Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Laptop frequent browser freezing, continual hardware running


(!)

Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
15-Jan-2013, 07:29 PM #1
Laptop frequent browser freezing, continual hardware running
I recently reset my laptop to factory settings, since I was planning on giving a clean computer to a family member. However I've run into some problems after 2 weeks or so of using HP system Recovery.

I use Google Chrome for browsing. I've noticed that upon start up the hardware never stops running, before recovery the sound of it running would stop after 2 minutes or so, now it hardly ever stops, unless the computer has been on for longer than 15 minutes or so. Sometimes opening Chrome or IE takes about 10 minutes, loading any page can take 5-10 mins.

There are frequent browser crashes and sometimes my entire computer freezes which would mean I would have to shut down via the power cord.

I've ran AVAST and Malewarebytes and have come up with nothing.
I recently updated to Java 7 update 11.
And last week I had been trying to download and install the .NET frameworks, so I may have encountered my troubles during that time period.
=====
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:15:50 PM, on 1/15/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiffany.CENG\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1356821141578
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8613 bytes


=====

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by Tiffany at 17:16:51 on 2013-01-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.317 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356815933062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356821141578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B96B95A0-AE33-43F6-9BF0-71B4636A546D} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-1-6 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-1-6 199320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-1-6 106560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-1-6 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-29 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-29 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-29 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-29 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-1-6 133912]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
.
=============== Created Last 30 ================
.
2013-01-14 23:44:24 -------- d-----w- c:\documents and settings\tiffany.ceng\local settings\application data\Sun
2013-01-14 23:34:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-13 02:55:08 -------- d-----w- c:\documents and settings\tiffany.ceng\local settings\application data\Deployment
2013-01-12 13:51:25 -------- d-----w- c:\documents and settings\tiffany.ceng\application data\Malwarebytes
2013-01-12 13:51:11 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-12 13:51:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-10 13:23:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2013-01-10 13:18:38 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-01-09 12:28:09 -------- d-----w- c:\documents and settings\tiffany.ceng\application data\HpUpdate
2013-01-06 16:54:40 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-01-06 16:54:25 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-01-06 16:54:24 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-01-06 16:54:16 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-01-04 02:46:52 -------- d-----w- c:\program files\ACW
2013-01-01 17:02:11 -------- d-----w- c:\documents and settings\tiffany.ceng\application data\ElevatedDiagnostics
2013-01-01 16:30:21 -------- d-----w- C:\843aea2a30e19424e690b93640
2013-01-01 16:15:38 -------- d-----w- c:\windows\system32\XPSViewer
2013-01-01 16:15:02 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-01-01 16:14:41 14048 ------w- c:\windows\system32\spmsg2.dll
2012-12-31 12:52:11 -------- d-----w- c:\documents and settings\tiffany.ceng\local settings\application data\Identities
2012-12-30 20:58:43 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-12-30 20:58:43 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-12-30 20:58:43 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-12-30 20:58:43 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-12-30 20:58:42 6144 ----a-w- c:\windows\system32\kbd101c.dll
2012-12-30 20:58:42 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-12-30 20:58:42 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-12-30 20:58:42 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-12-30 20:58:33 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-12-30 20:58:33 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-12-30 20:58:29 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-12-30 20:58:29 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2012-12-30 13:42:24 -------- d-----w- c:\windows\system32\Adobe
2012-12-30 13:09:29 265728 ------w- c:\windows\system32\dllcache\http.sys
2012-12-30 02:49:30 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-30 02:48:40 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-12-30 02:21:28 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-30 02:21:27 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-12-30 02:21:27 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-12-30 02:21:26 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-12-30 02:21:26 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-12-30 02:21:25 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-12-30 02:21:25 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-12-30 02:21:25 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-12-30 02:21:22 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-12-30 02:20:12 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-12-30 02:18:36 3072 ------w- c:\windows\system32\iacenc.dll
2012-12-30 02:18:36 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-12-30 02:17:53 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-12-30 02:17:51 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-12-30 02:17:20 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-12-30 02:16:24 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-12-30 02:16:15 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-12-30 02:16:12 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-12-30 02:16:02 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-12-30 02:16:02 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-12-30 02:16:02 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-12-30 02:15:16 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-12-30 02:14:53 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-12-30 02:14:33 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-12-30 02:13:36 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2012-12-30 02:13:36 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2012-12-30 02:13:30 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2012-12-30 02:13:21 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-12-30 02:13:21 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-12-30 02:12:18 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2012-12-30 02:10:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-12-30 02:10:53 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-12-30 02:10:44 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2012-12-30 02:10:26 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-12-30 02:10:24 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-12-30 02:09:32 -------- d-----w- c:\windows\system32\PreInstall
2012-12-30 02:06:51 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-12-30 02:06:50 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-12-30 02:06:50 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-12-30 02:06:50 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-12-30 02:06:50 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-12-30 01:52:59 76800 ------w- c:\windows\system32\msshavmsg.dll
2012-12-30 01:50:58 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-12-30 01:49:52 19569 ----a-w- c:\windows\003059_.tmp
2012-12-30 01:40:51 -------- d-----w- c:\documents and settings\tiffany.ceng\local settings\application data\Adobe
2012-12-30 01:32:08 -------- d-----w- c:\program files\Microsoft Download Manager
2012-12-30 01:30:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-30 01:30:36 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-30 00:22:39 -------- d-----w- c:\documents and settings\tiffany.ceng\local settings\application data\Google
2012-12-30 00:10:33 -------- d-----w- C:\2413036d57bd7b7b81fc22d895
2012-12-29 23:45:05 -------- d-----w- c:\windows\system32\appmgmt
2012-12-29 23:01:34 -------- d-sh--w- c:\documents and settings\tiffany.ceng\Temporary Internet Files
2012-12-29 23:01:34 -------- d-sh--w- c:\documents and settings\tiffany.ceng\History
2012-12-29 23:01:09 -------- d-sh--w- c:\documents and settings\tiffany.ceng\IECompatCache
2012-12-29 23:00:22 -------- d-sh--w- c:\documents and settings\tiffany.ceng\PrivacIE
2012-12-29 22:54:39 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2012-12-29 22:54:38 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2012-12-29 22:54:38 5632 ----a-w- c:\windows\system32\kbdusa.dll
2012-12-29 22:54:38 10752 ----a-w- c:\windows\system32\c_iscii.dll
2012-12-29 22:54:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-12-29 22:54:16 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-12-29 22:54:14 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2012-12-29 22:54:06 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-12-29 22:54:04 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-12-29 22:48:52 -------- d-sh--w- c:\documents and settings\tiffany.ceng\IETldCache
2012-12-29 21:43:59 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2012-12-29 21:42:31 19528 ----a-w- c:\windows\000001_.tmp
2012-12-29 21:23:15 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-29 21:23:15 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-29 21:23:15 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-29 21:18:08 -------- d-sh--w- c:\documents and settings\tiffany.ceng\UserData
2012-12-29 21:12:10 -------- d-----w- c:\windows\system32\LogFiles
2012-12-29 18:26:51 -------- d-----w- c:\program files\Western Digital
2012-12-18 19:08:32 209112 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x86D73AB8]
3 CLASSPNP[0xF7690FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\00000085[0x86D74990]
5 ACPI[0xF7507620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IAAStorageDevice-0[0x86D72030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 17:18:50.76 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2012 5:58:15 PM
System Uptime: 1/15/2013 4:57:29 PM (1 hours ago)
.
Motherboard: Quanta | | 30BB
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U2E1 | 1729/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 65.652 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 1.154 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/29/2012 5:58:26 PM - System Checkpoint
RP2: 12/29/2012 6:03:05 PM - Installed Vongo
RP3: 12/29/2012 4:05:39 PM - Installed HP Pavilion Webcam
RP4: 12/29/2012 4:06:01 PM - Installed HP Pavilion Webcam Demo
RP5: 12/29/2012 4:22:50 PM - Installed Java(TM) 6 Update 38
RP6: 12/29/2012 4:29:51 PM - Installed Microsoft Download Manager
RP7: 12/29/2012 4:42:34 PM - Installed Windows XP Service Pack 2.
RP8: 12/29/2012 5:34:34 PM - Installed Windows XP KB932823-v3.
RP9: 12/29/2012 5:46:58 PM - Installed Windows Internet Explorer 8.
RP10: 12/29/2012 6:44:52 PM - Removed Quicken 2006
RP11: 12/29/2012 7:12:57 PM - Configured easy Internet sign-up
RP12: 12/29/2012 7:13:34 PM - Removed Office 2003 Trial Assistant
RP13: 12/29/2012 7:17:05 PM - Removed Microsoft Works
RP14: 12/29/2012 7:18:32 PM - Removed Microsoft Download Manager
RP15: 12/29/2012 7:18:48 PM - Removed Vongo
RP16: 12/29/2012 8:26:13 PM - Installed Microsoft Fix it 50814
RP17: 12/29/2012 8:32:08 PM - Installed Microsoft Download Manager
RP18: 12/29/2012 8:49:59 PM - Installed Windows XP Service Pack 3.
RP19: 12/29/2012 9:08:38 PM - Software Distribution Service 3.0
RP20: 12/29/2012 9:21:36 PM - Software Distribution Service 3.0
RP21: 12/29/2012 9:48:45 PM - avast! Free Antivirus Setup
RP22: 12/29/2012 10:04:45 PM - Software Distribution Service 3.0
RP23: 12/29/2012 10:14:58 PM - Removed Adobe Reader 7.0.5
RP24: 12/29/2012 10:15:24 PM - Software Distribution Service 3.0
RP25: 12/29/2012 10:18:51 PM - Software Distribution Service 3.0
RP26: 12/30/2012 8:59:02 AM - Software Distribution Service 3.0
RP27: 12/30/2012 10:42:20 AM - Software Distribution Service 3.0
RP28: 12/30/2012 11:08:15 AM - Software Distribution Service 3.0
RP29: 12/30/2012 11:23:54 AM - Software Distribution Service 3.0
RP30: 12/30/2012 11:28:09 AM - Software Distribution Service 3.0
RP31: 12/30/2012 11:29:32 AM - Software Distribution Service 3.0
RP32: 12/30/2012 10:24:26 PM - Software Distribution Service 3.0
RP33: 12/31/2012 8:00:20 AM - Software Distribution Service 3.0
RP34: 12/31/2012 6:19:12 PM - Software Distribution Service 3.0
RP35: 12/31/2012 6:25:23 PM - Software Distribution Service 3.0
RP36: 12/31/2012 6:37:30 PM - Software Distribution Service 3.0
RP37: 12/31/2012 6:40:47 PM - Removed Microsoft .NET Framework 2.0 Service Pack 1
RP38: 12/31/2012 6:42:04 PM - Software Distribution Service 3.0
RP39: 12/31/2012 7:41:01 PM - Software Distribution Service 3.0
RP40: 12/31/2012 7:44:43 PM - Software Distribution Service 3.0
RP41: 1/1/2013 12:55:51 AM - Software Distribution Service 3.0
RP42: 1/1/2013 11:14:41 AM - Installed %1 %2.
RP43: 1/1/2013 11:14:51 AM - Printer Driver Microsoft XPS Document Writer Installed
RP44: 1/1/2013 11:22:06 AM - Software Distribution Service 3.0
RP45: 1/1/2013 11:45:17 AM - Printer Driver Microsoft XPS Document Writer Installed
RP46: 1/1/2013 11:59:48 AM - Installed %1 %2.
RP47: 1/1/2013 12:16:14 PM - Software Distribution Service 3.0
RP48: 1/1/2013 5:32:55 PM - Software Distribution Service 3.0
RP49: 1/1/2013 5:35:40 PM - Software Distribution Service 3.0
RP50: 1/1/2013 9:58:19 PM - Software Distribution Service 3.0
RP51: 1/2/2013 9:09:53 AM - Software Distribution Service 3.0
RP52: 1/2/2013 12:40:03 PM - Software Distribution Service 3.0
RP53: 1/2/2013 11:55:58 PM - Software Distribution Service 3.0
RP54: 1/3/2013 10:57:58 PM - Software Distribution Service 3.0
RP55: 1/4/2013 6:39:14 PM - Software Distribution Service 3.0
RP56: 1/5/2013 12:27:40 AM - Software Distribution Service 3.0
RP57: 1/6/2013 12:01:10 AM - Software Distribution Service 3.0
RP58: 1/6/2013 11:42:12 PM - Software Distribution Service 3.0
RP59: 1/7/2013 10:36:46 PM - Software Distribution Service 3.0
RP60: 1/8/2013 8:42:40 AM - Software Distribution Service 3.0
RP61: 1/8/2013 10:47:45 PM - Software Distribution Service 3.0
RP62: 1/9/2013 7:28:16 AM - Removed HPSU306Stub
RP63: 1/10/2013 7:23:31 PM - System Checkpoint
RP64: 1/11/2013 8:39:35 AM - Software Distribution Service 3.0
RP65: 1/11/2013 6:04:32 PM - Software Distribution Service 3.0
RP66: 1/11/2013 10:39:14 PM - Software Distribution Service 3.0
RP67: 1/12/2013 10:27:51 PM - Software Distribution Service 3.0
RP68: 1/13/2013 10:26:30 AM - Software Distribution Service 3.0
RP69: 1/13/2013 10:50:00 PM - Software Distribution Service 3.0
RP70: 1/14/2013 6:33:05 PM - Installed Java 7 Update 11
RP71: 1/14/2013 10:07:56 PM - Software Distribution Service 3.0
RP72: 1/15/2013 6:44:16 AM - Software Distribution Service 3.0
RP73: 1/15/2013 7:07:03 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
AutoUpdate
avast! Internet Security
BufferChm
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DivX
FullDPAppQFolder
GemMaster Mystic
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Help and Support
HP Imaging Device Functions 6.0
HP Pavilion Webcam
HP Pavilion Webcam Demo
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0035
HP Wireless Assistant 2.00 G2
HpSdpAppCoreApp
InstantShareAlert
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 38
LightScribe 1.4.97.1
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Download Manager
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
NetWaiting
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PhotoGallery
RandMap
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
Skype™ 6.0
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
swMSM
Synaptics Pointing Device Driver
TourSetup
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vongo
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format Runtime
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Service Pack 3
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/8/2013 6:59:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
1/12/2013 8:26:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0018DE7FBF54 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/11/2013 8:39:42 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB973768).
1/11/2013 5:41:20 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0018DE7FBF54 has been denied by the DHCP server 192.168.33.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-15 18:29:00
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 rev. 0.00MB
Running: v98xvgl5.exe; Driver: C:\DOCUME~1\TIFFAN~1.CEN\LOCALS~1\Temp\pxtdqpod.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAA2854BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA332C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAA285ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA2C7811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAA290FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAA290FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAA291176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA2C71C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAA290F16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAA291038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAA290F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAA28611C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAA291130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAA28693E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAA285508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA2C7ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA2C818D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAA28A1C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA2C7D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA2C7BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA332CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAA285170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAA285556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAA28A534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAA2873A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAA290FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAA291016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAA29119A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA2C7521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAA290F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAA289C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAA2910BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAA290F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAA289F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAA291154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA332E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA2C7A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAA287272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA2C787A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAA286DD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA33F7D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA2C6838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAA2855A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAA2855F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAA2867BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAA2851FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAA2853AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA2C7FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAA285350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAA286AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAA286C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAA28541A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAA2864D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAA286636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xAA33141C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAA285640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAA285F1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA34BE56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CAA332C
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, 55, 28, AA, F2, 55, 28, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, 6A, 28, AA, 54, 6C, 28, ...] {CLC ; PUSH 0x28; STOSB ; PUSH ESP; INS BYTE [ES:EDI], DX; SUB [EDX-0x55d7abe6], CH}
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL AA287A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP AA348CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP AA34A810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP AA34BE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP AA28BB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP AA28BA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP AA28B9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP AA28B0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP AA28A7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP AA28BCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP AA28BEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP AA28B8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP AA28A688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP AA28B16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP AA28AC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP AA28AEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP AA28A670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP AA28BA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 5 Bytes JMP AA28ACDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 5 Bytes JMP AA28AE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E66 5 Bytes JMP AA28B182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF894410 5 Bytes JMP AA28BBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EE8 5 Bytes JMP AA28BE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C29E 5 Bytes JMP AA28B090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D833 5 Bytes JMP AA28A834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP AA28A944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA15D 5 Bytes JMP AA28AA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP AA28AB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 5 Bytes JMP AA28A56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 5 Bytes JMP AA28B0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP AA28A760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914FD5 5 Bytes JMP AA28A8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP AA28AFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP AA28BD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\TIFFAN~1.CEN\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wuauclt.exe[252] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C41014
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C40804
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C40A08
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C40C0C
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C40E10
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C401F8
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C403FC
.text C:\WINDOWS\system32\wuauclt.exe[252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C40600
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00DB1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00DB0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00DB0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00DB0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00DB0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00DB01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00DB03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00DB0600
.text C:\WINDOWS\system32\svchost.exe[464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\eHome\ehRec.exe[476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
.text C:\WINDOWS\eHome\ehRec.exe[476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRec.exe[476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehRec.exe[476] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00961014
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00960804
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00960A08
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00960C0C
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00960E10
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009601F8
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009603FC
.text C:\WINDOWS\eHome\ehRec.exe[476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00960600
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[676] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A71014
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A70804
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A70A08
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A70C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A70E10
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A701F8
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A703FC
.text C:\WINDOWS\eHome\ehRecvr.exe[676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A70600
.text C:\WINDOWS\eHome\ehSched.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
.text C:\WINDOWS\eHome\ehSched.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehSched.exe[696] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00E11014
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00E10804
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00E10A08
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00E10C0C
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00E10E10
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00E101F8
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E103FC
.text C:\WINDOWS\eHome\ehSched.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00E10600
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, E0, 00] {TEST AL, 0x81; LOOPNZ 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B69A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, E0, 00] {TEST AL, 0x82; LOOPNZ 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B70B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, E0, 00] {TEST AL, 0x80; LOOPNZ 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B839
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, E0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01401014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01400804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01400A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01400C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01400E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 014001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 014003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01400600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01BD0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01BD0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01BD0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01BD01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01BD03FC
.text C:\WINDOWS\Explorer.EXE[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[924] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1036] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9182E2
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918353
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918481
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, AC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 010B1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 010B0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 010B0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 010B0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 010B0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 010B01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010B03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 010B0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01880804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01880A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01880600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 018801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 018803FC
.text C:\WINDOWS\System32\smss.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[1416] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1452] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1964] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B81014
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B80804
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B80A08
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B80C0C
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B80E10
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B801F8
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B803FC
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B80600
.text C:\WINDOWS\System32\svchost.exe[2024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006B1014
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006B0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006B0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006B0C0C
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006B0E10
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006B01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006B03FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006B0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006C0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006C01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[2228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006C03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2380] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2400] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[2408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wuauclt.exe[2408] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00911014
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00910804
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00910A08
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00910C0C
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00910E10
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009101F8
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009103FC
.text C:\WINDOWS\system32\wuauclt.exe[2408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00910600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00BB1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00BB0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00BB0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00BB0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00BB0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00BB01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BB03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00BB0600
.text C:\WINDOWS\System32\alg.exe[2496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2496] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00981014
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00980804
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00980A08
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00980C0C
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00980E10
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009801F8
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009803FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[2564] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00980600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2580] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2636] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\msdtc.exe[2652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\msdtc.exe[2652] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00771014
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00770804
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00770A08
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00770C0C
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00770E10
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007701F8
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007703FC
.text C:\WINDOWS\system32\msdtc.exe[2652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00770600
.text C:\WINDOWS\System32\svchost.exe[2732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[2732] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006F1014
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006F0804
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006F0A08
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006F0C0C
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006F0E10
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006F01F8
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006F03FC
.text C:\WINDOWS\System32\svchost.exe[2732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006F0600
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
.text C:\Documents and Settings\Tiffany.CENG\Desktop\v98xvgl5.exe[2760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
.text C:\WINDOWS\system32\igfxtray.exe[2780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\igfxtray.exe[2780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[2780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\igfxtray.exe[2780] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\igfxpers.exe[2836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\igfxpers.exe[2836] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[3048] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B71014
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B70804
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B70A08
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B70C0C
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B70E10
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B701F8
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B703FC
.text C:\WINDOWS\system32\svchost.exe[3048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B70600
.text C:\WINDOWS\system32\hkcmd.exe[3072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\hkcmd.exe[3072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[3072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\hkcmd.exe[3072] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[3076] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A71014
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A70804
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A70A08
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A70C0C
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A70E10
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A701F8
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A703FC
.text C:\WINDOWS\system32\svchost.exe[3076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A70600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3268] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 010B1014
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 010B0804
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 010B0A08
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 010B0C0C
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 010B0E10
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 010B01F8
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010B03FC
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 010B0600
.text C:\WINDOWS\ehome\ehtray.exe[3444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\ehtray.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[3444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\ehtray.exe[3444] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 016B1014
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 016B0804
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 016B0A08
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 016B0C0C
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 016B0E10
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 016B01F8
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 016B03FC
.text C:\WINDOWS\ehome\ehtray.exe[3444] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 016B0600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3488] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\mqsvc.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\mqsvc.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\mqsvc.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\mqsvc.exe[3528] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\mqsvc.exe[3528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\mqsvc.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CF0804
.text C:\WINDOWS\system32\mqsvc.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CF0A08
.text C:\WINDOWS\system32\mqsvc.exe[3528] USER32.dll!SetWindowsHookExA 7E431211 3 Bytes JMP 00CF0600
.text C:\WINDOWS\system32\mqsvc.exe[3528] USER32.dll!SetWindowsHookExA + 4 7E431215 1 Byte [82]
.text C:\WINDOWS\system32\mqsvc.exe[3528] USER32.dll!SetWinEventHook 7E4317F7 3 Bytes JMP 00CF01F8
.text C:\WINDOWS\system32\mqsvc.exe[3528] USER32.dll!SetWinEventHook + 4 7E4317FB 1 Byte [82]
.text C:\WINDOWS\system32\mqsvc.exe[3528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00CF03FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3532] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[3548] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009E1014
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009E0804
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009E0A08
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009E0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009E0E10
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009E01F8
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009E03FC
.text C:\WINDOWS\system32\ctfmon.exe[3548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009E0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C962
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C9D3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CB01
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, F3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011D01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 011D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01531014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01530804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01530A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01530C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01530E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 015301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 015303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01530600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01D00804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01D00A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01D00600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01D001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01D003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00ED1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00ED0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00ED0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00ED0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00ED0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00ED01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00ED03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00ED0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01580804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01580A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01580600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 015801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 015803FC
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\mqtgsvc.exe[4016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600

---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 2.0 ----
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Jan-2013, 07:04 PM #2
A bump after 48 hours and on safe mode because I can't get anything to load in a timely manner on Normal.

