Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated detection of trojan.gen


  • This topic is locked This topic is locked
14 replies to this topic

#1 Iris17

Iris17

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 March 2012 - 12:13 PM

Hi,
I have Norton 360 Antivirus running on my computer and a few days ago, I kept receiving email error notifications from Norton regarding emails which I am not even sending out. I did a scan with Norton but it didn’t detect anything, so I downloaded and ran Malwarebytes which detected and deleted 2 items successfully. The email error notifications stopped after that so I thought things were fine.

Soon after, Norton started sending me notifications that I was attempting to download files from a site known as silverkniferu.com (these files were usually randomly named .exe files such as 4a69.exe), seeing as I didn’t recognise and did not even attempt to download anything from the source, I’ve always chosen the “Remove this program from my computer” option. I’ve also stopped receiving these notifications as well.

However, now Norton repeatedly detects and quarantines Trojan.gen on my computer so I can’t help feel a bit paranoid and worried that my computer may be infected.

I’ve posted the DDS logs, but not GMER since I run a 64-bit version of windows. Many thanks and much appreciation for the help!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Kim at 1:10:16 on 2012-03-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3894.1839 [GMT 8:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\vcsFPService.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sg.yahoo.com/?p=us
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Windows Primary Login] C:\Users\Public\O-858454-6314-2-64\regsrv32.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\Kim\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\Kim\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Kim\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\Kim\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\Kim\AppData\Local\Temp\f5tmp\urxhost.cab
TCP: DhcpNameServer = 218.186.2.16 218.186.1.58 218.186.2.6
TCP: Interfaces\{A5086A02-3C24-4A47-9359-E60623D88B27} : NameServer = 0.0.0.0
TCP: Interfaces\{B64A3556-774C-4DDE-A685-7D1E645DF88A} : DhcpNameServer = 218.186.2.16 218.186.1.58 218.186.2.6
TCP: Interfaces\{B64A3556-774C-4DDE-A685-7D1E645DF88A}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO-X64: EgisPBIE - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-17 1157240]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120323.002\IDSviA64.sys [2012-3-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-23 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-6-25 338168]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-6-9 697712]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-6-9 646000]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-23 13336]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2012-3-23 126400]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-23 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-22 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\system32\DRIVERS\covpnv64.sys --> C:\Windows\system32\DRIVERS\covpnv64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 f5ipfw;F5 Networks StoneWall Filter;\??\C:\Windows\system32\drivers\urfltv64.sys --> C:\Windows\system32\drivers\urfltv64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-6 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-25 14:46:12 -------- d-----w- C:\Users\Kim\AppData\Local\{6ABF729B-42FC-4BC2-9791-9E97B9566F8D}
2012-03-25 14:45:46 -------- d-----w- C:\Users\Kim\AppData\Local\{858182AE-6005-49F9-8038-D8A8F2FAF7AE}
2012-03-24 10:10:27 -------- d-----w- C:\Users\Kim\AppData\Local\{533A4835-5984-4ABF-905F-72646C2DBCF5}
2012-03-24 10:09:59 -------- d-----w- C:\Users\Kim\AppData\Local\{9974FE6F-637E-43C5-8001-CB6F38136363}
2012-03-23 06:49:19 -------- d-----w- C:\Users\Kim\AppData\Roaming\Malwarebytes
2012-03-23 06:48:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-23 06:48:36 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-23 06:48:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 04:33:55 -------- d-----w- C:\Users\Kim\AppData\Local\{BC1F5BD6-FFA8-4017-962B-F32A6D8F9C54}
2012-03-23 04:33:25 -------- d-----w- C:\Users\Kim\AppData\Local\{7176E3C5-4670-432C-889B-C4A44CF9CEDD}
2012-03-23 04:16:14 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0404000.00C\srtsp64.sys
2012-03-23 04:16:14 451704 ----a-w- C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys
2012-03-23 04:16:14 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys
2012-03-23 04:16:14 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0404000.00C\srtspx64.sys
2012-03-23 04:16:14 221304 ----a-w- C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys
2012-03-23 04:16:14 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys
2012-03-23 04:16:13 593544 ----a-w- C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys
2012-03-23 04:15:57 -------- d-----w- C:\Windows\System32\drivers\N360x64\0404000.00C
2012-03-22 05:35:05 -------- d-----w- C:\Users\Kim\AppData\Local\{C6158269-98B5-4442-94B8-BF521FAF55B9}
2012-03-22 05:34:31 -------- d-----w- C:\Users\Kim\AppData\Local\{5CE85676-C219-4600-94CB-E4C00943321C}
2012-03-22 02:46:27 -------- d-----w- C:\Users\Kim\AppData\Local\{D2EE161A-3038-433A-A61E-D652CC0B52E2}
2012-03-22 02:36:34 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-22 02:36:34 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2012-03-22 02:36:34 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2012-03-22 02:36:33 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-22 02:36:07 -------- d-----w- C:\Program Files\Symantec
2012-03-22 02:36:07 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-03-22 02:34:53 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-03-22 02:34:51 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-03-21 17:55:07 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{958F6CA9-ABB1-4AA7-BBA0-1E2E3475C85E}\mpengine.dll
2012-03-21 17:04:13 -------- d-----w- C:\Users\Kim\AppData\Local\{56C8E3E3-6DD7-4B0A-B062-8C63572F7B97}
2012-03-21 11:22:49 -------- d-----w- C:\Users\Kim\AppData\Local\{27B68B30-D072-4F9D-A268-5199ECE383C3}
2012-03-21 11:22:24 -------- d-----w- C:\Users\Kim\AppData\Local\{BDF2C881-3E9D-409E-9554-9E0D7B30C562}
2012-03-20 08:45:40 -------- d-----w- C:\Users\Kim\AppData\Local\{3CFAAD96-B2BC-47C6-9D71-E6F3A84293DD}
2012-03-20 08:45:14 -------- d-----w- C:\Users\Kim\AppData\Local\{D5AF771B-F583-4593-B9D4-FCA8E9F9E0CA}
2012-03-19 17:33:21 -------- d-----w- C:\Users\Kim\AppData\Local\{A99A669D-E9F1-452F-B04E-ED64D7060F52}
2012-03-19 17:32:56 -------- d-----w- C:\Users\Kim\AppData\Local\{4CD0F96E-7ED0-4991-B3D9-5FC03F550A69}
2012-03-19 05:32:15 -------- d-----w- C:\Users\Kim\AppData\Local\{FECFFBE2-352A-4AAB-83BE-F0236E1C5492}
2012-03-19 05:31:50 -------- d-----w- C:\Users\Kim\AppData\Local\{18EA12D4-41F6-43ED-95EE-C473A6CB8725}
2012-03-18 07:02:10 -------- d-----w- C:\Users\Kim\AppData\Local\{41504E2A-4DE6-46A5-A4C7-B29880A361A6}
2012-03-18 07:01:44 -------- d-----w- C:\Users\Kim\AppData\Local\{0CE4C9B7-A943-4F00-BC5C-CB4BFA9FCEC2}
2012-03-17 09:34:33 -------- d-----w- C:\Users\Kim\AppData\Local\{E3FB7530-00AB-4A39-9DB5-ECF20B5002FB}
2012-03-17 09:34:08 -------- d-----w- C:\Users\Kim\AppData\Local\{BD4C7C30-58B8-46E5-A45B-B0292298B4C3}
2012-03-16 06:15:27 -------- d-----w- C:\Users\Kim\AppData\Local\{65784C9E-5DA3-410A-9B16-74F21922AD5F}
2012-03-16 06:14:58 -------- d-----w- C:\Users\Kim\AppData\Local\{6561FEAD-AB05-43A9-8E60-CD5C85B0E285}
2012-03-15 07:17:44 -------- d-----w- C:\Users\Kim\AppData\Local\{76D066AA-48FC-4BD6-A181-7C3B3310A89B}
2012-03-15 07:17:19 -------- d-----w- C:\Users\Kim\AppData\Local\{00E0C9CB-F914-4144-B677-9DE0A3650D6F}
2012-03-14 13:15:51 -------- d-----w- C:\Users\Kim\AppData\Local\{CA5FB2B6-1BAD-4FD7-9D06-5B463D638192}
2012-03-14 13:15:26 -------- d-----w- C:\Users\Kim\AppData\Local\{392B5207-803F-498E-8A6C-8111DC13244A}
2012-03-14 08:11:36 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:11:36 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:11:35 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 08:02:13 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 08:02:12 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-14 08:02:12 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 08:02:12 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-14 08:02:12 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 08:02:11 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-14 08:02:11 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 08:02:11 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-14 08:02:11 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 08:02:11 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 08:02:11 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 08:01:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 08:01:58 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 08:01:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 08:01:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 08:01:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 08:01:57 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 08:01:57 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 12:16:55 -------- d-----w- C:\Users\Kim\AppData\Local\{E0C609F0-9C07-4E9F-9F2E-FD2E5EBEB772}
2012-03-13 12:16:29 -------- d-----w- C:\Users\Kim\AppData\Local\{CEEF710E-1119-41A1-BC08-D8D357D5A401}
2012-03-12 11:13:32 -------- d-----w- C:\Users\Kim\AppData\Local\{EA245189-3F43-4DFA-B73A-408BA73ACD86}
2012-03-12 11:13:07 -------- d-----w- C:\Users\Kim\AppData\Local\{9776B787-F0D6-428A-B58E-7FDF6BF2B278}
2012-03-10 13:55:33 -------- d-----w- C:\Users\Kim\AppData\Local\{57907FD6-B49E-4DC9-A711-A4BA5CF8357E}
2012-03-10 13:55:05 -------- d-----w- C:\Users\Kim\AppData\Local\{6849BEA4-E5DF-46C2-A7FE-62F570524F62}
2012-03-09 13:37:57 -------- d-----w- C:\Users\Kim\AppData\Local\{6BA4A39F-8F5F-4891-933D-FE5DD5F0473F}
2012-03-09 13:37:32 -------- d-----w- C:\Users\Kim\AppData\Local\{52ABEC91-1747-42FE-ADB8-BF302BA495C0}
2012-03-08 11:16:02 -------- d-----w- C:\Users\Kim\AppData\Local\{08CB7D13-C913-42B7-8941-39B30822A60D}
2012-03-08 11:15:36 -------- d-----w- C:\Users\Kim\AppData\Local\{9F03C79B-2626-466D-840D-F06B5A27CB41}
2012-03-07 06:47:39 -------- d-----w- C:\Users\Kim\AppData\Local\{3D68A294-2C5E-4D9C-9B56-BF03DD9264F8}
2012-03-07 06:47:14 -------- d-----w- C:\Users\Kim\AppData\Local\{49B33ED2-69D4-4185-96D7-7B2FDF208D06}
2012-03-06 10:08:13 -------- d-----w- C:\Users\Kim\AppData\Local\{C8C5E398-BC65-4170-B3E3-46F9053B4846}
2012-03-06 10:07:43 -------- d-----w- C:\Users\Kim\AppData\Local\{6DD10340-2CA4-46EF-9429-182073F19752}
2012-03-05 09:18:12 -------- d-----w- C:\Users\Kim\AppData\Local\{F8CFAF05-0483-42BA-A37D-2CA1AB01904C}
2012-03-05 09:17:46 -------- d-----w- C:\Users\Kim\AppData\Local\{EB46613D-51EB-40A5-A7DE-ED584806DBA1}
2012-03-04 06:29:26 -------- d-----w- C:\Users\Kim\AppData\Local\{8155087E-5B33-4F81-8B0C-0E5EFE6C51F6}
2012-03-04 06:29:00 -------- d-----w- C:\Users\Kim\AppData\Local\{F6151E07-B30F-45D8-B73D-CBE81420FF74}
2012-03-03 06:14:20 -------- d-----w- C:\Users\Kim\AppData\Local\{15AD5EC5-5A9A-46C6-B9BE-837AF98EF2B7}
2012-03-03 06:13:54 -------- d-----w- C:\Users\Kim\AppData\Local\{DA2F4BD8-CBA5-4F15-B4F3-1F525C402172}
2012-03-02 05:58:51 -------- d-----w- C:\Users\Kim\AppData\Local\{91C1889B-C756-44CF-A01E-E94798D62CE3}
2012-03-02 05:58:25 -------- d-----w- C:\Users\Kim\AppData\Local\{34014171-854A-4150-B6B3-E06B54E14754}
2012-03-01 16:50:19 -------- d-----w- C:\Users\Kim\AppData\Local\{A7512B52-CFA6-4B5A-8A4C-AFF92346BD72}
2012-03-01 16:49:52 -------- d-----w- C:\Users\Kim\AppData\Local\{20C56FEE-D87A-4573-BC07-FA5AE11F9DB1}
2012-03-01 04:49:11 -------- d-----w- C:\Users\Kim\AppData\Local\{1B66A49F-AB28-4D1A-9871-52F77F20C9DE}
2012-03-01 04:48:45 -------- d-----w- C:\Users\Kim\AppData\Local\{E1EAB5F2-B202-4BE8-AAF0-DFC6BBFDA9E0}
2012-02-29 13:24:14 -------- d-----w- C:\Users\Kim\AppData\Local\{A65346F7-E0BC-404F-BCD1-D11E8F188B91}
2012-02-29 13:23:47 -------- d-----w- C:\Users\Kim\AppData\Local\{C2BF1DED-831C-49A9-A3D9-21B6039AA011}
2012-02-28 06:53:23 -------- d-----w- C:\Users\Kim\AppData\Local\{0482D592-B3E7-4E5A-82A7-A4CE08F5BF5C}
2012-02-28 06:52:57 -------- d-----w- C:\Users\Kim\AppData\Local\{A159B97C-519C-404E-9C79-193AAE445E5B}
2012-02-27 06:57:00 -------- d-----w- C:\Users\Kim\AppData\Local\{1F0DBCD6-CC2C-448B-91AA-D902059C542E}
2012-02-27 06:56:34 -------- d-----w- C:\Users\Kim\AppData\Local\{E66DC5A0-02FC-4F9F-9D55-4E4F57BE091F}
2012-02-26 11:24:30 -------- d-----w- C:\Users\Kim\AppData\Local\{260ED44F-8981-4DAC-8316-DF9934A82B0A}
2012-02-26 11:24:03 -------- d-----w- C:\Users\Kim\AppData\Local\{283F6F19-DF10-4FDB-9A69-2CF6C5D66044}
.
==================== Find3M ====================
.
2012-03-06 06:03:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 01:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 1:10:38.94 ===============

Attached Files


Edited by Iris17, 26 March 2012 - 02:51 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 26 March 2012 - 08:42 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Iris17

Iris17
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 March 2012 - 11:03 AM

Hello, thanks for the reply and help! I've managed to run ComboFix without any problems and have posted the log below. Computer seems to be fine, Norton also didn't detect anything though I was on the whole day today.


