Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't open any programs except photoshop not even OTL

Started by neataznyam , Mar 21 2012 10:25 PM

Please log in to reply

#196
maliprog

Posted 24 April 2012 - 12:34 AM

Trusted Helper

Malware Removal
6,172 posts

OK. Let's use this situation to clean your system.

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Driver::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside:
- Verify Driver Digital Signature
- Detect TDLFS file system
then click OK.
Click the Start Scan button to start the scan.
If a suspicious object is detected, the default action will be Skip
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected for malicious objects
Click Continue then Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

Combofix log
TDSSKiller log

It would be helpful if you could post each log in separate post

#197
neataznyam

Posted 24 April 2012 - 12:56 AM

Member

Topic Starter
Member
150 posts

23:52:47.0270 4184 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
23:52:47.0738 4184 ============================================================
23:52:47.0738 4184 Current date / time: 2012/04/23 23:52:47.0738
23:52:47.0738 4184 SystemInfo:
23:52:47.0738 4184
23:52:47.0738 4184 OS Version: 6.1.7600 ServicePack: 0.0
23:52:47.0738 4184 Product type: Workstation
23:52:47.0738 4184 ComputerName: FAPMACHINE
23:52:47.0738 4184 UserName: henry ong
23:52:47.0738 4184 Windows directory: C:\Windows
23:52:47.0738 4184 System windows directory: C:\Windows
23:52:47.0738 4184 Processor architecture: Intel x86
23:52:47.0738 4184 Number of processors: 2
23:52:47.0738 4184 Page size: 0x1000
23:52:47.0738 4184 Boot type: Normal boot
23:52:47.0738 4184 ============================================================
23:52:47.0988 4184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
23:52:48.0003 4184 Drive \Device\Harddisk1\DR1 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:52:48.0003 4184 ============================================================
23:52:48.0003 4184 \Device\Harddisk0\DR0:
23:52:48.0019 4184 MBR partitions:
23:52:48.0019 4184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:52:48.0019 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
23:52:48.0019 4184 \Device\Harddisk1\DR1:
23:52:48.0019 4184 MBR partitions:
23:52:48.0019 4184 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEA080
23:52:48.0019 4184 ============================================================
23:52:48.0128 4184 C: <-> \Device\Harddisk0\DR0\Partition1
23:52:48.0128 4184 ============================================================
23:52:48.0128 4184 Initialize success
23:52:48.0128 4184 ============================================================
23:52:56.0240 1124 ============================================================
23:52:56.0240 1124 Scan started
23:52:56.0240 1124 Mode: Manual;
23:52:56.0240 1124 ============================================================
23:53:00.0000 1124 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:53:00.0015 1124 1394ohci - ok
23:53:00.0374 1124 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:53:00.0421 1124 ACPI - ok
23:53:00.0499 1124 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:53:00.0499 1124 AcpiPmi - ok
23:53:01.0076 1124 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:53:01.0092 1124 adp94xx - ok
23:53:01.0747 1124 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:53:01.0778 1124 adpahci - ok
23:53:02.0152 1124 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:53:02.0152 1124 adpu320 - ok
23:53:02.0215 1124 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:53:02.0215 1124 AeLookupSvc - ok
23:53:02.0293 1124 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
23:53:02.0293 1124 AFD - ok
23:53:02.0418 1124 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:53:02.0418 1124 agp440 - ok
23:53:02.0636 1124 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:53:02.0636 1124 aic78xx - ok
23:53:02.0854 1124 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:53:02.0870 1124 ALG - ok
23:53:03.0042 1124 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:53:03.0057 1124 aliide - ok
23:53:03.0666 1124 AMD External Events Utility (4b9298fd6707980ab8e3a8f0e642ec9a) C:\Windows\system32\atiesrxx.exe
23:53:03.0666 1124 AMD External Events Utility - ok
23:53:03.0900 1124 AMD FUEL Service - ok
23:53:04.0024 1124 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:53:04.0040 1124 amdagp - ok
23:53:04.0134 1124 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:53:04.0149 1124 amdide - ok
23:53:04.0305 1124 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
23:53:04.0321 1124 amdiox86 - ok
23:53:04.0461 1124 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:53:04.0492 1124 AmdK8 - ok
23:53:10.0717 1124 amdkmdag (5c297f25a4a09d14bfe2cab5de2f1457) C:\Windows\system32\DRIVERS\atikmdag.sys
23:53:10.0904 1124 amdkmdag - ok
23:53:12.0714 1124 amdkmdap (ff2e35d9bd35f36a0126a0ca7556e43d) C:\Windows\system32\DRIVERS\atikmpag.sys
23:53:12.0714 1124 amdkmdap - ok
23:53:12.0792 1124 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:53:12.0807 1124 AmdPPM - ok
23:53:12.0994 1124 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
23:53:13.0041 1124 amdsata - ok
23:53:13.0384 1124 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:53:13.0400 1124 amdsbs - ok
23:53:13.0478 1124 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
23:53:13.0478 1124 amdxata - ok
23:53:13.0743 1124 AODDriver4.1 (df6de9e8e4b6994853ccf038bfae964b) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
23:53:13.0759 1124 AODDriver4.1 - ok
23:53:13.0790 1124 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:53:13.0790 1124 AppID - ok
23:53:13.0884 1124 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:53:13.0884 1124 AppIDSvc - ok
23:53:14.0040 1124 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
23:53:14.0040 1124 Appinfo - ok
23:53:14.0430 1124 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
23:53:14.0445 1124 AppMgmt - ok
23:53:14.0679 1124 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:53:14.0695 1124 arc - ok
23:53:14.0788 1124 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:53:14.0804 1124 arcsas - ok
23:53:14.0851 1124 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
23:53:14.0851 1124 AsIO - ok
23:53:15.0522 1124 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:53:15.0537 1124 aspnet_state - ok
23:53:15.0615 1124 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:53:15.0615 1124 AsyncMac - ok
23:53:15.0709 1124 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:53:15.0709 1124 atapi - ok
23:53:16.0021 1124 AtiHDAudioService (4d201d8b576be4473405b2a86a2d28b3) C:\Windows\system32\drivers\AtihdW73.sys
23:53:16.0052 1124 AtiHDAudioService - ok
23:53:16.0302 1124 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:53:16.0302 1124 AudioEndpointBuilder - ok
23:53:16.0317 1124 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:53:16.0333 1124 Audiosrv - ok
23:53:16.0582 1124 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
23:53:16.0582 1124 AxInstSV - ok
23:53:17.0253 1124 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:53:17.0253 1124 b06bdrv - ok
23:53:17.0737 1124 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:53:17.0768 1124 b57nd60x - ok
23:53:18.0205 1124 BCUService (328e794278cc30ca7c06e346a18b1abc) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
23:53:18.0220 1124 BCUService - ok
23:53:18.0252 1124 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:53:18.0267 1124 BDESVC - ok
23:53:18.0283 1124 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:53:18.0283 1124 Beep - ok
