Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google keep taking me to random websites or server not found :dns error


  • This topic is locked This topic is locked
23 replies to this topic

#1 this_sucks

this_sucks

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 01 April 2012 - 03:55 AM

google keeps redirecting me to random websites. or to dns error. i copy/paste the website that usually will make it work. I had a real hard time posting this topic cause it keep on bringing me to dns error when obviously it works. plz i need help.
im running windows 7 64 bit.
i d/l the defogger but it didn't restart my computer
i d/l the dds ran it and still have it.
i have both the logs. i will post them both
this is what the dds said


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by mark at 3:31:39 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1155 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Users\mark\AppData\Local\dplaysvr.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\dxdiag.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [BroadCam] "C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe" -logon
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\dplaysvr.lnk - C:\Users\mark\AppData\Local\dplaysvr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
TCP: Interfaces\{59104C22-6501-4C5A-9183-9701C76982DB} : DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
TCP: Interfaces\{59104C22-6501-4C5A-9183-9701C76982DB}\2375942554131393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{59104C22-6501-4C5A-9183-9701C76982DB}\2375942554338363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{59104C22-6501-4C5A-9183-9701C76982DB}\27F62626965626963656D27657563747 : DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67
TCP: Interfaces\{59104C22-6501-4C5A-9183-9701C76982DB}\74D616E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{59104C22-6501-4C5A-9183-9701C76982DB}\E4544574541425F51313E676 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
BHO-X64: Simppull Toolbar - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-X64: Updater For Simppull Toolbar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB-X64: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [BroadCam] "C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe" -logon
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-12-14 1156216]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111220.001\IDSviA64.sys [2011-12-21 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-1-25 913752]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-30 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-3-4 748440]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-12 19968]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-1-25 821592]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-21 138360]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-1-25 21384]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-1-25 33184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-1-25 21872]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 BroadCamService;BroadCam Video Streaming Server;"C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe" -service --> C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-19 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-19 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-01 08:17:20 -------- d-----w- C:\Users\mark\AppData\Local\Proxure
2012-04-01 08:17:02 -------- d-----w- C:\ProgramData\ClubSanDisk
2012-03-31 15:32:56 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63FCB1DD-E759-4793-8602-29614C67985A}\offreg.dll
2012-03-31 15:31:21 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63FCB1DD-E759-4793-8602-29614C67985A}\mpengine.dll
2012-03-23 23:11:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-23 23:11:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-23 23:11:57 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-23 23:11:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-23 23:11:36 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-23 23:11:36 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-23 23:11:19 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-23 23:11:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-23 23:10:55 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-23 23:10:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-23 23:10:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-23 23:10:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-23 23:10:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-23 05:56:12 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-23 05:56:12 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-23 05:56:12 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-23 05:56:12 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-23 05:56:12 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-23 05:56:12 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-23 05:56:12 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-23 05:56:02 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A
2012-03-23 04:34:07 90152 --sh--w- C:\Users\mark\AppData\Local\dplaysvr.exe
2012-03-23 04:34:07 47656 --sh--w- C:\Users\mark\AppData\Local\dplayx.dll
2012-03-17 20:12:59 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-03-17 20:12:59 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-03-17 20:12:59 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-03-09 04:01:29 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-03-09 04:01:29 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-03-09 04:00:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-03-09 04:00:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-03-09 04:00:40 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-03-09 03:47:06 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-09 03:47:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-26 07:07:25 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-23 11:07:07 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-09 03:59:56 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-03-09 03:59:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-03-09 03:59:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-03-09 03:59:56 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-25 02:25:41 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-02-23 19:24:50 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 07:52:48 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-01-14 07:52:48 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-01-14 07:52:48 1390640 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-01-14 07:52:48 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-01-14 07:52:47 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-01-14 07:52:47 271144 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-01-14 07:52:47 214312 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-01-14 07:52:47 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
.
============= FINISH: 3:35:35.92 ===============



let me know if you need anything else. thank you

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 01 April 2012 - 11:54 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 this_sucks

this_sucks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 02 April 2012 - 01:51 AM

here is the combofix log info:


ComboFix 12-04-01.01 - mark 04/02/2012 1:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1303 [GMT -5:00]
Running from: c:\users\mark\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf
c:\program files (x86)\ShopperReports3
c:\program files (x86)\ShopperReports3\bin\3.0.517.0\CnTNtcntr.dll
c:\program files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files (x86)\ShopperReports3\bin\3.0.517.0\link.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\programdata\QuestBrwSearch
c:\users\mark\AppData\Local\dplaysvr.exe
c:\users\mark\AppData\Local\dplayx.dll
c:\users\mark\AppData\Roaming\ShopperReports3
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 06:27 . 2012-04-02 06:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 08:17 . 2012-04-01 08:17 -------- d-----w- c:\users\mark\AppData\Local\Proxure
2012-04-01 08:17 . 2012-04-01 08:17 -------- d-----w- c:\programdata\ClubSanDisk
2012-03-31 15:31 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63FCB1DD-E759-4793-8602-29614C67985A}\mpengine.dll
2012-03-26 07:07 . 2012-03-26 07:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-26 07:07 . 2012-03-26 07:07 -------- d-----w- c:\program files (x86)\Java
2012-03-23 23:11 . 2012-03-23 23:11 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-23 23:11 . 2012-03-23 23:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 23:11 . 2012-03-23 23:11 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-23 23:11 . 2012-03-23 23:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-23 23:11 . 2012-03-23 23:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-23 23:11 . 2012-03-23 23:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-23 23:11 . 2012-03-23 23:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 23:11 . 2012-03-23 23:11 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 23:10 . 2012-03-23 23:10 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 23:10 . 2012-03-23 23:10 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-23 23:10 . 2012-03-23 23:10 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-23 23:10 . 2012-03-23 23:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 23:10 . 2012-03-23 23:10 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-23 05:56 . 2012-03-26 04:16 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-17 20:12 . 2012-03-17 20:12 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-03-17 20:12 . 2012-03-17 20:12 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-03-17 20:12 . 2012-03-17 20:12 -------- d-----w- c:\program files (x86)\Application Updater
2012-03-09 04:01 . 2012-03-09 04:01 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-09 04:01 . 2012-03-09 04:01 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-09 04:00 . 2012-03-09 04:00 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-09 04:00 . 2012-03-09 04:00 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-09 04:00 . 2012-03-09 04:00 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-09 03:47 . 2012-03-09 03:47 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-09 03:47 . 2012-03-09 03:47 634880 ----a-w- c:\windows\system32\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 07:07 . 2010-12-24 04:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-23 11:07 . 2010-12-24 00:16 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-25 02:25 . 2012-02-25 02:24 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-23 19:24 . 2012-01-25 10:03 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-23 14:18 . 2011-02-24 07:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 07:52 . 2012-01-14 07:53 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-01-14 07:52 . 2012-01-14 07:53 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-01-14 07:52 . 2012-01-14 07:53 1390640 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-01-14 07:52 . 2012-01-14 07:53 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-01-14 07:52 . 2012-01-14 07:53 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-01-14 07:52 . 2012-01-14 07:53 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-01-14 07:52 . 2012-01-14 07:53 271144 ----a-w- c:\windows\system32\SynCtrl.dll
2012-01-14 07:52 . 2012-01-14 07:53 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}]
2010-02-10 16:36 86016 ----a-w- c:\program files (x86)\simppulltoolbar\simppulldx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
2009-10-20 15:50 258008 ----a-w- c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{627af46b-2076-42ae-a2fd-8428734d3e74}"= "c:\program files (x86)\simppulltoolbar\simppulldx.dll" [2010-02-10 86016]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{627af46b-2076-42ae-a2fd-8428734d3e74}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-05 934752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
dplaysvr.lnk - c:\users\mark\AppData\Local\dplaysvr.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-24 1156216]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111220.001\IDSvia64.sys [2011-12-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-05 748440]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-21 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2012-03-26 c:\windows\Tasks\HPCeeScheduleFormark.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-12 451072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-22 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-30 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
FF - ProfilePath - c:\users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Wow6432Node-HKLM-Run-BroadCam - c:\program files (x86)\NCH Software\BroadCam\broadcam.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,f3,34,7a,9e,b3,7d,4f,b1,a8,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,f3,34,7a,9e,b3,7d,4f,b1,a8,eb,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2012-04-02 01:38:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 06:38
.
Pre-Run: 145,863,675,904 bytes free
Post-Run: 145,981,980,672 bytes free
.
- - End Of File - - E793F3503E415DC9CE3264EC55F5EFCE




the only problem i had was the "illegal operation attempted on a registry key that has been marked for deletion" i restarted so now it the icon i clicked works.
It still keeps redirecting me and or the dns error.
im too afraid to keep trying to see if its fine, b/c of my protection being turned off.
can i turn on my protection again?

Edited by this_sucks, 02 April 2012 - 01:56 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 02 April 2012 - 06:38 AM

Greetings

Only turn off the protection during the active scanning

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 this_sucks

this_sucks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 02 April 2012 - 04:23 PM