ComboFix 12-03-26.02 - Kim 26/03/2012 23:33:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3894.2260 [GMT 8:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 15:40 . 2012-03-26 15:40 -------- d-----w- c:\users\test\AppData\Local\temp
2012-03-26 15:40 . 2012-03-26 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-26 15:29 . 2012-03-26 15:42 -------- d-----w- C:\32788R22FWJFW
2012-03-23 06:49 . 2012-03-23 06:49 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2012-03-23 06:48 . 2012-03-23 06:48 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 06:48 . 2012-03-23 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 06:48 . 2011-12-10 07:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 02:36 . 2012-03-22 02:36 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-22 02:36 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-22 02:36 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2012-03-22 02:36 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2012-03-22 02:36 . 2012-03-22 02:36 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-22 02:36 . 2012-03-22 02:36 -------- d-----w- c:\program files\Symantec
2012-03-22 02:36 . 2012-03-22 02:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-22 02:34 . 2012-03-23 06:17 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-03-22 02:34 . 2012-03-22 02:34 -------- d-----w- c:\program files (x86)\Norton 360
2012-03-21 17:55 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{958F6CA9-ABB1-4AA7-BBA0-1E2E3475C85E}\mpengine.dll
2012-03-21 17:51 . 2012-03-22 02:28 -------- d-sh--r- c:\users\Public\O-858454-6314-2-64
2012-03-14 08:11 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:11 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:11 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:02 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:02 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 08:02 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 08:02 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 08:02 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 08:02 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:02 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 08:02 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 08:02 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:02 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 08:02 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 08:01 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:01 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:01 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:01 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:01 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:01 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:01 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 06:03 . 2011-05-17 05:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 01:18 . 2011-05-11 06:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:58 . 2012-02-15 07:32 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 07:32 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 07:32 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 07:32 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 07:32 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 13:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-09 380272]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-21 67752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-16 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-20 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-06-09 697712]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-06-09 646000]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-22 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2309559559-1373355929-4266364055-1001Core.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 19:06]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2309559559-1373355929-4266364055-1001UA.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 19:06]
.
2012-03-23 c:\windows\Tasks\HPCeeScheduleForKim.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 14:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-26 324096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"combofix"="c:\combofix\CF6476.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sg.yahoo.com/?p=us
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 218.186.2.16 218.186.1.58 218.186.2.6
TCP: Interfaces\{A5086A02-3C24-4A47-9359-E60623D88B27}: NameServer = 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Windows Primary Login - c:\users\Public\O-858454-6314-2-64\regsrv32.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-26 23:47:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 15:47
.
Pre-Run: 371,252,523,008 bytes free
Post-Run: 370,558,709,760 bytes free
.
- - End Of File - - 93FFDB5DD1E48C777B05440B95939288

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 26 March 2012 - 11:26 AM

Greetings

I see a few things in the combofix report that need to be addressed but I want you to run these first.


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Iris17

Iris17
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 March 2012 - 12:03 PM

Hello, here are the logs you requested.


