01:43:23.0250 2092	STHDA           (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
01:43:23.0260 2092	STHDA - ok
01:43:23.0370 2092	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:43:23.0380 2092	stisvc - ok
01:43:23.0410 2092	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:43:23.0430 2092	swenum - ok
01:43:23.0560 2092	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:43:23.0630 2092	swprv - ok
01:43:23.0840 2092	SynTP           (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
01:43:23.0860 2092	SynTP - ok
01:43:24.0100 2092	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:43:24.0120 2092	SysMain - ok
01:43:24.0400 2092	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:43:24.0400 2092	TabletInputService - ok
01:43:24.0460 2092	tap0901         (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
01:43:24.0470 2092	tap0901 - ok
01:43:24.0530 2092	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:43:24.0530 2092	TapiSrv - ok
01:43:24.0580 2092	tapoas          (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
01:43:24.0580 2092	tapoas - ok
01:43:24.0620 2092	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:43:24.0620 2092	TBS - ok
01:43:24.0680 2092	TCE CAD Service (23d7cd7bb7bed703d4b82e77f8281f69) C:\Program Files (x86)\Intel PC iPOS BTS 2011\cadservice.exe
01:43:24.0690 2092	TCE CAD Service - ok
01:43:24.0820 2092	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:43:24.0840 2092	Tcpip - ok
01:43:25.0070 2092	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:43:25.0080 2092	TCPIP6 - ok
01:43:25.0190 2092	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:43:25.0190 2092	tcpipreg - ok
01:43:25.0220 2092	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:43:25.0220 2092	TDPIPE - ok
01:43:25.0250 2092	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:43:25.0250 2092	TDTCP - ok
01:43:25.0290 2092	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:43:25.0290 2092	tdx - ok
01:43:25.0330 2092	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:43:25.0330 2092	TermDD - ok
01:43:25.0400 2092	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:43:25.0410 2092	TermService - ok
01:43:25.0440 2092	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:43:25.0440 2092	Themes - ok
01:43:25.0460 2092	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:43:25.0470 2092	THREADORDER - ok
01:43:25.0540 2092	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:43:25.0540 2092	TrkWks - ok
01:43:25.0640 2092	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:43:25.0640 2092	TrustedInstaller - ok
01:43:25.0710 2092	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:43:25.0710 2092	tssecsrv - ok
01:43:25.0750 2092	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:43:25.0750 2092	TsUsbFlt - ok
01:43:25.0790 2092	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:43:25.0800 2092	tunnel - ok
01:43:25.0830 2092	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:43:25.0830 2092	uagp35 - ok
01:43:25.0950 2092	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:43:25.0960 2092	udfs - ok
01:43:26.0040 2092	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:43:26.0050 2092	UI0Detect - ok
01:43:26.0120 2092	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:43:26.0130 2092	uliagpkx - ok
01:43:26.0180 2092	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:43:26.0180 2092	umbus - ok
01:43:26.0220 2092	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:43:26.0240 2092	UmPass - ok
01:43:26.0550 2092	UNS             (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:43:26.0620 2092	UNS - ok
01:43:26.0840 2092	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:43:26.0840 2092	upnphost - ok
01:43:26.0900 2092	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:43:26.0900 2092	usbccgp - ok
01:43:26.0950 2092	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:43:26.0950 2092	usbcir - ok
01:43:26.0990 2092	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:43:27.0000 2092	usbehci - ok
01:43:27.0050 2092	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:43:27.0060 2092	usbhub - ok
01:43:27.0100 2092	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:43:27.0100 2092	usbohci - ok
01:43:27.0120 2092	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:43:27.0120 2092	usbprint - ok
01:43:27.0190 2092	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:43:27.0200 2092	USBSTOR - ok
01:43:27.0230 2092	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:43:27.0230 2092	usbuhci - ok