I would also like to add that there are two processes that are running:

wuauclt.exe that is taking 42,856 K
svhost 123,960K

Trojan?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Jan-2013, 07:34 PM #3
1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown



Post those two logs in your reply.

Kevin..
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Jan-2013, 09:57 PM #4
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.18.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tiffany :: CROWLEY [limited]
1/17/2013 8:55:33 PM
mbar-log-2013-01-17 (20-55-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27253
Time elapsed: 28 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Non-administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_38
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.729000 GHz
Memory total: 1063235584, free: 558522368
------------ Kernel report ------------
01/17/2013 20:25:20
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
viaide.sys
aliide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
aswNdis2.sys
aswNdis.sys
Serial.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\w39n51.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\cpqbttn.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\eabfiltr.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\system32\drivers\mqac.sys
\??\C:\WINDOWS\system32\drivers\RMCast.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86dccab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff86d59030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.01.18.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86dccab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d78968, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86dccab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86cf7980, DeviceName: \Device\00000085\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86d59030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffe2b23cd0, 0xffffffff86dccab8, 0xffffffff84d5bab8
Lower DeviceData: 0xffffffffe2b14230, 0xffffffff86d59030, 0xffffffff84d22788
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 282D282D
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 207800712
Partition file system is NTFS
Partition is bootable
Partition 1 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 207816840 Numsec = 24515190
Partition 2 type is Other (0xd7)
Partition is NOT ACTIVE.
Partition starts at LBA: 232332030 Numsec = 2104515
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__Asse mblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__Asse mblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyIn fo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyI nfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\__AssemblyInf o__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\__AssemblyIn fo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353\__AssemblyInf o__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hplMosaicNet\1.4.1.0__0d5444959b41355f\__AssemblyI nfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInf o__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__. ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqasmgt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbkloc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbutil\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__. ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\__*** emblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcddvd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__. ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedit.resources\3.0.0.0_en_a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj.resources\1.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsutl\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpbgen\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\__Assembl yInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__Assemb lyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_de_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_es_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_fr_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_it_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ja_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ko_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjcm\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqqca\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__. ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqszip\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd.resources\3.0.0.0_en_a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqxpbrn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo_ _.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\__Assembl yInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\__Assemb lyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\ __AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\__*** emblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\__A ssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827 \__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqaiois\4.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.HpqCamUn\1.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcrmcm\60.0.86.0__a53cf5803f4c3827\__*** emblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\__Assemb lyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\__Assemb lyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.LITTManagerLib\1.0.0.0__a53cf5803f4c3827\_ _AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\__Assem blyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__Assemb lyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__Assemb lyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__ .ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53e a9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9 cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea 9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__ AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf88 9f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9c f889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__Assemb lyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35 \__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__As semblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_de_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_es_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_fr_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_it_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ja_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ko_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyI nfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\ __AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\ __AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\ __AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\ __AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\ __AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\ __AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyI nfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113_ _9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0. 0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\_ _AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\_ _AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\_ _AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\_ _AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\_ _AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\_ _AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\__*** emblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo __.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_de_b77a5c561934e0 89\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_es_b77a5c561934e0 89\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_fr_b77a5c561934e0 89\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_it_b77a5c561934e0 89\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ja_b77a5c561934e0 89\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ko_b77a5c561934e0 89\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d5 0a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d5 0a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d5 0a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d5 0a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d5 0a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d5 0a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b 03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b 03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b 03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b 03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b 03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b 03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_de_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_es_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_fr_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_it_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ja_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ko_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_de_ b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_es_ b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_fr_ b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_it_ b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ja_ b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ko_ b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0 _zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0 _zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_de_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_es_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_fr_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_it_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ja_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ko_b03f5f7f 11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_de_b03f5f7f1 1d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_es_b03f5f7f1 1d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_fr_b03f5f7f1 1d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_it_b03f5f7f1 1d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ja_b03f5f7f1 1d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ko_b03f5f7f1 1d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_de_b77a5c561934e089\__ AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_es_b77a5c561934e089\__ AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_fr_b77a5c561934e089\__ AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_it_b77a5c561934e089\__ AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ja_b77a5c561934e089\__ AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ko_b77a5c561934e089\__ AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_de_b7 7a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_es_b7 7a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_fr_b7 7a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_it_b7 7a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ja_b7 7a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ko_b7 7a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_z h-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_z h-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resou rces\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_de_b03f5f7f11 d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_es_b03f5f7f11 d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_fr_b03f5f7f11 d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_it_b03f5f7f11 d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ja_b03f5f7f11 d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ko_b03f5f7f11 d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_de_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_es_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_fr_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_it_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ja_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ko_b03f 5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_de_b03f5f7f11d50a3 a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_es_b03f5f7f11d50a3 a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_fr_b03f5f7f11d50a3 a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_it_b03f5f7f11d50a3 a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ja_b03f5f7f11d50a3 a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ko_b03f5f7f11d50a3 a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_de_b03f5f 7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_es_b03f5f 7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_fr_b03f5f 7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_it_b03f5f 7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ja_b03f5f 7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ko_b03f5f 7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_de_b77a5c561934e08 9\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_es_b77a5c561934e08 9\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_fr_b77a5c561934e08 9\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_it_b77a5c561934e08 9\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ja_b77a5c561934e08 9\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ko_b77a5c561934e08 9\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\al.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\default.disco" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_dataperfcounters.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_NetworkingPerfCounters.h " is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ASP.NETClientFiles\SmartNav.h tm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\tmp\Y7FNW4DL\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB898461$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB932823-v3$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB932823-v3$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2360937$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2360937$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2691442$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2691442$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB969059$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB946648$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB950762$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB950974$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB951376-v2$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB951978$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB952287$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB960803$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB961501$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB973904$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB974112$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB974392$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB974571$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB975025$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB975467$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB975713$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB977816$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB977816$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB978706$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB979309$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB979482$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB979687$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB952954$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB956802$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB956844$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB958644$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB971657$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB973507$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB973815$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB973869$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2079403$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2079403$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2115168$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2115168$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2229593$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2345886$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2347290$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2347290$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2506212$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2506212$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2507618$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2507618$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2507938$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2507938$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2508429$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2508429$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2509553$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2535512$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2535512$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2536276-v2$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2544893-v2$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2566454$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2566454$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB981322$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB981322$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB981997$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB981997$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB982132$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB982132$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB982665$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB982665$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2570947$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2570947$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2584146$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2584146$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2585542$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2585542$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2592799$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2592799$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2598479$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2598479$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2603381$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2603381$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2618451$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2618451$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2620712$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2620712$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2631813$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2631813$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2646524$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2646524$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2653956$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2653956$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2655992$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2655992$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2661254-v2$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2661637$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2661637$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2676562$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2685939$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2685939$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2686509$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2686509$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2695962$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2695962$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2698365$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2707511$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2709162$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2709162$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2712808$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2712808$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2718704$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2718704$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2719985$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2719985$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2724197$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2727528$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2727528$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2749655$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2749655$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2753842-v2$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2758857$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2758857$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2770660$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2770660$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2779030$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2779030$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2387149$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2393802$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2419632$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2423089$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2423089$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2440591$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2440591$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2443105$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2443105$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2476490$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2476490$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2478960$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2478960$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2478971$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2478971$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2481109$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2483185$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2483185$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2485663$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2485663$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
=======================================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-Jan-2013, 05:13 AM #5
Continue as follows:

Please download the latest version of TDSSKiller from Here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.




  • Put a checkmark beside loaded modules.




  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.




  • Click the Start Scan button.




  • The scan will be quick.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.




  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.