00:31:06.0018 2832 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:31:06.0844 2832 ============================================================
00:31:06.0844 2832 Current date / time: 2012/03/27 00:31:06.0844
00:31:06.0844 2832 SystemInfo:
00:31:06.0844 2832
00:31:06.0844 2832 OS Version: 6.1.7600 ServicePack: 0.0
00:31:06.0844 2832 Product type: Workstation
00:31:06.0844 2832 ComputerName: KIM-HP
00:31:06.0844 2832 UserName: Kim
00:31:06.0844 2832 Windows directory: C:\Windows
00:31:06.0844 2832 System windows directory: C:\Windows
00:31:06.0844 2832 Running under WOW64
00:31:06.0844 2832 Processor architecture: Intel x64
00:31:06.0844 2832 Number of processors: 4
00:31:06.0844 2832 Page size: 0x1000
00:31:06.0844 2832 Boot type: Normal boot
00:31:06.0844 2832 ============================================================
00:31:07.0453 2832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:31:07.0453 2832 \Device\Harddisk0\DR0:
00:31:07.0453 2832 MBR used
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37774000
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x377D8000, BlocksNum 0x2B7A000
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
00:31:07.0546 2832 Initialize success
00:31:07.0546 2832 ============================================================
00:31:12.0757 5480 ============================================================
00:31:12.0757 5480 Scan started
00:31:12.0757 5480 Mode: Manual;
00:31:12.0757 5480 ============================================================
00:31:13.0584 5480 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:31:13.0599 5480 1394ohci - ok
00:31:13.0646 5480 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
00:31:13.0677 5480 Accelerometer - ok
00:31:13.0724 5480 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:31:13.0724 5480 ACPI - ok
00:31:13.0771 5480 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:31:13.0771 5480 AcpiPmi - ok
00:31:13.0880 5480 AdobeActiveFileMonitor5.0 (63ab43534cbf5d7f3eb81dfdc8161490) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
00:31:13.0880 5480 AdobeActiveFileMonitor5.0 - ok
00:31:13.0974 5480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:31:13.0974 5480 AdobeARMservice - ok
00:31:14.0098 5480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:31:14.0114 5480 adp94xx - ok
00:31:14.0161 5480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:31:14.0161 5480 adpahci - ok
00:31:14.0192 5480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:31:14.0192 5480 adpu320 - ok
00:31:14.0223 5480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:31:14.0223 5480 AeLookupSvc - ok
00:31:14.0286 5480 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
00:31:14.0286 5480 AESTFilters - ok
00:31:14.0410 5480 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
00:31:14.0426 5480 AFD - ok
00:31:14.0473 5480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:31:14.0473 5480 agp440 - ok
00:31:14.0504 5480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:31:14.0520 5480 ALG - ok
00:31:14.0582 5480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:31:14.0582 5480 aliide - ok
00:31:14.0644 5480 AMD External Events Utility (cc180e1e0700995340c838bc1a729577) C:\Windows\system32\atiesrxx.exe
00:31:14.0660 5480 AMD External Events Utility - ok
00:31:14.0676 5480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:31:14.0691 5480 amdide - ok
00:31:14.0738 5480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:31:14.0738 5480 AmdK8 - ok
00:31:14.0894 5480 amdkmdag (8155ea1864d1fa8b168c46c41ed97a76) C:\Windows\system32\DRIVERS\atikmdag.sys
00:31:15.0019 5480 amdkmdag - ok
00:31:15.0144 5480 amdkmdap (4841c7af2bac05ae23955d65b4336446) C:\Windows\system32\DRIVERS\atikmpag.sys
00:31:15.0159 5480 amdkmdap - ok
00:31:15.0206 5480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:31:15.0206 5480 AmdPPM - ok
00:31:15.0237 5480 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
00:31:15.0253 5480 amdsata - ok
00:31:15.0284 5480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:31:15.0284 5480 amdsbs - ok
00:31:15.0378 5480 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
00:31:15.0393 5480 amdxata - ok
00:31:15.0440 5480 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS
00:31:15.0471 5480 AmUStor - ok
00:31:15.0518 5480 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:31:15.0518 5480 AppID - ok
00:31:15.0612 5480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:31:15.0627 5480 AppIDSvc - ok
00:31:15.0674 5480 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:31:15.0674 5480 Appinfo - ok
00:31:15.0752 5480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:31:15.0768 5480 arc - ok
00:31:15.0830 5480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:31:15.0846 5480 arcsas - ok
00:31:15.0892 5480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:31:15.0892 5480 AsyncMac - ok
00:31:15.0924 5480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:31:15.0924 5480 atapi - ok
00:31:15.0970 5480 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
00:31:16.0002 5480 AtiHdmiService - ok
00:31:16.0048 5480 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:31:16.0064 5480 AudioEndpointBuilder - ok
00:31:16.0064 5480 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:31:16.0080 5480 AudioSrv - ok
00:31:16.0173 5480 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:31:16.0204 5480 AxInstSV - ok
00:31:16.0267 5480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:31:16.0282 5480 b06bdrv - ok
00:31:16.0345 5480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:31:16.0345 5480 b57nd60a - ok
00:31:16.0407 5480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:31:16.0438 5480 BDESVC - ok
00:31:16.0470 5480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:31:16.0485 5480 Beep - ok
00:31:16.0548 5480 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
00:31:16.0563 5480 BFE - ok
00:31:16.0766 5480 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
00:31:16.0797 5480 BHDrvx64 - ok
00:31:16.0891 5480 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
00:31:16.0906 5480 BITS - ok
00:31:16.0953 5480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:31:16.0969 5480 blbdrive - ok
00:31:17.0016 5480 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:31:17.0031 5480 bowser - ok
00:31:17.0109 5480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:31:17.0109 5480 BrFiltLo - ok
00:31:17.0125 5480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:31:17.0140 5480 BrFiltUp - ok
00:31:17.0218 5480 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:31:17.0234 5480 BridgeMP - ok
00:31:17.0296 5480 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:31:17.0296 5480 Browser - ok
00:31:17.0374 5480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:31:17.0374 5480 Brserid - ok
00:31:17.0390 5480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:31:17.0406 5480 BrSerWdm - ok
00:31:17.0421 5480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:31:17.0437 5480 BrUsbMdm - ok
00:31:17.0468 5480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:31:17.0484 5480 BrUsbSer - ok
00:31:17.0546 5480 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:31:17.0562 5480 BthEnum - ok
00:31:17.0640 5480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:31:17.0655 5480 BTHMODEM - ok
00:31:17.0686 5480 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:31:17.0702 5480 BthPan - ok
00:31:17.0733 5480 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
00:31:17.0764 5480 BTHPORT - ok
00:31:17.0842 5480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:31:17.0842 5480 bthserv - ok
00:31:17.0920 5480 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
00:31:17.0936 5480 BTHUSB - ok
00:31:17.0983 5480 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
00:31:18.0014 5480 btwampfl - ok
00:31:18.0061 5480 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
00:31:18.0061 5480 btwaudio - ok
00:31:18.0154 5480 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
00:31:18.0154 5480 btwavdt - ok
00:31:18.0264 5480 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
00:31:18.0279 5480 btwdins - ok
00:31:18.0357 5480 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:31:18.0373 5480 btwl2cap - ok
00:31:18.0404 5480 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
00:31:18.0420 5480 btwrchid - ok
00:31:18.0513 5480 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
00:31:18.0529 5480 ccHP - ok
00:31:18.0622 5480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:31:18.0638 5480 cdfs - ok
00:31:18.0685 5480 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:31:18.0700 5480 cdrom - ok
00:31:18.0732 5480 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:31:18.0732 5480 CertPropSvc - ok
00:31:18.0794 5480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:31:18.0794 5480 circlass - ok
00:31:18.0825 5480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:31:18.0856 5480 CLFS - ok
00:31:18.0903 5480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:31:18.0919 5480 clr_optimization_v2.0.50727_32 - ok
00:31:18.0950 5480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:31:18.0966 5480 clr_optimization_v2.0.50727_64 - ok
00:31:19.0028 5480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:31:19.0044 5480 clr_optimization_v4.0.30319_32 - ok
00:31:19.0106 5480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:31:19.0106 5480 clr_optimization_v4.0.30319_64 - ok
00:31:19.0168 5480 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
00:31:19.0200 5480 clwvd - ok
00:31:19.0231 5480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:31:19.0231 5480 CmBatt - ok
00:31:19.0262 5480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:31:19.0262 5480 cmdide - ok
00:31:19.0293 5480 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
00:31:19.0324 5480 CNG - ok
00:31:19.0402 5480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:31:19.0418 5480 Compbatt - ok
00:31:19.0465 5480 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:31:19.0465 5480 CompositeBus - ok
00:31:19.0480 5480 COMSysApp - ok
00:31:19.0527 5480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:31:19.0527 5480 crcdisk - ok
00:31:19.0574 5480 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:31:19.0574 5480 CryptSvc - ok
00:31:19.0636 5480 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:31:19.0652 5480 DcomLaunch - ok
00:31:19.0683 5480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:31:19.0699 5480 defragsvc - ok
00:31:19.0746 5480 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:31:19.0761 5480 DfsC - ok
00:31:19.0824 5480 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:31:19.0839 5480 Dhcp - ok
00:31:19.0886 5480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:31:19.0886 5480 discache - ok
00:31:19.0964 5480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:31:19.0980 5480 Disk - ok
00:31:20.0026 5480 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
00:31:20.0026 5480 Dnscache - ok
00:31:20.0089 5480 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:31:20.0120 5480 dot3svc - ok
00:31:20.0167 5480 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:31:20.0167 5480 DPS - ok
00:31:20.0229 5480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:31:20.0229 5480 drmkaud - ok
00:31:20.0307 5480 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
00:31:20.0338 5480 DVMIO - ok
00:31:20.0401 5480 DvmMDES (022acbae96cb9f0d9cc4a3287d0c8868) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
00:31:20.0401 5480 DvmMDES - ok
00:31:20.0510 5480 DXGKrnl (372117d46a16add8ca6e3ee3b3bdd57c) C:\Windows\System32\drivers\dxgkrnl.sys
00:31:20.0526 5480 DXGKrnl - ok
00:31:20.0604 5480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:31:20.0604 5480 EapHost - ok
00:31:20.0728 5480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:31:20.0791 5480 ebdrv - ok
00:31:20.0869 5480 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:31:20.0884 5480 eeCtrl - ok
00:31:20.0978 5480 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
00:31:20.0994 5480 EFS - ok
00:31:21.0040 5480 EgisTec Service (1d7759b36b378968e8ea9213cb245b60) C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
00:31:21.0056 5480 EgisTec Service - ok
00:31:21.0118 5480 EgisTec Ticket Service (e70939c63f2dd6ba400b78218eb749be) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
00:31:21.0118 5480 EgisTec Ticket Service - ok
00:31:21.0228 5480 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
00:31:21.0243 5480 ehRecvr - ok
00:31:21.0274 5480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:31:21.0290 5480 ehSched - ok
00:31:21.0368 5480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:31:21.0384 5480 elxstor - ok
00:31:21.0493 5480 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:31:21.0508 5480 EraserUtilRebootDrv - ok
00:31:21.0586 5480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:31:21.0602 5480 ErrDev - ok
00:31:21.0664 5480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:31:21.0664 5480 EventSystem - ok
00:31:21.0774 5480 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:31:21.0789 5480 EvtEng - ok
00:31:21.0867 5480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:31:21.0898 5480 exfat - ok
00:31:21.0976 5480 f5ipfw (f3f4c78c495a843d12f352c58abca643) C:\Windows\system32\drivers\urfltv64.sys
00:31:22.0008 5480 f5ipfw - ok
00:31:22.0039 5480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:31:22.0054 5480 fastfat - ok
00:31:22.0117 5480 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:31:22.0132 5480 Fax - ok
00:31:22.0226 5480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:31:22.0242 5480 fdc - ok
00:31:22.0273 5480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:31:22.0288 5480 fdPHost - ok
00:31:22.0288 5480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:31:22.0288 5480 FDResPub - ok
00:31:22.0335 5480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:31:22.0335 5480 FileInfo - ok
00:31:22.0351 5480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:31:22.0351 5480 Filetrace - ok
00:31:22.0382 5480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:31:22.0382 5480 flpydisk - ok
00:31:22.0413 5480 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:31:22.0413 5480 FltMgr - ok
00:31:22.0507 5480 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
00:31:22.0522 5480 FontCache - ok
00:31:22.0554 5480 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:31:22.0569 5480 FontCache3.0.0.0 - ok
00:31:22.0616 5480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:31:22.0616 5480 FsDepends - ok
00:31:22.0694 5480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:31:22.0710 5480 Fs_Rec - ok
00:31:22.0756 5480 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:31:22.0756 5480 fvevol - ok
00:31:22.0803 5480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:31:22.0819 5480 gagp30kx - ok
00:31:22.0912 5480 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:31:22.0959 5480 GameConsoleService - ok
00:31:23.0068 5480 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:31:23.0084 5480 GEARAspiWDM - ok
00:31:23.0146 5480 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:31:23.0146 5480 gpsvc - ok
00:31:23.0256 5480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:31:23.0271 5480 hcw85cir - ok
00:31:23.0302 5480 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:31:23.0318 5480 HdAudAddService - ok
00:31:23.0365 5480 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:31:23.0365 5480 HDAudBus - ok
00:31:23.0412 5480 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:31:23.0427 5480 HECIx64 - ok
00:31:23.0505 5480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:31:23.0521 5480 HidBatt - ok
00:31:23.0536 5480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:31:23.0552 5480 HidBth - ok
00:31:23.0583 5480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:31:23.0583 5480 HidIr - ok
00:31:23.0614 5480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:31:23.0614 5480 hidserv - ok
00:31:23.0661 5480 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:31:23.0661 5480 HidUsb - ok
00:31:23.0739 5480 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:31:23.0739 5480 hkmsvc - ok
00:31:23.0770 5480 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:31:23.0770 5480 HomeGroupListener - ok
00:31:23.0802 5480 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:31:23.0802 5480 HomeGroupProvider - ok
00:31:23.0911 5480 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:31:23.0926 5480 HP Support Assistant Service - ok
00:31:23.0989 5480 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:31:24.0036 5480 HP Wireless Assistant Service - ok
00:31:24.0114 5480 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:31:24.0129 5480 HPDrvMntSvc.exe - ok
00:31:24.0207 5480 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
00:31:24.0223 5480 hpdskflt - ok
00:31:24.0301 5480 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:31:24.0316 5480 hpqwmiex - ok
00:31:24.0426 5480 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:31:24.0441 5480 HpSAMD - ok
00:31:24.0472 5480 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
00:31:24.0472 5480 hpsrv - ok
00:31:24.0566 5480 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:31:24.0566 5480 HPWMISVC - ok
00:31:24.0691 5480 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:31:24.0706 5480 HTTP - ok
00:31:24.0753 5480 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:31:24.0769 5480 hwpolicy - ok
00:31:24.0831 5480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:31:24.0831 5480 i8042prt - ok
00:31:24.0878 5480 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
00:31:24.0878 5480 iaStor - ok
00:31:24.0987 5480 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:31:25.0003 5480 IAStorDataMgrSvc - ok
00:31:25.0112 5480 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
00:31:25.0128 5480 iaStorV - ok
00:31:25.0206 5480 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:31:25.0237 5480 idsvc - ok
00:31:25.0440 5480 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120323.002\IDSvia64.sys
00:31:25.0471 5480 IDSVia64 - ok
00:31:25.0720 5480 igfx (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:31:25.0939 5480 igfx - ok
00:31:26.0032 5480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:31:26.0048 5480 iirsp - ok
00:31:26.0095 5480 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:31:26.0110 5480 IKEEXT - ok
00:31:26.0142 5480 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
00:31:26.0157 5480 Impcd - ok
00:31:26.0266 5480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:31:26.0282 5480 intelide - ok
00:31:26.0485 5480 intelkmd (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:31:26.0656 5480 intelkmd - ok
00:31:26.0766 5480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:31:26.0781 5480 intelppm - ok
00:31:26.0828 5480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:31:26.0890 5480 IPBusEnum - ok
00:31:26.0890 5480 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:31:26.0906 5480 IpFilterDriver - ok
00:31:26.0937 5480 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:31:26.0953 5480 iphlpsvc - ok
00:31:27.0031 5480 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:31:27.0046 5480 IPMIDRV - ok
00:31:27.0062 5480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:31:27.0078 5480 IPNAT - ok
00:31:27.0109 5480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:31:27.0109 5480 IRENUM - ok
00:31:27.0140 5480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:31:27.0140 5480 isapnp - ok
00:31:27.0171 5480 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:31:27.0187 5480 iScsiPrt - ok
00:31:27.0280 5480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:31:27.0296 5480 kbdclass - ok
00:31:27.0343 5480 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:31:27.0343 5480 kbdhid - ok
00:31:27.0374 5480 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:27.0374 5480 KeyIso - ok
00:31:27.0390 5480 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
00:31:27.0405 5480 KSecDD - ok
00:31:27.0421 5480 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
00:31:27.0421 5480 KSecPkg - ok
00:31:27.0452 5480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:31:27.0468 5480 ksthunk - ok