23:53:19.0172 1124 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
23:53:19.0172 1124 BFE - ok
23:53:19.0874 1124 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
23:53:19.0874 1124 BITS - ok
23:53:20.0061 1124 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:53:20.0077 1124 blbdrive - ok
23:53:20.0248 1124 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
23:53:20.0264 1124 bowser - ok
23:53:20.0326 1124 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:53:20.0326 1124 BrFiltLo - ok
23:53:20.0342 1124 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:53:20.0342 1124 BrFiltUp - ok
23:53:20.0529 1124 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:53:20.0545 1124 BridgeMP - ok
23:53:20.0826 1124 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
23:53:20.0826 1124 Browser - ok
23:53:21.0309 1124 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:53:21.0340 1124 Brserid - ok
23:53:21.0372 1124 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:53:21.0372 1124 BrSerWdm - ok
23:53:21.0372 1124 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:53:21.0372 1124 BrUsbMdm - ok
23:53:21.0387 1124 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:53:21.0387 1124 BrUsbSer - ok
23:53:21.0403 1124 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:53:21.0403 1124 BTHMODEM - ok
23:53:21.0637 1124 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:53:21.0637 1124 bthserv - ok
23:53:22.0011 1124 catchme - ok
23:53:22.0214 1124 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:53:22.0245 1124 cdfs - ok
23:53:22.0557 1124 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:53:22.0573 1124 cdrom - ok
23:53:22.0666 1124 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:53:22.0666 1124 CertPropSvc - ok
23:53:22.0744 1124 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:53:22.0760 1124 circlass - ok
23:53:23.0228 1124 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:53:23.0228 1124 CLFS - ok
23:53:23.0836 1124 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:23.0836 1124 clr_optimization_v2.0.50727_32 - ok
23:53:24.0570 1124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:53:24.0585 1124 clr_optimization_v4.0.30319_32 - ok
23:53:24.0663 1124 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:53:24.0679 1124 CmBatt - ok
23:53:24.0726 1124 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:53:24.0726 1124 cmdide - ok
23:53:25.0053 1124 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
23:53:25.0069 1124 CNG - ok
23:53:25.0147 1124 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:53:25.0162 1124 Compbatt - ok
23:53:25.0303 1124 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:53:25.0303 1124 CompositeBus - ok
23:53:25.0334 1124 COMSysApp - ok
23:53:25.0428 1124 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:53:25.0443 1124 crcdisk - ok
23:53:25.0833 1124 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
23:53:25.0833 1124 CryptSvc - ok
23:53:26.0192 1124 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:53:26.0192 1124 CSC - ok
23:53:27.0081 1124 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
23:53:27.0081 1124 CscService - ok
23:53:27.0190 1124 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
23:53:27.0206 1124 DcomLaunch - ok
23:53:27.0643 1124 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:53:27.0643 1124 defragsvc - ok
23:53:28.0111 1124 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
23:53:28.0126 1124 DfsC - ok
23:53:28.0314 1124 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
23:53:28.0314 1124 Dhcp - ok
23:53:28.0345 1124 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:53:28.0360 1124 discache - ok
23:53:28.0579 1124 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:53:28.0579 1124 Disk - ok
23:53:28.0891 1124 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
23:53:28.0891 1124 Dnscache - ok
23:53:29.0234 1124 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
23:53:29.0234 1124 dot3svc - ok
23:53:29.0562 1124 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
23:53:29.0562 1124 DPS - ok
23:53:29.0640 1124 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:53:29.0640 1124 drmkaud - ok
23:53:30.0919 1124 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
23:53:30.0966 1124 DXGKrnl - ok
23:53:31.0184 1124 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:53:31.0184 1124 EapHost - ok
23:53:36.0394 1124 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:53:36.0472 1124 ebdrv - ok
23:53:37.0611 1124 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
23:53:37.0611 1124 EFS - ok
23:53:38.0563 1124 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
23:53:38.0610 1124 ehRecvr - ok
23:53:38.0656 1124 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:53:38.0656 1124 ehSched - ok
23:53:38.0844 1124 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:53:38.0859 1124 elxstor - ok
23:53:38.0875 1124 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:53:38.0875 1124 ErrDev - ok
23:53:38.0922 1124 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:53:38.0922 1124 EventSystem - ok
23:53:38.0953 1124 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:53:38.0953 1124 exfat - ok
23:53:38.0953 1124 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:53:38.0953 1124 fastfat - ok
23:53:39.0078 1124 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
23:53:39.0093 1124 Fax - ok
23:53:39.0156 1124 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:53:39.0156 1124 fdc - ok
23:53:39.0187 1124 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:53:39.0187 1124 fdPHost - ok
23:53:39.0187 1124 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:53:39.0187 1124 FDResPub - ok
23:53:39.0202 1124 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:53:39.0202 1124 FileInfo - ok
23:53:39.0202 1124 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:53:39.0202 1124 Filetrace - ok
23:53:39.0218 1124 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:53:39.0218 1124 flpydisk - ok
23:53:39.0234 1124 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:53:39.0249 1124 FltMgr - ok
23:53:39.0343 1124 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
23:53:39.0343 1124 FontCache - ok
23:53:39.0468 1124 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:53:39.0468 1124 FontCache3.0.0.0 - ok
23:53:39.0858 1124 ForceWare Intelligent Application Manager (IAM) (7dff82acdab23414abc2a95fef8982f8) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
23:53:39.0858 1124 ForceWare Intelligent Application Manager (IAM) - ok
23:53:40.0154 1124 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:53:40.0170 1124 FsDepends - ok
23:53:40.0232 1124 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
23:53:40.0248 1124 Fs_Rec - ok
23:53:40.0700 1124 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
23:53:40.0731 1124 fvevol - ok
23:53:40.0918 1124 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:53:40.0934 1124 gagp30kx - ok
23:53:41.0152 1124 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
23:53:41.0152 1124 gpsvc - ok
23:53:41.0184 1124 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:53:41.0184 1124 hcw85cir - ok
23:53:41.0277 1124 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:53:41.0293 1124 HdAudAddService - ok
23:53:41.0324 1124 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:53:41.0324 1124 HDAudBus - ok
23:53:41.0324 1124 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:53:41.0324 1124 HidBatt - ok
23:53:41.0340 1124 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:53:41.0340 1124 HidBth - ok
23:53:41.0386 1124 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:53:41.0402 1124 HidIr - ok