  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
18-Jan-2013, 08:46 AM #6
07:34:54.0140 0276 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:34:54.0484 0276 ============================================================
07:34:54.0484 0276 Current date / time: 2013/01/18 07:34:54.0484
07:34:54.0484 0276 SystemInfo:
07:34:54.0484 0276
07:34:54.0484 0276 OS Version: 5.1.2600 ServicePack: 3.0
07:34:54.0484 0276 Product type: Workstation
07:34:54.0484 0276 ComputerName: CROWLEY
07:34:54.0484 0276 UserName: Tiffany
07:34:54.0484 0276 Windows directory: C:\WINDOWS
07:34:54.0484 0276 System windows directory: C:\WINDOWS
07:34:54.0484 0276 Processor architecture: Intel x86
07:34:54.0484 0276 Number of processors: 2
07:34:54.0484 0276 Page size: 0x1000
07:34:54.0484 0276 Boot type: Normal boot
07:34:54.0484 0276 ============================================================
07:34:55.0296 0276 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:34:55.0296 0276 ============================================================
07:34:55.0296 0276 \Device\Harddisk0\DR0:
07:34:55.0296 0276 MBR partitions:
07:34:55.0296 0276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC62C988
07:34:55.0296 0276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xC630888, BlocksNum 0x1761276
07:34:55.0296 0276 ============================================================
07:34:55.0359 0276 C: <-> \Device\Harddisk0\DR0\Partition1
07:34:55.0375 0276 D: <-> \Device\Harddisk0\DR0\Partition2
07:34:55.0406 0276 ============================================================
07:34:55.0406 0276 Initialize success
07:34:55.0406 0276 ============================================================
07:35:02.0421 0588 Deinitialize success
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-Jan-2013, 08:56 AM #7
Log is not complete?
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
18-Jan-2013, 09:20 PM #8
There were two logs that were generated and both had the same date, I'll repost both:
07:37:40.0796 0436 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:37:42.0812 0436 ============================================================
07:37:42.0828 0436 Current date / time: 2013/01/18 07:37:42.0812
07:37:42.0828 0436 SystemInfo:
07:37:42.0828 0436
07:37:42.0828 0436 OS Version: 5.1.2600 ServicePack: 3.0
07:37:42.0828 0436 Product type: Workstation
07:37:42.0828 0436 ComputerName: CROWLEY
07:37:42.0828 0436 UserName: Tiffany
07:37:42.0828 0436 Windows directory: C:\WINDOWS
07:37:42.0828 0436 System windows directory: C:\WINDOWS
07:37:42.0828 0436 Processor architecture: Intel x86
07:37:42.0828 0436 Number of processors: 2
07:37:42.0828 0436 Page size: 0x1000
07:37:42.0828 0436 Boot type: Normal boot
07:37:42.0828 0436 ============================================================
07:37:44.0796 0436 BG loaded
07:37:45.0578 0436 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:37:45.0640 0436 ============================================================
07:37:45.0640 0436 \Device\Harddisk0\DR0:
07:37:45.0640 0436 MBR partitions:
07:37:45.0640 0436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC62C988
07:37:45.0640 0436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xC630888, BlocksNum 0x1761276
07:37:45.0640 0436 ============================================================
07:37:46.0062 0436 C: <-> \Device\Harddisk0\DR0\Partition1
07:37:46.0093 0436 D: <-> \Device\Harddisk0\DR0\Partition2
07:37:46.0093 0436 ============================================================
07:37:46.0093 0436 Initialize success
07:37:46.0093 0436 ============================================================
07:38:05.0703 1960 ============================================================
07:38:05.0703 1960 Scan started
07:38:05.0703 1960 Mode: Manual; SigCheck; TDLFS;
07:38:05.0703 1960 ============================================================
07:38:05.0937 1960 ================ Scan system memory ========================
07:38:05.0937 1960 System memory - ok
07:38:05.0937 1960 ================ Scan services =============================
07:38:06.0203 1960 [ D2142FEE659D97B2B05820F21594BFE2 ] 5U870CAP_VID_1262&PID_25FD C:\WINDOWS\system32\Drivers\5U870CAP.sys
07:38:07.0281 1960 5U870CAP_VID_1262&PID_25FD - ok
07:38:07.0343 1960 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
07:38:07.0484 1960 Aavmker4 - ok
07:38:07.0500 1960 Abiosdsk - ok
07:38:07.0531 1960 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:38:07.0703 1960 abp480n5 - ok
07:38:07.0765 1960 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:38:07.0968 1960 ACPI - ok
07:38:07.0984 1960 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:38:08.0125 1960 ACPIEC - ok
07:38:08.0265 1960 [ 746742588C07DB53731143229E2EE450 ] AddFiltr C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
07:38:08.0296 1960 AddFiltr ( UnsignedFile.Multi.Generic ) - warning
07:38:08.0296 1960 AddFiltr - detected UnsignedFile.Multi.Generic (1)
07:38:08.0390 1960 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:38:08.0421 1960 AdobeFlashPlayerUpdateSvc - ok
07:38:08.0453 1960 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:38:08.0593 1960 adpu160m - ok
07:38:08.0640 1960 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:38:08.0859 1960 aec - ok
07:38:08.0921 1960 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:38:08.0953 1960 AFD - ok
07:38:08.0984 1960 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:38:09.0125 1960 agp440 - ok
07:38:09.0140 1960 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:38:09.0296 1960 agpCPQ - ok
07:38:09.0343 1960 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:38:09.0437 1960 Aha154x - ok
07:38:09.0468 1960 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:38:09.0593 1960 aic78u2 - ok
07:38:09.0625 1960 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:38:09.0765 1960 aic78xx - ok
07:38:09.0812 1960 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:38:09.0953 1960 Alerter - ok
07:38:09.0968 1960 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:38:10.0062 1960 ALG - ok
07:38:10.0078 1960 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
07:38:10.0218 1960 AliIde - ok
07:38:10.0250 1960 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:38:10.0375 1960 alim1541 - ok
07:38:10.0406 1960 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:38:10.0546 1960 amdagp - ok
07:38:10.0546 1960 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
07:38:10.0656 1960 amsint - ok
07:38:10.0703 1960 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:38:10.0796 1960 AppMgmt - ok
07:38:10.0843 1960 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:38:10.0984 1960 Arp1394 - ok
07:38:11.0015 1960 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
07:38:11.0140 1960 asc - ok
07:38:11.0156 1960 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:38:11.0250 1960 asc3350p - ok
07:38:11.0265 1960 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:38:11.0406 1960 asc3550 - ok
07:38:11.0609 1960 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:38:11.0687 1960 aspnet_state - ok
07:38:11.0718 1960 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
07:38:11.0734 1960 aswFsBlk - ok
07:38:11.0765 1960 [ CCAFDA4AB7F3738142B3BA7DA311FFB0 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
07:38:11.0781 1960 aswFW - ok
07:38:11.0796 1960 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
07:38:11.0828 1960 aswKbd - ok
07:38:11.0828 1960 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
07:38:11.0843 1960 aswMon2 - ok
07:38:11.0875 1960 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
07:38:11.0890 1960 aswNdis - ok
07:38:11.0921 1960 [ DCF8B68A3A6217F87CA7FA95F535B47E ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
07:38:11.0937 1960 aswNdis2 - ok
07:38:11.0953 1960 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
07:38:11.0968 1960 AswRdr - ok
07:38:12.0000 1960 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
07:38:12.0046 1960 aswSnx - ok
07:38:12.0109 1960 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
07:38:12.0140 1960 aswSP - ok
07:38:12.0140 1960 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
07:38:12.0171 1960 aswTdi - ok
07:38:12.0187 1960 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:38:12.0359 1960 AsyncMac - ok
07:38:12.0359 1960 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:38:12.0500 1960 atapi - ok
07:38:12.0531 1960 Atdisk - ok
07:38:12.0562 1960 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:38:12.0734 1960 Atmarpc - ok
07:38:12.0781 1960 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:38:12.0906 1960 AudioSrv - ok
07:38:12.0953 1960 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:38:13.0093 1960 audstub - ok
07:38:13.0203 1960 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:38:13.0234 1960 avast! Antivirus - ok
07:38:13.0250 1960 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
07:38:13.0281 1960 avast! Firewall - ok
07:38:13.0312 1960 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:38:13.0484 1960 Beep - ok
07:38:13.0546 1960 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:38:14.0015 1960 BITS - ok
07:38:14.0078 1960 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:38:14.0109 1960 Browser - ok
07:38:14.0140 1960 [ 4272BAB9291D26DA5AC913BC79C3CE85 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
07:38:14.0140 1960 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
07:38:14.0140 1960 BTWUSB - detected UnsignedFile.Multi.Generic (1)
07:38:14.0156 1960 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:38:14.0312 1960 cbidf - ok
07:38:14.0328 1960 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:38:14.0453 1960 cbidf2k - ok
07:38:14.0500 1960 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:38:14.0656 1960 CCDECODE - ok
07:38:14.0687 1960 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:38:14.0750 1960 cd20xrnt - ok
07:38:14.0781 1960 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:38:14.0906 1960 Cdaudio - ok
07:38:14.0937 1960 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:38:15.0078 1960 Cdfs - ok
07:38:15.0109 1960 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:38:15.0234 1960 Cdrom - ok
07:38:15.0250 1960 Changer - ok
07:38:15.0281 1960 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:38:15.0437 1960 CiSvc - ok
07:38:15.0453 1960 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:38:15.0609 1960 ClipSrv - ok
07:38:15.0640 1960 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:38:15.0750 1960 clr_optimization_v2.0.50727_32 - ok
07:38:15.0781 1960 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:38:15.0921 1960 CmBatt - ok
07:38:15.0968 1960 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:38:16.0109 1960 CmdIde - ok
07:38:16.0140 1960 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:38:16.0312 1960 Compbatt - ok
07:38:16.0312 1960 COMSysApp - ok
07:38:16.0343 1960 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:38:16.0500 1960 Cpqarray - ok
07:38:16.0546 1960 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:38:16.0687 1960 CryptSvc - ok
07:38:16.0734 1960 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:38:16.0890 1960 dac2w2k - ok
07:38:16.0906 1960 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:38:17.0046 1960 dac960nt - ok
07:38:17.0125 1960 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:38:17.0203 1960 DcomLaunch - ok
07:38:17.0265 1960 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:38:17.0421 1960 Dhcp - ok
07:38:17.0468 1960 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:38:17.0609 1960 Disk - ok
07:38:17.0640 1960 dmadmin - ok
07:38:17.0703 1960 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:38:17.0921 1960 dmboot - ok
07:38:17.0937 1960 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:38:18.0125 1960 dmio - ok
07:38:18.0156 1960 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:38:18.0359 1960 dmload - ok
07:38:18.0390 1960 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:38:18.0531 1960 dmserver - ok
07:38:18.0546 1960 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:38:18.0687 1960 DMusic - ok
07:38:18.0750 1960 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:38:18.0781 1960 Dnscache - ok
07:38:18.0828 1960 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:38:18.0953 1960 Dot3svc - ok
07:38:18.0968 1960 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:38:19.0109 1960 dpti2o - ok
07:38:19.0171 1960 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:38:19.0312 1960 drmkaud - ok
07:38:19.0359 1960 [ 83403675CAB29E7A4B885B11E7C855D8 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:38:19.0390 1960 E100B - ok
07:38:19.0421 1960 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
07:38:19.0453 1960 eabfiltr - ok
07:38:19.0484 1960 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
07:38:19.0515 1960 eabusb - ok
07:38:19.0546 1960 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:38:19.0703 1960 EapHost - ok
07:38:19.0812 1960 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
07:38:19.0843 1960 ehRecvr - ok
07:38:19.0859 1960 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
07:38:19.0953 1960 ehSched - ok
07:38:20.0000 1960 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:38:20.0218 1960 ERSvc - ok
07:38:20.0296 1960 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:38:20.0328 1960 Eventlog - ok
07:38:20.0390 1960 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:38:20.0437 1960 EventSystem - ok
07:38:20.0484 1960 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:38:20.0640 1960 Fastfat - ok
07:38:20.0687 1960 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:38:20.0734 1960 FastUserSwitchingCompatibility - ok
07:38:20.0765 1960 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
07:38:20.0906 1960 Fdc - ok
07:38:20.0937 1960 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:38:21.0078 1960 Fips - ok
07:38:21.0078 1960 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:38:21.0234 1960 Flpydisk - ok
07:38:21.0281 1960 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:38:21.0437 1960 FltMgr - ok
07:38:21.0531 1960 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:38:21.0546 1960 FontCache3.0.0.0 - ok
07:38:21.0578 1960 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:38:21.0718 1960 Fs_Rec - ok
07:38:21.0750 1960 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:38:21.0875 1960 Ftdisk - ok
07:38:21.0921 1960 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:38:22.0062 1960 Gpc - ok
07:38:22.0140 1960 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:38:22.0156 1960 gupdate - ok
07:38:22.0156 1960 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:38:22.0171 1960 gupdatem - ok
07:38:22.0203 1960 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
07:38:22.0218 1960 HBtnKey - ok
07:38:22.0250 1960 [ 2A6E9A118DA2DD0439551A7EB3A8F65E ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
07:38:22.0312 1960 HdAudAddService - ok
07:38:22.0359 1960 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:38:22.0500 1960 HDAudBus - ok
07:38:22.0578 1960 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:38:22.0796 1960 helpsvc - ok
07:38:22.0828 1960 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:38:23.0062 1960 HidServ - ok
07:38:23.0109 1960 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:38:23.0328 1960 HidUsb - ok
07:38:23.0359 1960 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:38:23.0593 1960 hkmsvc - ok
07:38:23.0625 1960 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
07:38:23.0750 1960 hpn - ok
07:38:23.0796 1960 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
07:38:23.0828 1960 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
07:38:23.0828 1960 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
07:38:23.0843 1960 [ 448C0FD272FE1B80046F4767DB21EB8D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
07:38:23.0875 1960 HSFHWAZL - ok
07:38:23.0921 1960 [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:38:23.0968 1960 HSF_DPV - ok
07:38:24.0031 1960 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:38:24.0062 1960 HTTP - ok
07:38:24.0125 1960 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:38:24.0281 1960 HTTPFilter - ok
07:38:24.0328 1960 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
07:38:24.0515 1960 i2omgmt - ok
07:38:24.0546 1960 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:38:24.0703 1960 i2omp - ok
07:38:24.0718 1960 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:38:24.0859 1960 i8042prt - ok
07:38:24.0953 1960 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:38:25.0046 1960 ialm - ok
07:38:25.0109 1960 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
07:38:25.0140 1960 iaStor - ok
07:38:25.0234 1960 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:38:25.0265 1960 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:38:25.0265 1960 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:38:25.0375 1960 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:38:25.0484 1960 idsvc - ok
07:38:25.0531 1960 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:38:25.0765 1960 Imapi - ok
07:38:25.0828 1960 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:38:25.0968 1960 ImapiService - ok
07:38:26.0015 1960 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:38:26.0187 1960 ini910u - ok
07:38:26.0218 1960 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:38:26.0375 1960 IntelIde - ok
07:38:26.0406 1960 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:38:26.0562 1960 intelppm - ok
07:38:26.0593 1960 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:38:26.0734 1960 Ip6Fw - ok
07:38:26.0750 1960 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:38:26.0875 1960 IpFilterDriver - ok
07:38:26.0906 1960 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:38:27.0046 1960 IpInIp - ok
07:38:27.0078 1960 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:38:27.0218 1960 IpNat - ok
07:38:27.0250 1960 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:38:27.0421 1960 IPSec - ok
07:38:27.0468 1960 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:38:27.0531 1960 IRENUM - ok
07:38:27.0578 1960 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:38:27.0734 1960 isapnp - ok
07:38:27.0828 1960 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:38:27.0843 1960 JavaQuickStarterService - ok
07:38:27.0875 1960 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:38:28.0015 1960 Kbdclass - ok
07:38:28.0031 1960 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:38:28.0156 1960 kbdhid - ok
07:38:28.0218 1960 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:38:28.0375 1960 kmixer - ok
07:38:28.0390 1960 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:38:28.0437 1960 KSecDD - ok
07:38:28.0468 1960 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:38:28.0515 1960 lanmanserver - ok
07:38:28.0562 1960 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:38:28.0593 1960 lanmanworkstation - ok
07:38:28.0609 1960 lbrtfdc - ok
07:38:28.0703 1960 [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:38:28.0734 1960 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:38:28.0734 1960 LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:38:28.0765 1960 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:38:29.0000 1960 LmHosts - ok
07:38:29.0046 1960 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
07:38:29.0125 1960 McrdSvc - ok
07:38:29.0171 1960 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:38:29.0203 1960 mdmxsdk - ok
07:38:29.0218 1960 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:38:29.0375 1960 Messenger - ok
07:38:29.0421 1960 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
07:38:29.0421 1960 MHN ( UnsignedFile.Multi.Generic ) - warning
07:38:29.0437 1960 MHN - detected UnsignedFile.Multi.Generic (1)
07:38:29.0453 1960 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:38:29.0468 1960 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
07:38:29.0468 1960 MHNDRV - detected UnsignedFile.Multi.Generic (1)
07:38:29.0484 1960 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:38:29.0640 1960 mnmdd - ok
07:38:29.0687 1960 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:38:29.0828 1960 mnmsrvc - ok
07:38:29.0875 1960 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:38:30.0015 1960 Modem - ok
07:38:30.0046 1960 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:38:30.0171 1960 Mouclass - ok
07:38:30.0218 1960 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:38:30.0375 1960 mouhid - ok
07:38:30.0390 1960 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:38:30.0546 1960 MountMgr - ok
07:38:30.0578 1960 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
07:38:30.0671 1960 MQAC - ok
07:38:30.0703 1960 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:38:30.0843 1960 mraid35x - ok
07:38:30.0859 1960 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:38:31.0015 1960 MRxDAV - ok
07:38:31.0078 1960 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:38:31.0125 1960 MRxSmb - ok
07:38:31.0171 1960 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:38:31.0312 1960 MSDTC - ok
07:38:31.0343 1960 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:38:31.0484 1960 Msfs - ok
07:38:31.0484 1960 MSIServer - ok
07:38:31.0515 1960 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:38:31.0656 1960 MSKSSRV - ok
07:38:31.0687 1960 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
07:38:31.0765 1960 MSMQ - ok
07:38:31.0781 1960 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
07:38:31.0859 1960 MSMQTriggers - ok
07:38:31.0890 1960 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:38:32.0031 1960 MSPCLOCK - ok
07:38:32.0046 1960 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:38:32.0203 1960 MSPQM - ok
07:38:32.0250 1960 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:38:32.0390 1960 mssmbios - ok
07:38:32.0406 1960 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:38:32.0562 1960 MSTEE - ok
07:38:32.0625 1960 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:38:32.0671 1960 Mup - ok
07:38:32.0703 1960 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:38:32.0875 1960 NABTSFEC - ok
07:38:32.0921 1960 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:38:33.0093 1960 napagent - ok
07:38:33.0125 1960 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:38:33.0296 1960 NDIS - ok
07:38:33.0343 1960 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:38:33.0484 1960 NdisIP - ok
07:38:33.0515 1960 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:38:33.0531 1960 NdisTapi - ok
07:38:33.0562 1960 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:38:33.0703 1960 Ndisuio - ok
07:38:33.0718 1960 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:38:33.0859 1960 NdisWan - ok
07:38:33.0921 1960 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:38:33.0937 1960 NDProxy - ok
07:38:33.0968 1960 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:38:34.0140 1960 NetBIOS - ok
07:38:34.0187 1960 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:38:34.0343 1960 NetBT - ok
07:38:34.0375 1960 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:38:34.0578 1960 NetDDE - ok
07:38:34.0593 1960 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:38:34.0734 1960 NetDDEdsdm - ok
07:38:34.0781 1960 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:38:34.0937 1960 Netlogon - ok
07:38:34.0968 1960 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:38:35.0140 1960 Netman - ok
07:38:35.0187 1960 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:38:35.0218 1960 NetTcpPortSharing - ok
07:38:35.0234 1960 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:38:35.0375 1960 NIC1394 - ok
07:38:35.0421 1960 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:38:35.0468 1960 Nla - ok
07:38:35.0515 1960 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:38:35.0671 1960 Npfs - ok
07:38:35.0718 1960 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:38:35.0890 1960 Ntfs - ok
07:38:35.0921 1960 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:38:36.0093 1960 NtLmSsp - ok
07:38:36.0156 1960 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:38:36.0359 1960 NtmsSvc - ok
07:38:36.0406 1960 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:38:36.0562 1960 Null - ok
07:38:36.0578 1960 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:38:36.0718 1960 NwlnkFlt - ok
07:38:36.0750 1960 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:38:36.0906 1960 NwlnkFwd - ok
07:38:36.0953 1960 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:38:37.0109 1960 ohci1394 - ok
07:38:37.0187 1960 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:38:37.0203 1960 ose - ok
07:38:37.0250 1960 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
07:38:37.0406 1960 Parport - ok
07:38:37.0421 1960 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:38:37.0562 1960 PartMgr - ok
07:38:37.0609 1960 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:38:37.0765 1960 ParVdm - ok
07:38:37.0781 1960 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:38:37.0937 1960 PCI - ok
07:38:37.0953 1960 PCIDump - ok
07:38:37.0953 1960 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:38:38.0093 1960 PCIIde - ok
07:38:38.0140 1960 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:38:38.0281 1960 Pcmcia - ok
07:38:38.0281 1960 PDCOMP - ok
07:38:38.0296 1960 PDFRAME - ok
07:38:38.0296 1960 PDRELI - ok
07:38:38.0312 1960 PDRFRAME - ok
07:38:38.0328 1960 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
07:38:38.0484 1960 perc2 - ok
07:38:38.0515 1960 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:38:38.0671 1960 perc2hib - ok
07:38:38.0718 1960 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:38:38.0765 1960 PlugPlay - ok
07:38:38.0765 1960 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:38:38.0906 1960 PolicyAgent - ok
07:38:38.0968 1960 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:38:39.0109 1960 PptpMiniport - ok
07:38:39.0125 1960 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:38:39.0265 1960 ProtectedStorage - ok
07:38:39.0265 1960 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:38:39.0421 1960 PSched - ok
07:38:39.0421 1960 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:38:39.0562 1960 Ptilink - ok
07:38:39.0562 1960 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:38:39.0593 1960 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
07:38:39.0593 1960 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
07:38:39.0609 1960 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:38:39.0765 1960 ql1080 - ok
07:38:39.0781 1960 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:38:39.0921 1960 Ql10wnt - ok
07:38:39.0953 1960 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:38:40.0093 1960 ql12160 - ok
07:38:40.0109 1960 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:38:40.0265 1960 ql1240 - ok
07:38:40.0296 1960 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:38:40.0484 1960 ql1280 - ok
07:38:40.0500 1960 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:38:40.0640 1960 RasAcd - ok
07:38:40.0687 1960 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:38:40.0859 1960 RasAuto - ok
07:38:40.0875 1960 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:38:41.0031 1960 Rasl2tp - ok
07:38:41.0078 1960 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:38:41.0218 1960 RasMan - ok
07:38:41.0234 1960 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:38:41.0390 1960 RasPppoe - ok
07:38:41.0406 1960 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:38:41.0562 1960 Raspti - ok
07:38:41.0625 1960 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:38:41.0781 1960 Rdbss - ok
07:38:41.0828 1960 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:38:41.0984 1960 RDPCDD - ok
07:38:42.0000 1960 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:38:42.0140 1960 rdpdr - ok
07:38:42.0203 1960 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:38:42.0265 1960 RDPWD - ok
07:38:42.0312 1960 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:38:42.0468 1960 RDSessMgr - ok
07:38:42.0500 1960 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:38:42.0640 1960 redbook - ok
07:38:42.0703 1960 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:38:42.0859 1960 RemoteAccess - ok
07:38:42.0906 1960 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:38:43.0062 1960 RemoteRegistry - ok
07:38:43.0078 1960 [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
07:38:43.0125 1960 rimmptsk - ok
07:38:43.0125 1960 [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
07:38:43.0156 1960 rimsptsk - ok
07:38:43.0203 1960 [ 3AC17802740C3A4764DC9750E92E6233 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
07:38:43.0218 1960 rismxdp - ok
07:38:43.0281 1960 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
07:38:43.0312 1960 RMCAST - ok
07:38:43.0359 1960 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:38:43.0531 1960 RpcLocator - ok
07:38:43.0562 1960 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:38:43.0609 1960 RpcSs - ok
07:38:43.0625 1960 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:38:43.0781 1960 RSVP - ok
07:38:43.0843 1960 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:38:44.0031 1960 rtl8139 - ok
07:38:44.0062 1960 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:38:44.0203 1960 SamSs - ok
07:38:44.0234 1960 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:38:44.0406 1960 SCardSvr - ok
07:38:44.0453 1960 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:38:44.0609 1960 Schedule - ok
07:38:44.0656 1960 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:38:44.0796 1960 sdbus - ok
07:38:44.0828 1960 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:38:44.0906 1960 Secdrv - ok
07:38:44.0937 1960 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:38:45.0093 1960 seclogon - ok
07:38:45.0093 1960 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:38:45.0250 1960 SENS - ok
07:38:45.0265 1960 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
07:38:45.0406 1960 Serial - ok
07:38:45.0437 1960 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:38:45.0593 1960 Sfloppy - ok
07:38:45.0656 1960 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:38:45.0828 1960 SharedAccess - ok
07:38:45.0875 1960 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:38:45.0921 1960 ShellHWDetection - ok
07:38:45.0921 1960 Simbad - ok
07:38:45.0968 1960 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:38:46.0109 1960 sisagp - ok
07:38:46.0156 1960 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:38:46.0187 1960 SkypeUpdate - ok
07:38:46.0218 1960 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:38:46.0406 1960 SLIP - ok
07:38:46.0453 1960 [ FAC7B89330E20713950925050C91CD04 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
07:38:46.0484 1960 SNP2UVC - ok
07:38:46.0531 1960 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:38:46.0640 1960 Sparrow - ok
07:38:46.0687 1960 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:38:46.0859 1960 splitter - ok
07:38:46.0906 1960 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:38:46.0953 1960 Spooler - ok
07:38:46.0968 1960 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:38:47.0078 1960 sr - ok
07:38:47.0125 1960 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:38:47.0250 1960 srservice - ok
07:38:47.0312 1960 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:38:47.0328 1960 Srv - ok
07:38:47.0375 1960 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:38:47.0453 1960 SSDPSRV - ok