00:31:27.0546 5480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:31:27.0608 5480 KtmRm - ok
00:31:27.0639 5480 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
00:31:27.0655 5480 LanmanServer - ok
00:31:27.0670 5480 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:31:27.0670 5480 LanmanWorkstation - ok
00:31:27.0748 5480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:31:27.0748 5480 lltdio - ok
00:31:27.0826 5480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:31:27.0873 5480 lltdsvc - ok
00:31:27.0920 5480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:31:27.0920 5480 lmhosts - ok
00:31:28.0014 5480 LMS (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:31:28.0060 5480 LMS - ok
00:31:28.0138 5480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:31:28.0154 5480 LSI_FC - ok
00:31:28.0216 5480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:31:28.0216 5480 LSI_SAS - ok
00:31:28.0248 5480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:31:28.0248 5480 LSI_SAS2 - ok
00:31:28.0279 5480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:31:28.0279 5480 LSI_SCSI - ok
00:31:28.0294 5480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:31:28.0310 5480 luafv - ok
00:31:28.0326 5480 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:31:28.0388 5480 Mcx2Svc - ok
00:31:28.0450 5480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:31:28.0466 5480 megasas - ok
00:31:28.0513 5480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:31:28.0513 5480 MegaSR - ok
00:31:28.0622 5480 Microsoft SharePoint Workspace Audit Service - ok
00:31:28.0653 5480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:31:28.0653 5480 MMCSS - ok
00:31:28.0716 5480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:31:28.0731 5480 Modem - ok
00:31:28.0778 5480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:31:28.0778 5480 monitor - ok
00:31:28.0825 5480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:31:28.0840 5480 mouclass - ok
00:31:28.0856 5480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:31:28.0856 5480 mouhid - ok
00:31:28.0872 5480 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:31:28.0872 5480 mountmgr - ok
00:31:28.0903 5480 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:31:28.0903 5480 mpio - ok
00:31:28.0981 5480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:31:28.0996 5480 mpsdrv - ok
00:31:29.0059 5480 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
00:31:29.0074 5480 MpsSvc - ok
00:31:29.0090 5480 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:31:29.0106 5480 MRxDAV - ok
00:31:29.0168 5480 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:31:29.0199 5480 mrxsmb - ok
00:31:29.0262 5480 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:31:29.0277 5480 mrxsmb10 - ok
00:31:29.0308 5480 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:31:29.0308 5480 mrxsmb20 - ok
00:31:29.0324 5480 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
00:31:29.0355 5480 msahci - ok
00:31:29.0402 5480 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:31:29.0402 5480 msdsm - ok
00:31:29.0464 5480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:31:29.0480 5480 MSDTC - ok
00:31:29.0527 5480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:31:29.0558 5480 Msfs - ok
00:31:29.0589 5480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:31:29.0605 5480 mshidkmdf - ok
00:31:29.0620 5480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:31:29.0620 5480 msisadrv - ok
00:31:29.0652 5480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:31:29.0698 5480 MSiSCSI - ok
00:31:29.0745 5480 msiserver - ok
00:31:29.0808 5480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:31:29.0839 5480 MSKSSRV - ok
00:31:29.0870 5480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:31:29.0870 5480 MSPCLOCK - ok
00:31:29.0886 5480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:31:29.0901 5480 MSPQM - ok
00:31:29.0917 5480 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:31:29.0964 5480 MsRPC - ok
00:31:30.0026 5480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:31:30.0057 5480 mssmbios - ok
00:31:30.0104 5480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:31:30.0104 5480 MSTEE - ok
00:31:30.0151 5480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:31:30.0151 5480 MTConfig - ok
00:31:30.0182 5480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:31:30.0182 5480 Mup - ok
00:31:30.0260 5480 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:31:30.0322 5480 MyWiFiDHCPDNS - ok
00:31:30.0416 5480 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
00:31:30.0416 5480 N360 - ok
00:31:30.0510 5480 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:31:30.0510 5480 napagent - ok
00:31:30.0588 5480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:31:30.0603 5480 NativeWifiP - ok
00:31:30.0775 5480 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120325.018\ENG64.SYS
00:31:30.0790 5480 NAVENG - ok
00:31:30.0853 5480 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120325.018\EX64.SYS
00:31:30.0900 5480 NAVEX15 - ok
00:31:31.0009 5480 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:31:31.0040 5480 NDIS - ok
00:31:31.0071 5480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:31:31.0071 5480 NdisCap - ok
00:31:31.0102 5480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:31:31.0102 5480 NdisTapi - ok
00:31:31.0212 5480 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:31:31.0227 5480 Ndisuio - ok
00:31:31.0243 5480 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:31:31.0258 5480 NdisWan - ok
00:31:31.0274 5480 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:31:31.0290 5480 NDProxy - ok
00:31:31.0321 5480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:31:31.0321 5480 NetBIOS - ok
00:31:31.0352 5480 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:31:31.0352 5480 NetBT - ok
00:31:31.0383 5480 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:31.0383 5480 Netlogon - ok
00:31:31.0492 5480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:31:31.0492 5480 Netman - ok
00:31:31.0508 5480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:31:31.0524 5480 netprofm - ok
00:31:31.0570 5480 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:31:31.0586 5480 NetTcpPortSharing - ok
00:31:31.0773 5480 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
00:31:31.0945 5480 NETw5s64 - ok
00:31:32.0148 5480 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:31:32.0226 5480 netw5v64 - ok
00:31:32.0335 5480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:31:32.0335 5480 nfrd960 - ok
00:31:32.0382 5480 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:31:32.0382 5480 NlaSvc - ok
00:31:32.0491 5480 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:31:32.0522 5480 NOBU - ok
00:31:32.0600 5480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:31:32.0631 5480 Npfs - ok
00:31:32.0662 5480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:31:32.0662 5480 nsi - ok
00:31:32.0694 5480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:31:32.0694 5480 nsiproxy - ok
00:31:32.0756 5480 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
00:31:32.0818 5480 Ntfs - ok
00:31:32.0896 5480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:31:32.0912 5480 Null - ok
00:31:32.0943 5480 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
00:31:32.0959 5480 nvraid - ok
00:31:32.0990 5480 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
00:31:32.0990 5480 nvstor - ok
00:31:33.0021 5480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:31:33.0037 5480 nv_agp - ok
00:31:33.0052 5480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:31:33.0068 5480 ohci1394 - ok
00:31:33.0162 5480 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:31:33.0162 5480 ose - ok
00:31:33.0318 5480 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:31:33.0458 5480 osppsvc - ok
00:31:33.0536 5480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:31:33.0536 5480 p2pimsvc - ok
00:31:33.0583 5480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:31:33.0583 5480 p2psvc - ok
00:31:33.0630 5480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:31:33.0630 5480 Parport - ok
00:31:33.0661 5480 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:31:33.0676 5480 partmgr - ok
00:31:33.0692 5480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:31:33.0708 5480 PcaSvc - ok
00:31:33.0770 5480 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:31:33.0770 5480 pci - ok
00:31:33.0832 5480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:31:33.0832 5480 pciide - ok
00:31:33.0864 5480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:31:33.0864 5480 pcmcia - ok
00:31:33.0895 5480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:31:33.0895 5480 pcw - ok
00:31:33.0926 5480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:31:33.0942 5480 PEAUTH - ok
00:31:34.0035 5480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:31:34.0051 5480 PerfHost - ok
00:31:34.0113 5480 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:31:34.0144 5480 pla - ok
00:31:34.0269 5480 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
00:31:34.0269 5480 PlugPlay - ok
00:31:34.0300 5480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:31:34.0347 5480 PNRPAutoReg - ok
00:31:34.0378 5480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:31:34.0378 5480 PNRPsvc - ok
00:31:34.0410 5480 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:31:34.0425 5480 PolicyAgent - ok
00:31:34.0503 5480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:31:34.0519 5480 Power - ok
00:31:34.0566 5480 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:31:34.0597 5480 PptpMiniport - ok
00:31:34.0612 5480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:31:34.0612 5480 Processor - ok
00:31:34.0659 5480 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:31:34.0675 5480 ProfSvc - ok
00:31:34.0753 5480 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:34.0753 5480 ProtectedStorage - ok
00:31:34.0800 5480 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:31:34.0800 5480 Psched - ok
00:31:34.0846 5480 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:31:34.0893 5480 PxHlpa64 - ok
00:31:34.0940 5480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:31:34.0956 5480 ql2300 - ok
00:31:35.0049 5480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:31:35.0065 5480 ql40xx - ok
00:31:35.0112 5480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:31:35.0127 5480 QWAVE - ok
00:31:35.0143 5480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:31:35.0143 5480 QWAVEdrv - ok
00:31:35.0158 5480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:31:35.0158 5480 RasAcd - ok
00:31:35.0205 5480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:31:35.0205 5480 RasAgileVpn - ok
00:31:35.0236 5480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:31:35.0252 5480 RasAuto - ok
00:31:35.0314 5480 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:31:35.0330 5480 Rasl2tp - ok
00:31:35.0392 5480 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:31:35.0392 5480 RasMan - ok
00:31:35.0439 5480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:31:35.0439 5480 RasPppoe - ok
00:31:35.0455 5480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:31:35.0455 5480 RasSstp - ok
00:31:35.0486 5480 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:31:35.0486 5480 rdbss - ok
00:31:35.0533 5480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:31:35.0533 5480 rdpbus - ok
00:31:35.0595 5480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:31:35.0611 5480 RDPCDD - ok
00:31:35.0642 5480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:31:35.0642 5480 RDPENCDD - ok
00:31:35.0673 5480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:31:35.0673 5480 RDPREFMP - ok
00:31:35.0720 5480 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
00:31:35.0751 5480 RDPWD - ok
00:31:35.0798 5480 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:31:35.0798 5480 rdyboost - ok
00:31:35.0845 5480 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:31:35.0860 5480 RegSrvc - ok
00:31:35.0938 5480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:31:35.0954 5480 RemoteAccess - ok
00:31:36.0016 5480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:31:36.0032 5480 RemoteRegistry - ok
00:31:36.0079 5480 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:31:36.0094 5480 RFCOMM - ok
00:31:36.0172 5480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:31:36.0172 5480 RpcEptMapper - ok
00:31:36.0204 5480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:31:36.0219 5480 RpcLocator - ok
00:31:36.0266 5480 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:31:36.0282 5480 RpcSs - ok
00:31:36.0375 5480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:31:36.0375 5480 rspndr - ok
00:31:36.0422 5480 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:31:36.0453 5480 RTL8167 - ok
00:31:36.0484 5480 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:36.0484 5480 SamSs - ok
00:31:36.0531 5480 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:31:36.0531 5480 sbp2port - ok
00:31:36.0562 5480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:31:36.0594 5480 SCardSvr - ok
00:31:36.0656 5480 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:31:36.0672 5480 scfilter - ok
00:31:36.0718 5480 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
00:31:36.0734 5480 Schedule - ok
00:31:36.0812 5480 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:31:36.0812 5480 SCPolicySvc - ok
00:31:36.0859 5480 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
00:31:36.0874 5480 sdbus - ok
00:31:36.0906 5480 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:31:36.0937 5480 SDRSVC - ok
00:31:37.0030 5480 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:31:37.0046 5480 SeaPort - ok
00:31:37.0140 5480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:31:37.0171 5480 secdrv - ok
00:31:37.0202 5480 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:31:37.0202 5480 seclogon - ok
00:31:37.0249 5480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:31:37.0249 5480 SENS - ok
00:31:37.0280 5480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:31:37.0311 5480 SensrSvc - ok
00:31:37.0342 5480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:31:37.0342 5480 Serenum - ok
00:31:37.0436 5480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:31:37.0452 5480 Serial - ok
00:31:37.0483 5480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:31:37.0483 5480 sermouse - ok
00:31:37.0530 5480 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:31:37.0530 5480 SessionEnv - ok
00:31:37.0545 5480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:31:37.0545 5480 sffdisk - ok
00:31:37.0561 5480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:31:37.0561 5480 sffp_mmc - ok
00:31:37.0592 5480 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:31:37.0608 5480 sffp_sd - ok
00:31:37.0701 5480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:31:37.0717 5480 sfloppy - ok
00:31:37.0748 5480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:31:37.0748 5480 SharedAccess - ok
00:31:37.0779 5480 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:31:37.0795 5480 ShellHWDetection - ok
00:31:37.0826 5480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:31:37.0826 5480 SiSRaid2 - ok
00:31:37.0842 5480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:31:37.0857 5480 SiSRaid4 - ok
00:31:37.0951 5480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:31:37.0966 5480 Smb - ok
00:31:38.0013 5480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:31:38.0029 5480 SNMPTRAP - ok
00:31:38.0060 5480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:31:38.0060 5480 spldr - ok
00:31:38.0107 5480 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
00:31:38.0107 5480 Spooler - ok
00:31:38.0247 5480 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:31:38.0278 5480 sppsvc - ok
00:31:38.0310 5480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:31:38.0325 5480 sppuinotify - ok
00:31:38.0481 5480 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
00:31:38.0512 5480 SRTSP - ok
00:31:38.0544 5480 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
00:31:38.0544 5480 SRTSPX - ok
00:31:38.0590 5480 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:31:38.0606 5480 srv - ok
00:31:38.0700 5480 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:31:38.0715 5480 srv2 - ok
00:31:38.0762 5480 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:31:38.0778 5480 SrvHsfHDA - ok
00:31:38.0824 5480 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:31:38.0856 5480 SrvHsfV92 - ok
00:31:38.0965 5480 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:31:38.0980 5480 SrvHsfWinac - ok
00:31:39.0027 5480 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:31:39.0043 5480 srvnet - ok
00:31:39.0105 5480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:31:39.0105 5480 SSDPSRV - ok
00:31:39.0136 5480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:31:39.0136 5480 SstpSvc - ok
00:31:39.0199 5480 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
00:31:39.0214 5480 STacSV - ok
00:31:39.0246 5480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:31:39.0261 5480 stexstor - ok
00:31:39.0324 5480 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
00:31:39.0339 5480 STHDA - ok
00:31:39.0417 5480 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:31:39.0433 5480 stisvc - ok
00:31:39.0464 5480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:31:39.0480 5480 swenum - ok
00:31:39.0589 5480 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:31:39.0636 5480 SwitchBoard - ok
00:31:39.0714 5480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:31:39.0745 5480 swprv - ok
00:31:39.0854 5480 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
00:31:39.0870 5480 SymDS - ok
00:31:39.0979 5480 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
00:31:40.0010 5480 SymEFA - ok
00:31:40.0104 5480 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:31:40.0119 5480 SymEvent - ok
00:31:40.0228 5480 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
00:31:40.0244 5480 SymIRON - ok
00:31:40.0338 5480 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
00:31:40.0353 5480 SYMTDIv - ok
00:31:40.0462 5480 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
00:31:40.0478 5480 SynTP - ok
00:31:40.0603 5480 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:31:40.0618 5480 SysMain - ok
00:31:40.0696 5480 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:31:40.0696 5480 TabletInputService - ok
00:31:40.0806 5480 TabletServicePen (1a143f8e764209c6877cdcb9dbb9f2cd) C:\Windows\system32\Pen_Tablet.exe
00:31:40.0821 5480 TabletServicePen - ok
00:31:40.0899 5480 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:31:40.0899 5480 TapiSrv - ok
00:31:40.0915 5480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:31:40.0946 5480 TBS - ok
00:31:41.0040 5480 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
00:31:41.0055 5480 Tcpip - ok
00:31:41.0164 5480 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
00:31:41.0164 5480 TCPIP6 - ok
00:31:41.0196 5480 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:31:41.0211 5480 tcpipreg - ok
00:31:41.0242 5480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:31:41.0242 5480 TDPIPE - ok
00:31:41.0305 5480 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
00:31:41.0461 5480 TDTCP - ok
00:31:41.0508 5480 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:31:41.0508 5480 tdx - ok
00:31:41.0523 5480 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:31:41.0523 5480 TermDD - ok
00:31:41.0632 5480 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:31:41.0632 5480 TermService - ok
00:31:41.0664 5480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:31:41.0664 5480 Themes - ok
00:31:41.0679 5480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:31:41.0679 5480 THREADORDER - ok
00:31:41.0757 5480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:31:41.0757 5480 TrkWks - ok
00:31:41.0804 5480 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:31:41.0835 5480 TrustedInstaller - ok