23:53:41.0433 1124 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:53:41.0433 1124 hidserv - ok
23:53:41.0620 1124 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:53:41.0636 1124 HidUsb - ok
23:53:41.0870 1124 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
23:53:41.0886 1124 hkmsvc - ok
23:53:42.0244 1124 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
23:53:42.0276 1124 HomeGroupListener - ok
23:53:42.0541 1124 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
23:53:42.0556 1124 HomeGroupProvider - ok
23:53:42.0666 1124 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:53:42.0666 1124 HpSAMD - ok
23:53:42.0946 1124 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:53:43.0009 1124 HTTP - ok
23:53:43.0024 1124 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:53:43.0040 1124 hwpolicy - ok
23:53:43.0243 1124 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:53:43.0274 1124 i8042prt - ok
23:53:43.0773 1124 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
23:53:43.0820 1124 iaStorV - ok
23:53:44.0023 1124 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:53:44.0023 1124 idsvc - ok
23:53:44.0179 1124 IDSVix86 - ok
23:53:44.0241 1124 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:53:44.0241 1124 iirsp - ok
23:53:45.0084 1124 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
23:53:45.0084 1124 IKEEXT - ok
23:53:45.0115 1124 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:53:45.0115 1124 intelide - ok
23:53:45.0130 1124 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:53:45.0130 1124 intelppm - ok
23:53:45.0146 1124 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:53:45.0162 1124 IPBusEnum - ok
23:53:45.0162 1124 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:53:45.0162 1124 IpFilterDriver - ok
23:53:45.0739 1124 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
23:53:45.0770 1124 iphlpsvc - ok
23:53:45.0926 1124 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:53:45.0942 1124 IPMIDRV - ok
23:53:46.0051 1124 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:53:46.0066 1124 IPNAT - ok
23:53:46.0160 1124 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:53:46.0160 1124 IRENUM - ok
23:53:46.0191 1124 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:53:46.0191 1124 isapnp - ok
23:53:46.0254 1124 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:53:46.0254 1124 iScsiPrt - ok
23:53:46.0300 1124 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:53:46.0300 1124 kbdclass - ok
23:53:46.0316 1124 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:53:46.0316 1124 kbdhid - ok
23:53:46.0363 1124 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:53:46.0363 1124 KeyIso - ok
23:53:46.0394 1124 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
23:53:46.0394 1124 KSecDD - ok
23:53:46.0425 1124 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
23:53:46.0425 1124 KSecPkg - ok
23:53:46.0488 1124 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:53:46.0488 1124 KtmRm - ok
23:53:46.0831 1124 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
23:53:46.0862 1124 LanmanServer - ok
23:53:47.0127 1124 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
23:53:47.0143 1124 LanmanWorkstation - ok
23:53:47.0314 1124 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:53:47.0330 1124 lltdio - ok
23:53:47.0611 1124 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:53:47.0626 1124 lltdsvc - ok
23:53:47.0626 1124 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:53:47.0626 1124 lmhosts - ok
23:53:47.0736 1124 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:53:47.0736 1124 LSI_FC - ok
23:53:47.0751 1124 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:53:47.0767 1124 LSI_SAS - ok
23:53:47.0938 1124 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:53:47.0985 1124 LSI_SAS2 - ok
23:53:48.0141 1124 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:53:48.0172 1124 LSI_SCSI - ok
23:53:48.0344 1124 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:53:48.0375 1124 luafv - ok
23:53:48.0516 1124 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
23:53:48.0516 1124 MBAMProtector - ok
23:53:48.0906 1124 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:53:48.0921 1124 MBAMService - ok
23:53:49.0124 1124 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
23:53:49.0140 1124 MBAMSwissArmy - ok
23:53:49.0670 1124 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
23:53:49.0748 1124 McComponentHostService - ok
23:53:49.0920 1124 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
23:53:49.0935 1124 Mcx2Svc - ok
23:53:50.0013 1124 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:53:50.0044 1124 megasas - ok
23:53:50.0138 1124 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:53:50.0138 1124 MegaSR - ok
23:53:50.0247 1124 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:53:50.0247 1124 MMCSS - ok
23:53:50.0310 1124 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:53:50.0341 1124 Modem - ok
23:53:50.0466 1124 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:53:50.0497 1124 monitor - ok
23:53:50.0606 1124 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:53:50.0606 1124 mouclass - ok
23:53:50.0824 1124 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:53:50.0840 1124 mouhid - ok
23:53:50.0980 1124 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:53:51.0027 1124 mountmgr - ok
23:53:51.0277 1124 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:53:51.0292 1124 mpio - ok
23:53:51.0339 1124 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:53:51.0339 1124 mpsdrv - ok
23:53:51.0417 1124 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
23:53:51.0417 1124 MpsSvc - ok
23:53:51.0480 1124 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:53:51.0480 1124 MRxDAV - ok
23:53:51.0792 1124 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:53:51.0807 1124 mrxsmb - ok
23:53:52.0275 1124 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:53:52.0306 1124 mrxsmb10 - ok
23:53:52.0478 1124 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:53:52.0494 1124 mrxsmb20 - ok
23:53:52.0572 1124 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:53:52.0572 1124 msahci - ok
23:53:52.0587 1124 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:53:52.0587 1124 msdsm - ok
23:53:52.0650 1124 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:53:52.0681 1124 MSDTC - ok
23:53:52.0681 1124 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:53:52.0681 1124 Msfs - ok
23:53:52.0681 1124 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:53:52.0696 1124 mshidkmdf - ok
23:53:52.0696 1124 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:53:52.0696 1124 msisadrv - ok
23:53:52.0743 1124 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:53:52.0743 1124 MSiSCSI - ok
23:53:52.0759 1124 msiserver - ok
23:53:52.0806 1124 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:53:52.0821 1124 MSKSSRV - ok
23:53:52.0868 1124 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:53:52.0884 1124 MSPCLOCK - ok
23:53:52.0946 1124 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:53:52.0962 1124 MSPQM - ok
23:53:53.0242 1124 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:53:53.0258 1124 MsRPC - ok
23:53:53.0352 1124 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:53:53.0352 1124 mssmbios - ok
23:53:53.0398 1124 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:53:53.0414 1124 MSTEE - ok
23:53:53.0461 1124 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:53:53.0476 1124 MTConfig - ok
23:53:53.0586 1124 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
23:53:53.0601 1124 MTsensor - ok