here is the report for the TDSkiller



15:00:47.0707 5696 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
15:00:48.0180 5696 ============================================================
15:00:48.0180 5696 Current date / time: 2012/04/02 15:00:48.0180
15:00:48.0180 5696 SystemInfo:
15:00:48.0180 5696
15:00:48.0180 5696 OS Version: 6.1.7601 ServicePack: 1.0
15:00:48.0180 5696 Product type: Workstation
15:00:48.0180 5696 ComputerName: MARKD-PC
15:00:48.0181 5696 UserName: mark
15:00:48.0181 5696 Windows directory: C:\Windows
15:00:48.0181 5696 System windows directory: C:\Windows
15:00:48.0181 5696 Running under WOW64
15:00:48.0181 5696 Processor architecture: Intel x64
15:00:48.0181 5696 Number of processors: 2
15:00:48.0181 5696 Page size: 0x1000
15:00:48.0181 5696 Boot type: Normal boot
15:00:48.0181 5696 ============================================================
15:00:49.0543 5696 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:00:49.0553 5696 \Device\Harddisk0\DR0:
15:00:49.0553 5696 MBR used
15:00:49.0553 5696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:00:49.0553 5696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B5E9000
15:00:49.0553 5696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B64D000, BlocksNum 0x1B44800
15:00:49.0553 5696 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
15:00:49.0631 5696 Initialize success
15:00:49.0631 5696 ============================================================
15:01:11.0789 5024 ============================================================
15:01:11.0789 5024 Scan started
15:01:11.0789 5024 Mode: Manual;
15:01:11.0789 5024 ============================================================
15:01:13.0178 5024 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:01:13.0183 5024 1394ohci - ok
15:01:13.0217 5024 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:01:13.0220 5024 ACPI - ok
15:01:13.0233 5024 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:01:13.0234 5024 AcpiPmi - ok
15:01:13.0265 5024 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:01:13.0271 5024 adp94xx - ok
15:01:13.0318 5024 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:01:13.0323 5024 adpahci - ok
15:01:13.0425 5024 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:01:13.0427 5024 adpu320 - ok
15:01:13.0556 5024 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
15:01:13.0563 5024 AdvancedSystemCareService5 - ok
15:01:13.0645 5024 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:01:13.0647 5024 AeLookupSvc - ok
15:01:13.0729 5024 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:01:13.0732 5024 AERTFilters - ok
15:01:13.0785 5024 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:01:13.0796 5024 AFD - ok
15:01:13.0823 5024 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
15:01:13.0824 5024 AgereModemAudio - ok
15:01:13.0929 5024 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
15:01:13.0950 5024 AgereSoftModem - ok
15:01:14.0016 5024 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:01:14.0018 5024 agp440 - ok
15:01:14.0040 5024 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:01:14.0042 5024 ALG - ok
15:01:14.0113 5024 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:01:14.0115 5024 aliide - ok
15:01:14.0162 5024 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe
15:01:14.0167 5024 AMD External Events Utility - ok
15:01:14.0190 5024 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:01:14.0191 5024 amdide - ok
15:01:14.0222 5024 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:01:14.0225 5024 AmdK8 - ok
15:01:14.0421 5024 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys
15:01:14.0580 5024 amdkmdag - ok
15:01:14.0690 5024 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys
15:01:14.0696 5024 amdkmdap - ok
15:01:14.0730 5024 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:01:14.0732 5024 AmdPPM - ok
15:01:14.0766 5024 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
15:01:14.0768 5024 amdsata - ok
15:01:14.0800 5024 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:01:14.0805 5024 amdsbs - ok
15:01:14.0816 5024 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
15:01:14.0818 5024 amdxata - ok
15:01:14.0838 5024 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
15:01:14.0839 5024 amd_sata - ok
15:01:14.0865 5024 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
15:01:14.0865 5024 amd_xata - ok
15:01:14.0909 5024 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:01:14.0911 5024 AppID - ok
15:01:14.0974 5024 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:01:14.0976 5024 AppIDSvc - ok
15:01:15.0014 5024 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:01:15.0016 5024 Appinfo - ok
15:01:15.0178 5024 Application Updater (54951548980ecd07b80ead3c7921f8a1) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
15:01:15.0190 5024 Application Updater - ok
15:01:15.0362 5024 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:01:15.0372 5024 arc - ok
15:01:15.0390 5024 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:01:15.0394 5024 arcsas - ok
15:01:15.0425 5024 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:01:15.0427 5024 AsyncMac - ok
15:01:15.0467 5024 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:01:15.0468 5024 atapi - ok
15:01:15.0580 5024 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
15:01:15.0611 5024 athr - ok
15:01:15.0706 5024 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:01:15.0707 5024 AtiPcie - ok
15:01:15.0767 5024 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:01:15.0780 5024 AudioEndpointBuilder - ok
15:01:15.0800 5024 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:01:15.0809 5024 AudioSrv - ok
15:01:15.0844 5024 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:01:15.0847 5024 AxInstSV - ok
15:01:15.0924 5024 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:01:15.0934 5024 b06bdrv - ok
15:01:15.0960 5024 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:01:15.0975 5024 b57nd60a - ok
15:01:16.0009 5024 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:01:16.0011 5024 BDESVC - ok
15:01:16.0049 5024 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:01:16.0050 5024 Beep - ok
15:01:16.0129 5024 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:01:16.0144 5024 BFE - ok
15:01:16.0350 5024 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx64.sys
15:01:16.0366 5024 BHDrvx64 - ok
15:01:16.0497 5024 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:01:16.0516 5024 BITS - ok
15:01:16.0594 5024 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:01:16.0596 5024 blbdrive - ok
15:01:16.0642 5024 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:01:16.0645 5024 bowser - ok
15:01:16.0729 5024 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:01:16.0737 5024 BrFiltLo - ok
15:01:16.0756 5024 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:01:16.0758 5024 BrFiltUp - ok
15:01:16.0782 5024 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:01:16.0785 5024 BridgeMP - ok
15:01:16.0801 5024 BroadCamService - ok
15:01:16.0839 5024 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:01:16.0841 5024 Browser - ok
15:01:16.0882 5024 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:01:16.0889 5024 Brserid - ok
15:01:16.0916 5024 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:01:16.0928 5024 BrSerWdm - ok
15:01:16.0982 5024 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:01:16.0999 5024 BrUsbMdm - ok
15:01:17.0025 5024 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:01:17.0026 5024 BrUsbSer - ok
15:01:17.0069 5024 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:01:17.0072 5024 BTHMODEM - ok
15:01:17.0121 5024 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:01:17.0123 5024 bthserv - ok
15:01:17.0132 5024 catchme - ok
15:01:17.0228 5024 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
15:01:17.0239 5024 ccSet_NIS - ok
15:01:17.0333 5024 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:01:17.0345 5024 cdfs - ok
15:01:17.0387 5024 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:01:17.0391 5024 cdrom - ok
15:01:17.0429 5024 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:01:17.0432 5024 CertPropSvc - ok
15:01:17.0500 5024 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:01:17.0503 5024 CinemaNow Service - ok
15:01:17.0563 5024 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:01:17.0566 5024 circlass - ok
15:01:17.0629 5024 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:01:17.0637 5024 CLFS - ok
15:01:17.0717 5024 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:01:17.0721 5024 clr_optimization_v2.0.50727_32 - ok
15:01:17.0751 5024 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:01:17.0755 5024 clr_optimization_v2.0.50727_64 - ok
15:01:17.0836 5024 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:01:17.0844 5024 clr_optimization_v4.0.30319_32 - ok
15:01:17.0893 5024 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:01:17.0907 5024 clr_optimization_v4.0.30319_64 - ok
15:01:17.0958 5024 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:01:17.0972 5024 CmBatt - ok
15:01:18.0004 5024 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:01:18.0006 5024 cmdide - ok
15:01:18.0053 5024 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:01:18.0058 5024 CNG - ok
15:01:18.0090 5024 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:01:18.0090 5024 Compbatt - ok
15:01:18.0103 5024 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:01:18.0104 5024 CompositeBus - ok
15:01:18.0112 5024 COMSysApp - ok
15:01:18.0132 5024 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:01:18.0133 5024 crcdisk - ok
15:01:18.0177 5024 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:01:18.0179 5024 CryptSvc - ok
15:01:18.0280 5024 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:01:18.0287 5024 DcomLaunch - ok
15:01:18.0328 5024 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:01:18.0333 5024 defragsvc - ok
15:01:18.0401 5024 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:01:18.0402 5024 DfsC - ok
15:01:18.0440 5024 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:01:18.0444 5024 Dhcp - ok
15:01:18.0494 5024 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:01:18.0495 5024 discache - ok
15:01:18.0510 5024 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:01:18.0512 5024 Disk - ok
15:01:18.0546 5024 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:01:18.0549 5024 Dnscache - ok
15:01:18.0613 5024 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:01:18.0615 5024 dot3svc - ok
15:01:18.0674 5024 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:01:18.0692 5024 DPS - ok
15:01:18.0746 5024 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:01:18.0762 5024 drmkaud - ok
15:01:18.0801 5024 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:01:18.0807 5024 dtsoftbus01 - ok
15:01:18.0900 5024 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:01:18.0920 5024 DXGKrnl - ok
15:01:19.0036 5024 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:01:19.0039 5024 EapHost - ok
15:01:19.0214 5024 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:01:19.0259 5024 ebdrv - ok
15:01:19.0325 5024 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:01:19.0336 5024 eeCtrl - ok
15:01:19.0449 5024 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:01:19.0452 5024 EFS - ok
15:01:19.0560 5024 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:01:19.0577 5024 ehRecvr - ok
15:01:19.0635 5024 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:01:19.0649 5024 ehSched - ok
15:01:19.0721 5024 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:01:19.0736 5024 elxstor - ok
15:01:19.0848 5024 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:01:19.0852 5024 EraserUtilRebootDrv - ok
15:01:19.0932 5024 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:01:19.0933 5024 ErrDev - ok
15:01:20.0006 5024 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:01:20.0010 5024 EventSystem - ok
15:01:20.0040 5024 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:01:20.0043 5024 exfat - ok
15:01:20.0063 5024 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:01:20.0066 5024 fastfat - ok
15:01:20.0130 5024 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:01:20.0139 5024 Fax - ok
15:01:20.0211 5024 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:01:20.0223 5024 fdc - ok
15:01:20.0273 5024 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:01:20.0275 5024 fdPHost - ok
15:01:20.0290 5024 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:01:20.0291 5024 FDResPub - ok
15:01:20.0337 5024 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:01:20.0339 5024 FileInfo - ok
15:01:20.0472 5024 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
15:01:20.0473 5024 FileMonitor - ok
15:01:20.0669 5024 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:01:20.0677 5024 Filetrace - ok
15:01:20.0694 5024 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:01:20.0698 5024 flpydisk - ok
15:01:20.0742 5024 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:01:20.0748 5024 FltMgr - ok
15:01:20.0887 5024 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:01:20.0911 5024 FontCache - ok
15:01:21.0091 5024 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:01:21.0094 5024 FontCache3.0.0.0 - ok
15:01:21.0152 5024 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:01:21.0162 5024 FsDepends - ok
15:01:21.0208 5024 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:01:21.0210 5024 Fs_Rec - ok
15:01:21.0257 5024 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:01:21.0261 5024 fvevol - ok
15:01:21.0281 5024 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:01:21.0284 5024 gagp30kx - ok
15:01:21.0353 5024 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:01:21.0368 5024 GameConsoleService - ok
15:01:21.0460 5024 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:01:21.0476 5024 gpsvc - ok
15:01:21.0531 5024 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:01:21.0535 5024 gupdate - ok
15:01:21.0545 5024 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:01:21.0548 5024 gupdatem - ok
15:01:21.0776 5024 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:01:21.0791 5024 hcw85cir - ok
15:01:21.0878 5024 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:01:21.0895 5024 HdAudAddService - ok
15:01:22.0083 5024 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:01:22.0094 5024 HDAudBus - ok
15:01:22.0138 5024 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:01:22.0140 5024 HidBatt - ok
15:01:22.0167 5024 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:01:22.0171 5024 HidBth - ok
15:01:22.0190 5024 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:01:22.0192 5024 HidIr - ok
15:01:22.0257 5024 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:01:22.0268 5024 hidserv - ok