00:31:41.0882 5480 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:31:41.0898 5480 tssecsrv - ok
00:31:41.0944 5480 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:31:41.0944 5480 tunnel - ok
00:31:41.0960 5480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:31:41.0991 5480 uagp35 - ok
00:31:42.0069 5480 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
00:31:42.0085 5480 udfs - ok
00:31:42.0116 5480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:31:42.0147 5480 UI0Detect - ok
00:31:42.0210 5480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:31:42.0210 5480 uliagpkx - ok
00:31:42.0241 5480 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:31:42.0256 5480 umbus - ok
00:31:42.0319 5480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:31:42.0319 5480 UmPass - ok
00:31:42.0459 5480 UNS (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:31:42.0506 5480 UNS - ok
00:31:42.0584 5480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:31:42.0584 5480 upnphost - ok
00:31:42.0646 5480 urvpndrv (45e791801b256c326278f8663fa9672b) C:\Windows\system32\DRIVERS\covpnv64.sys
00:31:42.0678 5480 urvpndrv - ok
00:31:42.0724 5480 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
00:31:42.0740 5480 usbccgp - ok
00:31:42.0849 5480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:31:42.0849 5480 usbcir - ok
00:31:42.0880 5480 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
00:31:42.0896 5480 usbehci - ok
00:31:42.0927 5480 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
00:31:42.0943 5480 usbhub - ok
00:31:42.0958 5480 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
00:31:42.0958 5480 usbohci - ok
00:31:43.0005 5480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:31:43.0005 5480 usbprint - ok
00:31:43.0068 5480 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:31:43.0083 5480 USBSTOR - ok
00:31:43.0177 5480 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
00:31:43.0177 5480 usbuhci - ok
00:31:43.0224 5480 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
00:31:43.0239 5480 usbvideo - ok
00:31:43.0270 5480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:31:43.0270 5480 UxSms - ok
00:31:43.0317 5480 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:43.0317 5480 VaultSvc - ok
00:31:43.0458 5480 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
00:31:43.0489 5480 vcsFPService - ok
00:31:43.0582 5480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:31:43.0598 5480 vdrvroot - ok
00:31:43.0629 5480 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:31:43.0660 5480 vds - ok
00:31:43.0692 5480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:31:43.0692 5480 vga - ok
00:31:43.0707 5480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:31:43.0707 5480 VgaSave - ok
00:31:43.0754 5480 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:31:43.0754 5480 vhdmp - ok
00:31:43.0848 5480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:31:43.0863 5480 viaide - ok
00:31:43.0894 5480 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:31:43.0910 5480 volmgr - ok
00:31:43.0926 5480 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:31:43.0941 5480 volmgrx - ok
00:31:43.0957 5480 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:31:43.0957 5480 volsnap - ok
00:31:44.0004 5480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:31:44.0004 5480 vsmraid - ok
00:31:44.0066 5480 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:31:44.0113 5480 VSS - ok
00:31:44.0191 5480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:31:44.0191 5480 vwifibus - ok
00:31:44.0222 5480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:31:44.0238 5480 vwififlt - ok
00:31:44.0238 5480 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:31:44.0253 5480 vwifimp - ok
00:31:44.0284 5480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:31:44.0284 5480 W32Time - ok
00:31:44.0331 5480 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
00:31:44.0362 5480 wacommousefilter - ok
00:31:44.0440 5480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:31:44.0456 5480 WacomPen - ok
00:31:44.0487 5480 wacomvhid (9d45e06348c6703fba2064ac149aabda) C:\Windows\system32\DRIVERS\wacomvhid.sys
00:31:44.0487 5480 wacomvhid - ok
00:31:44.0534 5480 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
00:31:44.0550 5480 WacomVKHid - ok
00:31:44.0596 5480 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:31:44.0612 5480 WANARP - ok
00:31:44.0612 5480 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:31:44.0628 5480 Wanarpv6 - ok
00:31:44.0737 5480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:31:44.0768 5480 WatAdminSvc - ok
00:31:44.0830 5480 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:31:44.0862 5480 wbengine - ok
00:31:44.0971 5480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:31:44.0971 5480 WbioSrvc - ok
00:31:45.0018 5480 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
00:31:45.0033 5480 wcncsvc - ok
00:31:45.0064 5480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:31:45.0080 5480 WcsPlugInService - ok
00:31:45.0142 5480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:31:45.0142 5480 Wd - ok
00:31:45.0236 5480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:31:45.0252 5480 Wdf01000 - ok
00:31:45.0283 5480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:31:45.0283 5480 WdiServiceHost - ok
00:31:45.0298 5480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:31:45.0298 5480 WdiSystemHost - ok
00:31:45.0345 5480 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
00:31:45.0361 5480 wdkmd - ok
00:31:45.0392 5480 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
00:31:45.0408 5480 WebClient - ok
00:31:45.0501 5480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:31:45.0517 5480 Wecsvc - ok
00:31:45.0548 5480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:31:45.0548 5480 wercplsupport - ok
00:31:45.0579 5480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:31:45.0579 5480 WerSvc - ok
00:31:45.0657 5480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:31:45.0657 5480 WfpLwf - ok
00:31:45.0688 5480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:31:45.0688 5480 WIMMount - ok
00:31:45.0735 5480 WinDefend - ok
00:31:45.0735 5480 WinHttpAutoProxySvc - ok
00:31:45.0844 5480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:31:45.0844 5480 Winmgmt - ok
00:31:45.0907 5480 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:31:45.0938 5480 WinRM - ok
00:31:46.0047 5480 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
00:31:46.0063 5480 WinUSB - ok
00:31:46.0094 5480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:31:46.0110 5480 Wlansvc - ok
00:31:46.0219 5480 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:31:46.0219 5480 wlcrasvc - ok
00:31:46.0312 5480 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:31:46.0344 5480 wlidsvc - ok
00:31:46.0453 5480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:31:46.0453 5480 WmiAcpi - ok
00:31:46.0515 5480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:31:46.0531 5480 wmiApSrv - ok
00:31:46.0593 5480 WMPNetworkSvc - ok
00:31:46.0671 5480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:31:46.0702 5480 WPCSvc - ok
00:31:46.0718 5480 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:31:46.0718 5480 WPDBusEnum - ok
00:31:46.0765 5480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:31:46.0765 5480 ws2ifsl - ok
00:31:46.0812 5480 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
00:31:46.0827 5480 wscsvc - ok
00:31:46.0843 5480 WSearch - ok
00:31:46.0905 5480 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:31:46.0936 5480 wuauserv - ok
00:31:46.0999 5480 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:31:47.0014 5480 WudfPf - ok
00:31:47.0077 5480 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:31:47.0077 5480 WUDFRd - ok
00:31:47.0108 5480 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:31:47.0108 5480 wudfsvc - ok
00:31:47.0139 5480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:31:47.0155 5480 WwanSvc - ok
00:31:47.0264 5480 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:31:47.0280 5480 yukonw7 - ok
00:31:47.0358 5480 MBR (0x1B8) (7644a70470cb021a0861b339af4a8675) \Device\Harddisk0\DR0
00:31:47.0389 5480 \Device\Harddisk0\DR0 - ok
00:31:47.0420 5480 Boot (0x1200) (2590651e2645b4cdbe35529d5193e17c) \Device\Harddisk0\DR0\Partition0
00:31:47.0420 5480 \Device\Harddisk0\DR0\Partition0 - ok
00:31:47.0436 5480 Boot (0x1200) (68871e7da4654a5991689e3548eac24d) \Device\Harddisk0\DR0\Partition1
00:31:47.0436 5480 \Device\Harddisk0\DR0\Partition1 - ok
00:31:47.0467 5480 Boot (0x1200) (43cd5c7b346f289f9f45c6d321daf5a0) \Device\Harddisk0\DR0\Partition2
00:31:47.0467 5480 \Device\Harddisk0\DR0\Partition2 - ok
00:31:47.0482 5480 Boot (0x1200) (4fbc92027cdad95322a8d0a532ae84c9) \Device\Harddisk0\DR0\Partition3
00:31:47.0482 5480 \Device\Harddisk0\DR0\Partition3 - ok
00:31:47.0482 5480 ============================================================
00:31:47.0482 5480 Scan finished
00:31:47.0482 5480 ============================================================
00:31:47.0498 1196 Detected object count: 0
00:31:47.0498 1196 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 00:33:45
-----------------------------
00:33:45.931 OS Version: Windows x64 6.1.7600
00:33:45.931 Number of processors: 4 586 0x2505
00:33:45.931 ComputerName: KIM-HP UserName: Kim
00:33:47.553 Initialize success
00:35:40.068 AVAST engine defs: 12032601
00:36:41.532 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:36:41.532 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
00:36:41.532 Disk 0 MBR read successfully
00:36:41.548 Disk 0 MBR scan
00:36:41.548 Disk 0 unknown MBR code
00:36:41.563 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:36:41.579 Disk 00:31:06.0018 2832 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:31:06.0844 2832 ============================================================
00:31:06.0844 2832 Current date / time: 2012/03/27 00:31:06.0844
00:31:06.0844 2832 SystemInfo:
00:31:06.0844 2832
00:31:06.0844 2832 OS Version: 6.1.7600 ServicePack: 0.0
00:31:06.0844 2832 Product type: Workstation
00:31:06.0844 2832 ComputerName: KIM-HP
00:31:06.0844 2832 UserName: Kim
00:31:06.0844 2832 Windows directory: C:\Windows
00:31:06.0844 2832 System windows directory: C:\Windows
00:31:06.0844 2832 Running under WOW64
00:31:06.0844 2832 Processor architecture: Intel x64
00:31:06.0844 2832 Number of processors: 4
00:31:06.0844 2832 Page size: 0x1000
00:31:06.0844 2832 Boot type: Normal boot
00:31:06.0844 2832 ============================================================
00:31:07.0453 2832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:31:07.0453 2832 \Device\Harddisk0\DR0:
00:31:07.0453 2832 MBR used
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37774000
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x377D8000, BlocksNum 0x2B7A000
00:31:07.0453 2832 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
00:31:07.0546 2832 Initialize success
00:31:07.0546 2832 ============================================================
00:31:12.0757 5480 ============================================================
00:31:12.0757 5480 Scan started
00:31:12.0757 5480 Mode: Manual;
00:31:12.0757 5480 ============================================================
00:31:13.0584 5480 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:31:13.0599 5480 1394ohci - ok
00:31:13.0646 5480 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
00:31:13.0677 5480 Accelerometer - ok
00:31:13.0724 5480 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:31:13.0724 5480 ACPI - ok
00:31:13.0771 5480 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:31:13.0771 5480 AcpiPmi - ok
00:31:13.0880 5480 AdobeActiveFileMonitor5.0 (63ab43534cbf5d7f3eb81dfdc8161490) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
00:31:13.0880 5480 AdobeActiveFileMonitor5.0 - ok
00:31:13.0974 5480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:31:13.0974 5480 AdobeARMservice - ok
00:31:14.0098 5480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:31:14.0114 5480 adp94xx - ok
00:31:14.0161 5480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:31:14.0161 5480 adpahci - ok
00:31:14.0192 5480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:31:14.0192 5480 adpu320 - ok
00:31:14.0223 5480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:31:14.0223 5480 AeLookupSvc - ok
00:31:14.0286 5480 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
00:31:14.0286 5480 AESTFilters - ok
00:31:14.0410 5480 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
00:31:14.0426 5480 AFD - ok
00:31:14.0473 5480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:31:14.0473 5480 agp440 - ok
00:31:14.0504 5480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:31:14.0520 5480 ALG - ok
00:31:14.0582 5480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:31:14.0582 5480 aliide - ok
00:31:14.0644 5480 AMD External Events Utility (cc180e1e0700995340c838bc1a729577) C:\Windows\system32\atiesrxx.exe
00:31:14.0660 5480 AMD External Events Utility - ok
00:31:14.0676 5480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:31:14.0691 5480 amdide - ok
00:31:14.0738 5480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:31:14.0738 5480 AmdK8 - ok
00:31:14.0894 5480 amdkmdag (8155ea1864d1fa8b168c46c41ed97a76) C:\Windows\system32\DRIVERS\atikmdag.sys
00:31:15.0019 5480 amdkmdag - ok
00:31:15.0144 5480 amdkmdap (4841c7af2bac05ae23955d65b4336446) C:\Windows\system32\DRIVERS\atikmpag.sys
00:31:15.0159 5480 amdkmdap - ok
00:31:15.0206 5480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:31:15.0206 5480 AmdPPM - ok
00:31:15.0237 5480 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
00:31:15.0253 5480 amdsata - ok
00:31:15.0284 5480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:31:15.0284 5480 amdsbs - ok
00:31:15.0378 5480 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
00:31:15.0393 5480 amdxata - ok
00:31:15.0440 5480 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS
00:31:15.0471 5480 AmUStor - ok
00:31:15.0518 5480 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:31:15.0518 5480 AppID - ok
00:31:15.0612 5480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:31:15.0627 5480 AppIDSvc - ok
00:31:15.0674 5480 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:31:15.0674 5480 Appinfo - ok
00:31:15.0752 5480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:31:15.0768 5480 arc - ok
00:31:15.0830 5480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:31:15.0846 5480 arcsas - ok
00:31:15.0892 5480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:31:15.0892 5480 AsyncMac - ok
00:31:15.0924 5480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:31:15.0924 5480 atapi - ok
00:31:15.0970 5480 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
00:31:16.0002 5480 AtiHdmiService - ok
00:31:16.0048 5480 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:31:16.0064 5480 AudioEndpointBuilder - ok
00:31:16.0064 5480 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:31:16.0080 5480 AudioSrv - ok
00:31:16.0173 5480 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:31:16.0204 5480 AxInstSV - ok
00:31:16.0267 5480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:31:16.0282 5480 b06bdrv - ok
00:31:16.0345 5480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:31:16.0345 5480 b57nd60a - ok
00:31:16.0407 5480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:31:16.0438 5480 BDESVC - ok
00:31:16.0470 5480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:31:16.0485 5480 Beep - ok
00:31:16.0548 5480 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
00:31:16.0563 5480 BFE - ok
00:31:16.0766 5480 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
00:31:16.0797 5480 BHDrvx64 - ok
00:31:16.0891 5480 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
00:31:16.0906 5480 BITS - ok
00:31:16.0953 5480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:31:16.0969 5480 blbdrive - ok
00:31:17.0016 5480 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:31:17.0031 5480 bowser - ok
00:31:17.0109 5480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:31:17.0109 5480 BrFiltLo - ok
00:31:17.0125 5480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:31:17.0140 5480 BrFiltUp - ok
00:31:17.0218 5480 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:31:17.0234 5480 BridgeMP - ok
00:31:17.0296 5480 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:31:17.0296 5480 Browser - ok
00:31:17.0374 5480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:31:17.0374 5480 Brserid - ok
00:31:17.0390 5480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:31:17.0406 5480 BrSerWdm - ok
00:31:17.0421 5480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:31:17.0437 5480 BrUsbMdm - ok
00:31:17.0468 5480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:31:17.0484 5480 BrUsbSer - ok
00:31:17.0546 5480 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:31:17.0562 5480 BthEnum - ok
00:31:17.0640 5480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:31:17.0655 5480 BTHMODEM - ok
00:31:17.0686 5480 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:31:17.0702 5480 BthPan - ok
00:31:17.0733 5480 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
00:31:17.0764 5480 BTHPORT - ok
00:31:17.0842 5480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:31:17.0842 5480 bthserv - ok
00:31:17.0920 5480 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
00:31:17.0936 5480 BTHUSB - ok
00:31:17.0983 5480 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
00:31:18.0014 5480 btwampfl - ok
00:31:18.0061 5480 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
00:31:18.0061 5480 btwaudio - ok
00:31:18.0154 5480 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
00:31:18.0154 5480 btwavdt - ok
00:31:18.0264 5480 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
00:31:18.0279 5480 btwdins - ok
00:31:18.0357 5480 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:31:18.0373 5480 btwl2cap - ok
00:31:18.0404 5480 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
00:31:18.0420 5480 btwrchid - ok
00:31:18.0513 5480 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
00:31:18.0529 5480 ccHP - ok
00:31:18.0622 5480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:31:18.0638 5480 cdfs - ok
00:31:18.0685 5480 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:31:18.0700 5480 cdrom - ok
00:31:18.0732 5480 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:31:18.0732 5480 CertPropSvc - ok
00:31:18.0794 5480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:31:18.0794 5480 circlass - ok
00:31:18.0825 5480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:31:18.0856 5480 CLFS - ok
00:31:18.0903 5480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:31:18.0919 5480 clr_optimization_v2.0.50727_32 - ok
00:31:18.0950 5480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:31:18.0966 5480 clr_optimization_v2.0.50727_64 - ok
00:31:19.0028 5480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:31:19.0044 5480 clr_optimization_v4.0.30319_32 - ok
00:31:19.0106 5480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:31:19.0106 5480 clr_optimization_v4.0.30319_64 - ok
00:31:19.0168 5480 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
00:31:19.0200 5480 clwvd - ok
00:31:19.0231 5480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:31:19.0231 5480 CmBatt - ok
00:31:19.0262 5480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:31:19.0262 5480 cmdide - ok
00:31:19.0293 5480 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
00:31:19.0324 5480 CNG - ok
00:31:19.0402 5480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:31:19.0418 5480 Compbatt - ok
00:31:19.0465 5480 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:31:19.0465 5480 CompositeBus - ok
00:31:19.0480 5480 COMSysApp - ok
00:31:19.0527 5480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:31:19.0527 5480 crcdisk - ok
00:31:19.0574 5480 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:31:19.0574 5480 CryptSvc - ok
00:31:19.0636 5480 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:31:19.0652 5480 DcomLaunch - ok
00:31:19.0683 5480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:31:19.0699 5480 defragsvc - ok