23:53:53.0695 1124 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:53:53.0695 1124 Mup - ok
23:53:53.0757 1124 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
23:53:53.0757 1124 napagent - ok
23:53:53.0866 1124 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:53:53.0882 1124 NativeWifiP - ok
23:53:54.0771 1124 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:53:54.0787 1124 NDIS - ok
23:53:54.0927 1124 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:53:54.0943 1124 NdisCap - ok
23:53:55.0068 1124 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:53:55.0068 1124 NdisTapi - ok
23:53:55.0177 1124 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:53:55.0192 1124 Ndisuio - ok
23:53:55.0395 1124 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:53:55.0411 1124 NdisWan - ok
23:53:55.0567 1124 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:53:55.0582 1124 NDProxy - ok
23:53:55.0692 1124 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:53:55.0707 1124 NetBIOS - ok
23:53:56.0050 1124 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:53:56.0066 1124 NetBT - ok
23:53:56.0175 1124 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:53:56.0175 1124 Netlogon - ok
23:53:56.0784 1124 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:53:56.0784 1124 Netman - ok
23:53:57.0595 1124 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:53:57.0610 1124 NetMsmqActivator - ok
23:53:57.0610 1124 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:53:57.0610 1124 NetPipeActivator - ok
23:53:58.0094 1124 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:53:58.0094 1124 netprofm - ok
23:53:58.0110 1124 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:53:58.0110 1124 NetTcpActivator - ok
23:53:58.0125 1124 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:53:58.0125 1124 NetTcpPortSharing - ok
23:53:58.0281 1124 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:53:58.0281 1124 nfrd960 - ok
23:53:58.0796 1124 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
23:53:58.0796 1124 NlaSvc - ok
23:53:59.0014 1124 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:53:59.0030 1124 Npfs - ok
23:53:59.0108 1124 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:53:59.0124 1124 nsi - ok
23:53:59.0186 1124 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:53:59.0202 1124 nsiproxy - ok
23:53:59.0545 1124 nSvcIp (198ff60a42802c319fba58fdb13eee49) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
23:53:59.0545 1124 nSvcIp - ok
23:54:00.0637 1124 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
23:54:00.0652 1124 Ntfs - ok
23:54:00.0715 1124 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:54:00.0715 1124 Null - ok
23:54:01.0464 1124 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
23:54:01.0495 1124 NVENETFD - ok
23:54:01.0651 1124 NVNET (0219b05730635fcab3a9925d3374c464) C:\Windows\system32\DRIVERS\nvmf6232.sys
23:54:01.0698 1124 NVNET - ok
23:54:02.0041 1124 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
23:54:02.0041 1124 nvraid - ok
23:54:02.0384 1124 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
23:54:02.0400 1124 nvstor - ok
23:54:02.0774 1124 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
23:54:02.0774 1124 nvstor32 - ok
23:54:02.0868 1124 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:54:02.0883 1124 nv_agp - ok
23:54:02.0899 1124 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:54:02.0899 1124 ohci1394 - ok
23:54:03.0039 1124 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:54:03.0055 1124 p2pimsvc - ok
23:54:03.0757 1124 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:54:03.0788 1124 p2psvc - ok
23:54:04.0006 1124 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:54:04.0022 1124 Parport - ok
23:54:04.0100 1124 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
23:54:04.0100 1124 partmgr - ok
23:54:04.0131 1124 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:54:04.0131 1124 Parvdm - ok
23:54:04.0459 1124 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:54:04.0474 1124 PcaSvc - ok
23:54:04.0786 1124 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:54:04.0802 1124 pci - ok
23:54:04.0849 1124 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:54:04.0880 1124 pciide - ok
23:54:05.0192 1124 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:54:05.0208 1124 pcmcia - ok
23:54:05.0239 1124 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:54:05.0239 1124 pcw - ok
23:54:06.0222 1124 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:54:06.0253 1124 PEAUTH - ok
23:54:06.0502 1124 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
23:54:06.0565 1124 PeerDistSvc - ok
23:54:06.0970 1124 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
23:54:07.0064 1124 pla - ok
23:54:07.0750 1124 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
23:54:07.0750 1124 PlugPlay - ok
23:54:07.0813 1124 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:54:07.0813 1124 PNRPAutoReg - ok
23:54:07.0860 1124 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:54:07.0875 1124 PNRPsvc - ok
23:54:07.0969 1124 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
23:54:07.0984 1124 PolicyAgent - ok
23:54:08.0062 1124 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
23:54:08.0078 1124 Power - ok
23:54:08.0343 1124 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:54:08.0359 1124 PptpMiniport - ok
23:54:08.0374 1124 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:54:08.0390 1124 Processor - ok
23:54:08.0437 1124 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
23:54:08.0468 1124 ProfSvc - ok
23:54:08.0546 1124 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:54:08.0562 1124 ProtectedStorage - ok
23:54:08.0905 1124 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:54:08.0920 1124 Psched - ok
23:54:09.0108 1124 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
23:54:09.0123 1124 PxHelp20 - ok
23:54:10.0964 1124 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:54:11.0042 1124 ql2300 - ok
23:54:12.0852 1124 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:54:12.0867 1124 ql40xx - ok
23:54:13.0273 1124 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:54:13.0304 1124 QWAVE - ok
23:54:13.0398 1124 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:54:13.0413 1124 QWAVEdrv - ok
23:54:13.0429 1124 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:54:13.0444 1124 RasAcd - ok
23:54:13.0616 1124 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:54:13.0632 1124 RasAgileVpn - ok
23:54:13.0866 1124 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:54:13.0881 1124 RasAuto - ok
23:54:14.0131 1124 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:54:14.0131 1124 Rasl2tp - ok
23:54:14.0724 1124 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
23:54:14.0755 1124 RasMan - ok
23:54:14.0864 1124 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:54:14.0864 1124 RasPppoe - ok
23:54:14.0926 1124 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:54:14.0942 1124 RasSstp - ok
23:54:15.0394 1124 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:54:15.0410 1124 rdbss - ok
23:54:15.0488 1124 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:54:15.0519 1124 rdpbus - ok
23:54:15.0535 1124 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:54:15.0550 1124 RDPCDD - ok
23:54:15.0878 1124 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:54:15.0909 1124 RDPDR - ok
23:54:16.0018 1124 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:54:16.0034 1124 RDPENCDD - ok
23:54:16.0050 1124 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:54:16.0065 1124 RDPREFMP - ok
23:54:16.0143 1124 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