15:01:22.0329 5024 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:01:22.0342 5024 HidUsb - ok
15:01:22.0387 5024 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:01:22.0392 5024 hkmsvc - ok
15:01:22.0443 5024 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:01:22.0449 5024 HomeGroupListener - ok
15:01:22.0520 5024 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:01:22.0526 5024 HomeGroupProvider - ok
15:01:22.0598 5024 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:01:22.0600 5024 HP Support Assistant Service - ok
15:01:22.0688 5024 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:01:22.0691 5024 HP Wireless Assistant Service - ok
15:01:22.0721 5024 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:01:22.0723 5024 HPDrvMntSvc.exe - ok
15:01:22.0787 5024 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:01:22.0799 5024 hpqwmiex - ok
15:01:22.0868 5024 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:01:22.0869 5024 HpSAMD - ok
15:01:22.0922 5024 HPWMISVC (ddd6eb8c32aaf5797d71413f2fc7a00f) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:01:22.0931 5024 HPWMISVC - ok
15:01:22.0993 5024 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:01:23.0008 5024 HTTP - ok
15:01:23.0089 5024 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:01:23.0090 5024 hwpolicy - ok
15:01:23.0139 5024 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:01:23.0152 5024 i8042prt - ok
15:01:23.0200 5024 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:01:23.0222 5024 iaStorV - ok
15:01:23.0271 5024 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:01:23.0290 5024 idsvc - ok
15:01:23.0484 5024 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111220.001\IDSvia64.sys
15:01:23.0503 5024 IDSVia64 - ok
15:01:23.0792 5024 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:01:23.0935 5024 igfx - ok
15:01:24.0051 5024 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:01:24.0054 5024 iirsp - ok
15:01:24.0113 5024 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:01:24.0135 5024 IKEEXT - ok
15:01:24.0312 5024 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
15:01:24.0325 5024 IMFservice - ok
15:01:24.0479 5024 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
15:01:24.0506 5024 IntcAzAudAddService - ok
15:01:24.0542 5024 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:01:24.0544 5024 intelide - ok
15:01:24.0631 5024 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:01:24.0639 5024 intelppm - ok
15:01:24.0673 5024 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:01:24.0677 5024 IPBusEnum - ok
15:01:24.0716 5024 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:01:24.0719 5024 IpFilterDriver - ok
15:01:24.0745 5024 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:01:24.0753 5024 iphlpsvc - ok
15:01:24.0834 5024 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:01:24.0841 5024 IPMIDRV - ok
15:01:24.0870 5024 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:01:24.0872 5024 IPNAT - ok
15:01:24.0893 5024 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:01:24.0894 5024 IRENUM - ok
15:01:24.0913 5024 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:01:24.0914 5024 isapnp - ok
15:01:24.0933 5024 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:01:24.0937 5024 iScsiPrt - ok
15:01:24.0951 5024 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:01:24.0953 5024 kbdclass - ok
15:01:24.0968 5024 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:01:24.0970 5024 kbdhid - ok
15:01:25.0007 5024 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:25.0009 5024 KeyIso - ok
15:01:25.0079 5024 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:01:25.0082 5024 KSecDD - ok
15:01:25.0124 5024 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:01:25.0128 5024 KSecPkg - ok
15:01:25.0160 5024 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:01:25.0171 5024 ksthunk - ok
15:01:25.0212 5024 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:01:25.0219 5024 KtmRm - ok
15:01:25.0249 5024 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:01:25.0254 5024 LanmanServer - ok
15:01:25.0400 5024 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:01:25.0403 5024 LanmanWorkstation - ok
15:01:25.0602 5024 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:01:25.0603 5024 LightScribeService - ok
15:01:25.0676 5024 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:01:25.0678 5024 lltdio - ok
15:01:25.0726 5024 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:01:25.0732 5024 lltdsvc - ok
15:01:25.0750 5024 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:01:25.0751 5024 lmhosts - ok
15:01:25.0768 5024 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:01:25.0771 5024 LSI_FC - ok
15:01:25.0785 5024 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:01:25.0787 5024 LSI_SAS - ok
15:01:25.0822 5024 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:01:25.0824 5024 LSI_SAS2 - ok
15:01:25.0843 5024 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:01:25.0847 5024 LSI_SCSI - ok
15:01:25.0868 5024 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:01:25.0870 5024 luafv - ok
15:01:25.0989 5024 McComponentHostService (fd3ad5e1ecdaa94a89d6697f5c5465d6) C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
15:01:25.0994 5024 McComponentHostService - ok
15:01:26.0100 5024 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:01:26.0105 5024 Mcx2Svc - ok
15:01:26.0156 5024 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:01:26.0158 5024 megasas - ok
15:01:26.0191 5024 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:01:26.0195 5024 MegaSR - ok
15:01:26.0218 5024 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:01:26.0221 5024 MMCSS - ok
15:01:26.0256 5024 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:01:26.0258 5024 Modem - ok
15:01:26.0284 5024 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:01:26.0285 5024 monitor - ok
15:01:26.0320 5024 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:01:26.0321 5024 mouclass - ok
15:01:26.0340 5024 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:01:26.0341 5024 mouhid - ok
15:01:26.0403 5024 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:01:26.0412 5024 mountmgr - ok
15:01:26.0450 5024 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:01:26.0453 5024 mpio - ok
15:01:26.0486 5024 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:01:26.0489 5024 mpsdrv - ok
15:01:26.0580 5024 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:01:26.0604 5024 MpsSvc - ok
15:01:26.0674 5024 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:01:26.0678 5024 MRxDAV - ok
15:01:26.0725 5024 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:01:26.0729 5024 mrxsmb - ok
15:01:26.0803 5024 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:01:26.0809 5024 mrxsmb10 - ok
15:01:26.0827 5024 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:01:26.0829 5024 mrxsmb20 - ok
15:01:26.0866 5024 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:01:26.0867 5024 msahci - ok
15:01:26.0901 5024 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:01:26.0904 5024 msdsm - ok
15:01:26.0941 5024 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:01:26.0945 5024 MSDTC - ok
15:01:27.0012 5024 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:01:27.0014 5024 Msfs - ok
15:01:27.0037 5024 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:01:27.0038 5024 mshidkmdf - ok
15:01:27.0058 5024 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:01:27.0059 5024 msisadrv - ok
15:01:27.0090 5024 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:01:27.0093 5024 MSiSCSI - ok
15:01:27.0114 5024 msiserver - ok
15:01:27.0134 5024 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:01:27.0135 5024 MSKSSRV - ok
15:01:27.0154 5024 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:01:27.0156 5024 MSPCLOCK - ok
15:01:27.0163 5024 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:01:27.0164 5024 MSPQM - ok
15:01:27.0214 5024 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:01:27.0222 5024 MsRPC - ok
15:01:27.0293 5024 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:01:27.0294 5024 mssmbios - ok
15:01:27.0320 5024 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:01:27.0327 5024 MSTEE - ok
15:01:27.0349 5024 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:01:27.0351 5024 MTConfig - ok
15:01:27.0373 5024 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:01:27.0375 5024 Mup - ok
15:01:27.0425 5024 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:01:27.0438 5024 napagent - ok
15:01:27.0500 5024 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:01:27.0504 5024 NativeWifiP - ok
15:01:27.0627 5024 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\ENG64.SYS
15:01:27.0632 5024 NAVENG - ok
15:01:27.0692 5024 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\EX64.SYS
15:01:27.0715 5024 NAVEX15 - ok
15:01:27.0826 5024 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:01:27.0839 5024 NDIS - ok
15:01:27.0866 5024 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:01:27.0868 5024 NdisCap - ok
15:01:27.0883 5024 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:01:27.0884 5024 NdisTapi - ok
15:01:27.0917 5024 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:01:27.0918 5024 Ndisuio - ok
15:01:28.0005 5024 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:01:28.0034 5024 NdisWan - ok
15:01:28.0071 5024 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:01:28.0074 5024 NDProxy - ok
15:01:28.0090 5024 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:01:28.0091 5024 NetBIOS - ok
15:01:28.0190 5024 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:01:28.0199 5024 NetBT - ok
15:01:28.0283 5024 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:28.0286 5024 Netlogon - ok
15:01:28.0322 5024 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:01:28.0337 5024 Netman - ok
15:01:28.0362 5024 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:01:28.0369 5024 netprofm - ok
15:01:28.0455 5024 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:01:28.0459 5024 NetTcpPortSharing - ok
15:01:28.0662 5024 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:01:28.0723 5024 netw5v64 - ok
15:01:28.0820 5024 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:01:28.0823 5024 nfrd960 - ok
15:01:28.0912 5024 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
15:01:28.0915 5024 NIS - ok
15:01:28.0961 5024 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:01:28.0969 5024 NlaSvc - ok
15:01:28.0985 5024 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:01:28.0986 5024 Npfs - ok
15:01:29.0007 5024 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:01:29.0009 5024 nsi - ok
15:01:29.0129 5024 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:01:29.0130 5024 nsiproxy - ok
15:01:29.0247 5024 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:01:29.0278 5024 Ntfs - ok
15:01:29.0360 5024 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:01:29.0361 5024 Null - ok
15:01:29.0405 5024 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:01:29.0411 5024 nvraid - ok
15:01:29.0445 5024 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:01:29.0449 5024 nvstor - ok
15:01:29.0487 5024 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:01:29.0491 5024 nv_agp - ok
15:01:29.0642 5024 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:01:29.0651 5024 odserv - ok
15:01:29.0751 5024 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:01:29.0754 5024 ohci1394 - ok
15:01:29.0810 5024 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:01:29.0814 5024 ose - ok
15:01:29.0867 5024 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:01:29.0876 5024 p2pimsvc - ok
15:01:29.0908 5024 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:01:29.0912 5024 p2psvc - ok
15:01:29.0989 5024 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:01:29.0997 5024 Parport - ok
15:01:30.0042 5024 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:01:30.0044 5024 partmgr - ok
15:01:30.0062 5024 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:01:30.0065 5024 PcaSvc - ok
15:01:30.0104 5024 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:01:30.0107 5024 pci - ok
15:01:30.0127 5024 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:01:30.0129 5024 pciide - ok
15:01:30.0164 5024 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:01:30.0168 5024 pcmcia - ok
15:01:30.0184 5024 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:01:30.0185 5024 pcw - ok
15:01:30.0354 5024 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:01:30.0374 5024 PEAUTH - ok
15:01:30.0434 5024 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:01:30.0436 5024 PerfHost - ok
15:01:30.0727 5024 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:01:30.0753 5024 pla - ok
15:01:30.0835 5024 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:01:30.0841 5024 PlugPlay - ok
15:01:30.0857 5024 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:01:30.0859 5024 PNRPAutoReg - ok
15:01:30.0886 5024 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:01:30.0889 5024 PNRPsvc - ok
15:01:30.0938 5024 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:01:30.0950 5024 PolicyAgent - ok
15:01:30.0982 5024 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:01:30.0985 5024 Power - ok
15:01:31.0032 5024 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:01:31.0034 5024 PptpMiniport - ok
15:01:31.0056 5024 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:01:31.0058 5024 Processor - ok
15:01:31.0147 5024 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:01:31.0154 5024 ProfSvc - ok
15:01:31.0192 5024 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:31.0193 5024 ProtectedStorage - ok
15:01:31.0233 5024 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:01:31.0241 5024 Psched - ok
15:01:31.0310 5024 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:01:31.0332 5024 ql2300 - ok
15:01:31.0448 5024 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:01:31.0451 5024 ql40xx - ok
15:01:31.0501 5024 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:01:31.0508 5024 QWAVE - ok
15:01:31.0556 5024 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:01:31.0558 5024 QWAVEdrv - ok
15:01:31.0573 5024 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:01:31.0574 5024 RasAcd - ok
15:01:31.0600 5024 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:01:31.0601 5024 RasAgileVpn - ok
15:01:31.0615 5024 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:01:31.0618 5024 RasAuto - ok
15:01:31.0708 5024 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:01:31.0712 5024 Rasl2tp - ok
15:01:31.0747 5024 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:01:31.0753 5024 RasMan - ok