00:31:19.0746 5480 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:31:19.0761 5480 DfsC - ok
00:31:19.0824 5480 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:31:19.0839 5480 Dhcp - ok
00:31:19.0886 5480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:31:19.0886 5480 discache - ok
00:31:19.0964 5480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:31:19.0980 5480 Disk - ok
00:31:20.0026 5480 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
00:31:20.0026 5480 Dnscache - ok
00:31:20.0089 5480 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:31:20.0120 5480 dot3svc - ok
00:31:20.0167 5480 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:31:20.0167 5480 DPS - ok
00:31:20.0229 5480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:31:20.0229 5480 drmkaud - ok
00:31:20.0307 5480 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
00:31:20.0338 5480 DVMIO - ok
00:31:20.0401 5480 DvmMDES (022acbae96cb9f0d9cc4a3287d0c8868) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
00:31:20.0401 5480 DvmMDES - ok
00:31:20.0510 5480 DXGKrnl (372117d46a16add8ca6e3ee3b3bdd57c) C:\Windows\System32\drivers\dxgkrnl.sys
00:31:20.0526 5480 DXGKrnl - ok
00:31:20.0604 5480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:31:20.0604 5480 EapHost - ok
00:31:20.0728 5480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:31:20.0791 5480 ebdrv - ok
00:31:20.0869 5480 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:31:20.0884 5480 eeCtrl - ok
00:31:20.0978 5480 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
00:31:20.0994 5480 EFS - ok
00:31:21.0040 5480 EgisTec Service (1d7759b36b378968e8ea9213cb245b60) C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
00:31:21.0056 5480 EgisTec Service - ok
00:31:21.0118 5480 EgisTec Ticket Service (e70939c63f2dd6ba400b78218eb749be) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
00:31:21.0118 5480 EgisTec Ticket Service - ok
00:31:21.0228 5480 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
00:31:21.0243 5480 ehRecvr - ok
00:31:21.0274 5480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:31:21.0290 5480 ehSched - ok
00:31:21.0368 5480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:31:21.0384 5480 elxstor - ok
00:31:21.0493 5480 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:31:21.0508 5480 EraserUtilRebootDrv - ok
00:31:21.0586 5480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:31:21.0602 5480 ErrDev - ok
00:31:21.0664 5480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:31:21.0664 5480 EventSystem - ok
00:31:21.0774 5480 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:31:21.0789 5480 EvtEng - ok
00:31:21.0867 5480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:31:21.0898 5480 exfat - ok
00:31:21.0976 5480 f5ipfw (f3f4c78c495a843d12f352c58abca643) C:\Windows\system32\drivers\urfltv64.sys
00:31:22.0008 5480 f5ipfw - ok
00:31:22.0039 5480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:31:22.0054 5480 fastfat - ok
00:31:22.0117 5480 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:31:22.0132 5480 Fax - ok
00:31:22.0226 5480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:31:22.0242 5480 fdc - ok
00:31:22.0273 5480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:31:22.0288 5480 fdPHost - ok
00:31:22.0288 5480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:31:22.0288 5480 FDResPub - ok
00:31:22.0335 5480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:31:22.0335 5480 FileInfo - ok
00:31:22.0351 5480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:31:22.0351 5480 Filetrace - ok
00:31:22.0382 5480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:31:22.0382 5480 flpydisk - ok
00:31:22.0413 5480 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:31:22.0413 5480 FltMgr - ok
00:31:22.0507 5480 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
00:31:22.0522 5480 FontCache - ok
00:31:22.0554 5480 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:31:22.0569 5480 FontCache3.0.0.0 - ok
00:31:22.0616 5480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:31:22.0616 5480 FsDepends - ok
00:31:22.0694 5480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:31:22.0710 5480 Fs_Rec - ok
00:31:22.0756 5480 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:31:22.0756 5480 fvevol - ok
00:31:22.0803 5480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:31:22.0819 5480 gagp30kx - ok
00:31:22.0912 5480 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:31:22.0959 5480 GameConsoleService - ok
00:31:23.0068 5480 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:31:23.0084 5480 GEARAspiWDM - ok
00:31:23.0146 5480 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:31:23.0146 5480 gpsvc - ok
00:31:23.0256 5480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:31:23.0271 5480 hcw85cir - ok
00:31:23.0302 5480 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:31:23.0318 5480 HdAudAddService - ok
00:31:23.0365 5480 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:31:23.0365 5480 HDAudBus - ok
00:31:23.0412 5480 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:31:23.0427 5480 HECIx64 - ok
00:31:23.0505 5480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:31:23.0521 5480 HidBatt - ok
00:31:23.0536 5480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:31:23.0552 5480 HidBth - ok
00:31:23.0583 5480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:31:23.0583 5480 HidIr - ok
00:31:23.0614 5480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:31:23.0614 5480 hidserv - ok
00:31:23.0661 5480 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:31:23.0661 5480 HidUsb - ok
00:31:23.0739 5480 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:31:23.0739 5480 hkmsvc - ok
00:31:23.0770 5480 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:31:23.0770 5480 HomeGroupListener - ok
00:31:23.0802 5480 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:31:23.0802 5480 HomeGroupProvider - ok
00:31:23.0911 5480 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:31:23.0926 5480 HP Support Assistant Service - ok
00:31:23.0989 5480 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:31:24.0036 5480 HP Wireless Assistant Service - ok
00:31:24.0114 5480 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:31:24.0129 5480 HPDrvMntSvc.exe - ok
00:31:24.0207 5480 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
00:31:24.0223 5480 hpdskflt - ok
00:31:24.0301 5480 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:31:24.0316 5480 hpqwmiex - ok
00:31:24.0426 5480 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:31:24.0441 5480 HpSAMD - ok
00:31:24.0472 5480 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
00:31:24.0472 5480 hpsrv - ok
00:31:24.0566 5480 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:31:24.0566 5480 HPWMISVC - ok
00:31:24.0691 5480 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:31:24.0706 5480 HTTP - ok
00:31:24.0753 5480 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:31:24.0769 5480 hwpolicy - ok
00:31:24.0831 5480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:31:24.0831 5480 i8042prt - ok
00:31:24.0878 5480 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
00:31:24.0878 5480 iaStor - ok
00:31:24.0987 5480 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:31:25.0003 5480 IAStorDataMgrSvc - ok
00:31:25.0112 5480 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
00:31:25.0128 5480 iaStorV - ok
00:31:25.0206 5480 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:31:25.0237 5480 idsvc - ok
00:31:25.0440 5480 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120323.002\IDSvia64.sys
00:31:25.0471 5480 IDSVia64 - ok
00:31:25.0720 5480 igfx (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:31:25.0939 5480 igfx - ok
00:31:26.0032 5480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:31:26.0048 5480 iirsp - ok
00:31:26.0095 5480 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:31:26.0110 5480 IKEEXT - ok
00:31:26.0142 5480 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
00:31:26.0157 5480 Impcd - ok
00:31:26.0266 5480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:31:26.0282 5480 intelide - ok
00:31:26.0485 5480 intelkmd (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:31:26.0656 5480 intelkmd - ok
00:31:26.0766 5480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:31:26.0781 5480 intelppm - ok
00:31:26.0828 5480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:31:26.0890 5480 IPBusEnum - ok
00:31:26.0890 5480 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:31:26.0906 5480 IpFilterDriver - ok
00:31:26.0937 5480 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:31:26.0953 5480 iphlpsvc - ok
00:31:27.0031 5480 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:31:27.0046 5480 IPMIDRV - ok
00:31:27.0062 5480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:31:27.0078 5480 IPNAT - ok
00:31:27.0109 5480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:31:27.0109 5480 IRENUM - ok
00:31:27.0140 5480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:31:27.0140 5480 isapnp - ok
00:31:27.0171 5480 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:31:27.0187 5480 iScsiPrt - ok
00:31:27.0280 5480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:31:27.0296 5480 kbdclass - ok
00:31:27.0343 5480 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:31:27.0343 5480 kbdhid - ok
00:31:27.0374 5480 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:27.0374 5480 KeyIso - ok
00:31:27.0390 5480 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
00:31:27.0405 5480 KSecDD - ok
00:31:27.0421 5480 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
00:31:27.0421 5480 KSecPkg - ok
00:31:27.0452 5480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:31:27.0468 5480 ksthunk - ok
00:31:27.0546 5480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:31:27.0608 5480 KtmRm - ok
00:31:27.0639 5480 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
00:31:27.0655 5480 LanmanServer - ok
00:31:27.0670 5480 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:31:27.0670 5480 LanmanWorkstation - ok
00:31:27.0748 5480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:31:27.0748 5480 lltdio - ok
00:31:27.0826 5480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:31:27.0873 5480 lltdsvc - ok
00:31:27.0920 5480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:31:27.0920 5480 lmhosts - ok
00:31:28.0014 5480 LMS (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:31:28.0060 5480 LMS - ok
00:31:28.0138 5480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:31:28.0154 5480 LSI_FC - ok
00:31:28.0216 5480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:31:28.0216 5480 LSI_SAS - ok
00:31:28.0248 5480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:31:28.0248 5480 LSI_SAS2 - ok
00:31:28.0279 5480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:31:28.0279 5480 LSI_SCSI - ok
00:31:28.0294 5480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:31:28.0310 5480 luafv - ok
00:31:28.0326 5480 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:31:28.0388 5480 Mcx2Svc - ok
00:31:28.0450 5480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:31:28.0466 5480 megasas - ok
00:31:28.0513 5480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:31:28.0513 5480 MegaSR - ok
00:31:28.0622 5480 Microsoft SharePoint Workspace Audit Service - ok
00:31:28.0653 5480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:31:28.0653 5480 MMCSS - ok
00:31:28.0716 5480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:31:28.0731 5480 Modem - ok
00:31:28.0778 5480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:31:28.0778 5480 monitor - ok
00:31:28.0825 5480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:31:28.0840 5480 mouclass - ok
00:31:28.0856 5480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:31:28.0856 5480 mouhid - ok
00:31:28.0872 5480 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:31:28.0872 5480 mountmgr - ok
00:31:28.0903 5480 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:31:28.0903 5480 mpio - ok
00:31:28.0981 5480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:31:28.0996 5480 mpsdrv - ok
00:31:29.0059 5480 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
00:31:29.0074 5480 MpsSvc - ok
00:31:29.0090 5480 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:31:29.0106 5480 MRxDAV - ok
00:31:29.0168 5480 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:31:29.0199 5480 mrxsmb - ok
00:31:29.0262 5480 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:31:29.0277 5480 mrxsmb10 - ok
00:31:29.0308 5480 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:31:29.0308 5480 mrxsmb20 - ok
00:31:29.0324 5480 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
00:31:29.0355 5480 msahci - ok
00:31:29.0402 5480 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:31:29.0402 5480 msdsm - ok
00:31:29.0464 5480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:31:29.0480 5480 MSDTC - ok
00:31:29.0527 5480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:31:29.0558 5480 Msfs - ok
00:31:29.0589 5480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:31:29.0605 5480 mshidkmdf - ok
00:31:29.0620 5480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:31:29.0620 5480 msisadrv - ok
00:31:29.0652 5480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:31:29.0698 5480 MSiSCSI - ok
00:31:29.0745 5480 msiserver - ok
00:31:29.0808 5480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:31:29.0839 5480 MSKSSRV - ok
00:31:29.0870 5480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:31:29.0870 5480 MSPCLOCK - ok
00:31:29.0886 5480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:31:29.0901 5480 MSPQM - ok
00:31:29.0917 5480 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:31:29.0964 5480 MsRPC - ok
00:31:30.0026 5480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:31:30.0057 5480 mssmbios - ok
00:31:30.0104 5480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:31:30.0104 5480 MSTEE - ok
00:31:30.0151 5480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:31:30.0151 5480 MTConfig - ok
00:31:30.0182 5480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:31:30.0182 5480 Mup - ok
00:31:30.0260 5480 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:31:30.0322 5480 MyWiFiDHCPDNS - ok
00:31:30.0416 5480 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
00:31:30.0416 5480 N360 - ok
00:31:30.0510 5480 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:31:30.0510 5480 napagent - ok
00:31:30.0588 5480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:31:30.0603 5480 NativeWifiP - ok
00:31:30.0775 5480 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120325.018\ENG64.SYS
00:31:30.0790 5480 NAVENG - ok
00:31:30.0853 5480 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120325.018\EX64.SYS
00:31:30.0900 5480 NAVEX15 - ok
00:31:31.0009 5480 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:31:31.0040 5480 NDIS - ok
00:31:31.0071 5480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:31:31.0071 5480 NdisCap - ok
00:31:31.0102 5480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:31:31.0102 5480 NdisTapi - ok
00:31:31.0212 5480 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:31:31.0227 5480 Ndisuio - ok
00:31:31.0243 5480 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:31:31.0258 5480 NdisWan - ok
00:31:31.0274 5480 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:31:31.0290 5480 NDProxy - ok
00:31:31.0321 5480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:31:31.0321 5480 NetBIOS - ok
00:31:31.0352 5480 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:31:31.0352 5480 NetBT - ok
00:31:31.0383 5480 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:31.0383 5480 Netlogon - ok
00:31:31.0492 5480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:31:31.0492 5480 Netman - ok
00:31:31.0508 5480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:31:31.0524 5480 netprofm - ok
00:31:31.0570 5480 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:31:31.0586 5480 NetTcpPortSharing - ok
00:31:31.0773 5480 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
00:31:31.0945 5480 NETw5s64 - ok
00:31:32.0148 5480 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:31:32.0226 5480 netw5v64 - ok
00:31:32.0335 5480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:31:32.0335 5480 nfrd960 - ok
00:31:32.0382 5480 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:31:32.0382 5480 NlaSvc - ok
00:31:32.0491 5480 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:31:32.0522 5480 NOBU - ok
00:31:32.0600 5480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:31:32.0631 5480 Npfs - ok
00:31:32.0662 5480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:31:32.0662 5480 nsi - ok
00:31:32.0694 5480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:31:32.0694 5480 nsiproxy - ok
00:31:32.0756 5480 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
00:31:32.0818 5480 Ntfs - ok
00:31:32.0896 5480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:31:32.0912 5480 Null - ok
00:31:32.0943 5480 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
00:31:32.0959 5480 nvraid - ok
00:31:32.0990 5480 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
00:31:32.0990 5480 nvstor - ok
00:31:33.0021 5480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:31:33.0037 5480 nv_agp - ok
00:31:33.0052 5480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:31:33.0068 5480 ohci1394 - ok
00:31:33.0162 5480 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:31:33.0162 5480 ose - ok
00:31:33.0318 5480 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:31:33.0458 5480 osppsvc - ok
00:31:33.0536 5480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:31:33.0536 5480 p2pimsvc - ok
00:31:33.0583 5480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:31:33.0583 5480 p2psvc - ok
00:31:33.0630 5480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:31:33.0630 5480 Parport - ok
00:31:33.0661 5480 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:31:33.0676 5480 partmgr - ok
00:31:33.0692 5480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:31:33.0708 5480 PcaSvc - ok
00:31:33.0770 5480 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:31:33.0770 5480 pci - ok
00:31:33.0832 5480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:31:33.0832 5480 pciide - ok
00:31:33.0864 5480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:31:33.0864 5480 pcmcia - ok
00:31:33.0895 5480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:31:33.0895 5480 pcw - ok
00:31:33.0926 5480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:31:33.0942 5480 PEAUTH - ok
00:31:34.0035 5480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:31:34.0051 5480 PerfHost - ok
00:31:34.0113 5480 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:31:34.0144 5480 pla - ok
00:31:34.0269 5480 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
00:31:34.0269 5480 PlugPlay - ok
00:31:34.0300 5480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:31:34.0347 5480 PNRPAutoReg - ok
00:31:34.0378 5480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:31:34.0378 5480 PNRPsvc - ok
00:31:34.0410 5480 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:31:34.0425 5480 PolicyAgent - ok
00:31:34.0503 5480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:31:34.0519 5480 Power - ok
00:31:34.0566 5480 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:31:34.0597 5480 PptpMiniport - ok
00:31:34.0612 5480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:31:34.0612 5480 Processor - ok
00:31:34.0659 5480 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:31:34.0675 5480 ProfSvc - ok
00:31:34.0753 5480 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:34.0753 5480 ProtectedStorage - ok
00:31:34.0800 5480 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:31:34.0800 5480 Psched - ok
00:31:34.0846 5480 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:31:34.0893 5480 PxHlpa64 - ok
00:31:34.0940 5480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:31:34.0956 5480 ql2300 - ok
00:31:35.0049 5480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:31:35.0065 5480 ql40xx - ok