01:43:27.0270 2092	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:43:27.0270 2092	usbvideo - ok
01:43:27.0290 2092	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:43:27.0300 2092	UxSms - ok
01:43:27.0340 2092	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:43:27.0340 2092	VaultSvc - ok
01:43:27.0470 2092	vcsFPService    (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
01:43:27.0500 2092	vcsFPService - ok
01:43:28.0050 2092	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:43:28.0050 2092	vdrvroot - ok
01:43:28.0130 2092	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:43:28.0140 2092	vds - ok
01:43:28.0180 2092	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:43:28.0180 2092	vga - ok
01:43:28.0200 2092	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:43:28.0210 2092	VgaSave - ok
01:43:28.0260 2092	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:43:28.0270 2092	vhdmp - ok
01:43:28.0330 2092	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:43:28.0330 2092	viaide - ok
01:43:28.0390 2092	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:43:28.0390 2092	volmgr - ok
01:43:28.0440 2092	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:43:28.0450 2092	volmgrx - ok
01:43:28.0490 2092	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:43:28.0500 2092	volsnap - ok
01:43:28.0530 2092	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:43:28.0530 2092	vsmraid - ok
01:43:28.0650 2092	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:43:28.0670 2092	VSS - ok
01:43:28.0780 2092	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:43:28.0780 2092	vwifibus - ok
01:43:28.0790 2092	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:43:28.0790 2092	vwififlt - ok
01:43:28.0840 2092	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:43:28.0840 2092	W32Time - ok
01:43:28.0890 2092	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:43:28.0890 2092	WacomPen - ok
01:43:28.0930 2092	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:43:28.0930 2092	WANARP - ok
01:43:28.0930 2092	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:43:28.0940 2092	Wanarpv6 - ok
01:43:29.0070 2092	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:43:29.0070 2092	WatAdminSvc - ok
01:43:29.0170 2092	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:43:29.0190 2092	wbengine - ok
01:43:29.0360 2092	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:43:29.0380 2092	WbioSrvc - ok
01:43:29.0430 2092	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:43:29.0450 2092	wcncsvc - ok
01:43:29.0640 2092	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:43:29.0640 2092	WcsPlugInService - ok
01:43:29.0800 2092	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:43:29.0800 2092	Wd - ok
01:43:29.0930 2092	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:43:29.0940 2092	Wdf01000 - ok
01:43:29.0970 2092	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:43:29.0970 2092	WdiServiceHost - ok
01:43:29.0980 2092	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:43:29.0980 2092	WdiSystemHost - ok
01:43:30.0030 2092	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:43:30.0040 2092	WebClient - ok
01:43:30.0060 2092	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:43:30.0070 2092	Wecsvc - ok
01:43:30.0140 2092	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:43:30.0140 2092	wercplsupport - ok
01:43:30.0150 2092	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:43:30.0160 2092	WerSvc - ok
01:43:30.0190 2092	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:43:30.0200 2092	WfpLwf - ok
01:43:30.0220 2092	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:43:30.0230 2092	WIMMount - ok
01:43:30.0370 2092	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:43:30.0380 2092	Winmgmt - ok
01:43:30.0530 2092	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:43:30.0570 2092	WinRM - ok
01:43:30.0690 2092	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
01:43:30.0690 2092	WinUSB - ok
01:43:30.0820 2092	WINZIPSSDiskOptimizer (8f8d4e3b79710155b05cecebdf4cfabd) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
01:43:30.0830 2092	WINZIPSSDiskOptimizer - ok
01:43:30.0920 2092	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:43:30.0950 2092	Wlansvc - ok
01:43:31.0130 2092	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:43:31.0150 2092	wlidsvc - ok
01:43:31.0270 2092	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:43:31.0270 2092	WmiAcpi - ok
01:43:31.0320 2092	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:43:31.0330 2092	wmiApSrv - ok