15:01:31.0767 5024 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:01:31.0769 5024 RasPppoe - ok
15:01:31.0798 5024 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:01:31.0800 5024 RasSstp - ok
15:01:31.0840 5024 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:01:31.0843 5024 rdbss - ok
15:01:31.0865 5024 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:01:31.0866 5024 rdpbus - ok
15:01:31.0884 5024 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:01:31.0885 5024 RDPCDD - ok
15:01:31.0954 5024 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:01:31.0954 5024 RDPENCDD - ok
15:01:31.0973 5024 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:01:31.0973 5024 RDPREFMP - ok
15:01:31.0999 5024 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:01:32.0002 5024 RDPWD - ok
15:01:32.0044 5024 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:01:32.0048 5024 rdyboost - ok
15:01:32.0246 5024 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
15:01:32.0255 5024 RegFilter - ok
15:01:32.0336 5024 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:01:32.0346 5024 RemoteAccess - ok
15:01:32.0396 5024 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:01:32.0410 5024 RemoteRegistry - ok
15:01:32.0440 5024 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:01:32.0443 5024 RpcEptMapper - ok
15:01:32.0456 5024 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:01:32.0458 5024 RpcLocator - ok
15:01:32.0528 5024 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:01:32.0543 5024 RpcSs - ok
15:01:32.0627 5024 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:01:32.0629 5024 rspndr - ok
15:01:32.0664 5024 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
15:01:32.0667 5024 RSUSBSTOR - ok
15:01:32.0708 5024 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:01:32.0713 5024 RTL8167 - ok
15:01:32.0779 5024 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
15:01:32.0787 5024 RtVOsdService - ok
15:01:32.0825 5024 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:32.0828 5024 SamSs - ok
15:01:32.0918 5024 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:01:32.0921 5024 sbp2port - ok
15:01:32.0946 5024 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:01:32.0951 5024 SCardSvr - ok
15:01:32.0989 5024 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:01:32.0990 5024 scfilter - ok
15:01:33.0074 5024 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:01:33.0093 5024 Schedule - ok
15:01:33.0181 5024 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:01:33.0183 5024 SCPolicySvc - ok
15:01:33.0280 5024 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:01:33.0285 5024 sdbus - ok
15:01:33.0304 5024 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:01:33.0308 5024 SDRSVC - ok
15:01:33.0335 5024 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:01:33.0336 5024 secdrv - ok
15:01:33.0355 5024 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:01:33.0357 5024 seclogon - ok
15:01:33.0421 5024 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:01:33.0425 5024 SENS - ok
15:01:33.0437 5024 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:01:33.0441 5024 SensrSvc - ok
15:01:33.0477 5024 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:01:33.0488 5024 Serenum - ok
15:01:33.0509 5024 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:01:33.0511 5024 Serial - ok
15:01:33.0526 5024 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:01:33.0527 5024 sermouse - ok
15:01:33.0603 5024 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:01:33.0622 5024 SessionEnv - ok
15:01:33.0670 5024 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:01:33.0671 5024 sffdisk - ok
15:01:33.0687 5024 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:01:33.0688 5024 sffp_mmc - ok
15:01:33.0768 5024 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:01:33.0770 5024 sffp_sd - ok
15:01:33.0801 5024 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:01:33.0803 5024 sfloppy - ok
15:01:33.0860 5024 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:01:33.0868 5024 SharedAccess - ok
15:01:33.0929 5024 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:01:33.0941 5024 ShellHWDetection - ok
15:01:34.0029 5024 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:01:34.0031 5024 SiSRaid2 - ok
15:01:34.0070 5024 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:01:34.0076 5024 SiSRaid4 - ok
15:01:34.0122 5024 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:01:34.0123 5024 SmartDefragDriver - ok
15:01:34.0159 5024 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:01:34.0162 5024 Smb - ok
15:01:34.0195 5024 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:01:34.0198 5024 SNMPTRAP - ok
15:01:34.0319 5024 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:01:34.0321 5024 spldr - ok
15:01:34.0381 5024 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:01:34.0394 5024 Spooler - ok
15:01:34.0490 5024 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:01:34.0535 5024 sppsvc - ok
15:01:34.0662 5024 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:01:34.0672 5024 sppuinotify - ok
15:01:34.0785 5024 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
15:01:34.0797 5024 SRTSP - ok
15:01:34.0881 5024 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
15:01:34.0893 5024 SRTSPX - ok
15:01:34.0941 5024 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:01:34.0947 5024 srv - ok
15:01:34.0977 5024 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:01:34.0982 5024 srv2 - ok
15:01:35.0008 5024 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:01:35.0012 5024 SrvHsfHDA - ok
15:01:35.0224 5024 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:01:35.0244 5024 SrvHsfV92 - ok
15:01:35.0328 5024 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:01:35.0341 5024 SrvHsfWinac - ok
15:01:35.0435 5024 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:01:35.0439 5024 srvnet - ok
15:01:35.0493 5024 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:01:35.0510 5024 SSDPSRV - ok
15:01:35.0536 5024 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:01:35.0541 5024 SstpSvc - ok
15:01:35.0581 5024 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:01:35.0583 5024 stexstor - ok
15:01:35.0638 5024 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:01:35.0650 5024 stisvc - ok
15:01:35.0785 5024 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:01:35.0787 5024 swenum - ok
15:01:36.0042 5024 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:01:36.0056 5024 swprv - ok
15:01:36.0188 5024 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
15:01:36.0202 5024 SymDS - ok
15:01:36.0256 5024 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
15:01:36.0269 5024 SymEFA - ok
15:01:36.0364 5024 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:01:36.0367 5024 SymEvent - ok
15:01:36.0436 5024 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
15:01:36.0440 5024 SymIRON - ok
15:01:36.0474 5024 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
15:01:36.0483 5024 SymNetS - ok
15:01:36.0543 5024 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
15:01:36.0563 5024 SynTP - ok
15:01:36.0722 5024 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:01:36.0749 5024 SysMain - ok
15:01:36.0789 5024 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:01:36.0792 5024 TabletInputService - ok
15:01:36.0856 5024 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:01:36.0865 5024 TapiSrv - ok
15:01:36.0893 5024 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:01:36.0895 5024 TBS - ok
15:01:36.0996 5024 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:01:37.0021 5024 Tcpip - ok
15:01:37.0155 5024 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:01:37.0178 5024 TCPIP6 - ok
15:01:37.0271 5024 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:01:37.0273 5024 tcpipreg - ok
15:01:37.0301 5024 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:01:37.0302 5024 TDPIPE - ok
15:01:37.0341 5024 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:01:37.0342 5024 TDTCP - ok
15:01:37.0381 5024 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:01:37.0384 5024 tdx - ok
15:01:37.0430 5024 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:01:37.0432 5024 TermDD - ok
15:01:37.0477 5024 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:01:37.0498 5024 TermService - ok
15:01:37.0617 5024 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:01:37.0621 5024 Themes - ok
15:01:37.0678 5024 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:01:37.0694 5024 THREADORDER - ok
15:01:37.0720 5024 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:01:37.0726 5024 TrkWks - ok
15:01:37.0788 5024 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:01:37.0793 5024 TrustedInstaller - ok
15:01:37.0893 5024 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:01:37.0895 5024 tssecsrv - ok
15:01:37.0938 5024 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:01:37.0939 5024 TsUsbFlt - ok
15:01:37.0979 5024 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:01:37.0981 5024 tunnel - ok
15:01:38.0011 5024 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:01:38.0013 5024 uagp35 - ok
15:01:38.0055 5024 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:01:38.0070 5024 udfs - ok
15:01:38.0174 5024 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:01:38.0179 5024 UI0Detect - ok
15:01:38.0228 5024 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:01:38.0230 5024 uliagpkx - ok
15:01:38.0243 5024 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:01:38.0245 5024 umbus - ok
15:01:38.0271 5024 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:01:38.0272 5024 UmPass - ok
15:01:38.0296 5024 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:01:38.0301 5024 upnphost - ok
15:01:38.0488 5024 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
15:01:38.0489 5024 UrlFilter - ok
15:01:38.0583 5024 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:01:38.0598 5024 usbccgp - ok
15:01:38.0647 5024 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:01:38.0650 5024 usbcir - ok
15:01:38.0686 5024 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:01:38.0688 5024 usbehci - ok
15:01:38.0716 5024 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
15:01:38.0717 5024 usbfilter - ok
15:01:38.0752 5024 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:01:38.0759 5024 usbhub - ok
15:01:38.0843 5024 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:01:38.0857 5024 usbohci - ok
15:01:38.0877 5024 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:01:38.0879 5024 usbprint - ok
15:01:38.0932 5024 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:01:38.0936 5024 USBSTOR - ok
15:01:38.0965 5024 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:01:38.0967 5024 usbuhci - ok
15:01:39.0025 5024 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:01:39.0030 5024 usbvideo - ok
15:01:39.0067 5024 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:01:39.0071 5024 UxSms - ok
15:01:39.0150 5024 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:39.0153 5024 VaultSvc - ok
15:01:39.0182 5024 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:01:39.0183 5024 vdrvroot - ok
15:01:39.0230 5024 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:01:39.0239 5024 vds - ok
15:01:39.0275 5024 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:01:39.0287 5024 vga - ok
15:01:39.0350 5024 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:01:39.0351 5024 VgaSave - ok
15:01:39.0400 5024 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:01:39.0403 5024 vhdmp - ok
15:01:39.0434 5024 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:01:39.0435 5024 viaide - ok
15:01:39.0451 5024 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:01:39.0452 5024 volmgr - ok
15:01:39.0502 5024 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:01:39.0507 5024 volmgrx - ok
15:01:39.0530 5024 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:01:39.0534 5024 volsnap - ok
15:01:39.0563 5024 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:01:39.0566 5024 vsmraid - ok
15:01:39.0657 5024 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:01:39.0690 5024 VSS - ok
15:01:39.0830 5024 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:01:39.0832 5024 vwifibus - ok
15:01:39.0852 5024 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:01:39.0853 5024 vwififlt - ok
15:01:39.0894 5024 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:01:39.0913 5024 W32Time - ok
15:01:39.0941 5024 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:01:39.0944 5024 WacomPen - ok
15:01:39.0987 5024 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:01:40.0001 5024 WANARP - ok
15:01:40.0033 5024 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:01:40.0035 5024 Wanarpv6 - ok
15:01:40.0189 5024 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:01:40.0205 5024 WatAdminSvc - ok
15:01:40.0340 5024 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:01:40.0363 5024 wbengine - ok
15:01:40.0394 5024 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:01:40.0399 5024 WbioSrvc - ok
15:01:40.0477 5024 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:01:40.0489 5024 wcncsvc - ok
15:01:40.0531 5024 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:01:40.0539 5024 WcsPlugInService - ok
15:01:40.0576 5024 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:01:40.0578 5024 Wd - ok
15:01:40.0637 5024 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:01:40.0650 5024 Wdf01000 - ok
15:01:40.0743 5024 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:01:40.0748 5024 WdiServiceHost - ok
15:01:40.0770 5024 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:01:40.0773 5024 WdiSystemHost - ok
15:01:40.0832 5024 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:01:40.0840 5024 WebClient - ok
15:01:40.0860 5024 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:01:40.0866 5024 Wecsvc - ok
15:01:40.0884 5024 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:01:40.0886 5024 wercplsupport - ok
15:01:40.0907 5024 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:01:40.0911 5024 WerSvc - ok
15:01:40.0974 5024 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:01:40.0976 5024 WfpLwf - ok
15:01:41.0091 5024 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:01:41.0094 5024 WIMMount - ok
15:01:41.0120 5024 WinDefend - ok
15:01:41.0135 5024 WinHttpAutoProxySvc - ok
15:01:41.0201 5024 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:01:41.0207 5024 Winmgmt - ok
15:01:41.0302 5024 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:01:41.0339 5024 WinRM - ok
15:01:41.0460 5024 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:01:41.0463 5024 WinUsb - ok
15:01:41.0515 5024 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:01:41.0526 5024 Wlansvc - ok