00:31:35.0112 5480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:31:35.0127 5480 QWAVE - ok
00:31:35.0143 5480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:31:35.0143 5480 QWAVEdrv - ok
00:31:35.0158 5480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:31:35.0158 5480 RasAcd - ok
00:31:35.0205 5480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:31:35.0205 5480 RasAgileVpn - ok
00:31:35.0236 5480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:31:35.0252 5480 RasAuto - ok
00:31:35.0314 5480 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:31:35.0330 5480 Rasl2tp - ok
00:31:35.0392 5480 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:31:35.0392 5480 RasMan - ok
00:31:35.0439 5480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:31:35.0439 5480 RasPppoe - ok
00:31:35.0455 5480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:31:35.0455 5480 RasSstp - ok
00:31:35.0486 5480 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:31:35.0486 5480 rdbss - ok
00:31:35.0533 5480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:31:35.0533 5480 rdpbus - ok
00:31:35.0595 5480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:31:35.0611 5480 RDPCDD - ok
00:31:35.0642 5480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:31:35.0642 5480 RDPENCDD - ok
00:31:35.0673 5480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:31:35.0673 5480 RDPREFMP - ok
00:31:35.0720 5480 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
00:31:35.0751 5480 RDPWD - ok
00:31:35.0798 5480 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:31:35.0798 5480 rdyboost - ok
00:31:35.0845 5480 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:31:35.0860 5480 RegSrvc - ok
00:31:35.0938 5480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:31:35.0954 5480 RemoteAccess - ok
00:31:36.0016 5480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:31:36.0032 5480 RemoteRegistry - ok
00:31:36.0079 5480 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:31:36.0094 5480 RFCOMM - ok
00:31:36.0172 5480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:31:36.0172 5480 RpcEptMapper - ok
00:31:36.0204 5480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:31:36.0219 5480 RpcLocator - ok
00:31:36.0266 5480 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:31:36.0282 5480 RpcSs - ok
00:31:36.0375 5480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:31:36.0375 5480 rspndr - ok
00:31:36.0422 5480 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:31:36.0453 5480 RTL8167 - ok
00:31:36.0484 5480 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:36.0484 5480 SamSs - ok
00:31:36.0531 5480 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:31:36.0531 5480 sbp2port - ok
00:31:36.0562 5480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:31:36.0594 5480 SCardSvr - ok
00:31:36.0656 5480 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:31:36.0672 5480 scfilter - ok
00:31:36.0718 5480 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
00:31:36.0734 5480 Schedule - ok
00:31:36.0812 5480 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:31:36.0812 5480 SCPolicySvc - ok
00:31:36.0859 5480 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
00:31:36.0874 5480 sdbus - ok
00:31:36.0906 5480 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:31:36.0937 5480 SDRSVC - ok
00:31:37.0030 5480 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:31:37.0046 5480 SeaPort - ok
00:31:37.0140 5480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:31:37.0171 5480 secdrv - ok
00:31:37.0202 5480 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:31:37.0202 5480 seclogon - ok
00:31:37.0249 5480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:31:37.0249 5480 SENS - ok
00:31:37.0280 5480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:31:37.0311 5480 SensrSvc - ok
00:31:37.0342 5480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:31:37.0342 5480 Serenum - ok
00:31:37.0436 5480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:31:37.0452 5480 Serial - ok
00:31:37.0483 5480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:31:37.0483 5480 sermouse - ok
00:31:37.0530 5480 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:31:37.0530 5480 SessionEnv - ok
00:31:37.0545 5480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:31:37.0545 5480 sffdisk - ok
00:31:37.0561 5480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:31:37.0561 5480 sffp_mmc - ok
00:31:37.0592 5480 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:31:37.0608 5480 sffp_sd - ok
00:31:37.0701 5480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:31:37.0717 5480 sfloppy - ok
00:31:37.0748 5480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:31:37.0748 5480 SharedAccess - ok
00:31:37.0779 5480 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:31:37.0795 5480 ShellHWDetection - ok
00:31:37.0826 5480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:31:37.0826 5480 SiSRaid2 - ok
00:31:37.0842 5480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:31:37.0857 5480 SiSRaid4 - ok
00:31:37.0951 5480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:31:37.0966 5480 Smb - ok
00:31:38.0013 5480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:31:38.0029 5480 SNMPTRAP - ok
00:31:38.0060 5480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:31:38.0060 5480 spldr - ok
00:31:38.0107 5480 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
00:31:38.0107 5480 Spooler - ok
00:31:38.0247 5480 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:31:38.0278 5480 sppsvc - ok
00:31:38.0310 5480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:31:38.0325 5480 sppuinotify - ok
00:31:38.0481 5480 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
00:31:38.0512 5480 SRTSP - ok
00:31:38.0544 5480 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
00:31:38.0544 5480 SRTSPX - ok
00:31:38.0590 5480 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:31:38.0606 5480 srv - ok
00:31:38.0700 5480 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:31:38.0715 5480 srv2 - ok
00:31:38.0762 5480 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:31:38.0778 5480 SrvHsfHDA - ok
00:31:38.0824 5480 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:31:38.0856 5480 SrvHsfV92 - ok
00:31:38.0965 5480 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:31:38.0980 5480 SrvHsfWinac - ok
00:31:39.0027 5480 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:31:39.0043 5480 srvnet - ok
00:31:39.0105 5480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:31:39.0105 5480 SSDPSRV - ok
00:31:39.0136 5480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:31:39.0136 5480 SstpSvc - ok
00:31:39.0199 5480 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
00:31:39.0214 5480 STacSV - ok
00:31:39.0246 5480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:31:39.0261 5480 stexstor - ok
00:31:39.0324 5480 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
00:31:39.0339 5480 STHDA - ok
00:31:39.0417 5480 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:31:39.0433 5480 stisvc - ok
00:31:39.0464 5480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:31:39.0480 5480 swenum - ok
00:31:39.0589 5480 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:31:39.0636 5480 SwitchBoard - ok
00:31:39.0714 5480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:31:39.0745 5480 swprv - ok
00:31:39.0854 5480 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
00:31:39.0870 5480 SymDS - ok
00:31:39.0979 5480 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
00:31:40.0010 5480 SymEFA - ok
00:31:40.0104 5480 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:31:40.0119 5480 SymEvent - ok
00:31:40.0228 5480 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
00:31:40.0244 5480 SymIRON - ok
00:31:40.0338 5480 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
00:31:40.0353 5480 SYMTDIv - ok
00:31:40.0462 5480 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
00:31:40.0478 5480 SynTP - ok
00:31:40.0603 5480 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:31:40.0618 5480 SysMain - ok
00:31:40.0696 5480 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:31:40.0696 5480 TabletInputService - ok
00:31:40.0806 5480 TabletServicePen (1a143f8e764209c6877cdcb9dbb9f2cd) C:\Windows\system32\Pen_Tablet.exe
00:31:40.0821 5480 TabletServicePen - ok
00:31:40.0899 5480 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:31:40.0899 5480 TapiSrv - ok
00:31:40.0915 5480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:31:40.0946 5480 TBS - ok
00:31:41.0040 5480 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
00:31:41.0055 5480 Tcpip - ok
00:31:41.0164 5480 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
00:31:41.0164 5480 TCPIP6 - ok
00:31:41.0196 5480 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:31:41.0211 5480 tcpipreg - ok
00:31:41.0242 5480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:31:41.0242 5480 TDPIPE - ok
00:31:41.0305 5480 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
00:31:41.0461 5480 TDTCP - ok
00:31:41.0508 5480 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:31:41.0508 5480 tdx - ok
00:31:41.0523 5480 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:31:41.0523 5480 TermDD - ok
00:31:41.0632 5480 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:31:41.0632 5480 TermService - ok
00:31:41.0664 5480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:31:41.0664 5480 Themes - ok
00:31:41.0679 5480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:31:41.0679 5480 THREADORDER - ok
00:31:41.0757 5480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:31:41.0757 5480 TrkWks - ok
00:31:41.0804 5480 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:31:41.0835 5480 TrustedInstaller - ok
00:31:41.0882 5480 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:31:41.0898 5480 tssecsrv - ok
00:31:41.0944 5480 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:31:41.0944 5480 tunnel - ok
00:31:41.0960 5480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:31:41.0991 5480 uagp35 - ok
00:31:42.0069 5480 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
00:31:42.0085 5480 udfs - ok
00:31:42.0116 5480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:31:42.0147 5480 UI0Detect - ok
00:31:42.0210 5480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:31:42.0210 5480 uliagpkx - ok
00:31:42.0241 5480 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:31:42.0256 5480 umbus - ok
00:31:42.0319 5480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:31:42.0319 5480 UmPass - ok
00:31:42.0459 5480 UNS (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:31:42.0506 5480 UNS - ok
00:31:42.0584 5480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:31:42.0584 5480 upnphost - ok
00:31:42.0646 5480 urvpndrv (45e791801b256c326278f8663fa9672b) C:\Windows\system32\DRIVERS\covpnv64.sys
00:31:42.0678 5480 urvpndrv - ok
00:31:42.0724 5480 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
00:31:42.0740 5480 usbccgp - ok
00:31:42.0849 5480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:31:42.0849 5480 usbcir - ok
00:31:42.0880 5480 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
00:31:42.0896 5480 usbehci - ok
00:31:42.0927 5480 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
00:31:42.0943 5480 usbhub - ok
00:31:42.0958 5480 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
00:31:42.0958 5480 usbohci - ok
00:31:43.0005 5480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:31:43.0005 5480 usbprint - ok
00:31:43.0068 5480 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:31:43.0083 5480 USBSTOR - ok
00:31:43.0177 5480 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
00:31:43.0177 5480 usbuhci - ok
00:31:43.0224 5480 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
00:31:43.0239 5480 usbvideo - ok
00:31:43.0270 5480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:31:43.0270 5480 UxSms - ok
00:31:43.0317 5480 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:43.0317 5480 VaultSvc - ok
00:31:43.0458 5480 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
00:31:43.0489 5480 vcsFPService - ok
00:31:43.0582 5480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:31:43.0598 5480 vdrvroot - ok
00:31:43.0629 5480 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:31:43.0660 5480 vds - ok
00:31:43.0692 5480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:31:43.0692 5480 vga - ok
00:31:43.0707 5480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:31:43.0707 5480 VgaSave - ok
00:31:43.0754 5480 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:31:43.0754 5480 vhdmp - ok
00:31:43.0848 5480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:31:43.0863 5480 viaide - ok
00:31:43.0894 5480 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:31:43.0910 5480 volmgr - ok
00:31:43.0926 5480 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:31:43.0941 5480 volmgrx - ok
00:31:43.0957 5480 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:31:43.0957 5480 volsnap - ok
00:31:44.0004 5480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:31:44.0004 5480 vsmraid - ok
00:31:44.0066 5480 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:31:44.0113 5480 VSS - ok
00:31:44.0191 5480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:31:44.0191 5480 vwifibus - ok
00:31:44.0222 5480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:31:44.0238 5480 vwififlt - ok
00:31:44.0238 5480 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:31:44.0253 5480 vwifimp - ok
00:31:44.0284 5480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:31:44.0284 5480 W32Time - ok
00:31:44.0331 5480 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
00:31:44.0362 5480 wacommousefilter - ok
00:31:44.0440 5480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:31:44.0456 5480 WacomPen - ok
00:31:44.0487 5480 wacomvhid (9d45e06348c6703fba2064ac149aabda) C:\Windows\system32\DRIVERS\wacomvhid.sys
00:31:44.0487 5480 wacomvhid - ok
00:31:44.0534 5480 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
00:31:44.0550 5480 WacomVKHid - ok
00:31:44.0596 5480 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:31:44.0612 5480 WANARP - ok
00:31:44.0612 5480 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:31:44.0628 5480 Wanarpv6 - ok
00:31:44.0737 5480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:31:44.0768 5480 WatAdminSvc - ok
00:31:44.0830 5480 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:31:44.0862 5480 wbengine - ok
00:31:44.0971 5480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:31:44.0971 5480 WbioSrvc - ok
00:31:45.0018 5480 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
00:31:45.0033 5480 wcncsvc - ok
00:31:45.0064 5480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:31:45.0080 5480 WcsPlugInService - ok
00:31:45.0142 5480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:31:45.0142 5480 Wd - ok
00:31:45.0236 5480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:31:45.0252 5480 Wdf01000 - ok
00:31:45.0283 5480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:31:45.0283 5480 WdiServiceHost - ok
00:31:45.0298 5480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:31:45.0298 5480 WdiSystemHost - ok
00:31:45.0345 5480 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
00:31:45.0361 5480 wdkmd - ok
00:31:45.0392 5480 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
00:31:45.0408 5480 WebClient - ok
00:31:45.0501 5480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:31:45.0517 5480 Wecsvc - ok
00:31:45.0548 5480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:31:45.0548 5480 wercplsupport - ok
00:31:45.0579 5480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:31:45.0579 5480 WerSvc - ok
00:31:45.0657 5480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:31:45.0657 5480 WfpLwf - ok
00:31:45.0688 5480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:31:45.0688 5480 WIMMount - ok
00:31:45.0735 5480 WinDefend - ok
00:31:45.0735 5480 WinHttpAutoProxySvc - ok
00:31:45.0844 5480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:31:45.0844 5480 Winmgmt - ok
00:31:45.0907 5480 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:31:45.0938 5480 WinRM - ok
00:31:46.0047 5480 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
00:31:46.0063 5480 WinUSB - ok
00:31:46.0094 5480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:31:46.0110 5480 Wlansvc - ok
00:31:46.0219 5480 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:31:46.0219 5480 wlcrasvc - ok
00:31:46.0312 5480 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:31:46.0344 5480 wlidsvc - ok
00:31:46.0453 5480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:31:46.0453 5480 WmiAcpi - ok
00:31:46.0515 5480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:31:46.0531 5480 wmiApSrv - ok
00:31:46.0593 5480 WMPNetworkSvc - ok
00:31:46.0671 5480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:31:46.0702 5480 WPCSvc - ok
00:31:46.0718 5480 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:31:46.0718 5480 WPDBusEnum - ok
00:31:46.0765 5480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:31:46.0765 5480 ws2ifsl - ok
00:31:46.0812 5480 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
00:31:46.0827 5480 wscsvc - ok
00:31:46.0843 5480 WSearch - ok
00:31:46.0905 5480 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:31:46.0936 5480 wuauserv - ok
00:31:46.0999 5480 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:31:47.0014 5480 WudfPf - ok
00:31:47.0077 5480 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:31:47.0077 5480 WUDFRd - ok
00:31:47.0108 5480 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:31:47.0108 5480 wudfsvc - ok
00:31:47.0139 5480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:31:47.0155 5480 WwanSvc - ok
00:31:47.0264 5480 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:31:47.0280 5480 yukonw7 - ok
00:31:47.0358 5480 MBR (0x1B8) (7644a70470cb021a0861b339af4a8675) \Device\Harddisk0\DR0
00:31:47.0389 5480 \Device\Harddisk0\DR0 - ok
00:31:47.0420 5480 Boot (0x1200) (2590651e2645b4cdbe35529d5193e17c) \Device\Harddisk0\DR0\Partition0
00:31:47.0420 5480 \Device\Harddisk0\DR0\Partition0 - ok
00:31:47.0436 5480 Boot (0x1200) (68871e7da4654a5991689e3548eac24d) \Device\Harddisk0\DR0\Partition1
00:31:47.0436 5480 \Device\Harddisk0\DR0\Partition1 - ok
00:31:47.0467 5480 Boot (0x1200) (43cd5c7b346f289f9f45c6d321daf5a0) \Device\Harddisk0\DR0\Partition2
00:31:47.0467 5480 \Device\Harddisk0\DR0\Partition2 - ok
00:31:47.0482 5480 Boot (0x1200) (4fbc92027cdad95322a8d0a532ae84c9) \Device\Harddisk0\DR0\Partition3
00:31:47.0482 5480 \Device\Harddisk0\DR0\Partition3 - ok
00:31:47.0482 5480 ============================================================
00:31:47.0482 5480 Scan finished
00:31:47.0482 5480 ============================================================
00:31:47.0498 1196 Detected object count: 0
00:31:47.0498 1196 Actual detected object count: 0
0 Partition 2 00 07 HPFS/NTFS NTFS 454376 MB offset 409600
00:36:41.610 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22260 MB offset 930971648
00:36:41.641 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
00:36:41.688 Disk 0 scanning C:\Windows\system32\drivers
00:36:52.530 Service scanning
00:37:27.786 Modules scanning
00:37:27.786 Disk 0 trace - called modules:
00:37:28.316 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
00:37:28.332 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005258060]
00:37:28.332 3 CLASSPNP.SYS[fffff88001b5443f] -> nt!IofCallDriver -> [0xfffffa8005136b10]
00:37:28.348 5 hpdskflt.sys[fffff88001afb289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fc6050]
00:37:29.533 AVAST engine scan C:\Windows
00:37:33.574 AVAST engine scan C:\Windows\system32
00:41:55.467 AVAST engine scan C:\Windows\system32\drivers
00:42:15.934 AVAST engine scan C:\Users\Kim
00:52:40.684 AVAST engine scan C:\ProgramData
00:57:45.275 Scan finished successfully
01:01:34.673 Disk 0 MBR has been saved successfully to "C:\Users\Kim\Desktop\MBR.dat"
01:01:34.689 The log file has been saved successfully to "C:\Users\Kim\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 26 March 2012 - 12:17 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Iris17