23:54:16.0159 1124 RDPWD - ok
23:54:16.0221 1124 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:54:16.0221 1124 rdyboost - ok
23:54:16.0330 1124 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:54:16.0362 1124 RemoteAccess - ok
23:54:16.0642 1124 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:54:16.0642 1124 RemoteRegistry - ok
23:54:16.0752 1124 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:54:16.0767 1124 RpcEptMapper - ok
23:54:16.0845 1124 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:54:16.0845 1124 RpcLocator - ok
23:54:17.0454 1124 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\System32\rpcss.dll
23:54:17.0469 1124 RpcSs - ok
23:54:17.0703 1124 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:54:17.0719 1124 rspndr - ok
23:54:17.0781 1124 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:54:17.0781 1124 s3cap - ok
23:54:17.0875 1124 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:54:17.0890 1124 SamSs - ok
23:54:18.0109 1124 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:54:18.0124 1124 sbp2port - ok
23:54:18.0405 1124 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:54:18.0405 1124 SCardSvr - ok
23:54:18.0546 1124 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:54:18.0561 1124 scfilter - ok
23:54:19.0435 1124 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
23:54:19.0450 1124 Schedule - ok
23:54:19.0622 1124 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:54:19.0622 1124 SCPolicySvc - ok
23:54:19.0887 1124 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
23:54:19.0918 1124 SDRSVC - ok
23:54:20.0074 1124 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:54:20.0090 1124 secdrv - ok
23:54:20.0199 1124 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:54:20.0215 1124 seclogon - ok
23:54:20.0402 1124 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
23:54:20.0402 1124 SENS - ok
23:54:20.0496 1124 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:54:20.0527 1124 SensrSvc - ok
23:54:20.0589 1124 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:54:20.0605 1124 Serenum - ok
23:54:20.0792 1124 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:54:20.0823 1124 Serial - ok
23:54:20.0901 1124 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:54:20.0901 1124 sermouse - ok
23:54:21.0151 1124 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
23:54:21.0151 1124 SessionEnv - ok
23:54:21.0229 1124 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:54:21.0244 1124 sffdisk - ok
23:54:21.0276 1124 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:54:21.0276 1124 sffp_mmc - ok
23:54:21.0291 1124 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:54:21.0291 1124 sffp_sd - ok
23:54:21.0354 1124 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:54:21.0354 1124 sfloppy - ok
23:54:21.0946 1124 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:54:21.0978 1124 SharedAccess - ok
23:54:22.0258 1124 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
23:54:22.0258 1124 ShellHWDetection - ok
23:54:22.0352 1124 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:54:22.0352 1124 sisagp - ok
23:54:22.0399 1124 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:54:22.0399 1124 SiSRaid2 - ok
23:54:22.0414 1124 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:54:22.0414 1124 SiSRaid4 - ok
23:54:22.0446 1124 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:54:22.0446 1124 Smb - ok
23:54:22.0524 1124 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:54:22.0524 1124 SNMPTRAP - ok
23:54:22.0570 1124 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:54:22.0570 1124 spldr - ok
23:54:22.0648 1124 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
23:54:22.0664 1124 Spooler - ok
23:54:23.0366 1124 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
23:54:23.0382 1124 sppsvc - ok
23:54:24.0723 1124 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
23:54:24.0739 1124 sppuinotify - ok
23:54:25.0659 1124 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
23:54:25.0690 1124 srv - ok
23:54:26.0268 1124 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
23:54:26.0299 1124 srv2 - ok
23:54:26.0424 1124 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
23:54:26.0439 1124 srvnet - ok
23:54:26.0782 1124 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:54:26.0782 1124 SSDPSRV - ok
23:54:27.0001 1124 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:54:27.0016 1124 SstpSvc - ok
23:54:27.0110 1124 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:54:27.0126 1124 stexstor - ok
23:54:28.0093 1124 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
23:54:28.0108 1124 StiSvc - ok
23:54:28.0233 1124 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:54:28.0249 1124 storflt - ok
23:54:28.0342 1124 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:54:28.0342 1124 storvsc - ok
23:54:28.0420 1124 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:54:28.0436 1124 swenum - ok
23:54:29.0434 1124 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:54:29.0497 1124 SwitchBoard - ok
23:54:30.0168 1124 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:54:30.0183 1124 swprv - ok
23:54:30.0183 1124 SymDS - ok
23:54:30.0199 1124 SymEFA - ok
23:54:32.0258 1124 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
23:54:32.0289 1124 SysMain - ok
23:54:32.0476 1124 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
23:54:32.0492 1124 TabletInputService - ok
23:54:32.0679 1124 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
23:54:32.0695 1124 TapiSrv - ok
23:54:32.0835 1124 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:54:32.0851 1124 TBS - ok
23:54:35.0362 1124 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
23:54:35.0378 1124 Tcpip - ok
23:54:35.0456 1124 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
23:54:35.0472 1124 TCPIP6 - ok
23:54:35.0581 1124 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:54:35.0596 1124 tcpipreg - ok
23:54:35.0612 1124 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:54:35.0612 1124 TDPIPE - ok
23:54:35.0721 1124 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
23:54:35.0737 1124 TDTCP - ok
23:54:35.0908 1124 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
23:54:35.0908 1124 tdx - ok
23:54:36.0033 1124 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:54:36.0049 1124 TermDD - ok
23:54:36.0751 1124 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
23:54:36.0766 1124 TermService - ok
23:54:36.0907 1124 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:54:36.0922 1124 Themes - ok
23:54:37.0063 1124 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:54:37.0063 1124 THREADORDER - ok
23:54:37.0250 1124 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:54:37.0266 1124 TrkWks - ok
23:54:37.0780 1124 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
23:54:37.0796 1124 TrustedInstaller - ok
23:54:37.0890 1124 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:37.0890 1124 tssecsrv - ok
23:54:38.0077 1124 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:54:38.0077 1124 tunnel - ok
23:54:38.0155 1124 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:54:38.0186 1124 uagp35 - ok
23:54:38.0638 1124 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:54:38.0654 1124 udfs - ok
23:54:38.0841 1124 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:54:38.0857 1124 UI0Detect - ok
23:54:39.0138 1124 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:54:39.0153 1124 uliagpkx - ok
23:54:39.0309 1124 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:54:39.0325 1124 umbus - ok
23:54:39.0372 1124 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:54:39.0403 1124 UmPass - ok