15:01:41.0730 5024 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:01:41.0758 5024 wlidsvc - ok
15:01:41.0962 5024 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:01:41.0964 5024 WmiAcpi - ok
15:01:42.0056 5024 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:01:42.0062 5024 wmiApSrv - ok
15:01:42.0088 5024 WMPNetworkSvc - ok
15:01:42.0199 5024 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:01:42.0204 5024 WPCSvc - ok
15:01:42.0260 5024 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:01:42.0266 5024 WPDBusEnum - ok
15:01:42.0299 5024 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:01:42.0300 5024 ws2ifsl - ok
15:01:42.0319 5024 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:01:42.0334 5024 wscsvc - ok
15:01:42.0347 5024 WSearch - ok
15:01:42.0625 5024 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:01:42.0673 5024 wuauserv - ok
15:01:42.0867 5024 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:01:42.0877 5024 WudfPf - ok
15:01:42.0905 5024 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:42.0908 5024 WUDFRd - ok
15:01:42.0950 5024 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:01:42.0953 5024 wudfsvc - ok
15:01:43.0052 5024 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:01:43.0060 5024 WwanSvc - ok
15:01:43.0105 5024 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:01:43.0111 5024 yukonw7 - ok
15:01:43.0131 5024 MBR (0x1B8) (13883b68fdea8a86f626f417b42fe9f7) \Device\Harddisk0\DR0
15:01:43.0159 5024 \Device\Harddisk0\DR0 - ok
15:01:43.0191 5024 Boot (0x1200) (e4bc08ec0c7f89e0182f31984f84934d) \Device\Harddisk0\DR0\Partition0
15:01:43.0233 5024 \Device\Harddisk0\DR0\Partition0 - ok
15:01:43.0258 5024 Boot (0x1200) (c506b2eccd42a2227f87cdb92ec8c3a5) \Device\Harddisk0\DR0\Partition1
15:01:43.0280 5024 \Device\Harddisk0\DR0\Partition1 - ok
15:01:43.0314 5024 Boot (0x1200) (776899cfecc457128bcbb092d5860e6a) \Device\Harddisk0\DR0\Partition2
15:01:43.0339 5024 \Device\Harddisk0\DR0\Partition2 - ok
15:01:43.0377 5024 Boot (0x1200) (ef5f8c4427d76ce8f1dd6ca433a8328d) \Device\Harddisk0\DR0\Partition3
15:01:43.0400 5024 \Device\Harddisk0\DR0\Partition3 - ok
15:01:43.0401 5024 ============================================================
15:01:43.0401 5024 Scan finished
15:01:43.0401 5024 ============================================================
15:01:43.0420 3740 Detected object count: 0
15:01:43.0420 3740 Actual detected object count: 0
15:01:58.0711 5500 ============================================================
15:01:58.0711 5500 Scan started
15:01:58.0711 5500 Mode: Manual;
15:01:58.0711 5500 ============================================================
15:01:59.0123 5500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:01:59.0127 5500 1394ohci - ok
15:01:59.0156 5500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:01:59.0160 5500 ACPI - ok
15:01:59.0178 5500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:01:59.0178 5500 AcpiPmi - ok
15:01:59.0210 5500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:01:59.0214 5500 adp94xx - ok
15:01:59.0258 5500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:01:59.0261 5500 adpahci - ok
15:01:59.0286 5500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:01:59.0288 5500 adpu320 - ok
15:01:59.0400 5500 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
15:01:59.0415 5500 AdvancedSystemCareService5 - ok
15:01:59.0481 5500 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:01:59.0482 5500 AeLookupSvc - ok
15:01:59.0540 5500 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:01:59.0542 5500 AERTFilters - ok
15:01:59.0597 5500 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:01:59.0606 5500 AFD - ok
15:01:59.0643 5500 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
15:01:59.0644 5500 AgereModemAudio - ok
15:01:59.0710 5500 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
15:01:59.0722 5500 AgereSoftModem - ok
15:01:59.0770 5500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:01:59.0771 5500 agp440 - ok
15:01:59.0807 5500 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:01:59.0809 5500 ALG - ok
15:01:59.0858 5500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:01:59.0859 5500 aliide - ok
15:01:59.0895 5500 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe
15:01:59.0897 5500 AMD External Events Utility - ok
15:01:59.0910 5500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:01:59.0910 5500 amdide - ok
15:01:59.0941 5500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:01:59.0942 5500 AmdK8 - ok
15:02:00.0120 5500 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys
15:02:00.0176 5500 amdkmdag - ok
15:02:00.0299 5500 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys
15:02:00.0301 5500 amdkmdap - ok
15:02:00.0333 5500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:02:00.0334 5500 AmdPPM - ok
15:02:00.0360 5500 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
15:02:00.0361 5500 amdsata - ok
15:02:00.0402 5500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:02:00.0404 5500 amdsbs - ok
15:02:00.0418 5500 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
15:02:00.0418 5500 amdxata - ok
15:02:00.0441 5500 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
15:02:00.0442 5500 amd_sata - ok
15:02:00.0476 5500 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
15:02:00.0477 5500 amd_xata - ok
15:02:00.0545 5500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:02:00.0546 5500 AppID - ok
15:02:00.0569 5500 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:02:00.0570 5500 AppIDSvc - ok
15:02:00.0617 5500 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:02:00.0618 5500 Appinfo - ok
15:02:00.0676 5500 Application Updater (54951548980ecd07b80ead3c7921f8a1) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
15:02:00.0682 5500 Application Updater - ok
15:02:00.0782 5500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:02:00.0783 5500 arc - ok
15:02:00.0800 5500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:02:00.0801 5500 arcsas - ok
15:02:00.0828 5500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:02:00.0829 5500 AsyncMac - ok
15:02:00.0861 5500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:02:00.0862 5500 atapi - ok
15:02:00.0968 5500 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
15:02:00.0988 5500 athr - ok
15:02:01.0076 5500 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:02:01.0077 5500 AtiPcie - ok
15:02:01.0133 5500 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:02:01.0140 5500 AudioEndpointBuilder - ok
15:02:01.0151 5500 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:02:01.0156 5500 AudioSrv - ok
15:02:01.0197 5500 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:02:01.0198 5500 AxInstSV - ok
15:02:01.0320 5500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:02:01.0327 5500 b06bdrv - ok
15:02:01.0354 5500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:02:01.0356 5500 b57nd60a - ok
15:02:01.0387 5500 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:02:01.0388 5500 BDESVC - ok
15:02:01.0402 5500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:02:01.0403 5500 Beep - ok
15:02:01.0520 5500 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:02:01.0531 5500 BFE - ok
15:02:01.0829 5500 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx64.sys
15:02:01.0840 5500 BHDrvx64 - ok
15:02:01.0920 5500 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:02:01.0929 5500 BITS - ok
15:02:01.0964 5500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:02:01.0965 5500 blbdrive - ok
15:02:02.0011 5500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:02:02.0012 5500 bowser - ok
15:02:02.0024 5500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:02:02.0025 5500 BrFiltLo - ok
15:02:02.0043 5500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:02:02.0044 5500 BrFiltUp - ok
15:02:02.0060 5500 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:02:02.0061 5500 BridgeMP - ok
15:02:02.0079 5500 BroadCamService - ok
15:02:02.0160 5500 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:02:02.0163 5500 Browser - ok
15:02:02.0220 5500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:02:02.0225 5500 Brserid - ok
15:02:02.0254 5500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:02:02.0255 5500 BrSerWdm - ok
15:02:02.0269 5500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:02:02.0270 5500 BrUsbMdm - ok
15:02:02.0287 5500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:02:02.0288 5500 BrUsbSer - ok
15:02:02.0306 5500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:02:02.0307 5500 BTHMODEM - ok
15:02:02.0341 5500 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:02:02.0342 5500 bthserv - ok
15:02:02.0347 5500 catchme - ok
15:02:02.0467 5500 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
15:02:02.0471 5500 ccSet_NIS - ok
15:02:02.0520 5500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:02:02.0521 5500 cdfs - ok
15:02:02.0565 5500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:02:02.0567 5500 cdrom - ok
15:02:02.0607 5500 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:02:02.0610 5500 CertPropSvc - ok
15:02:02.0654 5500 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:02:02.0655 5500 CinemaNow Service - ok
15:02:02.0743 5500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:02:02.0744 5500 circlass - ok
15:02:02.0781 5500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:02:02.0785 5500 CLFS - ok
15:02:02.0837 5500 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:02.0839 5500 clr_optimization_v2.0.50727_32 - ok
15:02:02.0879 5500 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:02:02.0880 5500 clr_optimization_v2.0.50727_64 - ok
15:02:02.0982 5500 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:02:02.0985 5500 clr_optimization_v4.0.30319_32 - ok
15:02:03.0005 5500 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:02:03.0006 5500 clr_optimization_v4.0.30319_64 - ok
15:02:03.0070 5500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:02:03.0071 5500 CmBatt - ok
15:02:03.0108 5500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:02:03.0109 5500 cmdide - ok
15:02:03.0158 5500 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:02:03.0163 5500 CNG - ok
15:02:03.0202 5500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:02:03.0203 5500 Compbatt - ok
15:02:03.0241 5500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:02:03.0242 5500 CompositeBus - ok
15:02:03.0268 5500 COMSysApp - ok
15:02:03.0328 5500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:02:03.0329 5500 crcdisk - ok
15:02:03.0381 5500 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:02:03.0383 5500 CryptSvc - ok
15:02:03.0435 5500 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:02:03.0442 5500 DcomLaunch - ok
15:02:03.0524 5500 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:02:03.0529 5500 defragsvc - ok
15:02:03.0588 5500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:02:03.0589 5500 DfsC - ok
15:02:03.0611 5500 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:02:03.0614 5500 Dhcp - ok
15:02:03.0648 5500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:02:03.0649 5500 discache - ok
15:02:03.0664 5500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:02:03.0665 5500 Disk - ok
15:02:03.0710 5500 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:02:03.0711 5500 Dnscache - ok
15:02:03.0794 5500 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:02:03.0800 5500 dot3svc - ok
15:02:03.0839 5500 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:02:03.0841 5500 DPS - ok
15:02:03.0875 5500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:02:03.0876 5500 drmkaud - ok
15:02:03.0903 5500 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:02:03.0906 5500 dtsoftbus01 - ok
15:02:03.0955 5500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:02:03.0962 5500 DXGKrnl - ok
15:02:04.0031 5500 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:02:04.0033 5500 EapHost - ok
15:02:04.0145 5500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:02:04.0167 5500 ebdrv - ok
15:02:04.0226 5500 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:02:04.0231 5500 eeCtrl - ok
15:02:04.0320 5500 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:02:04.0322 5500 EFS - ok
15:02:04.0377 5500 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:02:04.0387 5500 ehRecvr - ok
15:02:04.0414 5500 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:02:04.0416 5500 ehSched - ok
15:02:04.0454 5500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:02:04.0461 5500 elxstor - ok
15:02:04.0528 5500 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:02:04.0531 5500 EraserUtilRebootDrv - ok
15:02:04.0619 5500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:02:04.0621 5500 ErrDev - ok
15:02:04.0666 5500 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:02:04.0672 5500 EventSystem - ok
15:02:04.0702 5500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:02:04.0705 5500 exfat - ok
15:02:04.0726 5500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:02:04.0729 5500 fastfat - ok
15:02:04.0785 5500 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:02:04.0799 5500 Fax - ok
15:02:04.0874 5500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:02:04.0876 5500 fdc - ok
15:02:04.0902 5500 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:02:04.0903 5500 fdPHost - ok
15:02:04.0919 5500 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:02:04.0921 5500 FDResPub - ok
15:02:04.0940 5500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:02:04.0942 5500 FileInfo - ok
15:02:05.0068 5500 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
15:02:05.0069 5500 FileMonitor - ok
15:02:05.0145 5500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:02:05.0147 5500 Filetrace - ok
15:02:05.0174 5500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:02:05.0175 5500 flpydisk - ok
15:02:05.0219 5500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:02:05.0223 5500 FltMgr - ok
15:02:05.0274 5500 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:02:05.0287 5500 FontCache - ok
15:02:05.0396 5500 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:02:05.0398 5500 FontCache3.0.0.0 - ok
15:02:05.0448 5500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:02:05.0450 5500 FsDepends - ok
15:02:05.0479 5500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:02:05.0480 5500 Fs_Rec - ok
15:02:05.0519 5500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:02:05.0523 5500 fvevol - ok
15:02:05.0542 5500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:02:05.0543 5500 gagp30kx - ok
15:02:05.0617 5500 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:02:05.0623 5500 GameConsoleService - ok
15:02:05.0706 5500 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:02:05.0723 5500 gpsvc - ok