Iris17
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 March 2012 - 01:08 PM

Hello, I was able to run Combofix without any problems. However I got this notification after ComboFix rebooted my computer, I didn't know what to do so I didn't click anything and left it alone, ComboFix produced a log as per normal. The notification is still there.

Posted Image



ComboFix 12-03-26.02 - Kim 27/03/2012 1:24.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3894.2286 [GMT 8:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
Command switches used :: c:\users\Kim\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 17:36 . 2012-03-26 17:36 -------- d-----w- c:\users\test\AppData\Local\temp
2012-03-26 17:36 . 2012-03-26 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-26 17:36 . 2012-03-26 17:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-23 06:49 . 2012-03-23 06:49 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2012-03-23 06:48 . 2012-03-23 06:48 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 06:48 . 2012-03-23 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 06:48 . 2011-12-10 07:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 02:36 . 2012-03-22 02:36 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-22 02:36 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-22 02:36 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2012-03-22 02:36 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2012-03-22 02:36 . 2012-03-22 02:36 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-22 02:36 . 2012-03-22 02:36 -------- d-----w- c:\program files\Symantec
2012-03-22 02:36 . 2012-03-22 02:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-22 02:34 . 2012-03-23 06:17 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-03-22 02:34 . 2012-03-22 02:34 -------- d-----w- c:\program files (x86)\Norton 360
2012-03-21 17:55 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{958F6CA9-ABB1-4AA7-BBA0-1E2E3475C85E}\mpengine.dll
2012-03-21 17:51 . 2012-03-22 02:28 -------- d-sh--r- c:\users\Public\O-858454-6314-2-64
2012-03-14 08:11 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:11 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:11 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:02 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:02 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 08:02 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 08:02 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 08:02 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 08:02 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:02 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 08:02 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 08:02 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:02 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 08:02 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 08:01 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:01 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:01 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:01 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:01 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:01 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:01 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 06:03 . 2011-05-17 05:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 01:18 . 2011-05-11 06:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:58 . 2012-02-15 07:32 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 07:32 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 07:32 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 07:32 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 07:32 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_15.42.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-24 17:04 . 2012-03-26 17:39 63306 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-26 17:39 44184 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-31 15:54 . 2012-03-26 17:39 20910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2309559559-1373355929-4266364055-1001_UserData.bin
- 2011-04-01 06:50 . 2012-03-26 15:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-01 06:50 . 2012-03-26 17:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-01 06:50 . 2012-03-26 17:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-01 06:50 . 2012-03-26 15:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-26 17:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-26 15:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-31 15:59 . 2012-03-26 17:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-31 15:59 . 2012-03-26 15:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-31 15:59 . 2012-03-26 17:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-31 15:59 . 2012-03-26 15:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-31 15:59 . 2012-03-26 15:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-31 15:59 . 2012-03-26 17:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-31 16:00 . 2012-03-26 17:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-31 16:00 . 2012-03-26 15:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-31 16:00 . 2012-03-26 15:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-31 16:00 . 2012-03-26 17:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-26 15:41 . 2012-03-26 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 17:37 . 2012-03-26 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 17:37 . 2012-03-26 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-26 15:41 . 2012-03-26 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-03-26 17:36 496932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-26 06:34 496932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-09 380272]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-21 67752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-16 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-20 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-06-09 697712]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-06-09 646000]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-22 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2309559559-1373355929-4266364055-1001Core.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 19:06]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2309559559-1373355929-4266364055-1001UA.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 19:06]
.
2012-03-23 c:\windows\Tasks\HPCeeScheduleForKim.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 14:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-26 324096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sg.yahoo.com/?p=us
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 218.186.2.16 218.186.1.58 218.186.2.6
TCP: Interfaces\{A5086A02-3C24-4A47-9359-E60623D88B27}: NameServer = 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-27 01:59:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 17:58
ComboFix2.txt 2012-03-26 15:47
.
Pre-Run: 370,506,260,480 bytes free
Post-Run: 370,584,969,216 bytes free
.
- - End Of File - - FB81DAE5A71BAEA96FC51117476D12ED

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 26 March 2012 - 02:41 PM

Hello


1) In Internet Explorer, select Tools -> Options
2) On the Internet Options dialog, go to the Advanced tab
3) Make sure that both of these options are checked:

X Disable Script Debugging (Internet Explorer)
X Disable Script Debugging (Other)




These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Bing Bar
Bing Bar Platform
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Iris17

Iris17
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 27 March 2012 - 12:18 AM

Hello,

Both of those options were checked.

Here are the logs you requested, didn't encounter any problems at all and computer is running fine. Thanks for all the help so far! (:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Kim :: KIM-HP [administrator]

27/3/2012 1:05:41 PM
mbam-log-2012-03-27 (13-05-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229882
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:13:49 PM, on 27/3/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Users\Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/37
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - C:\Users\Kim\AppData\Local\Temp\f5tmp\urxvpn.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\Kim\AppData\Local\Temp\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Kim\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Kim\AppData\Local\Temp\f5tmp\urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Kim\AppData\Local\Temp\f5tmp\urxhost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5086A02-3C24-4A47-9359-E60623D88B27}: NameServer = 0.0.0.0
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14483 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 27 March 2012 - 12:24 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
      O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Iris17

Iris17
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 27 March 2012 - 06:11 AM

Hello, here is the log you requested. ESET detected 23 infected files, all of which seem to be from my my phone folders. I'm fine with getting rid of them if need be, seeing as theres nothing of importance there and its been awhile since I last touched that folder.

# EOSSerial=d635307d2e1d5b4cbd348c8918764321
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-27 08:19:04
# local_time=2012-03-27 04:19:04 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 82 0 96191681 0 0
# compatibility_mode=5893 16776574 100 94 0 84456836 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=275326
# found=23
# cleaned=0
# scan_time=9358
C:\Users\Kim\phone\Activenotes.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Attachments.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\autorun.inf INF/Autorun virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\cities.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\data.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\download.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Games.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Images.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\imgcache.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Installs.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Nokia.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Nokia_Ovi_Suite_install_files.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\nokia_unprocessed_images_.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Others.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\predeftemp.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Private.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Recycled.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Resource.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Sounds.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\sys.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\system.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Vibrate.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kim\phone\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 27 March 2012 - 07:52 AM

Hello


Go ahead and delete the whole folder



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Iris17

Iris17
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 27 March 2012 - 08:26 AM

Hello,

Thank you for helping me through this! Was able to uninstall and remove the tools used without any problem.

Thanks again for all your help! (:

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 27 March 2012 - 08:51 AM

you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 29 March 2012 - 11:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users