01:43:31.0360 2092	WMPNetworkSvc - ok
01:43:31.0390 2092	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:43:31.0390 2092	WPCSvc - ok
01:43:31.0420 2092	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:43:31.0430 2092	WPDBusEnum - ok
01:43:31.0460 2092	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:43:31.0460 2092	ws2ifsl - ok
01:43:31.0460 2092	WSearch - ok
01:43:31.0770 2092	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:43:31.0820 2092	wuauserv - ok
01:43:32.0030 2092	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:43:32.0030 2092	WudfPf - ok
01:43:32.0060 2092	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:43:32.0060 2092	WUDFRd - ok
01:43:32.0130 2092	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:43:32.0130 2092	wudfsvc - ok
01:43:32.0190 2092	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:43:32.0190 2092	WwanSvc - ok
01:43:32.0190 2092	X6va006 - ok
01:43:32.0310 2092	X6va008 - ok
01:43:32.0370 2092	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
01:43:32.0370 2092	yukonw7 - ok
01:43:32.0410 2092	MBR (0x1B8)     (534941c384cca18f445e2436e412223d) \Device\Harddisk0\DR0
01:43:32.0620 2092	\Device\Harddisk0\DR0 - ok
01:43:32.0630 2092	Boot (0x1200)   (5ed3c050885921efecfff4f093f2c7bf) \Device\Harddisk0\DR0\Partition0
01:43:32.0630 2092	\Device\Harddisk0\DR0\Partition0 - ok
01:43:32.0650 2092	Boot (0x1200)   (e629f03e3c2883089dfd0aec3ebcc069) \Device\Harddisk0\DR0\Partition1
01:43:32.0650 2092	\Device\Harddisk0\DR0\Partition1 - ok
01:43:32.0680 2092	Boot (0x1200)   (2b7a2a2c714090b3f29365fde04787e2) \Device\Harddisk0\DR0\Partition2
01:43:32.0680 2092	\Device\Harddisk0\DR0\Partition2 - ok
01:43:32.0690 2092	Boot (0x1200)   (aeb30c8846213ab70336ac198b4471f0) \Device\Harddisk0\DR0\Partition3
01:43:32.0690 2092	\Device\Harddisk0\DR0\Partition3 - ok
01:43:32.0690 2092	============================================================
01:43:32.0690 2092	Scan finished
01:43:32.0690 2092	============================================================
01:43:32.0700 5328	Detected object count: 0
01:43:32.0700 5328	Actual detected object count: 0


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 24 May 2012 - 09:17 AM

Your logs are clean. You can proceed with this.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the logs and let me know what problem persists.

#7 ExTaLyX

ExTaLyX
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 26 May 2012 - 08:02 AM

Wow thx for the replay though you forgot me
and i did the combofix here is the log :

ComboFix 12-05-26.02 - ??? 05/26/2012 16:28:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2537 [GMT 4:00]
Running from: c:\maxxx\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\Install.exe
c:\program files (x86)\BasicScan
c:\program files (x86)\BasicScan\BasicScan_deleted_\basicscan.exe
c:\program files (x86)\BasicScan\uninstall.exe
c:\programdata\68b9e21b3be1e393e2c15e47b5c64526_c
c:\programdata\73ff608dcaa5843a05701c4a36123c4d_c
c:\programdata\original.exe
c:\programdata\Update 9-16-11.exe
c:\programdata\yzyonmam.exe
C:\text.txt
c:\users\MaxXx\AppData\Local\TempDIR
c:\users\MaxXx\AppData\Roaming\3 2
c:\users\MaxXx\AppData\Roaming\3 2\api-example.c
c:\users\MaxXx\AppData\Roaming\3 2\api-example.php
c:\users\MaxXx\AppData\Roaming\3 2\API.class
c:\users\MaxXx\AppData\Roaming\3 2\API.java
c:\users\MaxXx\AppData\Roaming\3 2\bat.bat
c:\users\MaxXx\AppData\Roaming\3 2\bt.lnk
c:\users\MaxXx\AppData\Roaming\3 2\diablo120328.cl
c:\users\MaxXx\AppData\Roaming\3 2\diablo120328Cedarv2w64l4.bin
c:\users\MaxXx\AppData\Roaming\3 2\diakgcn120427.cl
c:\users\MaxXx\AppData\Roaming\3 2\example.conf
c:\users\MaxXx\AppData\Roaming\3 2\libcurl-4.dll
c:\users\MaxXx\AppData\Roaming\3 2\libpdcurses.dll
c:\users\MaxXx\AppData\Roaming\3 2\libusb-1.0.dll
c:\users\MaxXx\AppData\Roaming\3 2\miner.php
c:\users\MaxXx\AppData\Roaming\3 2\OpenCL.dll
c:\users\MaxXx\AppData\Roaming\3 2\phatk120223.cl
c:\users\MaxXx\AppData\Roaming\3 2\poclbm120327.cl
c:\users\MaxXx\AppData\Roaming\3 2\pthreadGC2.dll
c:\users\MaxXx\AppData\Roaming\3 2\rundll32.exe
c:\users\MaxXx\AppData\Roaming\3 2\settings.txt
c:\users\MaxXx\AppData\Roaming\3 2\svchost.exe
c:\users\MaxXx\AppData\Roaming\Microsoft\AddIns\WinAudioCodec_US.exe
c:\users\MaxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gjcppi.exe
c:\users\MaxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yzyonmam.exe
c:\users\MaxXx\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
c:\users\MaxXx\AppData\Roaming\Microsoft\Windows\Templates\webengine.exe