23:54:39.0808 1124 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
23:54:39.0824 1124 UmRdpService - ok
23:54:40.0308 1124 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:54:40.0323 1124 upnphost - ok
23:54:40.0495 1124 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:40.0510 1124 usbccgp - ok
23:54:40.0776 1124 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:54:40.0807 1124 usbcir - ok
23:54:40.0932 1124 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
23:54:40.0932 1124 usbehci - ok
23:54:41.0212 1124 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
23:54:41.0228 1124 usbhub - ok
23:54:41.0306 1124 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
23:54:41.0306 1124 usbohci - ok
23:54:41.0384 1124 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:54:41.0400 1124 usbprint - ok
23:54:41.0556 1124 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:41.0602 1124 USBSTOR - ok
23:54:41.0696 1124 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:54:41.0712 1124 usbuhci - ok
23:54:41.0852 1124 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:54:41.0852 1124 UxSms - ok
23:54:41.0946 1124 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:54:41.0946 1124 VaultSvc - ok
23:54:42.0039 1124 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:54:42.0039 1124 vdrvroot - ok
23:54:42.0819 1124 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
23:54:42.0835 1124 vds - ok
23:54:42.0975 1124 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:42.0991 1124 vga - ok
23:54:43.0006 1124 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:54:43.0022 1124 VgaSave - ok
23:54:43.0334 1124 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:54:43.0365 1124 vhdmp - ok
23:54:43.0568 1124 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:54:43.0584 1124 viaagp - ok
23:54:43.0693 1124 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:54:43.0693 1124 ViaC7 - ok
23:54:45.0783 1124 VIAHdAudAddService (fd921de6074bde7d0cf7e43d19ab7081) C:\Windows\system32\drivers\viahduaa.sys
23:54:45.0846 1124 VIAHdAudAddService - ok
23:54:45.0939 1124 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:54:45.0955 1124 viaide - ok
23:54:46.0267 1124 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:54:46.0282 1124 vmbus - ok
23:54:46.0376 1124 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:54:46.0392 1124 VMBusHID - ok
23:54:46.0594 1124 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:54:46.0610 1124 volmgr - ok
23:54:47.0234 1124 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:54:47.0250 1124 volmgrx - ok
23:54:47.0780 1124 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:54:47.0796 1124 volsnap - ok
23:54:47.0874 1124 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:54:47.0905 1124 vsmraid - ok
23:54:49.0387 1124 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
23:54:49.0402 1124 VSS - ok
23:54:49.0465 1124 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:54:49.0480 1124 vwifibus - ok
23:54:50.0120 1124 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:54:50.0120 1124 W32Time - ok
23:54:50.0245 1124 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:54:50.0245 1124 WacomPen - ok
23:54:50.0354 1124 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:54:50.0370 1124 WANARP - ok
23:54:50.0385 1124 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:54:50.0385 1124 Wanarpv6 - ok
23:54:51.0415 1124 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:54:51.0446 1124 WatAdminSvc - ok
23:54:52.0460 1124 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
23:54:52.0476 1124 wbengine - ok
23:54:52.0569 1124 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:54:52.0585 1124 WbioSrvc - ok
23:54:53.0178 1124 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
23:54:53.0193 1124 wcncsvc - ok
23:54:53.0302 1124 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:54:53.0334 1124 WcsPlugInService - ok
23:54:53.0973 1124 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:54:53.0989 1124 Wd - ok
23:54:54.0129 1124 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:54:54.0160 1124 Wdf01000 - ok
23:54:54.0192 1124 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:54:54.0192 1124 WdiServiceHost - ok
23:54:54.0192 1124 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:54:54.0192 1124 WdiSystemHost - ok
23:54:54.0270 1124 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
23:54:54.0270 1124 WebClient - ok
23:54:54.0348 1124 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:54:54.0348 1124 Wecsvc - ok
23:54:54.0363 1124 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:54:54.0379 1124 wercplsupport - ok
23:54:54.0441 1124 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:54:54.0457 1124 WerSvc - ok
23:54:54.0550 1124 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:54:54.0550 1124 WfpLwf - ok
23:54:54.0582 1124 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:54:54.0582 1124 WIMMount - ok
23:54:55.0642 1124 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:54:55.0674 1124 WinDefend - ok
23:54:55.0705 1124 WinHttpAutoProxySvc - ok
23:54:56.0422 1124 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:54:56.0438 1124 Winmgmt - ok
23:54:57.0015 1124 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
23:54:57.0062 1124 WinRM - ok
23:54:57.0218 1124 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:54:57.0265 1124 Wlansvc - ok
23:54:57.0608 1124 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:54:57.0624 1124 WmiAcpi - ok
23:54:58.0326 1124 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:54:58.0326 1124 wmiApSrv - ok
23:54:58.0887 1124 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:54:58.0934 1124 WMPNetworkSvc - ok
23:54:59.0012 1124 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:54:59.0012 1124 WPCSvc - ok
23:54:59.0043 1124 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
23:54:59.0043 1124 WPDBusEnum - ok
23:54:59.0246 1124 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:54:59.0246 1124 ws2ifsl - ok
23:54:59.0308 1124 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
23:54:59.0308 1124 wscsvc - ok
23:54:59.0308 1124 WSearch - ok
23:55:00.0400 1124 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
23:55:00.0416 1124 wuauserv - ok
23:55:02.0210 1124 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:55:02.0210 1124 WudfPf - ok
23:55:02.0553 1124 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:02.0569 1124 WUDFRd - ok
23:55:02.0756 1124 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
23:55:02.0772 1124 wudfsvc - ok
23:55:03.0052 1124 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:55:03.0084 1124 WwanSvc - ok
23:55:03.0115 1124 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:55:03.0177 1124 \Device\Harddisk0\DR0 - ok
23:55:03.0177 1124 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:55:03.0193 1124 \Device\Harddisk1\DR1 - ok
23:55:03.0193 1124 Boot (0x1200) (1eaec94452dd1af4d1f0d82e711457a9) \Device\Harddisk0\DR0\Partition0
23:55:03.0193 1124 \Device\Harddisk0\DR0\Partition0 - ok
23:55:03.0224 1124 Boot (0x1200) (fb4d10b359b999c06f8349877ffff991) \Device\Harddisk0\DR0\Partition1
23:55:03.0255 1124 \Device\Harddisk0\DR0\Partition1 - ok
23:55:03.0255 1124 Boot (0x1200) (446841e05c5a99b96e9ea72d194b5547) \Device\Harddisk1\DR1\Partition0
23:55:03.0255 1124 \Device\Harddisk1\DR1\Partition0 - ok
23:55:03.0271 1124 ============================================================
23:55:03.0271 1124 Scan finished
23:55:03.0271 1124 ============================================================
23:55:03.0286 5568 Detected object count: 0
23:55:03.0286 5568 Actual detected object count: 0