15:02:05.0785 5500 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:02:05.0788 5500 gupdate - ok
15:02:05.0794 5500 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:02:05.0795 5500 gupdatem - ok
15:02:05.0838 5500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:02:05.0839 5500 hcw85cir - ok
15:02:05.0880 5500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:02:05.0885 5500 HdAudAddService - ok
15:02:05.0928 5500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:02:05.0930 5500 HDAudBus - ok
15:02:05.0943 5500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:02:05.0945 5500 HidBatt - ok
15:02:05.0962 5500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:02:05.0964 5500 HidBth - ok
15:02:05.0986 5500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:02:05.0987 5500 HidIr - ok
15:02:06.0011 5500 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:02:06.0012 5500 hidserv - ok
15:02:06.0083 5500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:02:06.0085 5500 HidUsb - ok
15:02:06.0125 5500 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:02:06.0129 5500 hkmsvc - ok
15:02:06.0205 5500 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:02:06.0213 5500 HomeGroupListener - ok
15:02:06.0256 5500 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:02:06.0259 5500 HomeGroupProvider - ok
15:02:06.0335 5500 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:02:06.0338 5500 HP Support Assistant Service - ok
15:02:06.0392 5500 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:02:06.0396 5500 HP Wireless Assistant Service - ok
15:02:06.0418 5500 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:02:06.0419 5500 HPDrvMntSvc.exe - ok
15:02:06.0452 5500 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:02:06.0474 5500 hpqwmiex - ok
15:02:06.0556 5500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:02:06.0559 5500 HpSAMD - ok
15:02:06.0618 5500 HPWMISVC (ddd6eb8c32aaf5797d71413f2fc7a00f) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:02:06.0619 5500 HPWMISVC - ok
15:02:06.0681 5500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:02:06.0696 5500 HTTP - ok
15:02:06.0793 5500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:02:06.0794 5500 hwpolicy - ok
15:02:06.0851 5500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:02:06.0853 5500 i8042prt - ok
15:02:06.0896 5500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:02:06.0903 5500 iaStorV - ok
15:02:06.0966 5500 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:02:06.0979 5500 idsvc - ok
15:02:07.0172 5500 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111220.001\IDSvia64.sys
15:02:07.0182 5500 IDSVia64 - ok
15:02:07.0385 5500 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:02:07.0459 5500 igfx - ok
15:02:07.0539 5500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:02:07.0554 5500 iirsp - ok
15:02:07.0611 5500 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:02:07.0622 5500 IKEEXT - ok
15:02:07.0742 5500 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
15:02:07.0752 5500 IMFservice - ok
15:02:07.0918 5500 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
15:02:07.0958 5500 IntcAzAudAddService - ok
15:02:07.0997 5500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:02:07.0998 5500 intelide - ok
15:02:08.0077 5500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:02:08.0079 5500 intelppm - ok
15:02:08.0110 5500 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:02:08.0113 5500 IPBusEnum - ok
15:02:08.0154 5500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:02:08.0156 5500 IpFilterDriver - ok
15:02:08.0183 5500 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:02:08.0192 5500 iphlpsvc - ok
15:02:08.0297 5500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:02:08.0300 5500 IPMIDRV - ok
15:02:08.0332 5500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:02:08.0335 5500 IPNAT - ok
15:02:08.0355 5500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:02:08.0357 5500 IRENUM - ok
15:02:08.0375 5500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:02:08.0376 5500 isapnp - ok
15:02:08.0396 5500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:02:08.0400 5500 iScsiPrt - ok
15:02:08.0414 5500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:02:08.0415 5500 kbdclass - ok
15:02:08.0431 5500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:02:08.0432 5500 kbdhid - ok
15:02:08.0470 5500 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:08.0472 5500 KeyIso - ok
15:02:08.0541 5500 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:02:08.0543 5500 KSecDD - ok
15:02:08.0585 5500 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:02:08.0588 5500 KSecPkg - ok
15:02:08.0614 5500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:02:08.0615 5500 ksthunk - ok
15:02:08.0663 5500 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:02:08.0668 5500 KtmRm - ok
15:02:08.0703 5500 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:02:08.0708 5500 LanmanServer - ok
15:02:08.0770 5500 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:02:08.0775 5500 LanmanWorkstation - ok
15:02:08.0839 5500 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:02:08.0842 5500 LightScribeService - ok
15:02:08.0888 5500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:02:08.0891 5500 lltdio - ok
15:02:08.0924 5500 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:02:08.0930 5500 lltdsvc - ok
15:02:08.0988 5500 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:02:08.0991 5500 lmhosts - ok
15:02:09.0023 5500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:02:09.0027 5500 LSI_FC - ok
15:02:09.0047 5500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:02:09.0051 5500 LSI_SAS - ok
15:02:09.0068 5500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:02:09.0069 5500 LSI_SAS2 - ok
15:02:09.0089 5500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:02:09.0091 5500 LSI_SCSI - ok
15:02:09.0139 5500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:02:09.0141 5500 luafv - ok
15:02:09.0226 5500 McComponentHostService (fd3ad5e1ecdaa94a89d6697f5c5465d6) C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
15:02:09.0231 5500 McComponentHostService - ok
15:02:09.0303 5500 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:02:09.0306 5500 Mcx2Svc - ok
15:02:09.0360 5500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:02:09.0362 5500 megasas - ok
15:02:09.0395 5500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:02:09.0401 5500 MegaSR - ok
15:02:09.0439 5500 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:02:09.0441 5500 MMCSS - ok
15:02:09.0461 5500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:02:09.0462 5500 Modem - ok
15:02:09.0480 5500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:02:09.0481 5500 monitor - ok
15:02:09.0524 5500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:02:09.0531 5500 mouclass - ok
15:02:09.0577 5500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:02:09.0579 5500 mouhid - ok
15:02:09.0641 5500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:02:09.0644 5500 mountmgr - ok
15:02:09.0663 5500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:02:09.0665 5500 mpio - ok
15:02:09.0691 5500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:02:09.0692 5500 mpsdrv - ok
15:02:09.0753 5500 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:02:09.0764 5500 MpsSvc - ok
15:02:09.0845 5500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:02:09.0855 5500 MRxDAV - ok
15:02:09.0896 5500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:02:09.0899 5500 mrxsmb - ok
15:02:09.0949 5500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:02:09.0955 5500 mrxsmb10 - ok
15:02:09.0973 5500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:02:09.0977 5500 mrxsmb20 - ok
15:02:10.0012 5500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:02:10.0014 5500 msahci - ok
15:02:10.0047 5500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:02:10.0050 5500 msdsm - ok
15:02:10.0078 5500 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:02:10.0081 5500 MSDTC - ok
15:02:10.0200 5500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:02:10.0202 5500 Msfs - ok
15:02:10.0233 5500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:02:10.0233 5500 mshidkmdf - ok
15:02:10.0271 5500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:02:10.0272 5500 msisadrv - ok
15:02:10.0310 5500 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:02:10.0313 5500 MSiSCSI - ok
15:02:10.0325 5500 msiserver - ok
15:02:10.0346 5500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:02:10.0347 5500 MSKSSRV - ok
15:02:10.0367 5500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:02:10.0368 5500 MSPCLOCK - ok
15:02:10.0377 5500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:02:10.0378 5500 MSPQM - ok
15:02:10.0423 5500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:02:10.0427 5500 MsRPC - ok
15:02:10.0513 5500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:02:10.0514 5500 mssmbios - ok
15:02:10.0549 5500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:02:10.0559 5500 MSTEE - ok
15:02:10.0577 5500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:02:10.0579 5500 MTConfig - ok
15:02:10.0600 5500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:02:10.0602 5500 Mup - ok
15:02:10.0633 5500 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:02:10.0641 5500 napagent - ok
15:02:10.0722 5500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:02:10.0729 5500 NativeWifiP - ok
15:02:10.0863 5500 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\ENG64.SYS
15:02:10.0866 5500 NAVENG - ok
15:02:10.0921 5500 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\EX64.SYS
15:02:10.0946 5500 NAVEX15 - ok
15:02:11.0077 5500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:02:11.0089 5500 NDIS - ok
15:02:11.0119 5500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:02:11.0121 5500 NdisCap - ok
15:02:11.0137 5500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:02:11.0138 5500 NdisTapi - ok
15:02:11.0170 5500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:02:11.0172 5500 Ndisuio - ok
15:02:11.0280 5500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:02:11.0283 5500 NdisWan - ok
15:02:11.0324 5500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:02:11.0325 5500 NDProxy - ok
15:02:11.0343 5500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:02:11.0344 5500 NetBIOS - ok
15:02:11.0393 5500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:02:11.0397 5500 NetBT - ok
15:02:11.0436 5500 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:11.0438 5500 Netlogon - ok
15:02:11.0518 5500 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:02:11.0526 5500 Netman - ok
15:02:11.0556 5500 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:02:11.0562 5500 netprofm - ok
15:02:11.0617 5500 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:02:11.0620 5500 NetTcpPortSharing - ok
15:02:11.0806 5500 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:02:11.0884 5500 netw5v64 - ok
15:02:11.0982 5500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:02:11.0984 5500 nfrd960 - ok
15:02:12.0081 5500 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
15:02:12.0085 5500 NIS - ok
15:02:12.0130 5500 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:02:12.0135 5500 NlaSvc - ok
15:02:12.0155 5500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:02:12.0156 5500 Npfs - ok
15:02:12.0177 5500 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:02:12.0179 5500 nsi - ok
15:02:12.0240 5500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:02:12.0242 5500 nsiproxy - ok
15:02:12.0329 5500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:02:12.0351 5500 Ntfs - ok
15:02:12.0420 5500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:02:12.0421 5500 Null - ok
15:02:12.0458 5500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:02:12.0461 5500 nvraid - ok
15:02:12.0481 5500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:02:12.0484 5500 nvstor - ok
15:02:12.0523 5500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:02:12.0525 5500 nv_agp - ok
15:02:12.0608 5500 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:02:12.0613 5500 odserv - ok
15:02:12.0704 5500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:02:12.0718 5500 ohci1394 - ok
15:02:12.0746 5500 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:02:12.0748 5500 ose - ok
15:02:12.0781 5500 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:02:12.0786 5500 p2pimsvc - ok
15:02:12.0817 5500 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:02:12.0823 5500 p2psvc - ok
15:02:12.0900 5500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:02:12.0912 5500 Parport - ok
15:02:12.0954 5500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:02:12.0957 5500 partmgr - ok
15:02:12.0982 5500 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:02:12.0988 5500 PcaSvc - ok
15:02:13.0024 5500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:02:13.0027 5500 pci - ok
15:02:13.0047 5500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:02:13.0048 5500 pciide - ok
15:02:13.0085 5500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:02:13.0089 5500 pcmcia - ok
15:02:13.0104 5500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:02:13.0106 5500 pcw - ok
15:02:13.0199 5500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:02:13.0215 5500 PEAUTH - ok
15:02:13.0271 5500 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:02:13.0274 5500 PerfHost - ok
15:02:13.0343 5500 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:02:13.0360 5500 pla - ok
15:02:13.0447 5500 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:02:13.0454 5500 PlugPlay - ok
15:02:13.0477 5500 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:02:13.0480 5500 PNRPAutoReg - ok
15:02:13.0498 5500 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:02:13.0501 5500 PNRPsvc - ok
15:02:13.0547 5500 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:02:13.0554 5500 PolicyAgent - ok
15:02:13.0628 5500 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:02:13.0635 5500 Power - ok
15:02:13.0685 5500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:02:13.0687 5500 PptpMiniport - ok
15:02:13.0709 5500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:02:13.0711 5500 Processor - ok
15:02:13.0732 5500 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:02:13.0736 5500 ProfSvc - ok
15:02:13.0770 5500 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:13.0771 5500 ProtectedStorage - ok
15:02:13.0813 5500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:02:13.0814 5500 Psched - ok
15:02:13.0865 5500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:02:13.0882 5500 ql2300 - ok