c:\users\MaxXx\AppData\Roaming\WinUpdtr
c:\users\MaxXx\AppData\Roaming\WinUpdtr\flashplayer.exe
c:\users\MaxXx\AppData\Roaming\yzyonmam.exe
c:\users\MaxXx\AppData\Roaming\yzyonmam1.exe
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\checkactivate.dll
c:\windows\SysWow64\checkcommon.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\Memman.vxd
c:\windows\SysWow64\SET4C6F.tmp
c:\windows\SysWow64\SET6FD8.tmp
c:\windows\SysWow64\SET793C.tmp
c:\windows\SysWow64\skinboxer43.dll
c:\windows\SysWow64\windows
c:\windows\SysWow64\windows.\.exe
c:\windows\SysWow64\windows\.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 12:24 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C94E6C90-7D71-4697-963C-B5D0FFE7ABB9}\mpengine.dll
2012-05-24 17:45 . 2012-05-24 17:45 -------- d-----w- C:\Binaries
2012-05-24 17:45 . 2012-05-24 17:45 -------- d-----w- c:\program files (x86)\Motorola Media Link
2012-05-24 17:45 . 2012-05-24 17:45 -------- d-----w- c:\users\MaxXx\AppData\Roaming\Motorola
2012-05-24 17:45 . 2012-05-24 17:45 -------- d-----w- c:\program files (x86)\Motorola
2012-05-24 17:40 . 2012-05-24 17:40 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-05-24 17:35 . 2012-05-24 17:35 -------- d-----w- c:\users\MaxXx\AppData\Local\Motorola
2012-05-24 17:35 . 2012-05-24 17:35 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-05-24 17:35 . 2012-05-24 17:45 -------- d-----w- c:\programdata\Nero
2012-05-24 17:35 . 2012-05-24 17:35 -------- d-----w- c:\programdata\Motorola
2012-05-24 17:35 . 2012-05-24 17:35 -------- d-----w- c:\program files (x86)\Motorola Mobility
2012-05-24 17:33 . 2012-05-24 17:42 -------- d-----w- c:\users\MaxXx\AppData\Roaming\MotoCast
2012-05-24 15:10 . 2012-05-24 15:10 -------- d-----w- c:\program files (x86)\Drakensang Online
2012-05-23 10:00 . 2012-05-23 10:00 -------- d-----w- c:\program files (x86)\Oracle
2012-05-23 09:59 . 2012-04-04 14:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-19 09:42 . 2012-05-19 09:42 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-19 09:42 . 2012-05-19 09:42 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-19 09:42 . 2012-05-19 09:42 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-19 09:42 . 2012-05-19 09:42 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-18 18:34 . 2012-05-18 18:34 -------- d-----w- C:\4fe34fa683c7c58c34b17f30f3062374
2012-05-18 18:34 . 2012-05-18 18:34 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-18 18:33 . 2012-05-18 18:33 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-18 18:21 . 2012-05-18 18:21 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-18 18:21 . 2012-05-18 18:21 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-18 18:20 . 2012-05-18 18:20 -------- d-----w- C:\e726aca1f6e3e8616232534de7d430db
2012-05-18 18:04 . 2012-05-18 18:04 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-18 18:04 . 2012-05-18 18:04 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-18 18:04 . 2012-05-18 18:04 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-18 18:04 . 2012-05-18 18:04 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-18 18:04 . 2012-05-18 18:04 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-18 18:04 . 2012-05-18 18:04 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-18 18:04 . 2012-05-18 18:04 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-18 18:03 . 2012-05-18 18:03 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-18 18:03 . 2012-05-18 18:03 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-18 18:03 . 2012-05-18 18:03 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-18 18:03 . 2012-05-18 18:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-18 18:03 . 2012-05-18 18:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-18 18:03 . 2012-05-18 18:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-18 18:03 . 2012-05-18 18:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-18 18:02 . 2012-05-18 18:02 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-18 18:02 . 2012-05-18 18:02 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-05-18 18:01 . 2012-05-18 18:01 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-18 18:01 . 2012-05-18 18:01 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-18 18:01 . 2012-05-18 18:01 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-18 18:00 . 2012-02-23 10:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-13 08:33 . 2012-05-13 08:33 -------- d-----w- c:\users\MaxXx\AppData\Roaming\IMVU-Products
2012-05-13 08:18 . 2012-05-14 05:16 -------- d-----w- c:\users\MaxXx\AppData\Roaming\IMVU