#198
neataznyam

Posted 24 April 2012 - 12:57 AM

Member

Topic Starter
Member
150 posts

ComboFix 12-04-23.03 - henry ong 04/23/2012 23:44:29.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1576 [GMT -7:00]
Running from: c:\users\henry ong\Downloads\ComboFix.exe.exe
Command switches used :: c:\users\henry ong\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ComboFix.exe
c:\combofix.exe\PEV.exe
c:\combofix.exe\snapshot.00.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 06:50 . 2012-04-24 06:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 05:18 . 2012-04-24 05:18 -------- d-----w- C:\Riot Games
2012-04-24 05:10 . 2012-04-24 05:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-24 04:20 . 2012-04-24 04:20 -------- d-----w- c:\program files\Microsoft.NET
2012-04-24 04:19 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-24 04:19 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-04-24 04:19 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-24 04:19 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-24 04:19 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-04-24 04:07 . 2012-04-24 04:07 -------- d-----w- c:\programdata\DeviceVm
2012-04-24 04:07 . 2012-04-24 04:07 -------- d--h--w- c:\program files\DeviceVM
2012-04-24 04:06 . 2012-04-24 06:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-24 04:05 . 2012-04-24 06:10 -------- d-----w- c:\program files\Norton Internet Security
2012-04-24 04:05 . 2012-04-24 04:06 -------- d-----w- c:\programdata\Norton
2012-04-24 04:03 . 2012-04-24 04:03 -------- d-----w- c:\program files\NortonInstaller
2012-04-24 04:03 . 2008-01-04 20:34 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2012-04-24 04:03 . 2008-01-04 20:34 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2012-04-24 03:53 . 2010-05-15 11:11 886688 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2012-04-24 03:53 . 2010-05-15 11:11 73120 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2012-04-24 03:53 . 2010-05-15 11:11 510368 ----a-w- c:\windows\system32\VIASysFx.dll
2012-04-24 03:53 . 2010-05-15 11:11 80288 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2012-04-24 03:53 . 2010-05-15 11:11 215968 ----a-w- c:\windows\system32\Dts2APO.dll
2012-04-24 03:53 . 2010-05-15 11:11 185248 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2012-04-24 03:53 . 2010-05-15 11:11 1150880 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2012-04-24 03:53 . 2007-12-04 03:28 76288 ----a-w- c:\windows\system32\nQPropPageExt.dll
2012-04-24 03:53 . 2007-12-04 03:28 71680 ----a-w- c:\windows\system32\nQAPO.dll
2012-04-24 03:51 . 2012-04-24 04:02 -------- d-----w- c:\program files\Common Files\InstallShield
2012-04-24 03:46 . 2004-02-17 07:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2012-04-24 03:46 . 2004-02-27 07:00 962612 ----a-w- c:\windows\system32\mfc42d.dll
2012-04-24 03:46 . 2009-09-30 03:33 24576 ----a-r- c:\windows\system32\AsIO.dll
2012-04-24 03:46 . 2009-08-04 02:28 11296 ----a-r- c:\windows\system32\drivers\AsIO.sys
2012-04-24 03:46 . 2012-04-24 04:03 -------- d-----w- c:\program files\ASUS
2012-04-24 03:31 . 2012-04-24 03:31 -------- d-----w- c:\windows\system32\Wat
2012-04-24 03:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-24 03:13 . 2012-04-24 03:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-04-24 03:05 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-04-24 03:04 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-24 03:04 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-24 03:03 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-04-24 02:51 . 2012-04-24 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-04-24 02:20 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-04-24 02:20 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-24 02:20 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-04-24 02:20 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-04-24 02:18 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-04-24 02:05 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-24 02:05 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-04-24 02:05 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2012-04-24 01:58 . 2012-04-24 01:58 -------- d-----w- c:\programdata\ALM
2012-04-24 01:56 . 2012-04-24 01:56 -------- d-----w- c:\programdata\McAfee
2012-04-24 01:56 . 2012-04-24 01:56 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-24 01:56 . 2012-04-24 01:56 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-24 01:33 . 2012-04-24 01:33 -------- d-----w- c:\program files\My Company Name
2012-04-24 01:33 . 2012-04-24 01:33 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2012-04-24 01:24 . 2012-04-24 01:24 -------- d-----w- c:\windows\system32\Macromed
2012-04-24 01:19 . 2012-04-24 01:58 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-24 01:08 . 2012-04-24 01:08 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 01:08 . 2012-04-24 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-24 01:08 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 00:41 . 2012-04-24 00:41 -------- d-----w- c:\program files\Guild Wars
2012-04-24 00:23 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-04-24 00:23 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2012-04-24 00:23 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-04-24 00:23 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-04-24 00:23 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-04-23 23:35 . 2012-04-23 23:04 -------- d-----w- c:\windows\Panther
2012-04-23 23:35 . 2012-04-18 10:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{759EE162-FEF2-4DCB-B542-6CEBA2221B95}\mpengine.dll
2012-04-23 23:35 . 2012-02-23 17:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-23 23:27 . 2012-04-24 05:17 -------- d-----w- c:\programdata\PMB Files
2012-04-23 23:27 . 2012-04-23 23:27 -------- d-----w- c:\program files\Pando Networks
2012-04-23 23:26 . 2012-04-23 23:26 -------- d-----w- C:\Windows.old
2012-04-23 23:23 . 2012-04-23 23:23 -------- d-----w- c:\program files\Adobe Download Assistant
2012-04-23 23:23 . 2012-04-23 23:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-04-23 23:19 . 2012-04-23 23:19 -------- d-----w- c:\programdata\ATI
2012-04-23 23:17 . 2012-04-23 23:17 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-23 23:15 . 2012-04-23 23:15 -------- d-----w- c:\program files\AMD AVT
2012-04-23 23:15 . 2012-04-23 23:15 -------- d-----w- c:\program files\AMD APP
2012-04-23 23:15 . 2012-04-23 23:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-23 23:14 . 2012-04-23 23:15 -------- d-----w- c:\programdata\AMD
2012-04-23 23:14 . 2010-02-18 16:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-04-23 23:14 . 2012-04-24 06:09 -------- d-sh--w- c:\windows\Installer
2012-04-23 23:14 . 2012-04-23 23:15 -------- d-----w- c:\program files\ATI Technologies
2012-04-23 23:14 . 2012-04-23 23:14 -------- d-----w- c:\program files\ATI
2012-04-23 23:09 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-23 23:09 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 23:09 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-23 23:09 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-23 23:09 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-23 23:09 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-23 23:09 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2012-04-23 23:06 . 2012-04-24 06:02 -------- d-----w- c:\windows\system32\wbem\Performance
2012-04-23 23:04 . 2012-04-24 01:48 -------- d-----w- c:\users\henry ong
2012-04-03 08:35 . 2012-04-03 11:03 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 08:26 . 2012-03-09 08:26 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-03-09 08:26 . 2012-03-09 08:26 54784 ----a-w- c:\windows\system32\OVDecode.dll
2012-03-09 08:25 . 2012-03-09 08:25 13238272 ----a-w- c:\windows\system32\amdocl.dll
2012-03-09 08:24 . 2012-03-09 08:24 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 06:26 . 2012-03-09 06:26 9183232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\system32\aticfx32.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:10 . 2012-03-09 05:10 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-03-09 05:07 . 2012-03-09 05:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\system32\aticaldd.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-03-09 03:57 . 2012-03-09 03:57 265216 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-04-20 08:27 51200 ----a-w- c:\windows\system32\coinst.dll
2012-01-31 14:00 . 2012-01-31 14:00 16896 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-03-13 04:39 . 2012-04-23 23:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S4 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys [x]
S4 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\SYMDS.SYS [x]
S4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\SYMEFA.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 34266972
*NewlyCreated* - EECTRL
*NewlyCreated* - ERASERUTILDRV11122
*NewlyCreated* - FASTFAT
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WUDFPF
*Deregistered* - 34266972
*Deregistered* - BHDrvx86
*Deregistered* - ccHP
*Deregistered* - EraserUtilDrv11122
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9
FF - ProfilePath - c:\users\henry ong\AppData\Roaming\Mozilla\Firefox\Profiles\2yhwfed1.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
.
.
Completion time: 2012-04-23 23:52:22
ComboFix-quarantined-files.txt 2012-04-24 06:52
ComboFix2.txt 2012-04-24 06:24
.
Pre-Run: 229,140,795,392 bytes free
Post-Run: 229,100,843,008 bytes free
.
- - End Of File - - B24B0EDF8E6B3ED25E6C1A8316A813B8

#199
maliprog

Posted 24 April 2012 - 12:59 AM

Trusted Helper

Malware Removal
6,172 posts

Quick update... How is your system now? Problems?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
Also, ZIP MBR.dat it creates and attach it to your next reply

#200
neataznyam

Posted 24 April 2012 - 01:04 AM

Member

Topic Starter
Member
150 posts

well its slower for some reason and I can't install some programs saying something to do with connection lost to http server. Please check that your internet connection is stable, and that http connections are not being blocked by firewall. Another thing that confused me was I formatted it but it says that I'm using up half the space.