07:38:47.0578 1960 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:38:47.0812 1960 stisvc - ok
07:38:47.0859 1960 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:38:48.0093 1960 streamip - ok
07:38:48.0140 1960 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:38:48.0328 1960 swenum - ok
07:38:48.0390 1960 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:38:48.0531 1960 swmidi - ok
07:38:48.0531 1960 SwPrv - ok
07:38:48.0593 1960 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
07:38:48.0781 1960 symc810 - ok
07:38:48.0796 1960 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:38:48.0953 1960 symc8xx - ok
07:38:48.0968 1960 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:38:49.0125 1960 sym_hi - ok
07:38:49.0156 1960 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:38:49.0296 1960 sym_u3 - ok
07:38:49.0328 1960 [ 369D0626687A968182A9DB40FE8A0905 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:38:49.0375 1960 SynTP - ok
07:38:49.0390 1960 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:38:49.0546 1960 sysaudio - ok
07:38:49.0593 1960 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:38:49.0750 1960 SysmonLog - ok
07:38:49.0781 1960 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:38:49.0937 1960 TapiSrv - ok
07:38:49.0984 1960 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:38:50.0015 1960 Tcpip - ok
07:38:50.0046 1960 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:38:50.0203 1960 TDPIPE - ok
07:38:50.0234 1960 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:38:50.0390 1960 TDTCP - ok
07:38:50.0421 1960 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:38:50.0578 1960 TermDD - ok
07:38:50.0625 1960 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:38:50.0781 1960 TermService - ok
07:38:50.0796 1960 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:38:50.0828 1960 Themes - ok
07:38:50.0875 1960 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:38:50.0968 1960 TlntSvr - ok
07:38:51.0000 1960 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
07:38:51.0140 1960 TosIde - ok
07:38:51.0218 1960 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:38:51.0375 1960 TrkWks - ok
07:38:51.0406 1960 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:38:51.0578 1960 Udfs - ok
07:38:51.0578 1960 UIUSys - ok
07:38:51.0609 1960 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
07:38:51.0703 1960 ultra - ok
07:38:51.0750 1960 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
07:38:51.0796 1960 UMWdf - ok
07:38:51.0843 1960 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:38:51.0984 1960 Update - ok
07:38:52.0015 1960 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:38:52.0109 1960 upnphost - ok
07:38:52.0109 1960 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:38:52.0281 1960 UPS - ok
07:38:52.0328 1960 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:38:52.0468 1960 usbaudio - ok
07:38:52.0500 1960 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:38:52.0640 1960 usbccgp - ok
07:38:52.0671 1960 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:38:52.0812 1960 usbehci - ok
07:38:52.0859 1960 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:38:53.0015 1960 usbhub - ok
07:38:53.0031 1960 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:38:53.0171 1960 USBSTOR - ok
07:38:53.0187 1960 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:38:53.0328 1960 usbuhci - ok
07:38:53.0343 1960 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:38:53.0484 1960 VgaSave - ok
07:38:53.0531 1960 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:38:53.0687 1960 viaagp - ok
07:38:53.0703 1960 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
07:38:53.0843 1960 ViaIde - ok
07:38:53.0859 1960 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:38:54.0000 1960 VolSnap - ok
07:38:54.0062 1960 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:38:54.0156 1960 VSS - ok
07:38:54.0187 1960 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:38:54.0343 1960 W32Time - ok
07:38:54.0437 1960 [ C79918A5BD269035F3A34D157401B9DF ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
07:38:54.0531 1960 w39n51 - ok
07:38:54.0562 1960 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:38:54.0703 1960 Wanarp - ok
07:38:54.0718 1960 WDICA - ok
07:38:54.0734 1960 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:38:54.0890 1960 wdmaud - ok
07:38:54.0906 1960 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:38:55.0078 1960 WebClient - ok
07:38:55.0125 1960 [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:38:55.0203 1960 winachsf - ok
07:38:55.0296 1960 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:38:55.0421 1960 winmgmt - ok
07:38:55.0546 1960 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
07:38:55.0640 1960 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
07:38:55.0640 1960 WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
07:38:55.0703 1960 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
07:38:55.0750 1960 WmdmPmSN - ok
07:38:55.0812 1960 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:38:55.0890 1960 Wmi - ok
07:38:55.0953 1960 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:38:56.0187 1960 WmiAcpi - ok
07:38:56.0265 1960 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:38:56.0500 1960 WmiApSrv - ok
07:38:56.0562 1960 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:38:56.0718 1960 wscsvc - ok
07:38:56.0734 1960 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:38:56.0906 1960 WSTCODEC - ok
07:38:56.0921 1960 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:38:57.0093 1960 wuauserv - ok
07:38:57.0156 1960 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:38:57.0343 1960 WZCSVC - ok
07:38:57.0359 1960 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:38:57.0515 1960 xmlprov - ok
07:38:57.0531 1960 ================ Scan global ===============================
07:38:57.0609 1960 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:38:57.0640 1960 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:38:57.0687 1960 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:38:57.0718 1960 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:38:57.0718 1960 [Global] - ok
07:38:57.0718 1960 ================ Scan MBR ==================================
07:38:57.0750 1960 [ 665277635DC8BA83DEAE12EADEDB75A0 ] \Device\Harddisk0\DR0
07:38:58.0171 1960 \Device\Harddisk0\DR0 - ok
07:38:58.0171 1960 ================ Scan VBR ==================================
07:38:58.0171 1960 [ 0C82DE408B5FD795C0C00E6D77A64079 ] \Device\Harddisk0\DR0\Partition1
07:38:58.0171 1960 \Device\Harddisk0\DR0\Partition1 - ok
07:38:58.0187 1960 [ E97C4D4A753A140ED9AD71F5C19F4F5C ] \Device\Harddisk0\DR0\Partition2
07:38:58.0187 1960 \Device\Harddisk0\DR0\Partition2 - ok
07:38:58.0187 1960 ================ Scan active images ========================
07:38:58.0187 1960 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
07:38:58.0187 1960 C:\WINDOWS\system32\drivers\intelppm.sys - ok
07:38:58.0203 1960 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
07:38:58.0203 1960 C:\WINDOWS\system32\drivers\cmbatt.sys - ok
07:38:58.0218 1960 [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
07:38:58.0218 1960 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
07:38:58.0234 1960 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
07:38:58.0234 1960 C:\WINDOWS\system32\drivers\videoprt.sys - ok
07:38:58.0234 1960 [ 0F0194C4B635C10C3F785E4FEE52D641 ] C:\WINDOWS\system32\drivers\ialmnt5.sys
07:38:58.0234 1960 C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
07:38:58.0250 1960 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
07:38:58.0250 1960 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
07:38:58.0265 1960 [ C79918A5BD269035F3A34D157401B9DF ] C:\WINDOWS\system32\drivers\w39n51.sys
07:38:58.0265 1960 C:\WINDOWS\system32\drivers\w39n51.sys - ok
07:38:58.0265 1960 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
07:38:58.0265 1960 C:\WINDOWS\system32\drivers\usbport.sys - ok
07:38:58.0281 1960 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
07:38:58.0281 1960 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
07:38:58.0296 1960 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
07:38:58.0296 1960 C:\WINDOWS\system32\drivers\usbehci.sys - ok
07:38:58.0312 1960 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
07:38:58.0312 1960 C:\WINDOWS\system32\drivers\nic1394.sys - ok
07:38:58.0328 1960 [ 7A6648B61661B1421FFAB762E391E33F ] C:\WINDOWS\system32\drivers\rimmptsk.sys
07:38:58.0328 1960 C:\WINDOWS\system32\drivers\rimmptsk.sys - ok
07:38:58.0328 1960 [ D0A35B7670AA3558EAAB483F64446496 ] C:\WINDOWS\system32\drivers\rimsptsk.sys
07:38:58.0328 1960 C:\WINDOWS\system32\drivers\rimsptsk.sys - ok
07:38:58.0343 1960 [ 3AC17802740C3A4764DC9750E92E6233 ] C:\WINDOWS\system32\drivers\rixdptsk.sys
07:38:58.0343 1960 C:\WINDOWS\system32\drivers\rixdptsk.sys - ok
07:38:58.0343 1960 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] C:\WINDOWS\system32\drivers\sdbus.sys
07:38:58.0343 1960 C:\WINDOWS\system32\drivers\sdbus.sys - ok
07:38:58.0359 1960 [ 83403675CAB29E7A4B885B11E7C855D8 ] C:\WINDOWS\system32\drivers\e100b325.sys
07:38:58.0359 1960 C:\WINDOWS\system32\drivers\e100b325.sys - ok
07:38:58.0359 1960 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
07:38:58.0359 1960 C:\WINDOWS\system32\drivers\hidclass.sys - ok
07:38:58.0375 1960 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
07:38:58.0375 1960 C:\WINDOWS\system32\drivers\hidparse.sys - ok
07:38:58.0375 1960 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] C:\WINDOWS\system32\drivers\aswKbd.sys
07:38:58.0375 1960 C:\WINDOWS\system32\drivers\aswKbd.sys - ok
07:38:58.0390 1960 [ 4D4D97671C63C3AF869B3518E6054204 ] C:\WINDOWS\system32\drivers\CPQBttn.sys
07:38:58.0390 1960 C:\WINDOWS\system32\drivers\CPQBttn.sys - ok
07:38:58.0390 1960 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
07:38:58.0390 1960 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
07:38:58.0390 1960 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
07:38:58.0390 1960 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
07:38:58.0406 1960 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
07:38:58.0406 1960 C:\WINDOWS\system32\drivers\usbd.sys - ok
07:38:58.0406 1960 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
07:38:58.0406 1960 C:\WINDOWS\system32\drivers\cdrom.sys - ok
07:38:58.0421 1960 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
07:38:58.0421 1960 C:\WINDOWS\system32\drivers\imapi.sys - ok
07:38:58.0421 1960 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
07:38:58.0421 1960 C:\WINDOWS\system32\drivers\mouclass.sys - ok
07:38:58.0437 1960 [ 369D0626687A968182A9DB40FE8A0905 ] C:\WINDOWS\system32\drivers\SynTP.sys
07:38:58.0437 1960 C:\WINDOWS\system32\drivers\SynTP.sys - ok
07:38:58.0437 1960 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
07:38:58.0437 1960 C:\WINDOWS\system32\drivers\audstub.sys - ok
07:38:58.0453 1960 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
07:38:58.0453 1960 C:\WINDOWS\system32\drivers\ks.sys - ok
07:38:58.0453 1960 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
07:38:58.0453 1960 C:\WINDOWS\system32\drivers\redbook.sys - ok
07:38:58.0453 1960 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
07:38:58.0453 1960 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
07:38:58.0468 1960 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
07:38:58.0468 1960 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
07:38:58.0468 1960 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
07:38:58.0468 1960 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
07:38:58.0484 1960 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
07:38:58.0484 1960 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
07:38:58.0484 1960 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
07:38:58.0484 1960 C:\WINDOWS\system32\drivers\tdi.sys - ok
07:38:58.0500 1960 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
07:38:58.0500 1960 C:\WINDOWS\system32\drivers\raspptp.sys - ok
07:38:58.0500 1960 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
07:38:58.0500 1960 C:\WINDOWS\system32\drivers\msgpc.sys - ok
07:38:58.0500 1960 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
07:38:58.0500 1960 C:\WINDOWS\system32\drivers\psched.sys - ok
07:38:58.0515 1960 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
07:38:58.0515 1960 C:\WINDOWS\system32\drivers\ptilink.sys - ok
07:38:58.0515 1960 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
07:38:58.0515 1960 C:\WINDOWS\system32\drivers\raspti.sys - ok
07:38:58.0531 1960 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
07:38:58.0531 1960 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
07:38:58.0531 1960 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
07:38:58.0531 1960 C:\WINDOWS\system32\drivers\swenum.sys - ok
07:38:58.0531 1960 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
07:38:58.0531 1960 C:\WINDOWS\system32\drivers\termdd.sys - ok
07:38:58.0546 1960 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
07:38:58.0546 1960 C:\WINDOWS\system32\drivers\update.sys - ok
07:38:58.0546 1960 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
07:38:58.0546 1960 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
07:38:58.0562 1960 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
07:38:58.0562 1960 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
07:38:58.0562 1960 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
07:38:58.0562 1960 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
07:38:58.0578 1960 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
07:38:58.0578 1960 C:\WINDOWS\system32\drivers\drmk.sys - ok
07:38:58.0578 1960 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
07:38:58.0578 1960 C:\WINDOWS\system32\drivers\portcls.sys - ok
07:38:58.0593 1960 [ 2A6E9A118DA2DD0439551A7EB3A8F65E ] C:\WINDOWS\system32\drivers\CHDAud.sys
07:38:58.0593 1960 C:\WINDOWS\system32\drivers\CHDAud.sys - ok
07:38:58.0593 1960 [ 448C0FD272FE1B80046F4767DB21EB8D ] C:\WINDOWS\system32\drivers\HSFHWAZL.sys
07:38:58.0593 1960 C:\WINDOWS\system32\drivers\HSFHWAZL.sys - ok
07:38:58.0593 1960 [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
07:38:58.0593 1960 C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
07:38:58.0609 1960 [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
07:38:58.0609 1960 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
07:38:58.0609 1960 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
07:38:58.0609 1960 C:\WINDOWS\system32\drivers\modem.sys - ok
07:38:58.0625 1960 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
07:38:58.0625 1960 C:\WINDOWS\system32\drivers\usbhub.sys - ok
07:38:58.0625 1960 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
07:38:58.0625 1960 C:\WINDOWS\system32\drivers\fdc.sys - ok
07:38:58.0640 1960 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
07:38:58.0640 1960 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
07:38:58.0640 1960 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
07:38:58.0640 1960 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
07:38:58.0656 1960 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
07:38:58.0656 1960 C:\WINDOWS\system32\drivers\beep.sys - ok
07:38:58.0656 1960 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
07:38:58.0656 1960 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
07:38:58.0656 1960 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
07:38:58.0656 1960 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
07:38:58.0671 1960 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
07:38:58.0671 1960 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
07:38:58.0671 1960 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
07:38:58.0671 1960 C:\WINDOWS\system32\drivers\null.sys - ok
07:38:58.0687 1960 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
07:38:58.0687 1960 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
07:38:58.0687 1960 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
07:38:58.0687 1960 C:\WINDOWS\system32\drivers\vga.sys - ok
07:38:58.0703 1960 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
07:38:58.0703 1960 C:\WINDOWS\system32\drivers\msfs.sys - ok
07:38:58.0703 1960 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
07:38:58.0703 1960 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
07:38:58.0703 1960 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
07:38:58.0703 1960 C:\WINDOWS\system32\drivers\npfs.sys - ok
07:38:58.0718 1960 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
07:38:58.0718 1960 C:\WINDOWS\system32\drivers\ipsec.sys - ok
07:38:58.0718 1960 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
07:38:58.0718 1960 C:\WINDOWS\system32\drivers\rasacd.sys - ok
07:38:58.0734 1960 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
07:38:58.0734 1960 C:\WINDOWS\system32\drivers\tcpip.sys - ok
07:38:58.0734 1960 [ CCAFDA4AB7F3738142B3BA7DA311FFB0 ] C:\WINDOWS\system32\drivers\aswFW.sys
07:38:58.0734 1960 C:\WINDOWS\system32\drivers\aswFW.sys - ok
07:38:58.0750 1960 [ E3E73B2B73A4DFADFDDF557192C4B08A ] C:\WINDOWS\system32\drivers\aswTdi.sys
07:38:58.0750 1960 C:\WINDOWS\system32\drivers\aswTdi.sys - ok
07:38:58.0750 1960 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
07:38:58.0750 1960 C:\WINDOWS\system32\drivers\ipnat.sys - ok
07:38:58.0765 1960 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
07:38:58.0765 1960 C:\WINDOWS\system32\drivers\wanarp.sys - ok
07:38:58.0765 1960 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
07:38:58.0765 1960 C:\WINDOWS\system32\drivers\netbt.sys - ok
07:38:58.0765 1960 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
07:38:58.0765 1960 C:\WINDOWS\system32\drivers\arp1394.sys - ok
07:38:58.0781 1960 [ 7C9F0A2AB17D52261A9252A2EB320884 ] C:\WINDOWS\system32\drivers\aswRdr.sys
07:38:58.0781 1960 C:\WINDOWS\system32\drivers\aswRdr.sys - ok
07:38:58.0781 1960 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
07:38:58.0781 1960 C:\WINDOWS\system32\drivers\afd.sys - ok
07:38:58.0796 1960 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
07:38:58.0796 1960 C:\WINDOWS\system32\drivers\netbios.sys - ok
07:38:58.0796 1960 [ B5CB3084046146FD2587D8C9B219FEB4 ] C:\WINDOWS\system32\drivers\eabfiltr.sys
07:38:58.0796 1960 C:\WINDOWS\system32\drivers\eabfiltr.sys - ok
07:38:58.0812 1960 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
07:38:58.0812 1960 C:\WINDOWS\system32\drivers\rdbss.sys - ok
07:38:58.0812 1960 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
07:38:58.0812 1960 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
07:38:58.0812 1960 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
07:38:58.0812 1960 C:\WINDOWS\system32\drivers\fips.sys - ok
07:38:58.0828 1960 [ 67B558895695545FB0568B7541F3BCA7 ] C:\WINDOWS\system32\drivers\aswSP.sys
07:38:58.0828 1960 C:\WINDOWS\system32\drivers\aswSP.sys - ok
07:38:58.0828 1960 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] C:\WINDOWS\system32\drivers\aswSnx.sys
07:38:58.0828 1960 C:\WINDOWS\system32\drivers\aswSnx.sys - ok
07:38:58.0843 1960 [ 149A8F7ADF9742554DC323E290551E3E ] C:\WINDOWS\system32\drivers\aavmker4.sys
07:38:58.0843 1960 C:\WINDOWS\system32\drivers\aavmker4.sys - ok
07:38:58.0843 1960 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
07:38:58.0843 1960 C:\WINDOWS\system32\ntdll.dll - ok
07:38:58.0859 1960 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
07:38:58.0859 1960 C:\WINDOWS\system32\smss.exe - ok
07:38:58.0859 1960 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
07:38:58.0859 1960 C:\WINDOWS\system32\autochk.exe - ok
07:38:58.0859 1960 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
07:38:58.0859 1960 C:\WINDOWS\system32\drivers\fastfat.sys - ok
07:38:58.0875 1960 [ C3D217EFC029E7D056D090F475C0D035 ] C:\WINDOWS\system32\drivers\sncduvc.sys
07:38:58.0875 1960 C:\WINDOWS\system32\drivers\sncduvc.sys - ok
07:38:58.0875 1960 [ FAC7B89330E20713950925050C91CD04 ] C:\WINDOWS\system32\drivers\snp2uvc.sys
07:38:58.0875 1960 C:\WINDOWS\system32\drivers\snp2uvc.sys - ok
07:38:58.0890 1960 [ 3E5D89099DED9E86E5639F411693218F ] C:\WINDOWS\system32\drivers\stream.sys
07:38:58.0890 1960 C:\WINDOWS\system32\drivers\stream.sys - ok
07:38:58.0890 1960 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
07:38:58.0890 1960 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
07:38:58.0906 1960 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
07:38:58.0906 1960 C:\WINDOWS\system32\sfcfiles.dll - ok
07:38:58.0906 1960 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
07:38:58.0906 1960 C:\WINDOWS\system32\drivers\hidusb.sys - ok
07:38:58.0906 1960 [ E919708DB44ED8543A7C017953148330 ] C:\WINDOWS\system32\drivers\usbaudio.sys
07:38:58.0906 1960 C:\WINDOWS\system32\drivers\usbaudio.sys - ok
07:38:58.0921 1960 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
07:38:58.0921 1960 C:\WINDOWS\system32\drivers\mouhid.sys - ok
07:38:58.0921 1960 [ 309C4D86D989FB1FCF64BD30DC81C51B ] C:\WINDOWS\system32\drivers\iaStor.sys
07:38:58.0921 1960 C:\WINDOWS\system32\drivers\iaStor.sys - ok
07:38:58.0937 1960 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
07:38:58.0937 1960 C:\WINDOWS\system32\drivers\dxapi.sys - ok
07:38:58.0937 1960 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
07:38:58.0937 1960 C:\WINDOWS\system32\csrss.exe - ok
07:38:58.0953 1960 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
07:38:58.0953 1960 C:\WINDOWS\system32\watchdog.sys - ok
07:38:58.0953 1960 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
07:38:58.0953 1960 C:\WINDOWS\system32\win32k.sys - ok
07:38:58.0953 1960 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:38:58.0953 1960 C:\WINDOWS\system32\basesrv.dll - ok
07:38:58.0968 1960 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
07:38:58.0968 1960 C:\WINDOWS\system32\csrsrv.dll - ok
07:38:58.0968 1960 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
07:38:58.0968 1960 C:\WINDOWS\system32\gdi32.dll - ok
07:38:58.0984 1960 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:38:58.0984 1960 C:\WINDOWS\system32\winsrv.dll - ok
07:38:58.0984 1960 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
07:38:58.0984 1960 C:\WINDOWS\system32\kernel32.dll - ok
07:38:59.0000 1960 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
07:38:59.0000 1960 C:\WINDOWS\system32\user32.dll - ok
07:38:59.0000 1960 [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
07:38:59.0000 1960 C:\WINDOWS\system32\lpk.dll - ok
07:38:59.0000 1960 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
07:38:59.0000 1960 C:\WINDOWS\system32\usp10.dll - ok
07:38:59.0015 1960 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
07:38:59.0015 1960 C:\WINDOWS\system32\advapi32.dll - ok
07:38:59.0015 1960 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
07:38:59.0015 1960 C:\WINDOWS\system32\rpcrt4.dll - ok
07:38:59.0031 1960 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
07:38:59.0031 1960 C:\WINDOWS\system32\secur32.dll - ok
07:38:59.0031 1960 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
07:38:59.0031 1960 C:\WINDOWS\system32\drivers\dxg.sys - ok
07:38:59.0031 1960 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
07:38:59.0031 1960 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
07:38:59.0046 1960 [ 586519871167D5D3D41EF32E61E492BF ] C:\WINDOWS\system32\ialmdnt5.dll
07:38:59.0046 1960 C:\WINDOWS\system32\ialmdnt5.dll - ok
07:38:59.0046 1960 [ 6826E1E4D27C3E88777C9AD273A2FFB9 ] C:\WINDOWS\system32\ialmrnt5.dll
07:38:59.0046 1960 C:\WINDOWS\system32\ialmrnt5.dll - ok
07:38:59.0062 1960 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
07:38:59.0062 1960 C:\WINDOWS\system32\vga.dll - ok
07:38:59.0062 1960 [ A9846CC8B3DFEBEEEF4D73ED6476D984 ] C:\WINDOWS\system32\ialmdev5.dll
07:38:59.0062 1960 C:\WINDOWS\system32\ialmdev5.dll - ok
07:38:59.0062 1960 [ EDB09E9C4D9D83A178059392CCE49FEA ] C:\WINDOWS\system32\ialmdd5.dll
07:38:59.0062 1960 C:\WINDOWS\system32\ialmdd5.dll - ok
07:38:59.0078 1960 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
07:38:59.0078 1960 C:\WINDOWS\system32\winlogon.exe - ok
07:38:59.0078 1960 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
07:38:59.0078 1960 C:\WINDOWS\system32\authz.dll - ok
07:38:59.0093 1960 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
07:38:59.0093 1960 C:\WINDOWS\system32\msvcrt.dll - ok
07:38:59.0093 1960 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
07:38:59.0093 1960 C:\WINDOWS\system32\crypt32.dll - ok
07:38:59.0109 1960 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
07:38:59.0109 1960 C:\WINDOWS\system32\msasn1.dll - ok
07:38:59.0109 1960 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
07:38:59.0109 1960 C:\WINDOWS\system32\nddeapi.dll - ok
07:38:59.0109 1960 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
07:38:59.0109 1960 C:\WINDOWS\system32\netapi32.dll - ok
07:38:59.0125 1960 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
07:38:59.0125 1960 C:\WINDOWS\system32\profmap.dll - ok
07:38:59.0125 1960 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
07:38:59.0125 1960 C:\WINDOWS\system32\userenv.dll - ok
07:38:59.0140 1960 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
07:38:59.0140 1960 C:\WINDOWS\system32\psapi.dll - ok
07:38:59.0140 1960 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
07:38:59.0140 1960 C:\WINDOWS\system32\regapi.dll - ok
07:38:59.0156 1960 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
07:38:59.0156 1960 C:\WINDOWS\system32\setupapi.dll - ok
07:38:59.0156 1960 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
07:38:59.0156 1960 C:\WINDOWS\system32\version.dll - ok
07:38:59.0156 1960 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
07:38:59.0156 1960 C:\WINDOWS\system32\winsta.dll - ok
07:38:59.0171 1960 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
07:38:59.0171 1960 C:\WINDOWS\system32\imagehlp.dll - ok
07:38:59.0171 1960 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
07:38:59.0171 1960 C:\WINDOWS\system32\wintrust.dll - ok
07:38:59.0187 1960 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
07:38:59.0187 1960 C:\WINDOWS\system32\ws2_32.dll - ok
07:38:59.0187 1960 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
07:38:59.0187 1960 C:\WINDOWS\system32\imm32.dll - ok
07:38:59.0187 1960 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
07:38:59.0187 1960 C:\WINDOWS\system32\ws2help.dll - ok
07:38:59.0203 1960 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
07:38:59.0203 1960 C:\WINDOWS\system32\kbdus.dll - ok
07:38:59.0203 1960 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
07:38:59.0203 1960 C:\WINDOWS\system32\msgina.dll - ok
07:38:59.0218 1960 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
07:38:59.0218 1960 C:\WINDOWS\system32\comctl32.dll - ok
07:38:59.0218 1960 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
07:38:59.0218 1960 C:\WINDOWS\system32\odbc32.dll - ok
07:38:59.0234 1960 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
07:38:59.0234 1960 C:\WINDOWS\system32\comdlg32.dll - ok
07:38:59.0234 1960 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
07:38:59.0234 1960 C:\WINDOWS\system32\shell32.dll - ok
07:38:59.0234 1960 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
07:38:59.0234 1960 C:\WINDOWS\system32\shlwapi.dll - ok
07:38:59.0250 1960 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
07:38:59.0250 1960 C:\WINDOWS\system32\sxs.dll - ok
07:38:59.0250 1960 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
07:38:59.0250 1960 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
07:38:59.0265 1960 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
07:38:59.0265 1960 C:\WINDOWS\system32\odbcint.dll - ok
07:38:59.0265 1960 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
07:38:59.0265 1960 C:\WINDOWS\system32\shsvcs.dll - ok
07:38:59.0281 1960 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
07:38:59.0281 1960 C:\WINDOWS\system32\sfc.dll - ok
07:38:59.0281 1960 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
07:38:59.0281 1960 C:\WINDOWS\system32\ole32.dll - ok
07:38:59.0281 1960 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
07:38:59.0281 1960 C:\WINDOWS\system32\sfc_os.dll - ok
07:38:59.0296 1960 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
07:38:59.0296 1960 C:\WINDOWS\system32\apphelp.dll - ok
07:38:59.0296 1960 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
07:38:59.0296 1960 C:\WINDOWS\system32\lsass.exe - ok
07:38:59.0312 1960 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:38:59.0312 1960 C:\WINDOWS\system32\services.exe - ok
07:38:59.0312 1960 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
07:38:59.0312 1960 C:\WINDOWS\system32\lsasrv.dll - ok
07:38:59.0312 1960 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
07:38:59.0312 1960 C:\WINDOWS\system32\ncobjapi.dll - ok
07:38:59.0328 1960 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
07:38:59.0328 1960 C:\WINDOWS\system32\msvcp60.dll - ok
07:38:59.0328 1960 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
07:38:59.0328 1960 C:\WINDOWS\system32\scesrv.dll - ok
07:38:59.0343 1960 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
07:38:59.0343 1960 C:\WINDOWS\system32\mpr.dll - ok
07:38:59.0343 1960 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
07:38:59.0343 1960 C:\WINDOWS\system32\umpnpmgr.dll - ok
07:38:59.0359 1960 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
07:38:59.0359 1960 C:\WINDOWS\system32\ntdsapi.dll - ok
07:38:59.0359 1960 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
07:38:59.0359 1960 C:\WINDOWS\system32\dnsapi.dll - ok
07:38:59.0359 1960 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
07:38:59.0359 1960 C:\WINDOWS\system32\shimeng.dll - ok
07:38:59.0375 1960 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
07:38:59.0375 1960 C:\WINDOWS\AppPatch\acadproc.dll - ok
07:38:59.0375 1960 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
07:38:59.0375 1960 C:\WINDOWS\system32\wldap32.dll - ok
07:38:59.0390 1960 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
07:38:59.0390 1960 C:\WINDOWS\system32\samlib.dll - ok
07:38:59.0390 1960 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
07:38:59.0390 1960 C:\WINDOWS\system32\samsrv.dll - ok
07:38:59.0406 1960 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
07:38:59.0406 1960 C:\WINDOWS\system32\cryptdll.dll - ok
07:38:59.0406 1960 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
07:38:59.0406 1960 C:\WINDOWS\AppPatch\acgenral.dll - ok
07:38:59.0406 1960 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
07:38:59.0406 1960 C:\WINDOWS\system32\winmm.dll - ok
07:38:59.0421 1960 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
07:38:59.0421 1960 C:\WINDOWS\system32\oleaut32.dll - ok
07:38:59.0421 1960 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
07:38:59.0421 1960 C:\WINDOWS\system32\msacm32.dll - ok
07:38:59.0437 1960 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
07:38:59.0437 1960 C:\WINDOWS\system32\uxtheme.dll - ok
07:38:59.0437 1960 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
07:38:59.0437 1960 C:\WINDOWS\system32\msapsspc.dll - ok
07:38:59.0453 1960 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
07:38:59.0453 1960 C:\WINDOWS\system32\msvcrt40.dll - ok
07:38:59.0453 1960 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
07:38:59.0453 1960 C:\WINDOWS\system32\schannel.dll - ok
07:38:59.0453 1960 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
07:38:59.0453 1960 C:\WINDOWS\system32\digest.dll - ok