2012-05-09 20:37 . 2012-05-09 20:38 -------- d-----w- c:\users\MaxXx\AppData\Roaming\Ventrilo
2012-05-07 11:47 . 2012-05-07 11:47 -------- d-----w- c:\users\E786~1\AppData\Roaming\ZumoDrive
2012-05-06 18:03 . 2012-05-06 18:03 -------- d-----w- c:\users\MaxXx\AppData\Roaming\ikFhmzw
2012-05-05 20:31 . 2012-03-12 13:27 143360 ----a-w- c:\program files (x86)\Mozilla Firefox\BabyFox.dll
2012-05-05 20:31 . 2012-05-05 20:34 -------- d-----w- c:\program files\Babylon
2012-05-05 12:36 . 2012-05-05 12:36 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-05-05 12:08 . 2012-05-05 12:08 -------- d-----w- c:\program files (x86)\7-Zip
2012-05-05 12:07 . 2012-05-05 12:07 -------- d-----w- c:\users\MaxXx\AppData\Local\RavenBleuSA
2012-05-04 20:26 . 2012-05-04 20:26 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-05-04 18:45 . 2012-05-06 04:39 -------- d-----w- c:\users\MaxXx\AppData\Roaming\dclogs
2012-04-28 14:34 . 2012-04-28 14:35 -------- d-----w- C:\2192f0fc12c11aedddbb
2012-04-28 14:34 . 2012-04-28 14:34 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-28 14:34 . 2012-04-28 14:34 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-28 14:16 . 2012-04-28 14:16 -------- d-----w- c:\program files (x86)\IObit
2012-04-27 09:33 . 2010-02-05 01:09 89088 ----a-w- c:\windows\system32\drivers\rtsuvc.sys
2012-04-27 09:33 . 2010-01-21 18:41 140800 ----a-w- c:\windows\system32\RtsUvcExt64.dll
2012-04-27 09:33 . 2009-12-22 18:20 492032 ----a-w- c:\windows\RtsUvcUninst64.exe
2012-04-27 09:27 . 2012-04-27 09:27 -------- d-----w- c:\programdata\ATI
2012-04-27 09:27 . 2012-04-27 09:27 -------- d-----w- c:\programdata\AMD
2012-04-27 09:27 . 2012-04-27 09:27 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-27 09:27 . 2012-04-27 09:27 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-27 09:27 . 2012-04-27 09:27 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-27 09:27 . 2012-04-27 09:27 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-27 09:26 . 2012-04-27 09:26 -------- d-----w- C:\Intel
2012-04-27 09:25 . 2012-04-27 09:25 -------- d-----w- c:\program files (x86)\Cisco
2012-04-27 09:07 . 2012-04-27 09:26 -------- d-----w- c:\program files\ATI Technologies
2012-04-27 08:56 . 2012-04-27 08:56 -------- d-----w- c:\program files\Realtek
2012-04-27 08:07 . 2012-04-27 08:59 -------- d-----w- c:\programdata\DriverGenius
2012-04-27 07:59 . 2012-04-27 07:59 -------- d-----w- c:\programdata\Driver Boost
2012-04-27 07:30 . 2012-04-27 07:35 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2012-04-27 03:43 . 2012-04-27 03:43 -------- d-----w- c:\programdata\WinZip
2012-04-27 03:10 . 2012-04-27 03:10 -------- d-----w- c:\users\MaxXx\AppData\Roaming\WinZip
2012-04-27 03:10 . 2012-03-22 04:37 19344 ----a-w- c:\windows\system32\roboot64.exe
2012-04-27 03:09 . 2012-04-27 03:09 -------- d-----w- c:\users\AppData
2012-04-27 03:09 . 2012-04-27 03:28 -------- d-----w- c:\program files (x86)\WinZip System Utilities Suite
2012-04-26 18:18 . 2012-04-26 18:18 -------- d-----w- c:\users\MaxXx\AppData\Local\Ilivid Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 21:41 . 2012-01-15 18:31 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-08 17:02 . 2011-08-21 22:04 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-27 09:13 . 2011-02-07 22:45 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-27 09:13 . 2011-02-07 22:45 95544 ----a-w- c:\windows\system32\SET3F65.tmp
2012-04-27 09:13 . 2011-02-07 22:45 4746304 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-04-27 09:13 . 2011-02-07 22:45 3952640 ----a-w- c:\windows\system32\SET3999.tmp
2012-04-27 09:13 . 2011-02-07 22:45 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-04-04 14:47 . 2010-11-15 08:02 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 11:56 . 2012-04-23 07:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-17 16:22 . 2012-03-17 17:53 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-03-09 15:27 . 2012-03-08 18:50 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-09 15:27 . 2012-03-08 17:58 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-09 11:39 . 2012-03-08 17:58 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2010-09-09 22:14 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2010-09-09 22:00 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2010-09-09 22:05 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2010-09-09 21:52 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2010-09-09 21:51 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2010-09-09 21:59 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 21:26 . 