Edited by neataznyam, 24 April 2012 - 01:05 AM.

#201
neataznyam

Posted 24 April 2012 - 01:06 AM

Member

Topic Starter
Member
150 posts

and I download super slow

#202
neataznyam

Posted 24 April 2012 - 01:09 AM

Member

Topic Starter
Member
150 posts

aswMBR.exe isn't downloading

#203
maliprog

Posted 24 April 2012 - 01:11 AM

Trusted Helper

Malware Removal
6,172 posts

So you formated it? You should say something. I see no infection on your system now.

Maybe you Internet connection is down. Can you check this with another PC.

#204
RKinner

Posted 24 April 2012 - 11:00 AM

Malware Expert

Expert
24,625 posts

I expect when you formatted that it saw the old windows install and saved it for you. I think it calls it C:\Windows.old so if you look there you will probably find what is using up so much hard drive.

See: http://windows.micro...dows-old-folder

To see what is slowing it down:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v

Ron

#205
neataznyam

Posted 25 April 2012 - 06:56 PM

Member

Topic Starter
Member
150 posts

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 85.52 0 K 24 K
procexp.exe 3548 5.52 19,304 K 31,296 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a 1.97 0 K 0 K Hardware Interrupts and DPCs
plugin-container.exe 4072 1.83 87,728 K 94,952 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation
csrss.exe 440 0.98 31,192 K 20,112 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1736 0.94 30,468 K 20,904 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 172 0.89 1,128 K 4,036 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe 2260 0.71 101,016 K 44,976 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
firefox.exe 3400 0.60 186,572 K 192,196 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
System 4 0.53 48 K 1,316 K
svchost.exe 732 0.12 2,316 K 5,152 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 2380 0.09 29,412 K 39,032 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
CCC.exe 3460 0.09 90,644 K 18,028 K Catalyst Control Center: Host application ATI Technologies Inc. (Unable to verify) ATI Technologies Inc.
lsass.exe 548 0.06 2,876 K 7,256 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
MOM.exe 2564 0.03 25,216 K 4,728 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (Unable to verify) Advanced Micro Devices Inc.
svchost.exe 1204 0.03 12,728 K 11,696 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 360 0.02 1,232 K 3,252 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 3084 0.02 18,572 K 12,068 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
services.exe 512 0.01 4,208 K 6,784 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 924 0.01 17,512 K 27,588 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2336 < 0.01 1,912 K 4,028 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1084 < 0.01 4,008 K 7,220 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 896 < 0.01 56,412 K 60,832 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
BCU.exe 2776 < 0.01 4,060 K 8,928 K Browser Configuration Utility DeviceVM, Inc. (Verified) DeviceVM Inc.
FourEngine.exe 2488 < 0.01 15,984 K 2,232 K ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
WUDFHost.exe 1332 1,500 K 4,944 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3312 2,060 K 5,092 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2916 5,080 K 8,336 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 520 1,688 K 4,752 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 428 900 K 3,280 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VDeck.exe 2752 8,496 K 6,240 K VIA HD Audio CPL VIA (Verified) VIA Technologies Inc.
unsecapp.exe 3188 1,084 K 3,960 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2368 1,160 K 4,028 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 652 2,784 K 6,580 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1428 18,564 K 18,768 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 860 13,636 K 12,944 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 748 1,736 K 4,404 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3840 1,800 K 9,060 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SSScheduler.exe 2820 768 K 2,716 K McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee, Inc.
sppsvc.exe 2548 1,916 K 4,356 K Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1400 4,776 K 8,464 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 260 264 K 840 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
PresentationFontCache.exe 2668 11,928 K 9,164 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
nSvcIp.exe 1816 2,752 K 6,576 K NVIDIA Corporation (Unable to verify)
nSvcAppFlt.exe 1780 1,664 K 5,036 K app_filter Module (Verified) NVIDIA Corporation
mbamgui.exe 2588 2,012 K 5,988 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 556 1,216 K 2,944 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
Fuel.Service.exe 1524 1,240 K 4,356 K AMD Fuel Service Advanced Micro Devices, Inc. (Unable to verify) Advanced Micro Devices, Inc.
dwm.exe 2280 1,216 K 4,256 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1408 984 K 4,180 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
cmd.exe 3568 1,896 K 2,352 K Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
BCUService.exe 1584 664 K 2,624 K Browser Configuration Utility Auto-recovery Service DeviceVM, Inc. (Verified) DeviceVM Inc.
audiodg.exe 1012 15,468 K 15,060 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 796 856 K 2,996 K AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 1368 1,640 K 4,992 K AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
acrotray.exe 2684 932 K 3,652 K AcroTray Adobe Systems Inc. (Verified) Adobe Systems, Incorporated

#206
RKinner

Posted 25 April 2012 - 09:04 PM

Malware Expert

Expert
24,625 posts

Couldn't you get vew to work? Vew is a good way to see what is causing a slow boot. Your other alternative is to run msconfig:

Check for a bad program:
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

msconfig

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit.

Looking at Process Explorer:
This line is a bit high:
Interrupts n/a 1.97 0 K 0 K Hardware Interrupts and DPCs

Interrupts have a bigger effect than the % would imply. Mine hangs around 1.00 with some spurts to 1.19.

Possibly a driver issue. Go to your PC maker's website and see if there are any new drivers available for your PC. On a laptop this can be caused by a bad battery. Windows Update may show you some driver updates if you look at the Optional updates. I don't like to use their updates. Prefer to get them from the PC maker's site but at least they tell you what is probably out of date.

This line also seems a bit high but it's small enough that I doubt you would notice:

plugin-container.exe 4072 1.83 87,728 K 94,952 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation

This is Firefox's method of running add-ons so one of your add-ons may be at fault or you may have an older version of Firefox. The only add-ons I use are AdBlock Plus and avast's.

#207
neataznyam

Posted 25 April 2012 - 11:07 PM

Member

Topic Starter
Member
150 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/04/2012 10:06:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2012 4:53:35 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80242016: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2012 3:14:49 AM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user FapMachine\henry ong to restart/shutdown computer FAPMACHINE failed

#208
neataznyam

Posted 25 April 2012 - 11:08 PM

Member

Topic Starter
Member
150 posts

and it seems to be working better, I mean photoshop registers a bit slow but thats all im noticing right now

#209
RKinner

Posted 25 April 2012 - 11:18 PM

Malware Expert

Expert
24,625 posts

Log: 'System' Date/Time: 26/04/2012 4:53:35 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80242016: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526).

There is an update that didn't work. It might slow you down some. I've fought this thing before. Sometimes you have to remove all of the .net software and run their cleanup tool
http://blogs.msdn.co...28/8904493.aspx then reinstall all of the .net programs in order but you can start with this:

http://support.microsoft.com/kb/906602