07:38:59.0468 1960 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
07:38:59.0468 1960 C:\WINDOWS\system32\msnsspc.dll - ok
07:38:59.0468 1960 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
07:38:59.0468 1960 C:\WINDOWS\system32\msctfime.ime - ok
07:38:59.0484 1960 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
07:38:59.0484 1960 C:\WINDOWS\system32\msprivs.dll - ok
07:38:59.0484 1960 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
07:38:59.0484 1960 C:\WINDOWS\system32\kerberos.dll - ok
07:38:59.0484 1960 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
07:38:59.0484 1960 C:\WINDOWS\system32\iphlpapi.dll - ok
07:38:59.0500 1960 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
07:38:59.0500 1960 C:\WINDOWS\system32\msv1_0.dll - ok
07:38:59.0500 1960 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
07:38:59.0500 1960 C:\WINDOWS\system32\atmfd.dll - ok
07:38:59.0515 1960 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
07:38:59.0515 1960 C:\WINDOWS\system32\netlogon.dll - ok
07:38:59.0515 1960 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
07:38:59.0515 1960 C:\WINDOWS\system32\w32time.dll - ok
07:38:59.0531 1960 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
07:38:59.0531 1960 C:\WINDOWS\system32\wdigest.dll - ok
07:38:59.0531 1960 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
07:38:59.0531 1960 C:\WINDOWS\system32\rsaenh.dll - ok
07:38:59.0531 1960 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
07:38:59.0531 1960 C:\WINDOWS\system32\winscard.dll - ok
07:38:59.0546 1960 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
07:38:59.0546 1960 C:\WINDOWS\system32\wtsapi32.dll - ok
07:38:59.0546 1960 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
07:38:59.0546 1960 C:\WINDOWS\system32\scecli.dll - ok
07:38:59.0562 1960 [ DE6ED95AEF259979B2830450072A627B ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
07:38:59.0562 1960 C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
07:38:59.0562 1960 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
07:38:59.0562 1960 C:\WINDOWS\system32\svchost.exe - ok
07:38:59.0562 1960 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
07:38:59.0562 1960 C:\WINDOWS\system32\ntmarta.dll - ok
07:38:59.0578 1960 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
07:38:59.0578 1960 C:\WINDOWS\system32\rpcss.dll - ok
07:38:59.0578 1960 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
07:38:59.0578 1960 C:\WINDOWS\system32\xpsp2res.dll - ok
07:38:59.0593 1960 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
07:38:59.0593 1960 C:\WINDOWS\system32\eventlog.dll - ok
07:38:59.0593 1960 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
07:38:59.0593 1960 C:\WINDOWS\system32\mswsock.dll - ok
07:38:59.0609 1960 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
07:38:59.0609 1960 C:\WINDOWS\system32\hnetcfg.dll - ok
07:38:59.0609 1960 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
07:38:59.0609 1960 C:\WINDOWS\system32\wshtcpip.dll - ok
07:38:59.0609 1960 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
07:38:59.0609 1960 C:\WINDOWS\system32\winrnr.dll - ok
07:38:59.0625 1960 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
07:38:59.0625 1960 C:\WINDOWS\system32\rasadhlp.dll - ok
07:38:59.0625 1960 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
07:38:59.0625 1960 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
07:38:59.0640 1960 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
07:38:59.0640 1960 C:\WINDOWS\system32\dhcpcsvc.dll - ok
07:38:59.0640 1960 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
07:38:59.0640 1960 C:\WINDOWS\system32\dnsrslvr.dll - ok
07:38:59.0656 1960 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
07:38:59.0656 1960 C:\WINDOWS\system32\lmhsvc.dll - ok
07:38:59.0656 1960 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
07:38:59.0656 1960 C:\WINDOWS\system32\wzcsvc.dll - ok
07:38:59.0656 1960 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
07:38:59.0656 1960 C:\WINDOWS\system32\rtutils.dll - ok
07:38:59.0671 1960 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
07:38:59.0671 1960 C:\WINDOWS\system32\atl.dll - ok
07:38:59.0671 1960 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
07:38:59.0671 1960 C:\WINDOWS\system32\eapolqec.dll - ok
07:38:59.0687 1960 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
07:38:59.0687 1960 C:\WINDOWS\system32\wmi.dll - ok
07:38:59.0687 1960 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
07:38:59.0687 1960 C:\WINDOWS\system32\dot3api.dll - ok
07:38:59.0687 1960 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
07:38:59.0687 1960 C:\WINDOWS\system32\qutil.dll - ok
07:38:59.0703 1960 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
07:38:59.0703 1960 C:\WINDOWS\system32\esent.dll - ok
07:38:59.0703 1960 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
07:38:59.0703 1960 C:\WINDOWS\system32\clbcatq.dll - ok
07:38:59.0718 1960 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
07:38:59.0718 1960 C:\WINDOWS\system32\comres.dll - ok
07:38:59.0718 1960 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
07:38:59.0718 1960 C:\WINDOWS\system32\rastls.dll - ok
07:38:59.0734 1960 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
07:38:59.0734 1960 C:\WINDOWS\system32\cryptui.dll - ok
07:38:59.0734 1960 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll
07:38:59.0734 1960 C:\WINDOWS\system32\wininet.dll - ok
07:38:59.0734 1960 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
07:38:59.0734 1960 C:\WINDOWS\system32\normaliz.dll - ok
07:38:59.0750 1960 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll
07:38:59.0750 1960 C:\WINDOWS\system32\urlmon.dll - ok
07:38:59.0750 1960 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll
07:38:59.0750 1960 C:\WINDOWS\system32\iertutil.dll - ok
07:38:59.0765 1960 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
07:38:59.0765 1960 C:\WINDOWS\system32\activeds.dll - ok
07:38:59.0765 1960 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
07:38:59.0765 1960 C:\WINDOWS\system32\mprapi.dll - ok
07:38:59.0765 1960 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
07:38:59.0765 1960 C:\WINDOWS\system32\adsldpc.dll - ok
07:38:59.0781 1960 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
07:38:59.0781 1960 C:\WINDOWS\system32\rasapi32.dll - ok
07:38:59.0781 1960 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
07:38:59.0781 1960 C:\WINDOWS\system32\rasman.dll - ok
07:38:59.0796 1960 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
07:38:59.0796 1960 C:\WINDOWS\system32\tapi32.dll - ok
07:38:59.0796 1960 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
07:38:59.0796 1960 C:\WINDOWS\system32\riched20.dll - ok
07:38:59.0796 1960 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
07:38:59.0796 1960 C:\WINDOWS\system32\mlang.dll - ok
07:38:59.0812 1960 [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
07:38:59.0812 1960 C:\WINDOWS\system32\xmlprovi.dll - ok
07:38:59.0812 1960 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
07:38:59.0812 1960 C:\WINDOWS\system32\wzcsapi.dll - ok
07:38:59.0828 1960 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
07:38:59.0828 1960 C:\WINDOWS\system32\raschap.dll - ok
07:38:59.0828 1960 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
07:38:59.0828 1960 C:\WINDOWS\system32\logonui.exe - ok
07:38:59.0843 1960 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
07:38:59.0843 1960 C:\WINDOWS\system32\cscdll.dll - ok
07:38:59.0843 1960 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
07:38:59.0843 1960 C:\WINDOWS\system32\dimsntfy.dll - ok
07:38:59.0843 1960 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
07:38:59.0843 1960 C:\WINDOWS\system32\wlnotify.dll - ok
07:38:59.0859 1960 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
07:38:59.0859 1960 C:\WINDOWS\system32\duser.dll - ok
07:38:59.0859 1960 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
07:38:59.0859 1960 C:\WINDOWS\system32\winspool.drv - ok
07:38:59.0875 1960 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
07:38:59.0875 1960 C:\WINDOWS\system32\msimg32.dll - ok
07:38:59.0875 1960 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
07:38:59.0875 1960 C:\WINDOWS\system32\oleacc.dll - ok
07:38:59.0890 1960 [ CF2ABD2AC91850BC2832078F4EEE95C2 ] C:\Program Files\AVAST Software\Avast\afwCore.dll
07:38:59.0890 1960 C:\Program Files\AVAST Software\Avast\afwCore.dll - ok
07:38:59.0890 1960 [ BC0E07A768A0A14C48E3CE1875F2C377 ] C:\Program Files\AVAST Software\Avast\afwServ.exe
07:38:59.0890 1960 C:\Program Files\AVAST Software\Avast\afwServ.exe - ok
07:38:59.0906 1960 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
07:38:59.0906 1960 C:\WINDOWS\system32\shgina.dll - ok
07:38:59.0906 1960 [ 6F367A9B88CFDD46F42C1D11E5CB7964 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
07:38:59.0906 1960 C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
07:38:59.0906 1960 [ C2434DEA392826C1687D9BD7FA4845BC ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
07:38:59.0906 1960 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
07:38:59.0921 1960 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
07:38:59.0921 1960 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
07:38:59.0937 1960 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
07:38:59.0937 1960 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
07:38:59.0937 1960 [ 55AFA63F5F2A6CED0C09E2AFE57ECA8D ] C:\Program Files\AVAST Software\Avast\ashBase.dll
07:38:59.0937 1960 C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
07:38:59.0953 1960 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
07:38:59.0953 1960 C:\WINDOWS\system32\wsock32.dll - ok
07:38:59.0953 1960 [ BABE99A18A382A5E2F99B48E0BC3E0D4 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
07:38:59.0953 1960 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
07:38:59.0968 1960 [ 178B51198B7B46CD3C5E744474459A63 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
07:38:59.0968 1960 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
07:38:59.0968 1960 [ C515CAEC6B3C6970007954C0250A124C ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
07:38:59.0968 1960 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
07:38:59.0968 1960 [ EB398DED91CFF2F425610EAA2CCF2A23 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
07:38:59.0968 1960 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
07:38:59.0984 1960 [ 16CE3ED063923253905341C9AF850FE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
07:38:59.0984 1960 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
07:38:59.0984 1960 [ 045EE3DC56B12B404DC07848D8597C66 ] C:\Program Files\AVAST Software\Avast\aswAux.dll
07:38:59.0984 1960 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
07:39:00.0000 1960 [ 12B9869E74F9E698F550F04F8989C591 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
07:39:00.0000 1960 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
07:39:00.0000 1960 [ D7B3DE60620D5ADA3D75428A845A0F67 ] C:\Program Files\AVAST Software\Avast\afwCoreServ.dll
07:39:00.0000 1960 C:\Program Files\AVAST Software\Avast\afwCoreServ.dll - ok
07:39:00.0015 1960 [ FCA9CC8611654B790DD6242BF862B7F5 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
07:39:00.0015 1960 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
07:39:00.0015 1960 [ F186897E0A3B9D0784041221D0265069 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
07:39:00.0015 1960 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
07:39:00.0031 1960 [ E491A3812A4AEE8C2A5FBD1265BBF701 ] C:\Program Files\AVAST Software\Avast\afwCoreClient.dll
07:39:00.0031 1960 C:\Program Files\AVAST Software\Avast\afwCoreClient.dll - ok
07:39:00.0031 1960 [ E959C3E026B7C0D0A3890F99B6274536 ] C:\Program Files\AVAST Software\Avast\afwRpc.dll
07:39:00.0031 1960 C:\Program Files\AVAST Software\Avast\afwRpc.dll - ok
07:39:00.0031 1960 [ 90C081738668AC4118B0F397159C7848 ] C:\Program Files\AVAST Software\Avast\afwGeoIP.dll
07:39:00.0031 1960 C:\Program Files\AVAST Software\Avast\afwGeoIP.dll - ok
07:39:00.0046 1960 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
07:39:00.0046 1960 C:\WINDOWS\system32\dbghelp.dll - ok
07:39:00.0046 1960 [ B316906B4A04DD39985350D29DE31068 ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
07:39:00.0046 1960 C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
07:39:00.0062 1960 [ 84F0BE324EE111338589F448C3E8BAB2 ] C:\WINDOWS\system32\drivers\aswmon2.sys
07:39:00.0062 1960 C:\WINDOWS\system32\drivers\aswmon2.sys - ok
07:39:00.0062 1960 [ 8FA553E9AE69808D99C164733A0F9590 ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:39:00.0062 1960 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
07:39:00.0062 1960 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
07:39:00.0062 1960 C:\WINDOWS\system32\cscui.dll - ok
07:39:00.0078 1960 [ 977C54291BFA6FEE7FF865630E51757B ] C:\Program Files\AVAST Software\Avast\ashServ.dll
07:39:00.0078 1960 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
07:39:00.0078 1960 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
07:39:00.0078 1960 C:\WINDOWS\system32\powrprof.dll - ok
07:39:00.0093 1960 [ 4FF19AC422B7709D786DE58B385C9647 ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
07:39:00.0093 1960 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
07:39:00.0093 1960 [ 902F670F58193A2BC30AA342B11B2C7B ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
07:39:00.0093 1960 C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
07:39:00.0109 1960 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
07:39:00.0109 1960 C:\WINDOWS\system32\dpcdll.dll - ok
07:39:00.0109 1960 [ 264B5D8F4C70A26749FF2CEDDE06BA30 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
07:39:00.0109 1960 C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
07:39:00.0109 1960 [ 273FD83FC8C4E12F8C55381674F92A44 ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
07:39:00.0109 1960 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
07:39:00.0125 1960 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
07:39:00.0125 1960 C:\WINDOWS\system32\schedsvc.dll - ok
07:39:00.0125 1960 [ C03EF3D3670336173D88652C0DB53D08 ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswEngin.dll
07:39:00.0125 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswEngin.dll - ok
07:39:00.0140 1960 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
07:39:00.0140 1960 C:\WINDOWS\system32\msidle.dll - ok
07:39:00.0140 1960 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
07:39:00.0140 1960 C:\WINDOWS\system32\spoolsv.exe - ok
07:39:00.0156 1960 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
07:39:00.0156 1960 C:\WINDOWS\system32\userinit.exe - ok
07:39:00.0156 1960 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
07:39:00.0156 1960 C:\WINDOWS\explorer.exe - ok
07:39:00.0156 1960 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
07:39:00.0156 1960 C:\WINDOWS\system32\audiosrv.dll - ok
07:39:00.0171 1960 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
07:39:00.0171 1960 C:\WINDOWS\system32\wkssvc.dll - ok
07:39:00.0171 1960 [ E895E417F04339B583A90A1959054BEA ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswCmnOS.dll
07:39:00.0171 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswCmnOS.dll - ok
07:39:00.0187 1960 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
07:39:00.0187 1960 C:\WINDOWS\system32\browseui.dll - ok
07:39:00.0187 1960 [ 3AE814769FD59498E9AF30A1B86417DF ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswCmnIS.dll
07:39:00.0187 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswCmnIS.dll - ok
07:39:00.0203 1960 [ BBC1BF4FEE6C7558CD54CF5F5AF17D00 ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswCmnBS.dll
07:39:00.0203 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswCmnBS.dll - ok
07:39:00.0203 1960 [ C3D4295E1A00A814200B58410FE9E2C0 ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswScan.dll
07:39:00.0203 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswScan.dll - ok
07:39:00.0218 1960 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
07:39:00.0218 1960 C:\WINDOWS\system32\shdocvw.dll - ok
07:39:00.0218 1960 [ FAD306DD70634B3168CB025C8432CE7E ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswRep.dll
07:39:00.0218 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswRep.dll - ok
07:39:00.0234 1960 [ C1F048B33A1BD8F5B05AF76469252F55 ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswFiDb.dll
07:39:00.0234 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswFiDb.dll - ok
07:39:00.0234 1960 [ 104F3DDC5D66B7008A136DFC1FEE58FD ] C:\Program Files\AVAST Software\Avast\defs\13011800\algo.dll
07:39:00.0234 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\algo.dll - ok
07:39:00.0234 1960 [ 4D153BDE01AA3FD33414199052051549 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
07:39:00.0234 1960 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
07:39:00.0250 1960 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
07:39:00.0250 1960 C:\WINDOWS\system32\msi.dll - ok
07:39:00.0250 1960 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
07:39:00.0250 1960 C:\WINDOWS\system32\wdmaud.drv - ok
07:39:00.0265 1960 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
07:39:00.0265 1960 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
07:39:00.0265 1960 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
07:39:00.0265 1960 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
07:39:00.0281 1960 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
07:39:00.0281 1960 C:\WINDOWS\system32\drivers\splitter.sys - ok
07:39:00.0281 1960 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
07:39:00.0281 1960 C:\WINDOWS\system32\drivers\aec.sys - ok
07:39:00.0281 1960 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
07:39:00.0281 1960 C:\WINDOWS\system32\drivers\swmidi.sys - ok
07:39:00.0296 1960 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
07:39:00.0296 1960 C:\WINDOWS\system32\drivers\dmusic.sys - ok
07:39:00.0296 1960 [ 0E857482F01A5155C96243D15CADB828 ] C:\Program Files\AVAST Software\Avast\defs\13011800\fwAux.dll
07:39:00.0296 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\fwAux.dll - ok
07:39:00.0312 1960 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
07:39:00.0312 1960 C:\WINDOWS\system32\drivers\kmixer.sys - ok
07:39:00.0312 1960 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
07:39:00.0312 1960 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
07:39:00.0328 1960 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
07:39:00.0328 1960 C:\WINDOWS\system32\msacm32.drv - ok
07:39:00.0328 1960 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
07:39:00.0328 1960 C:\WINDOWS\system32\midimap.dll - ok
07:39:00.0328 1960 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
07:39:00.0328 1960 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
07:39:00.0343 1960 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
07:39:00.0343 1960 C:\WINDOWS\system32\webclnt.dll - ok
07:39:00.0343 1960 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
07:39:00.0343 1960 C:\WINDOWS\system32\cryptsvc.dll - ok
07:39:00.0359 1960 [ D039A0C347632622934906BD59A4E1EA ] C:\WINDOWS\ehome\ehrecvr.exe
07:39:00.0359 1960 C:\WINDOWS\ehome\ehrecvr.exe - ok
07:39:00.0359 1960 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
07:39:00.0359 1960 C:\WINDOWS\system32\certcli.dll - ok
07:39:00.0375 1960 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
07:39:00.0375 1960 C:\WINDOWS\system32\dmserver.dll - ok
07:39:00.0375 1960 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
07:39:00.0375 1960 C:\WINDOWS\system32\faultrep.dll - ok
07:39:00.0375 1960 [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll
07:39:00.0375 1960 C:\WINDOWS\ehome\ehTrace.dll - ok
07:39:00.0390 1960 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
07:39:00.0390 1960 C:\WINDOWS\system32\desk.cpl - ok
07:39:00.0390 1960 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
07:39:00.0390 1960 C:\WINDOWS\system32\themeui.dll - ok
07:39:00.0406 1960 [ A53243709439AC2A4C216B817F8D7411 ] C:\WINDOWS\ehome\ehSched.exe
07:39:00.0406 1960 C:\WINDOWS\ehome\ehSched.exe - ok
07:39:00.0406 1960 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
07:39:00.0406 1960 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
07:39:00.0406 1960 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
07:39:00.0406 1960 C:\WINDOWS\system32\ersvc.dll - ok
07:39:00.0421 1960 [ 00C3A0D4C8246A9785D4AEC3A1FA5B9C ] C:\WINDOWS\ehome\ehrec.exe
07:39:00.0421 1960 C:\WINDOWS\ehome\ehrec.exe - ok
07:39:00.0421 1960 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
07:39:00.0421 1960 C:\WINDOWS\system32\es.dll - ok
07:39:00.0437 1960 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
07:39:00.0437 1960 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
07:39:00.0437 1960 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
07:39:00.0437 1960 C:\WINDOWS\system32\mscoree.dll - ok
07:39:00.0453 1960 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
07:39:00.0453 1960 C:\WINDOWS\system32\actxprxy.dll - ok
07:39:00.0453 1960 [ 9B353015DD900C10093CBD15B2822D79 ] C:\WINDOWS\system32\sbe.dll
07:39:00.0453 1960 C:\WINDOWS\system32\sbe.dll - ok
07:39:00.0453 1960 [ 7F19838AC317C34FCED020BE529AF71E ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
07:39:00.0453 1960 C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
07:39:00.0468 1960 [ 1CFF6DC8F60BBE0AADC1AD15DFAD162A ] C:\WINDOWS\system32\msvidctl.dll
07:39:00.0468 1960 C:\WINDOWS\system32\msvidctl.dll - ok
07:39:00.0468 1960 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
07:39:00.0468 1960 C:\WINDOWS\system32\cmd.exe - ok
07:39:00.0484 1960 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
07:39:00.0484 1960 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
07:39:00.0484 1960 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
07:39:00.0484 1960 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
07:39:00.0500 1960 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
07:39:00.0500 1960 C:\WINDOWS\system32\mstask.dll - ok
07:39:00.0500 1960 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
07:39:00.0500 1960 C:\WINDOWS\system32\drivers\http.sys - ok
07:39:00.0515 1960 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
07:39:00.0515 1960 C:\WINDOWS\system32\hidserv.dll - ok
07:39:00.0515 1960 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
07:39:00.0515 1960 C:\WINDOWS\system32\hid.dll - ok
07:39:00.0515 1960 [ 7FBFEEE245821925129C9F86470BF33C ] C:\Program Files\Java\jre7\bin\jqs.exe
07:39:00.0515 1960 C:\Program Files\Java\jre7\bin\jqs.exe - ok
07:39:00.0531 1960 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
07:39:00.0531 1960 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
07:39:00.0531 1960 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll
07:39:00.0531 1960 C:\WINDOWS\system32\ieframe.dll - ok
07:39:00.0531 1960 [ 34FFB6ABA2DA398BB33422E1E9275BA9 ] C:\WINDOWS\system32\quartz.dll
07:39:00.0531 1960 C:\WINDOWS\system32\quartz.dll - ok
07:39:00.0546 1960 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
07:39:00.0546 1960 C:\WINDOWS\system32\pdh.dll - ok
07:39:00.0546 1960 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
07:39:00.0546 1960 C:\WINDOWS\system32\odbcbcp.dll - ok
07:39:00.0562 1960 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
07:39:00.0562 1960 C:\WINDOWS\system32\srvsvc.dll - ok
07:39:00.0562 1960 [ 84437DADFFF2ED615DED779CBD16A67E ] C:\Program Files\Common Files\LightScribe\LSLog.dll
07:39:00.0562 1960 C:\Program Files\Common Files\LightScribe\LSLog.dll - ok
07:39:00.0578 1960 [ D65010DB6686F85B31BFA3B0DDD9F5DD ] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
07:39:00.0578 1960 C:\Program Files\Common Files\LightScribe\LSSProxy.dll - ok
07:39:00.0578 1960 [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:39:00.0578 1960 C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
07:39:00.0578 1960 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
07:39:00.0578 1960 C:\WINDOWS\system32\netmsg.dll - ok
07:39:00.0593 1960 [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
07:39:00.0593 1960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
07:39:00.0609 1960 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
07:39:00.0609 1960 C:\WINDOWS\system32\drivers\srv.sys - ok
07:39:00.0609 1960 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
07:39:00.0609 1960 C:\WINDOWS\system32\perfos.dll - ok
07:39:00.0609 1960 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
07:39:00.0609 1960 C:\WINDOWS\system32\perfdisk.dll - ok
07:39:00.0625 1960 [ E1F3AB2CC3521E68F242FB4D60C52AE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
07:39:00.0625 1960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll - ok
07:39:00.0640 1960 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
07:39:00.0640 1960 C:\WINDOWS\system32\devenum.dll - ok
07:39:00.0640 1960 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
07:39:00.0640 1960 C:\WINDOWS\system32\msdmo.dll - ok
07:39:00.0640 1960 [ 0F0F5B564C5A3C9B38A6220230252567 ] C:\WINDOWS\ehome\ehProxy.dll
07:39:00.0640 1960 C:\WINDOWS\ehome\ehProxy.dll - ok
07:39:00.0656 1960 [ 74F4372AF97A587ECEC527EC34955712 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
07:39:00.0656 1960 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
07:39:00.0656 1960 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] C:\WINDOWS\system32\drivers\mqac.sys
07:39:00.0656 1960 C:\WINDOWS\system32\drivers\mqac.sys - ok
07:39:00.0671 1960 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] C:\WINDOWS\system32\msdtc.exe
07:39:00.0671 1960 C:\WINDOWS\system32\msdtc.exe - ok
07:39:00.0671 1960 [ 31E6A08C6DFB167E15F53B12E57F3F52 ] C:\WINDOWS\system32\msdtctm.dll
07:39:00.0671 1960 C:\WINDOWS\system32\msdtctm.dll - ok
07:39:00.0687 1960 [ F0D371D357790601C4A03B25F6AD09F8 ] C:\WINDOWS\system32\msdtclog.dll
07:39:00.0687 1960 C:\WINDOWS\system32\msdtclog.dll - ok
07:39:00.0687 1960 [ 92E1A82CA4B048D1D970CBEA1A097F6E ] C:\WINDOWS\system32\msdtcprx.dll
07:39:00.0687 1960 C:\WINDOWS\system32\msdtcprx.dll - ok
07:39:00.0687 1960 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
07:39:00.0687 1960 C:\WINDOWS\system32\mtxclu.dll - ok
07:39:00.0703 1960 [ AE3470D2BF8F16FD93FA54167B87172D ] C:\WINDOWS\system32\xolehlp.dll
07:39:00.0703 1960 C:\WINDOWS\system32\xolehlp.dll - ok
07:39:00.0703 1960 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
07:39:00.0703 1960 C:\WINDOWS\system32\clusapi.dll - ok
07:39:00.0718 1960 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
07:39:00.0718 1960 C:\WINDOWS\system32\resutils.dll - ok
07:39:00.0718 1960 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
07:39:00.0718 1960 C:\WINDOWS\system32\netman.dll - ok
07:39:00.0718 1960 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
07:39:00.0718 1960 C:\WINDOWS\system32\netshell.dll - ok
07:39:00.0734 1960 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
07:39:00.0734 1960 C:\WINDOWS\system32\credui.dll - ok
07:39:00.0734 1960 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
07:39:00.0734 1960 C:\WINDOWS\system32\dot3dlg.dll - ok
07:39:00.0750 1960 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
07:39:00.0750 1960 C:\WINDOWS\system32\ipsecsvc.dll - ok
07:39:00.0750 1960 [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
07:39:00.0750 1960 C:\WINDOWS\system32\mtxoci.dll - ok
07:39:00.0765 1960 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
07:39:00.0765 1960 C:\WINDOWS\system32\onex.dll - ok
07:39:00.0765 1960 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
07:39:00.0765 1960 C:\WINDOWS\system32\eappcfg.dll - ok
07:39:00.0765 1960 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
07:39:00.0765 1960 C:\WINDOWS\system32\oakley.dll - ok
07:39:00.0781 1960 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
07:39:00.0781 1960 C:\WINDOWS\system32\regsvc.dll - ok
07:39:00.0781 1960 [ 96F7A9A7BF0C9C0440A967440065D33C ] C:\WINDOWS\system32\drivers\rmcast.sys
07:39:00.0781 1960 C:\WINDOWS\system32\drivers\rmcast.sys - ok
07:39:00.0796 1960 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
07:39:00.0796 1960 C:\WINDOWS\system32\eappprxy.dll - ok
07:39:00.0796 1960 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
07:39:00.0796 1960 C:\WINDOWS\system32\winipsec.dll - ok
07:39:00.0796 1960 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
07:39:00.0796 1960 C:\WINDOWS\system32\sens.dll - ok
07:39:00.0812 1960 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
07:39:00.0812 1960 C:\WINDOWS\system32\pstorsvc.dll - ok
07:39:00.0812 1960 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
07:39:00.0812 1960 C:\WINDOWS\system32\seclogon.dll - ok
07:39:00.0828 1960 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
07:39:00.0828 1960 C:\WINDOWS\system32\psbase.dll - ok
07:39:00.0828 1960 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] C:\Program Files\Skype\Updater\Updater.exe
07:39:00.0828 1960 C:\Program Files\Skype\Updater\Updater.exe - ok
07:39:00.0843 1960 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
07:39:00.0843 1960 C:\WINDOWS\system32\dssenh.dll - ok
07:39:00.0843 1960 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
07:39:00.0843 1960 C:\WINDOWS\system32\srsvc.dll - ok
07:39:00.0843 1960 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
07:39:00.0843 1960 C:\WINDOWS\system32\ssdpsrv.dll - ok
07:39:00.0859 1960 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
07:39:00.0859 1960 C:\WINDOWS\system32\trkwks.dll - ok
07:39:00.0859 1960 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
07:39:00.0859 1960 C:\WINDOWS\system32\wiaservc.dll - ok
07:39:00.0875 1960 [ F3CE8E0DEF03D3F614376A1B7669CFDC ] C:\WINDOWS\system32\mqqm.dll
07:39:00.0875 1960 C:\WINDOWS\system32\mqqm.dll - ok
07:39:00.0875 1960 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] C:\WINDOWS\system32\mqsvc.exe
07:39:00.0875 1960 C:\WINDOWS\system32\mqsvc.exe - ok
07:39:00.0875 1960 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
07:39:00.0875 1960 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
07:39:00.0890 1960 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
07:39:00.0890 1960 C:\WINDOWS\system32\vssapi.dll - ok
07:39:00.0890 1960 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
07:39:00.0890 1960 C:\WINDOWS\system32\cfgmgr32.dll - ok
07:39:00.0906 1960 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
07:39:00.0906 1960 C:\WINDOWS\system32\mscms.dll - ok
07:39:00.0906 1960 [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
07:39:00.0906 1960 C:\WINDOWS\system32\wiavusd.dll - ok
07:39:00.0921 1960 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
07:39:00.0921 1960 C:\WINDOWS\system32\wuauserv.dll - ok
07:39:00.0921 1960 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.2 2791_x-ww_c8dff154\GdiPlus.dll
07:39:00.0921 1960 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.2 2791_x-ww_c8dff154\GdiPlus.dll - ok
07:39:00.0937 1960 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
07:39:00.0937 1960 C:\WINDOWS\system32\wuaueng.dll - ok
07:39:00.0937 1960 [ C443CA4650FFA91CB39B35E80EC493F2 ] C:\WINDOWS\system32\mqutil.dll
07:39:00.0937 1960 C:\WINDOWS\system32\mqutil.dll - ok
07:39:00.0937 1960 [ B26A94881EE8B490D9A8A82EC4D53003 ] C:\WINDOWS\system32\mqsec.dll
07:39:00.0937 1960 C:\WINDOWS\system32\mqsec.dll - ok
07:39:00.0953 1960 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
07:39:00.0953 1960 C:\WINDOWS\system32\security.dll - ok
07:39:00.0953 1960 [ B37D6067174291AA8EADE3F94A03CBFF ] C:\WINDOWS\system32\mqlogmgr.dll
07:39:00.0953 1960 C:\WINDOWS\system32\mqlogmgr.dll - ok