2012-03-08 21:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-08 21:26 . 2012-03-08 21:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-08 21:26 . 2012-03-08 21:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-08 21:26 . 2012-03-08 21:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-08 21:26 . 2012-03-08 21:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-08 21:25 . 2012-03-08 21:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-08 21:24 . 2012-03-08 21:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-08 21:24 . 2012-03-08 21:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-08 17:58 . 2012-03-08 17:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-02-07 2080]
"Akamai NetSession Interface"="c:\users\MaxXx\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-08 636032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, IqsuyrIfwork.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 etwhgbta;etwhgbta; [x]
R1 gcscllig;gcscllig; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 LMIInfo;LogMeIn Kernel Information Provider; [x]
R3 cpuz135;cpuz135; [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleX64;EagleX64; [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-04 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 10:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1306854535-2689957031-281574932-1000Core.job
- c:\users\MaxXx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-08 21:36]
.
2012-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1306854535-2689957031-281574932-1000UA.job
- c:\users\MaxXx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-08 21:36]
.
2011-10-20 c:\windows\Tasks\HPCeeScheduleForÄÎÌ-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 19:15]
.
2012-01-16 c:\windows\Tasks\HPCeeScheduleForÄîì.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 19:15]
.
2012-05-25 c:\windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
- c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2012-04-27 04:38]
.
2012-05-26 c:\windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
- c:\program files (x86)\WinZip System Utilities Suite\WINZIPSS.exe [2012-04-27 04:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\MaxXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\MaxXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: ???????? ??? ??? ?????? Download Master - c:\program files (x86)\Download Master\dmieall.htm
IE: ???????? ??? ?????? Download Master - c:\program files (x86)\Download Master\dmie.htm
IE: ???????? ?? ????????? ??????? DM - c:\program files (x86)\Download Master\remdown.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\MaxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 80.179.52.100 80.179.55.100
FF - ProfilePath - c:\users\MaxXx\AppData\Roaming\Mozilla\Firefox\Profiles\1zfldm61.default\
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extentions.y2layers.installId - c46a5c32-b1d8-4d02-9a59-849346e62122
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-QzVEQkQ3NDg3Qzc5NTU2QU - c:\programdata\yzyonmam.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-WinAudioCodec_US.exe - c:\users\MaxXx\AppData\Roaming\Microsoft\AddIns\WinAudioCodec_US.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\maxxx\Programs\Blaze Media Pro\NMSAccess32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\maxxx\Programs\Game Booster\gbtray.exe
c:\program files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-05-26 16:59:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 12:58
.
Pre-Run: 243,767,775,232 bytes free
Post-Run: 243,490,213,888 bytes free
.
- - End Of File - - 0CD478B82152A4CB96C9FB0AC94BF913


and i did the security check :

Results of screen317's Security Check version 0.99.38
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Cache Cleaner 4.3.3.3
JavaFX 2.1.0
Java™ 6 Update 21
Java™ 7 Update 4
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````

Edited by nasdaq, 26 May 2012 - 08:52 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 26 May 2012 - 08:57 AM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 21


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.2.202.233 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know of any remaining issues.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 01 June 2012 - 08:30 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 07 June 2012 - 08:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users