15:02:13.0960 5500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:02:13.0964 5500 ql40xx - ok
15:02:14.0002 5500 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:02:14.0007 5500 QWAVE - ok
15:02:14.0034 5500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:02:14.0035 5500 QWAVEdrv - ok
15:02:14.0051 5500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:02:14.0052 5500 RasAcd - ok
15:02:14.0078 5500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:14.0080 5500 RasAgileVpn - ok
15:02:14.0093 5500 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:02:14.0097 5500 RasAuto - ok
15:02:14.0152 5500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:14.0154 5500 Rasl2tp - ok
15:02:14.0209 5500 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:02:14.0214 5500 RasMan - ok
15:02:14.0253 5500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:14.0256 5500 RasPppoe - ok
15:02:14.0284 5500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:02:14.0286 5500 RasSstp - ok
15:02:14.0310 5500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:02:14.0314 5500 rdbss - ok
15:02:14.0335 5500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:02:14.0336 5500 rdpbus - ok
15:02:14.0362 5500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:14.0363 5500 RDPCDD - ok
15:02:14.0382 5500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:02:14.0383 5500 RDPENCDD - ok
15:02:14.0419 5500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:02:14.0419 5500 RDPREFMP - ok
15:02:14.0477 5500 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:02:14.0481 5500 RDPWD - ok
15:02:14.0521 5500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:02:14.0524 5500 rdyboost - ok
15:02:14.0649 5500 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
15:02:14.0651 5500 RegFilter - ok
15:02:14.0697 5500 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:02:14.0700 5500 RemoteAccess - ok
15:02:14.0765 5500 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:02:14.0769 5500 RemoteRegistry - ok
15:02:14.0786 5500 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:02:14.0790 5500 RpcEptMapper - ok
15:02:14.0801 5500 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:02:14.0802 5500 RpcLocator - ok
15:02:14.0843 5500 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:02:14.0848 5500 RpcSs - ok
15:02:14.0889 5500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:02:14.0891 5500 rspndr - ok
15:02:14.0925 5500 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
15:02:14.0929 5500 RSUSBSTOR - ok
15:02:14.0997 5500 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:02:15.0014 5500 RTL8167 - ok
15:02:15.0124 5500 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
15:02:15.0161 5500 RtVOsdService - ok
15:02:15.0287 5500 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:15.0290 5500 SamSs - ok
15:02:15.0346 5500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:02:15.0350 5500 sbp2port - ok
15:02:15.0383 5500 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:02:15.0388 5500 SCardSvr - ok
15:02:15.0425 5500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:02:15.0427 5500 scfilter - ok
15:02:15.0497 5500 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:02:15.0514 5500 Schedule - ok
15:02:15.0600 5500 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:02:15.0610 5500 SCPolicySvc - ok
15:02:15.0658 5500 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:02:15.0660 5500 sdbus - ok
15:02:15.0683 5500 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:02:15.0686 5500 SDRSVC - ok
15:02:15.0713 5500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:02:15.0715 5500 secdrv - ok
15:02:15.0733 5500 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:02:15.0735 5500 seclogon - ok
15:02:15.0757 5500 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:02:15.0760 5500 SENS - ok
15:02:15.0795 5500 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:02:15.0799 5500 SensrSvc - ok
15:02:15.0822 5500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:02:15.0823 5500 Serenum - ok
15:02:15.0862 5500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:02:15.0864 5500 Serial - ok
15:02:15.0896 5500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:02:15.0897 5500 sermouse - ok
15:02:15.0957 5500 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:02:15.0960 5500 SessionEnv - ok
15:02:15.0998 5500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:02:15.0999 5500 sffdisk - ok
15:02:16.0016 5500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:02:16.0017 5500 sffp_mmc - ok
15:02:16.0029 5500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:02:16.0031 5500 sffp_sd - ok
15:02:16.0104 5500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:02:16.0106 5500 sfloppy - ok
15:02:16.0164 5500 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:02:16.0171 5500 SharedAccess - ok
15:02:16.0213 5500 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:02:16.0220 5500 ShellHWDetection - ok
15:02:16.0273 5500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:02:16.0276 5500 SiSRaid2 - ok
15:02:16.0339 5500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:02:16.0341 5500 SiSRaid4 - ok
15:02:16.0392 5500 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:02:16.0394 5500 SmartDefragDriver - ok
15:02:16.0428 5500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:02:16.0431 5500 Smb - ok
15:02:16.0465 5500 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:02:16.0467 5500 SNMPTRAP - ok
15:02:16.0497 5500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:02:16.0499 5500 spldr - ok
15:02:16.0568 5500 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:02:16.0584 5500 Spooler - ok
15:02:16.0726 5500 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:02:16.0768 5500 sppsvc - ok
15:02:16.0823 5500 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:02:16.0826 5500 sppuinotify - ok
15:02:16.0927 5500 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
15:02:16.0938 5500 SRTSP - ok
15:02:16.0967 5500 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
15:02:16.0969 5500 SRTSPX - ok
15:02:17.0023 5500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:02:17.0030 5500 srv - ok
15:02:17.0098 5500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:02:17.0107 5500 srv2 - ok
15:02:17.0137 5500 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:02:17.0141 5500 SrvHsfHDA - ok
15:02:17.0207 5500 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:02:17.0236 5500 SrvHsfV92 - ok
15:02:17.0276 5500 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:02:17.0285 5500 SrvHsfWinac - ok
15:02:17.0388 5500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:02:17.0393 5500 srvnet - ok
15:02:17.0420 5500 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:02:17.0425 5500 SSDPSRV - ok
15:02:17.0456 5500 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:02:17.0458 5500 SstpSvc - ok
15:02:17.0493 5500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:02:17.0494 5500 stexstor - ok
15:02:17.0539 5500 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:02:17.0547 5500 stisvc - ok
15:02:17.0655 5500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:02:17.0657 5500 swenum - ok
15:02:17.0694 5500 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:02:17.0703 5500 swprv - ok
15:02:17.0778 5500 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
15:02:17.0786 5500 SymDS - ok
15:02:17.0976 5500 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
15:02:17.0998 5500 SymEFA - ok
15:02:18.0057 5500 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:02:18.0061 5500 SymEvent - ok
15:02:18.0163 5500 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
15:02:18.0183 5500 SymIRON - ok
15:02:18.0239 5500 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
15:02:18.0247 5500 SymNetS - ok
15:02:18.0313 5500 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
15:02:18.0333 5500 SynTP - ok
15:02:18.0469 5500 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:02:18.0499 5500 SysMain - ok
15:02:18.0542 5500 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:02:18.0545 5500 TabletInputService - ok
15:02:18.0599 5500 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:02:18.0605 5500 TapiSrv - ok
15:02:18.0646 5500 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:02:18.0648 5500 TBS - ok
15:02:18.0757 5500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:02:18.0791 5500 Tcpip - ok
15:02:18.0882 5500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:02:18.0895 5500 TCPIP6 - ok
15:02:18.0924 5500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:02:18.0925 5500 tcpipreg - ok
15:02:18.0955 5500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:02:18.0956 5500 TDPIPE - ok
15:02:18.0986 5500 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:02:18.0987 5500 TDTCP - ok
15:02:19.0026 5500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:02:19.0029 5500 tdx - ok
15:02:19.0066 5500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:02:19.0068 5500 TermDD - ok
15:02:19.0101 5500 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:02:19.0110 5500 TermService - ok
15:02:19.0186 5500 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:02:19.0191 5500 Themes - ok
15:02:19.0223 5500 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:02:19.0225 5500 THREADORDER - ok
15:02:19.0240 5500 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:02:19.0243 5500 TrkWks - ok
15:02:19.0306 5500 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:02:19.0308 5500 TrustedInstaller - ok
15:02:19.0371 5500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:19.0372 5500 tssecsrv - ok
15:02:19.0449 5500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:02:19.0451 5500 TsUsbFlt - ok
15:02:19.0516 5500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:02:19.0520 5500 tunnel - ok
15:02:19.0547 5500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:02:19.0549 5500 uagp35 - ok
15:02:19.0591 5500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:02:19.0595 5500 udfs - ok
15:02:19.0637 5500 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:02:19.0645 5500 UI0Detect - ok
15:02:19.0699 5500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:02:19.0701 5500 uliagpkx - ok
15:02:19.0748 5500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:02:19.0749 5500 umbus - ok
15:02:19.0791 5500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:02:19.0793 5500 UmPass - ok
15:02:19.0817 5500 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:02:19.0823 5500 upnphost - ok
15:02:19.0950 5500 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
15:02:19.0952 5500 UrlFilter - ok
15:02:20.0004 5500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:20.0006 5500 usbccgp - ok
15:02:20.0119 5500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:02:20.0124 5500 usbcir - ok
15:02:20.0157 5500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:02:20.0159 5500 usbehci - ok
15:02:20.0203 5500 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
15:02:20.0204 5500 usbfilter - ok
15:02:20.0240 5500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:02:20.0245 5500 usbhub - ok
15:02:20.0314 5500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:02:20.0316 5500 usbohci - ok
15:02:20.0348 5500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:02:20.0350 5500 usbprint - ok
15:02:20.0395 5500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:20.0398 5500 USBSTOR - ok
15:02:20.0452 5500 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:02:20.0454 5500 usbuhci - ok
15:02:20.0495 5500 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:02:20.0498 5500 usbvideo - ok
15:02:20.0522 5500 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:02:20.0525 5500 UxSms - ok
15:02:20.0580 5500 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:20.0582 5500 VaultSvc - ok
15:02:20.0628 5500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:02:20.0629 5500 vdrvroot - ok
15:02:20.0676 5500 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:02:20.0691 5500 vds - ok
15:02:20.0721 5500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:20.0733 5500 vga - ok
15:02:20.0771 5500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:02:20.0773 5500 VgaSave - ok
15:02:20.0838 5500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:02:20.0844 5500 vhdmp - ok
15:02:20.0863 5500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:02:20.0864 5500 viaide - ok
15:02:20.0880 5500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:02:20.0881 5500 volmgr - ok
15:02:20.0931 5500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:02:20.0936 5500 volmgrx - ok
15:02:20.0959 5500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:02:20.0962 5500 volsnap - ok
15:02:20.0992 5500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:02:20.0995 5500 vsmraid - ok
15:02:21.0087 5500 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:02:21.0127 5500 VSS - ok
15:02:21.0227 5500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:02:21.0228 5500 vwifibus - ok
15:02:21.0247 5500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:02:21.0249 5500 vwififlt - ok
15:02:21.0280 5500 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:02:21.0286 5500 W32Time - ok
15:02:21.0303 5500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:02:21.0304 5500 WacomPen - ok
15:02:21.0341 5500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:21.0352 5500 WANARP - ok
15:02:21.0358 5500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:21.0359 5500 Wanarpv6 - ok
15:02:21.0410 5500 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:02:21.0442 5500 WatAdminSvc - ok
15:02:21.0599 5500 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:02:21.0621 5500 wbengine - ok
15:02:21.0665 5500 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:02:21.0670 5500 WbioSrvc - ok
15:02:21.0772 5500 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:02:21.0783 5500 wcncsvc - ok
15:02:21.0819 5500 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:02:21.0822 5500 WcsPlugInService - ok
15:02:21.0871 5500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:02:21.0874 5500 Wd - ok
15:02:21.0961 5500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:02:21.0976 5500 Wdf01000 - ok
15:02:22.0047 5500 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:02:22.0053 5500 WdiServiceHost - ok
15:02:22.0066 5500 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:02:22.0071 5500 WdiSystemHost - ok
15:02:22.0129 5500 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:02:22.0134 5500 WebClient - ok
15:02:22.0156 5500 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:02:22.0161 5500 Wecsvc - ok
15:02:22.0179 5500 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:02:22.0182 5500 wercplsupport - ok