07:39:00.0968 1960 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
07:39:00.0968 1960 C:\WINDOWS\system32\shfolder.dll - ok
07:39:00.0968 1960 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
07:39:00.0968 1960 C:\WINDOWS\system32\winhttp.dll - ok
07:39:00.0984 1960 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
07:39:00.0984 1960 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe - ok
07:39:00.0984 1960 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
07:39:00.0984 1960 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
07:39:00.0984 1960 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
07:39:00.0984 1960 C:\WINDOWS\system32\cabinet.dll - ok
07:39:01.0000 1960 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
07:39:01.0000 1960 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
07:39:01.0000 1960 [ DF0A511F38F16016BF658FCA0090CB87 ] C:\WINDOWS\ehome\mcrdsvc.exe
07:39:01.0000 1960 C:\WINDOWS\ehome\mcrdsvc.exe - ok
07:39:01.0015 1960 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
07:39:01.0015 1960 C:\WINDOWS\system32\mspatcha.dll - ok
07:39:01.0015 1960 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
07:39:01.0015 1960 C:\WINDOWS\system32\browser.dll - ok
07:39:01.0031 1960 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
07:39:01.0031 1960 C:\WINDOWS\system32\ssdpapi.dll - ok
07:39:01.0031 1960 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
07:39:01.0031 1960 C:\WINDOWS\system32\wscsvc.dll - ok
07:39:01.0031 1960 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
07:39:01.0031 1960 C:\WINDOWS\system32\ipnathlp.dll - ok
07:39:01.0046 1960 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
07:39:01.0046 1960 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
07:39:01.0046 1960 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
07:39:01.0046 1960 C:\WINDOWS\system32\wbem\esscli.dll - ok
07:39:01.0062 1960 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
07:39:01.0062 1960 C:\WINDOWS\system32\wbem\fastprox.dll - ok
07:39:01.0062 1960 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
07:39:01.0062 1960 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
07:39:01.0062 1960 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
07:39:01.0062 1960 C:\WINDOWS\system32\wups.dll - ok
07:39:01.0078 1960 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
07:39:01.0078 1960 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
07:39:01.0078 1960 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
07:39:01.0078 1960 C:\WINDOWS\system32\comsvcs.dll - ok
07:39:01.0093 1960 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
07:39:01.0093 1960 C:\WINDOWS\system32\cryptnet.dll - ok
07:39:01.0093 1960 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
07:39:01.0093 1960 C:\WINDOWS\system32\sensapi.dll - ok
07:39:01.0109 1960 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
07:39:01.0109 1960 C:\WINDOWS\system32\colbact.dll - ok
07:39:01.0109 1960 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
07:39:01.0109 1960 C:\WINDOWS\system32\wups2.dll - ok
07:39:01.0109 1960 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
07:39:01.0109 1960 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
07:39:01.0125 1960 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
07:39:01.0125 1960 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
07:39:01.0125 1960 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
07:39:01.0125 1960 C:\WINDOWS\system32\wbem\wbemess.dll - ok
07:39:01.0140 1960 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] C:\WINDOWS\system32\mqtgsvc.exe
07:39:01.0140 1960 C:\WINDOWS\system32\mqtgsvc.exe - ok
07:39:01.0140 1960 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
07:39:01.0140 1960 C:\WINDOWS\system32\wuauclt.exe - ok
07:39:01.0156 1960 [ FA1F037FE1B6303217BF5A07E8EAD236 ] C:\WINDOWS\system32\mqrt.dll
07:39:01.0156 1960 C:\WINDOWS\system32\mqrt.dll - ok
07:39:01.0156 1960 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
07:39:01.0156 1960 C:\WINDOWS\system32\wuapi.dll - ok
07:39:01.0156 1960 [ EB7C7FE8846524A5FE82D0A35341AFA8 ] C:\WINDOWS\system32\mqtrig.dll
07:39:01.0156 1960 C:\WINDOWS\system32\mqtrig.dll - ok
07:39:01.0171 1960 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
07:39:01.0171 1960 C:\WINDOWS\system32\wbem\ncprov.dll - ok
07:39:01.0171 1960 [ D025E95247353BA8ADB53CFF3A4E5BBB ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
07:39:01.0171 1960 C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
07:39:01.0187 1960 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
07:39:01.0187 1960 C:\WINDOWS\system32\spoolss.dll - ok
07:39:01.0187 1960 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
07:39:01.0187 1960 C:\WINDOWS\system32\localspl.dll - ok
07:39:01.0203 1960 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
07:39:01.0203 1960 C:\WINDOWS\system32\cnbjmon.dll - ok
07:39:01.0203 1960 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
07:39:01.0203 1960 C:\WINDOWS\system32\mdimon.dll - ok
07:39:01.0203 1960 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
07:39:01.0203 1960 C:\WINDOWS\system32\pjlmon.dll - ok
07:39:01.0218 1960 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
07:39:01.0218 1960 C:\WINDOWS\system32\tcpmon.dll - ok
07:39:01.0218 1960 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
07:39:01.0218 1960 C:\WINDOWS\system32\usbmon.dll - ok
07:39:01.0234 1960 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
07:39:01.0234 1960 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
07:39:01.0234 1960 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
07:39:01.0234 1960 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
07:39:01.0250 1960 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
07:39:01.0250 1960 C:\WINDOWS\system32\win32spl.dll - ok
07:39:01.0250 1960 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
07:39:01.0250 1960 C:\WINDOWS\system32\netrap.dll - ok
07:39:01.0250 1960 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
07:39:01.0250 1960 C:\WINDOWS\system32\inetpp.dll - ok
07:39:01.0265 1960 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
07:39:01.0265 1960 C:\WINDOWS\system32\fltlib.dll - ok
07:39:01.0265 1960 [ 9C09AF87AC7351985AB5FFBA3FC52575 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
07:39:01.0265 1960 C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
07:39:01.0281 1960 [ E844C96552989FA1ECA95778583A904C ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
07:39:01.0281 1960 C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
07:39:01.0281 1960 [ 17F5861A03516864A5F4CC04C7324278 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
07:39:01.0281 1960 C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
07:39:01.0281 1960 [ 8BEC10C53E927CD5E442FE332804F1AC ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
07:39:01.0281 1960 C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
07:39:01.0296 1960 [ 9B2F20ECF609EDF54FEC43E792028261 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
07:39:01.0296 1960 C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
07:39:01.0296 1960 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
07:39:01.0296 1960 C:\WINDOWS\system32\termsrv.dll - ok
07:39:01.0312 1960 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
07:39:01.0312 1960 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
07:39:01.0312 1960 [ 857661F2E5A677CFB6D3B2CF6E428227 ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
07:39:01.0312 1960 C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
07:39:01.0328 1960 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
07:39:01.0328 1960 C:\WINDOWS\system32\icaapi.dll - ok
07:39:01.0328 1960 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
07:39:01.0328 1960 C:\WINDOWS\system32\mstlsapi.dll - ok
07:39:01.0343 1960 [ 4187264E696698CE1FB7081EDDF9A6F2 ] C:\Program Files\AVAST Software\Avast\AhResSPM.dll
07:39:01.0343 1960 C:\Program Files\AVAST Software\Avast\AhResSPM.dll - ok
07:39:01.0343 1960 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
07:39:01.0343 1960 C:\WINDOWS\system32\tapisrv.dll - ok
07:39:01.0343 1960 [ 2466ED58B8EFB3320BCA73ACF8179D24 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
07:39:01.0343 1960 C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
07:39:01.0359 1960 [ 5D9550E02D981B92B133E5F8F7BDF8D2 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
07:39:01.0359 1960 C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
07:39:01.0359 1960 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
07:39:01.0359 1960 C:\WINDOWS\system32\rasmans.dll - ok
07:39:01.0375 1960 [ EFC03638BF395CE1903FE6414296D95D ] C:\Program Files\AVAST Software\Avast\defs\13011800\ArPot.dll
07:39:01.0375 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\ArPot.dll - ok
07:39:01.0375 1960 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
07:39:01.0375 1960 C:\WINDOWS\system32\netcfgx.dll - ok
07:39:01.0390 1960 [ 1ABFFB6ABE8B70EDA4206F0F3D3D72F4 ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
07:39:01.0390 1960 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok
07:39:01.0390 1960 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
07:39:01.0390 1960 C:\WINDOWS\system32\rastapi.dll - ok
07:39:01.0390 1960 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
07:39:01.0390 1960 C:\WINDOWS\system32\unimdm.tsp - ok
07:39:01.0406 1960 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
07:39:01.0406 1960 C:\WINDOWS\system32\uniplat.dll - ok
07:39:01.0406 1960 [ 6CF93FC44E346AE4D117C7A1F340BE2F ] C:\Program Files\AVAST Software\Avast\defs\13011800\exts.dll
07:39:01.0406 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\exts.dll - ok
07:39:01.0421 1960 [ D79D3EABD4730970770EFA530D094E0F ] C:\Program Files\AVAST Software\Avast\snxhk.dll
07:39:01.0421 1960 C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
07:39:01.0421 1960 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
07:39:01.0421 1960 C:\WINDOWS\system32\alg.exe - ok
07:39:01.0437 1960 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
07:39:01.0437 1960 C:\WINDOWS\system32\unimdmat.dll - ok
07:39:01.0437 1960 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
07:39:01.0437 1960 C:\WINDOWS\system32\modemui.dll - ok
07:39:01.0453 1960 [ 39EADCAA61372C038BCFED96DF5323DA ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
07:39:01.0453 1960 C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
07:39:01.0453 1960 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
07:39:01.0453 1960 C:\WINDOWS\system32\kmddsp.tsp - ok
07:39:01.0453 1960 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
07:39:01.0453 1960 C:\WINDOWS\system32\ndptsp.tsp - ok
07:39:01.0468 1960 [ 96386E75BCFED6F339BE01359D6CBFAF ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
07:39:01.0468 1960 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
07:39:01.0468 1960 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
07:39:01.0468 1960 C:\WINDOWS\system32\ipconf.tsp - ok
07:39:01.0484 1960 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
07:39:01.0484 1960 C:\WINDOWS\system32\h323.tsp - ok
07:39:01.0484 1960 [ 2604B56B92A344B7ED66BEF4AFE8AD3A ] C:\Program Files\AVAST Software\Avast\aswSpam.dll
07:39:01.0484 1960 C:\Program Files\AVAST Software\Avast\aswSpam.dll - ok
07:39:01.0484 1960 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
07:39:01.0484 1960 C:\WINDOWS\system32\hidphone.tsp - ok
07:39:01.0500 1960 [ C363295621BF0CD8C2E05D62DBBE1A8C ] C:\Program Files\AVAST Software\Avast\winspamcatcher.dll
07:39:01.0500 1960 C:\Program Files\AVAST Software\Avast\winspamcatcher.dll - ok
07:39:01.0500 1960 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
07:39:01.0500 1960 C:\WINDOWS\system32\rasppp.dll - ok
07:39:01.0515 1960 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
07:39:01.0515 1960 C:\WINDOWS\system32\ntlsapi.dll - ok
07:39:01.0515 1960 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
07:39:01.0515 1960 C:\WINDOWS\system32\rasqec.dll - ok
07:39:01.0531 1960 [ 1683774D357D5CFFCDC871493E19F58F ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswAR.dll
07:39:01.0531 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswAR.dll - ok
07:39:01.0531 1960 [ BFBFAFFC60EBB5754F37868CAA876BF1 ] C:\Program Files\AVAST Software\Avast\defs\13011800\aswRawFS.dll
07:39:01.0531 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\aswRawFS.dll - ok
07:39:01.0546 1960 [ 893F8E81D1117C48CB9D6E9E5F64BAB1 ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
07:39:01.0546 1960 C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
07:39:01.0546 1960 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
07:39:01.0546 1960 C:\WINDOWS\system32\oledlg.dll - ok
07:39:01.0546 1960 [ BAE0C0BCFCABB119E936AA886E910ADE ] C:\Program Files\Java\jre7\bin\awt.dll
07:39:01.0546 1960 C:\Program Files\Java\jre7\bin\awt.dll - ok
07:39:01.0562 1960 [ C5D682E5BD418C4D2B4D4A46662C396A ] C:\Program Files\Java\jre7\bin\client\jvm.dll
07:39:01.0562 1960 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
07:39:01.0562 1960 [ 1B70925D72DC625765707B225288BFB1 ] C:\Program Files\Java\jre7\bin\dcpr.dll
07:39:01.0562 1960 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
07:39:01.0578 1960 [ EB9497707719FD325D0763FFC68CB1AF ] C:\Program Files\Java\jre7\bin\deploy.dll
07:39:01.0578 1960 C:\Program Files\Java\jre7\bin\deploy.dll - ok
07:39:01.0578 1960 [ 9BC2AC9C04E36270840E25DB746BD843 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
07:39:01.0578 1960 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
07:39:01.0593 1960 [ 62D7278B4D9B32459A715C4052AAC743 ] C:\Program Files\Java\jre7\bin\java.dll
07:39:01.0593 1960 C:\Program Files\Java\jre7\bin\java.dll - ok
07:39:01.0593 1960 [ 94FFE355A61070D2B4B83D05F1BE4FEB ] C:\Program Files\Java\jre7\bin\javaw.exe
07:39:01.0593 1960 C:\Program Files\Java\jre7\bin\javaw.exe - ok
07:39:01.0609 1960 [ 03C149B9606E302AC52CE21C14734168 ] C:\Program Files\Java\jre7\bin\jp2native.dll
07:39:01.0609 1960 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
07:39:01.0609 1960 [ 63A4D0A9585BE032C32D2758213251AB ] C:\Program Files\Java\jre7\bin\jpeg.dll
07:39:01.0609 1960 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
07:39:01.0609 1960 [ 7FC78A70C99780C4E3392D62EF45EF76 ] C:\Program Files\Java\jre7\bin\net.dll
07:39:01.0609 1960 C:\Program Files\Java\jre7\bin\net.dll - ok
07:39:01.0625 1960 [ D79D6B5B47600483EA78F36DF842FF3F ] C:\Program Files\Java\jre7\bin\nio.dll
07:39:01.0625 1960 C:\Program Files\Java\jre7\bin\nio.dll - ok
07:39:01.0625 1960 [ 134E16398E1E6BDF872DD417F3FEA806 ] C:\Program Files\Java\jre7\bin\verify.dll
07:39:01.0625 1960 C:\Program Files\Java\jre7\bin\verify.dll - ok
07:39:01.0640 1960 [ 613F8F6C07C53F39227A70819BE914AB ] C:\Program Files\Java\jre7\bin\zip.dll
07:39:01.0640 1960 C:\Program Files\Java\jre7\bin\zip.dll - ok
07:39:01.0640 1960 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\TIFFAN~1.CEN\LOCALS~1\Temp\C4804F3B-5846-404F-A5BE-57535736DB2F.exe
07:39:01.0640 1960 C:\DOCUME~1\TIFFAN~1.CEN\LOCALS~1\Temp\C4804F3B-5846-404F-A5BE-57535736DB2F.exe - ok
07:39:01.0656 1960 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
07:39:01.0656 1960 C:\WINDOWS\system32\linkinfo.dll - ok
07:39:01.0656 1960 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
07:39:01.0656 1960 C:\WINDOWS\system32\ntshrui.dll - ok
07:39:01.0671 1960 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
07:39:01.0671 1960 C:\WINDOWS\system32\msxml3.dll - ok
07:39:01.0671 1960 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
07:39:01.0671 1960 C:\WINDOWS\system32\verclsid.exe - ok
07:39:01.0687 1960 [ 083649EF692A066880C9326020915AFE ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
07:39:01.0687 1960 C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
07:39:01.0687 1960 [ 179EED57FED3C7422A559633641032BA ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
07:39:01.0687 1960 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
07:39:01.0687 1960 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
07:39:01.0687 1960 C:\WINDOWS\system32\upnp.dll - ok
07:39:01.0703 1960 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
07:39:01.0703 1960 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
07:39:01.0718 1960 [ 80A0309E33334FCC86F11647C8A1D942 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
07:39:01.0718 1960 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
07:39:01.0718 1960 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
07:39:01.0718 1960 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
07:39:01.0718 1960 [ 586C4EC74F4D7623ABB2BD2BDA01735F ] C:\WINDOWS\system32\SynCOM.dll
07:39:01.0718 1960 C:\WINDOWS\system32\SynCOM.dll - ok
07:39:01.0734 1960 [ C764F15F0AE8A02DF1523CB24F355B22 ] C:\WINDOWS\SMINST\Recguard.exe
07:39:01.0734 1960 C:\WINDOWS\SMINST\Recguard.exe - ok
07:39:01.0734 1960 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
07:39:01.0734 1960 C:\WINDOWS\system32\olepro32.dll - ok
07:39:01.0750 1960 [ 46AF2708C1E7006C1B986246180B7F0B ] C:\WINDOWS\system32\SynTPAPI.dll
07:39:01.0750 1960 C:\WINDOWS\system32\SynTPAPI.dll - ok
07:39:01.0750 1960 [ 578C87F9B0A271D58FEE685598984183 ] C:\Program Files\HP\QuickPlay\QPService.exe
07:39:01.0750 1960 C:\Program Files\HP\QuickPlay\QPService.exe - ok
07:39:01.0750 1960 [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
07:39:01.0765 1960 C:\WINDOWS\system32\ddraw.dll - ok
07:39:01.0765 1960 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
07:39:01.0765 1960 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE - ok
07:39:01.0765 1960 [ 7ED86EBB55AC28C1C637597F4AF5E902 ] C:\WINDOWS\SMINST\INSTALL.DLL
07:39:01.0765 1960 C:\WINDOWS\SMINST\INSTALL.DLL - ok
07:39:01.0781 1960 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
07:39:01.0781 1960 C:\WINDOWS\system32\webcheck.dll - ok
07:39:01.0781 1960 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
07:39:01.0781 1960 C:\WINDOWS\system32\drivers\cdfs.sys - ok
07:39:01.0796 1960 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
07:39:01.0796 1960 C:\WINDOWS\system32\dciman32.dll - ok
07:39:01.0796 1960 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
07:39:01.0796 1960 C:\WINDOWS\system32\d3d9.dll - ok
07:39:01.0796 1960 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
07:39:01.0796 1960 C:\WINDOWS\system32\stobject.dll - ok
07:39:01.0812 1960 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
07:39:01.0812 1960 C:\WINDOWS\system32\imapi.exe - ok
07:39:01.0812 1960 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
07:39:01.0812 1960 C:\WINDOWS\system32\batmeter.dll - ok
07:39:01.0828 1960 [ 1B17E09C1223F6D17336D2DD7A1AF4F4 ] C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
07:39:01.0828 1960 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE - ok
07:39:01.0828 1960 [ FBDB9D0935B9907B809B381FDDF1627F ] C:\WINDOWS\system32\regsvr32.exe
07:39:01.0828 1960 C:\WINDOWS\system32\regsvr32.exe - ok
07:39:01.0843 1960 [ 7D58C9BDF9C0A3955BDCDE7387AD12AC ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
07:39:01.0843 1960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe - ok
07:39:01.0843 1960 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
07:39:01.0843 1960 C:\WINDOWS\system32\d3d8thk.dll - ok
07:39:01.0843 1960 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files\HP\QuickPlay\MFC71.dll
07:39:01.0843 1960 C:\Program Files\HP\QuickPlay\MFC71.dll - ok
07:39:01.0859 1960 [ 1C46FC1AB600766B8554580204806E84 ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
07:39:01.0859 1960 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok
07:39:01.0859 1960 [ 7BBE4CF421AECC7F0226EDD75F12079F ] C:\WINDOWS\ime\imjp8_1\imjpmig.exe
07:39:01.0859 1960 C:\WINDOWS\ime\imjp8_1\imjpmig.exe - ok
07:39:01.0875 1960 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\HP\QuickPlay\msvcr71.dll
07:39:01.0875 1960 C:\Program Files\HP\QuickPlay\msvcr71.dll - ok
07:39:01.0875 1960 [ E6BB63BBE1BED01769CA87F4DAC286C8 ] C:\WINDOWS\ime\imkr6_1\imekrmig.exe
07:39:01.0875 1960 C:\WINDOWS\ime\imkr6_1\imekrmig.exe - ok
07:39:01.0890 1960 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161 _x-ww_730c3508\mfc90enu.dll
07:39:01.0890 1960 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161 _x-ww_730c3508\mfc90enu.dll - ok
07:39:01.0890 1960 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\WINDOWS\system32\MFC71ENU.DLL
07:39:01.0890 1960 C:\WINDOWS\system32\MFC71ENU.DLL - ok
07:39:01.0906 1960 [ F771EE80948971858BEEF36839C24E65 ] C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll
07:39:01.0906 1960 C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll - ok
07:39:01.0906 1960 [ 54F1F98C4AD8F99BBBE8FBB62B38733F ] C:\WINDOWS\system32\igfxtray.exe
07:39:01.0906 1960 C:\WINDOWS\system32\igfxtray.exe - ok
07:39:01.0921 1960 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
07:39:01.0921 1960 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
07:39:01.0921 1960 [ 2AC2C4AC49668B8C1ABDC1FD151006DA ] C:\Program Files\HP\QuickPlay\Helper.dll
07:39:01.0921 1960 C:\Program Files\HP\QuickPlay\Helper.dll - ok
07:39:01.0937 1960 [ B9DA7B8CA4601625CA9264CD846AC576 ] C:\WINDOWS\system32\hccutils.dll
07:39:01.0937 1960 C:\WINDOWS\system32\hccutils.dll - ok
07:39:01.0937 1960 [ 32FB9368F485A7FE944EB6678B61734B ] C:\WINDOWS\system32\igfxpers.exe
07:39:01.0937 1960 C:\WINDOWS\system32\igfxpers.exe - ok
07:39:01.0937 1960 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
07:39:01.0937 1960 C:\WINDOWS\system32\msctf.dll - ok
07:39:01.0953 1960 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
07:39:01.0953 1960 C:\WINDOWS\system32\icmp.dll - ok
07:39:01.0953 1960 [ 13790C4FB6311ECE6D6763A7EC2313FB ] C:\Program Files\AVAST Software\Avast\aswAra.dll
07:39:01.0953 1960 C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
07:39:01.0968 1960 [ D9F3DB62D1B361D82CD82A347EA6218D ] C:\WINDOWS\system32\hkcmd.exe
07:39:01.0968 1960 C:\WINDOWS\system32\hkcmd.exe - ok
07:39:01.0968 1960 [ F0E7DEC6F7A3610949BDED0CA8CCB3EA ] C:\Program Files\AVAST Software\Avast\aswData.dll
07:39:01.0968 1960 C:\Program Files\AVAST Software\Avast\aswData.dll - ok
07:39:01.0968 1960 [ 1E4037F987986B200EB8421A1CEEEE68 ] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
07:39:01.0968 1960 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe - ok
07:39:01.0984 1960 [ AB6E3DF509C6BD59062F685A40395C23 ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
07:39:01.0984 1960 C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
07:39:01.0984 1960 [ 8EAC49BF89C0FE814EC4E7F404211839 ] C:\WINDOWS\system32\CHDAudPropShortcut.exe
07:39:01.0984 1960 C:\WINDOWS\system32\CHDAudPropShortcut.exe - ok
07:39:02.0000 1960 [ AB04C6CE5DF23819B914F822E9AA0EDF ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
07:39:02.0000 1960 C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
07:39:02.0000 1960 [ 7A21E06385E748E9CB0252F1BBC493F1 ] C:\WINDOWS\ehome\ehtray.exe
07:39:02.0000 1960 C:\WINDOWS\ehome\ehtray.exe - ok
07:39:02.0015 1960 [ 23DAA38F8FF3F0B76F41463A49C65B5E ] C:\WINDOWS\system32\igfxsrvc.exe
07:39:02.0015 1960 C:\WINDOWS\system32\igfxsrvc.exe - ok
07:39:02.0015 1960 [ 59A3AEF99204B0A6383FD9803731552D ] C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
07:39:02.0015 1960 C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll - ok
07:39:02.0031 1960 [ A325C1DDE8913D168905408E89C0BE08 ] C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
07:39:02.0031 1960 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe - ok
07:39:02.0031 1960 [ CA5F93753AEDF27B522890C6F1574893 ] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe
07:39:02.0031 1960 C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe - ok
07:39:02.0046 1960 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:39:02.0046 1960 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
07:39:02.0046 1960 [ C433258ECAF73A302E016FC80186F94D ] C:\WINDOWS\system32\igfxsrvc.dll
07:39:02.0046 1960 C:\WINDOWS\system32\igfxsrvc.dll - ok
07:39:02.0046 1960 [ C637FC4638A96165256B28D38DE7B953 ] C:\Program Files\HP\HP Software Update\hpwuschd2.exe
07:39:02.0046 1960 C:\Program Files\HP\HP Software Update\hpwuschd2.exe - ok
07:39:02.0062 1960 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
07:39:02.0062 1960 C:\WINDOWS\system32\ctfmon.exe - ok
07:39:02.0062 1960 [ A58241451A149929A679C82FA934EF81 ] C:\WINDOWS\system32\igfxdev.dll
07:39:02.0062 1960 C:\WINDOWS\system32\igfxdev.dll - ok
07:39:02.0078 1960 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
07:39:02.0078 1960 C:\WINDOWS\system32\rasdlg.dll - ok
07:39:02.0078 1960 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
07:39:02.0078 1960 C:\WINDOWS\system32\msutb.dll - ok
07:39:02.0078 1960 [ 7E57B6D3D74CB9EF3055BA4E89F038D4 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_146.ocx
07:39:02.0078 1960 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_146.ocx - ok
07:39:02.0093 1960 [ 03A905FBA1D62317087DB5C21C0F8F62 ] C:\WINDOWS\ehome\ehmsas.exe
07:39:02.0093 1960 C:\WINDOWS\ehome\ehmsas.exe - ok
07:39:02.0093 1960 [ 070E5936DA5DF779E446A56C3BAE7C0E ] C:\WINDOWS\system32\igfxres.dll
07:39:02.0093 1960 C:\WINDOWS\system32\igfxres.dll - ok
07:39:02.0109 1960 [ 21C3886C7E83EE489D73AFE012F068A6 ] C:\WINDOWS\system32\igfxress.dll
07:39:02.0109 1960 C:\WINDOWS\system32\igfxress.dll - ok
07:39:02.0109 1960 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
07:39:02.0109 1960 C:\WINDOWS\ime\sptip.dll - ok
07:39:02.0125 1960 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
07:39:02.0125 1960 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
07:39:02.0125 1960 [ 960F6D3CD9A1BA6435D7AADD102B297F ] C:\WINDOWS\system32\wbem\wmiprov.dll
07:39:02.0125 1960 C:\WINDOWS\system32\wbem\wmiprov.dll - ok
07:39:02.0125 1960 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
07:39:02.0125 1960 C:\WINDOWS\system32\wbem\framedyn.dll - ok
07:39:02.0140 1960 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\28565161.sys
07:39:02.0140 1960 C:\WINDOWS\system32\drivers\28565161.sys - ok
07:39:02.0140 1960 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
07:39:02.0140 1960 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
07:39:02.0156 1960 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
07:39:02.0156 1960 C:\WINDOWS\system32\msvcp100.dll - ok
07:39:02.0156 1960 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
07:39:02.0156 1960 C:\WINDOWS\system32\dsound.dll - ok
07:39:02.0171 1960 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
07:39:02.0171 1960 C:\WINDOWS\system32\msvcr100.dll - ok
07:39:02.0171 1960 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
07:39:02.0171 1960 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
07:39:02.0187 1960 [ 3F8411328E808A8794A41DA9ACB22DD9 ] C:\WINDOWS\system32\tapi3.dll
07:39:02.0187 1960 C:\WINDOWS\system32\tapi3.dll - ok
07:39:02.0187 1960 [ 35A75C922D5827944CBD0F013186F0EF ] C:\Program Files\AVAST Software\Avast\defs\13011800\uiext.dll
07:39:02.0187 1960 C:\Program Files\AVAST Software\Avast\defs\13011800\uiext.dll - ok
07:39:02.0187 1960 [ F5430B03E141E098C78D5DB46B00F8FC ] C:\WINDOWS\system32\confmsp.dll
07:39:02.0187 1960 C:\WINDOWS\system32\confmsp.dll - ok
07:39:02.0203 1960 [ 8EDD9DCD5196B6C54A622E9549F667B8 ] C:\WINDOWS\system32\termmgr.dll
07:39:02.0203 1960 C:\WINDOWS\system32\termmgr.dll - ok
07:39:02.0203 1960 [ CE8C3BC1377B83DBCD7304AB2D0A4735 ] C:\WINDOWS\system32\h323msp.dll
07:39:02.0203 1960 C:\WINDOWS\system32\h323msp.dll - ok
07:39:02.0218 1960 [ 84B38788149B32A50ED6859ACD3DCC1D ] C:\Program Files\HPQ\HP Wireless Assistant\hpqnt.dll
07:39:02.0218 1960 C:\Program Files\HPQ\HP Wireless Assistant\hpqnt.dll - ok
07:39:02.0218 1960 [ 03C76895F47A1339A697269000675266 ] C:\WINDOWS\system32\newdev.dll
07:39:02.0218 1960 C:\WINDOWS\system32\newdev.dll - ok
07:39:02.0234 1960 [ C88C65DF1ED4DFD34CFBD11CDFE519A3 ] C:\WINDOWS\system32\wucltui.dll
07:39:02.0234 1960 C:\WINDOWS\system32\wucltui.dll - ok
07:39:02.0234 1960 [ C31DD4CEC06D2908AE5F212A0B13805B ] C:\WINDOWS\system32\wuaucpl.cpl
07:39:02.0234 1960 C:\WINDOWS\system32\wuaucpl.cpl - ok
07:39:02.0234 1960 [ BBDFDBEAD1B7A1CFD44BFFFD177FB627 ] C:\WINDOWS\system32\mucltui.dll
07:39:02.0234 1960 C:\WINDOWS\system32\mucltui.dll - ok
07:39:02.0250 1960 ============================================================
07:39:02.0250 1960 Scan finished
07:39:02.0250 1960 ============================================================
07:39:02.0359 1956 Detected object count: 9
07:39:02.0359 1956 Actual detected object count: 9
07:44:38.0890 1956 AddFiltr ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0890 1956 AddFiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0890 1956 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0890 1956 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0890 1956 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0890 1956 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0906 1956 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0906 1956 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0906 1956 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0906 1956 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0906 1956 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0906 1956 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0906 1956 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0906 1956 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0906 1956 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0906 1956 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:38.0921 1956 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:38.0921 1956 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:47:05.0671 3036 Deinitialize success
07:34:54.0140 0276 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:34:54.0484 0276 ============================================================
07:34:54.0484 0276 Current date / time: 2013/01/18 07:34:54.0484
07:34:54.0484 0276 SystemInfo:
07:34:54.0484 0276
07:34:54.0484 0276 OS Version: 5.1.2600 ServicePack: 3.0
07:34:54.0484 0276 Product type: Workstation
07:34:54.0484 0276 ComputerName: CROWLEY
07:34:54.0484 0276 UserName: Tiffany
07:34:54.0484 0276 Windows directory: C:\WINDOWS
07:34:54.0484 0276 System windows directory: C:\WINDOWS
07:34:54.0484 0276 Processor architecture: Intel x86
07:34:54.0484 0276 Number of processors: 2
07:34:54.0484 0276 Page size: 0x1000
07:34:54.0484 0276 Boot type: Normal boot
07:34:54.0484 0276 ============================================================
07:34:55.0296 0276 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:34:55.0296 0276 ============================================================
07:34:55.0296 0276 \Device\Harddisk0\DR0:
07:34:55.0296 0276 MBR partitions:
07:34:55.0296 0276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC62C988
07:34:55.0296 0276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xC630888, BlocksNum 0x1761276
07:34:55.0296 0276 ============================================================
07:34:55.0359 0276 C: <-> \Device\Harddisk0\DR0\Partition1
07:34:55.0375 0276 D: <-> \Device\Harddisk0\DR0\Partition2
07:34:55.0406 0276 ============================================================
07:34:55.0406 0276 Initialize success
07:34:55.0406 0276 ============================================================
07:35:02.0421 0588 Deinitialize success
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-Jan-2013, 09:28 PM #9
Thanks for the logs, still not showing anything obvious. OK do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/comb...o-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
18-Jan-2013, 11:31 PM #10
No reboots were needed.
It feels odd that these last two days windows startup has been tame.

ComboFix 13-01-17.04 - Tiffany 01/18/2013 22:13:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.472 [GMT -5:00]
Running from: c:\documents and settings\Tiffany.CENG\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\microsoft\IMJP8_1\imjp81u.dic
c:\windows\wininit.ini
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdan fo
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Unin stall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-18 12:35 . 2013-01-18 12:35 177496 ----a-w- c:\windows\system32\drivers\91578331.sys
2013-01-14 23:34 . 2013-01-14 23:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-12 13:51 . 2013-01-12 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-12 13:51 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-10 13:18 . 2012-06-02 20:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-01-06 16:54 . 2012-10-30 23:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-01-06 16:54 . 2012-10-30 23:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-01-06 16:54 . 2012-10-30 23:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-01-06 16:54 . 2012-09-21 09:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-01-04 02:46 . 2013-01-04 02:46 -------- d-----w- c:\program files\ACW
2013-01-01 16:30 . 2013-01-01 16:30 -------- d-----w- C:\843aea2a30e19424e690b93640
2013-01-01 16:15 . 2013-01-01 17:39 -------- d-----w- c:\windows\system32\XPSViewer
2013-01-01 16:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-01-01 16:14 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-12-30 20:58 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-12-30 20:58 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-12-30 20:58 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-12-30 20:58 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-12-30 20:58 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2012-12-30 20:58 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-12-30 20:58 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-12-30 20:58 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-12-30 20:58 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-12-30 20:58 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-12-30 20:58 . 2008-04-14 10:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-12-30 20:58 . 2008-04-14 10:39 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2012-12-30 13:42 . 2012-12-30 13:42 -------- d-----w- c:\windows\system32\Adobe
2012-12-30 13:09 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2012-12-30 02:49 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-12-30 02:49 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-12-30 02:49 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-30 02:49 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-12-30 02:49 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-12-30 02:49 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-12-30 02:49 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-12-30 02:49 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-12-30 02:49 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-30 02:48 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-12-30 02:21 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-30 02:21 . 2012-11-01 12:17 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-12-30 02:21 . 2012-11-01 12:17 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-12-30 02:21 . 2012-11-01 12:17 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-12-30 02:21 . 2012-11-01 12:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-12-30 02:21 . 2012-11-01 12:17 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-12-30 02:21 . 2012-11-01 12:17 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-12-30 02:21 . 2012-11-01 12:17 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-12-30 02:21 . 2012-11-01 12:17 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-12-30 02:20 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-12-30 02:18 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-12-30 02:18 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-12-30 02:17 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-12-30 02:17 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-12-30 02:17 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-12-30 02:16 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-12-30 02:16 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-12-30 02:16 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-12-30 02:16 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-12-30 02:16 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-12-30 02:16 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-12-30 02:15 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-12-30 02:14 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-12-30 02:14 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-12-30 02:13 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2012-12-30 02:13 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2012-12-30 02:13 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2012-12-30 02:13 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-12-30 02:13 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-12-30 02:12 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2012-12-30 02:10 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-12-30 02:10 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-12-30 02:10 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2012-12-30 02:10 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-12-30 02:10 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-12-30 02:06 . 2012-06-02 20:19 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-12-30 02:06 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-12-30 02:06 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-12-30 02:06 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-12-30 02:06 . 2012-06-02 20:19 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-12-30 01:52 . 2008-04-14 10:42 176640 ------w- c:\windows\system32\napstat.exe
2012-12-30 01:50 . 2008-04-14 05:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-12-30 01:49 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003059_.tmp
2012-12-30 01:32 . 2012-12-30 01:32 -------- d-----w- c:\program files\Microsoft Download Manager
2012-12-30 01:30 . 2013-01-09 12:27 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-30 01:30 . 2013-01-09 12:27 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-30 00:10 . 2012-12-30 01:09 -------- d-----w- C:\2413036d57bd7b7b81fc22d895
2012-12-29 22:59 . 2013-01-13 03:27 -------- d-----w- c:\documents and settings\Tiffany.CENG
2012-12-29 22:58 . 2012-12-29 22:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2012-12-29 22:58 . 2006-09-12 07:30 65536 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-12-29 22:58 . 2006-09-12 07:30 61440 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe
2012-12-29 22:58 . 2006-09-12 07:30 61440 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe
2012-12-29 22:58 . 2006-09-12 07:30 61440 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe
2012-12-29 22:58 . 2006-09-12 07:30 61440 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
2012-12-29 22:58 . 2006-09-12 07:30 61440 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe
2012-12-29 22:58 . 2006-09-12 07:30 61440 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe
2012-12-29 22:58 . 2006-09-12 07:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2012-12-29 22:58 . 2006-09-12 07:05 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2012-12-29 22:54 . 2006-03-15 20:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2012-12-29 22:54 . 2006-03-15 20:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2012-12-29 22:54 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2012-12-29 22:54 . 2006-03-15 20:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2012-12-29 22:54 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-12-29 22:54 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-12-29 22:54 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2012-12-29 22:54 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-12-29 22:54 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-12-29 21:43 . 2008-04-14 05:13 12672 ------w- c:\windows\system32\drivers\mutohpen.sys
2012-12-29 21:42 . 2004-07-17 16:40 19528 ----a-w- c:\windows\000001_.tmp
2012-12-29 21:23 . 2013-01-14 23:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-29 21:23 . 2013-01-14 23:33 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-29 21:23 . 2013-01-14 23:33 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-29 21:12 . 2012-12-29 21:12 -------- d-----w- c:\windows\system32\LogFiles
2012-12-29 18:26 . 2012-12-29 18:26 -------- d-----w- c:\program files\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2006-03-16 04:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2006-03-16 04:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2006-03-16 04:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2006-03-16 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2006-03-16 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2006-03-16 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-16 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 23:51 . 2012-06-06 00:01 41224 ----a-w- c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Pavilion Webcam Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
backup=c:\windows\pss\HP Pavilion Webcam Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tiffany.CENG^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=c:\documents and settings\Tiffany.CENG\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 16:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/6/2013 11:54 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/6/2013 11:54 AM 199320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/6/2013 11:54 AM 106560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [1/6/2013 11:54 AM 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/29/2012 9:49 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/29/2012 9:49 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/29/2012 9:49 PM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [1/6/2013 11:54 AM 133912]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 61748473
*Deregistered* - 61748473
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 02:57 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 12:27]
.
2013-01-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-30 23:50]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-13 02:55]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-13 02:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-58511080.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-18 22:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Q??????`?@?????L?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-01-18 22:27:35
ComboFix-quarantined-files.txt 2013-01-19 03:27
.
Pre-Run: 71,428,210,688 bytes free
Post-Run: 72,141,918,208 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B4C481E2771ADDB99FF55555BD74450A
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Jan-2013, 06:11 AM #11
OK, do the following:

Select start > control panel > add/remove programs > make sure to remove the following old versions of Java:

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 38.

Next,

Upload a File to Virustotal
Go to http://www.virustotal.com/
  • Click the Browse... button
  • Navigate to the file c:\windows\system32\drivers\91578331.sys or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Next,

Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept


  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan


  • When the scan completes select Report, copy and paste that to your reply.


  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Let me see those logs....

Kevin...
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
19-Jan-2013, 08:37 AM #12
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
19-Jan-2013, 08:42 AM #13
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Tiffany [Admin rights]
Mode : Scan -- Date : 01/19/2013 07:40:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2120BH PL +++++
--- User ---
[MBR] 6a0085dd52641b7073d18dcc3acd6e2f
[BSP] 3ca06dfd8ecf47907b7dafdc5a0494d5 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 101465 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 207816840 | Size: 11970 Mo
2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 232332030 | Size: 1027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01192013_02d0740.txt >>
RKreport[1]_S_01192013_02d0740.txt
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Jan-2013, 01:41 PM #14
Post eset log when you`re ready, also give an update on current issues/concerns....
Oriole's Avatar
Oriole Oriole is offline
Computer Specs
Member with 79 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
19-Jan-2013, 03:33 PM #15
It didn't find any threats and but it didn't generate a log. I went into my C drive and programs files and found the ESET folder but there wasn't a log there either. I'll run the scan again to see if it will a second time.

As for an update. My machine hasn't been acting up since I ran an AVAST Startup Heuristics it did find two items and put it in the chest. I ran that scan a right before you started assisting me. I would share the log but the Log option in the program doesn't provide a text version.

And the process wuauclt.exe is still running with a 67,168K memory.

((Curiosity, why is it that Chrome runs so many processes? There's like 3 that are just chrome.exe that start running whenever I open browser))

Last edited by Oriole; 19-Jan-2013 at 05:44 PM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