15:02:22.0195 5500 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:02:22.0198 5500 WerSvc - ok
15:02:22.0228 5500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:22.0229 5500 WfpLwf - ok
15:02:22.0245 5500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:02:22.0246 5500 WIMMount - ok
15:02:22.0265 5500 WinDefend - ok
15:02:22.0275 5500 WinHttpAutoProxySvc - ok
15:02:22.0371 5500 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:02:22.0377 5500 Winmgmt - ok
15:02:22.0464 5500 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:02:22.0494 5500 WinRM - ok
15:02:22.0581 5500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:02:22.0583 5500 WinUsb - ok
15:02:22.0629 5500 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:02:22.0643 5500 Wlansvc - ok
15:02:22.0780 5500 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:02:22.0806 5500 wlidsvc - ok
15:02:22.0892 5500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:02:22.0899 5500 WmiAcpi - ok
15:02:22.0952 5500 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:02:22.0958 5500 wmiApSrv - ok
15:02:22.0983 5500 WMPNetworkSvc - ok
15:02:23.0020 5500 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:02:23.0025 5500 WPCSvc - ok
15:02:23.0081 5500 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:02:23.0088 5500 WPDBusEnum - ok
15:02:23.0153 5500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:02:23.0154 5500 ws2ifsl - ok
15:02:23.0173 5500 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:02:23.0178 5500 wscsvc - ok
15:02:23.0188 5500 WSearch - ok
15:02:23.0294 5500 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:02:23.0329 5500 wuauserv - ok
15:02:23.0463 5500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:02:23.0467 5500 WudfPf - ok
15:02:23.0501 5500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:02:23.0504 5500 WUDFRd - ok
15:02:23.0562 5500 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:02:23.0574 5500 wudfsvc - ok
15:02:23.0621 5500 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:02:23.0628 5500 WwanSvc - ok
15:02:23.0676 5500 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:02:23.0681 5500 yukonw7 - ok
15:02:23.0702 5500 MBR (0x1B8) (13883b68fdea8a86f626f417b42fe9f7) \Device\Harddisk0\DR0
15:02:23.0729 5500 \Device\Harddisk0\DR0 - ok
15:02:23.0762 5500 Boot (0x1200) (e4bc08ec0c7f89e0182f31984f84934d) \Device\Harddisk0\DR0\Partition0
15:02:23.0763 5500 \Device\Harddisk0\DR0\Partition0 - ok
15:02:23.0778 5500 Boot (0x1200) (c506b2eccd42a2227f87cdb92ec8c3a5) \Device\Harddisk0\DR0\Partition1
15:02:23.0780 5500 \Device\Harddisk0\DR0\Partition1 - ok
15:02:23.0810 5500 Boot (0x1200) (776899cfecc457128bcbb092d5860e6a) \Device\Harddisk0\DR0\Partition2
15:02:23.0811 5500 \Device\Harddisk0\DR0\Partition2 - ok
15:02:23.0831 5500 Boot (0x1200) (ef5f8c4427d76ce8f1dd6ca433a8328d) \Device\Harddisk0\DR0\Partition3
15:02:23.0832 5500 \Device\Harddisk0\DR0\Partition3 - ok
15:02:23.0833 5500 ============================================================
15:02:23.0833 5500 Scan finished
15:02:23.0833 5500 ============================================================
15:02:23.0847 5128 Detected object count: 0
15:02:23.0847 5128 Actual detected object count: 0
15:03:07.0007 6008 ============================================================
15:03:07.0007 6008 Scan started
15:03:07.0007 6008 Mode: Manual; SigCheck; TDLFS;
15:03:07.0007 6008 ============================================================
15:03:07.0937 6008 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:03:08.0098 6008 1394ohci - ok
15:03:08.0203 6008 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:03:08.0248 6008 ACPI - ok
15:03:08.0317 6008 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:03:08.0426 6008 AcpiPmi - ok
15:03:08.0474 6008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:03:08.0495 6008 adp94xx - ok
15:03:08.0605 6008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:03:08.0643 6008 adpahci - ok
15:03:08.0747 6008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:03:08.0786 6008 adpu320 - ok
15:03:08.0948 6008 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
15:03:09.0008 6008 AdvancedSystemCareService5 - ok
15:03:09.0096 6008 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:09.0299 6008 AeLookupSvc - ok
15:03:09.0347 6008 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:03:09.0378 6008 AERTFilters - ok
15:03:09.0496 6008 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:03:09.0570 6008 AFD - ok
15:03:09.0624 6008 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
15:03:09.0698 6008 AgereModemAudio - ok
15:03:09.0789 6008 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
15:03:09.0874 6008 AgereSoftModem - ok
15:03:09.0935 6008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:03:09.0960 6008 agp440 - ok
15:03:09.0993 6008 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:10.0103 6008 ALG - ok
15:03:10.0298 6008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:03:10.0324 6008 aliide - ok
15:03:10.0359 6008 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe
15:03:10.0439 6008 AMD External Events Utility - ok
15:03:10.0474 6008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:03:10.0497 6008 amdide - ok
15:03:10.0573 6008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:03:10.0657 6008 AmdK8 - ok
15:03:11.0911 6008 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys
15:03:12.0223 6008 amdkmdag - ok
15:03:12.0546 6008 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys
15:03:12.0627 6008 amdkmdap - ok
15:03:12.0666 6008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:03:12.0720 6008 AmdPPM - ok
15:03:12.0785 6008 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
15:03:12.0820 6008 amdsata - ok
15:03:12.0851 6008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:03:12.0866 6008 amdsbs - ok
15:03:12.0877 6008 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
15:03:12.0895 6008 amdxata - ok
15:03:12.0923 6008 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
15:03:12.0934 6008 amd_sata - ok
15:03:12.0950 6008 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
15:03:12.0961 6008 amd_xata - ok
15:03:13.0011 6008 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:03:13.0140 6008 AppID - ok
15:03:13.0235 6008 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:13.0336 6008 AppIDSvc - ok
15:03:13.0408 6008 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:03:13.0520 6008 Appinfo - ok
15:03:13.0714 6008 Application Updater (54951548980ecd07b80ead3c7921f8a1) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
15:03:13.0759 6008 Application Updater - ok
15:03:13.0906 6008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:03:13.0950 6008 arc - ok
15:03:13.0982 6008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:03:13.0999 6008 arcsas - ok
15:03:14.0027 6008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:14.0122 6008 AsyncMac - ok
15:03:14.0252 6008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:03:14.0277 6008 atapi - ok
15:03:14.0384 6008 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
15:03:14.0471 6008 athr - ok
15:03:14.0558 6008 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:03:14.0579 6008 AtiPcie - ok
15:03:14.0632 6008 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:14.0717 6008 AudioEndpointBuilder - ok
15:03:14.0730 6008 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:14.0781 6008 AudioSrv - ok
15:03:14.0821 6008 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:03:14.0919 6008 AxInstSV - ok
15:03:15.0001 6008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:03:15.0067 6008 b06bdrv - ok
15:03:15.0095 6008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:15.0144 6008 b57nd60a - ok
15:03:15.0212 6008 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:15.0268 6008 BDESVC - ok
15:03:15.0309 6008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:15.0397 6008 Beep - ok
15:03:15.0457 6008 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:03:15.0566 6008 BFE - ok
15:03:15.0731 6008 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx64.sys
15:03:15.0777 6008 BHDrvx64 - ok
15:03:15.0843 6008 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:03:15.0938 6008 BITS - ok
15:03:15.0996 6008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:16.0024 6008 blbdrive - ok
15:03:16.0085 6008 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:03:16.0110 6008 bowser - ok
15:03:16.0123 6008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:03:16.0176 6008 BrFiltLo - ok
15:03:16.0225 6008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:03:16.0248 6008 BrFiltUp - ok
15:03:16.0293 6008 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:03:16.0357 6008 BridgeMP - ok
15:03:16.0378 6008 BroadCamService - ok
15:03:16.0566 6008 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:03:16.0685 6008 Browser - ok
15:03:16.0734 6008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:03:16.0786 6008 Brserid - ok
15:03:16.0826 6008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:16.0858 6008 BrSerWdm - ok
15:03:16.0875 6008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:16.0905 6008 BrUsbMdm - ok
15:03:16.0927 6008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:16.0962 6008 BrUsbSer - ok
15:03:17.0004 6008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:03:17.0036 6008 BTHMODEM - ok
15:03:17.0072 6008 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:17.0134 6008 bthserv - ok
15:03:17.0141 6008 catchme - ok
15:03:17.0224 6008 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
15:03:17.0251 6008 ccSet_NIS - ok
15:03:17.0276 6008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:17.0331 6008 cdfs - ok
15:03:17.0389 6008 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:03:17.0439 6008 cdrom - ok
15:03:17.0472 6008 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:17.0541 6008 CertPropSvc - ok
15:03:17.0585 6008 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:03:17.0601 6008 CinemaNow Service - ok
15:03:17.0666 6008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:03:17.0707 6008 circlass - ok
15:03:17.0756 6008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:17.0776 6008 CLFS - ok
15:03:17.0827 6008 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:17.0850 6008 clr_optimization_v2.0.50727_32 - ok
15:03:17.0877 6008 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:17.0891 6008 clr_optimization_v2.0.50727_64 - ok
15:03:17.0963 6008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:17.0990 6008 clr_optimization_v4.0.30319_32 - ok
15:03:18.0021 6008 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:18.0036 6008 clr_optimization_v4.0.30319_64 - ok
15:03:18.0093 6008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:03:18.0136 6008 CmBatt - ok
15:03:18.0155 6008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:03:18.0167 6008 cmdide - ok
15:03:18.0206 6008 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:03:18.0234 6008 CNG - ok
15:03:18.0259 6008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:03:18.0272 6008 Compbatt - ok
15:03:18.0347 6008 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:03:18.0413 6008 CompositeBus - ok
15:03:18.0422 6008 COMSysApp - ok
15:03:18.0460 6008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:03:18.0483 6008 crcdisk - ok
15:03:18.0520 6008 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:03:18.0590 6008 CryptSvc - ok
15:03:18.0642 6008 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:03:18.0724 6008 DcomLaunch - ok
15:03:18.0797 6008 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:03:18.0871 6008 defragsvc - ok
15:03:18.0920 6008 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:03:19.0000 6008 DfsC - ok
15:03:19.0043 6008 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:03:19.0103 6008 Dhcp - ok
15:03:19.0129 6008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:03:19.0179 6008 discache - ok
15:03:19.0212 6008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:03:19.0224 6008 Disk - ok
15:03:19.0291 6008 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:03:19.0352 6008 Dnscache - ok
15:03:19.0391 6008 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:03:19.0454 6008 dot3svc - ok
15:03:19.0486 6008 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:03:19.0544 6008 DPS - ok
15:03:19.0590 6008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:03:19.0625 6008 drmkaud - ok
15:03:19.0686 6008 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:03:19.0713 6008 dtsoftbus01 - ok
15:03:19.0761 6008 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:03:19.0805 6008 DXGKrnl - ok
15:03:19.0872 6008 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:03:19.0959 6008 EapHost - ok
15:03:20.0048 6008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:03:20.0128 6008 ebdrv - ok
15:03:20.0202 6008 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:03:20.0222 6008 eeCtrl - ok
15:03:20.0276 6008 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:03:20.0346 6008 EFS - ok
15:03:20.0413 6008 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:03:20.0498 6008 ehRecvr - ok
15:03:20.0546 6008 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:03:20.0591 6008 ehSched - ok
15:03:20.0657 6008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:03:20.0696 6008 elxstor - ok
15:03:20.0767 6008 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:03:20.0788 6008 EraserUtilRebootDrv - ok
15:03:20.0842 6008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:03:20.0876 6008 ErrDev - ok
15:03:20.0932 6008 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:03:21.0008 6008 EventSystem - ok
15:03:21.0051 6008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:03:21.0100 6008 exfat - ok
15:03:21.0116 6008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:03:21.0169 6008 fastfat - ok
15:03:21.0216 6008 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:03:21.0279 6008 Fax - ok
15:03:21.0355 6008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:03:21.0394 6008 fdc - ok
15:03:21.0425 6008 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:03:21.0501 6008 fdPHost - ok
15:03:21.0517 6008 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:03:21.0575 6008 FDResPub - ok
15:03:21.0597 6008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:03:21.0608 6008 FileInfo - ok
15:03:21.0724 6008 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
15:03:21.0744 6008 FileMonitor - ok
15:03:21.0811 6008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:03:21.0907 6008 Filetrace - ok
15:03:21.0930 6008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:03:21.0972 6008 flpydisk - ok
15:03:22.0018 6008 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:03:22.0051 6008 FltMgr - ok
15:03:22.0104 6008 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:03:22.0141 6008 FontCache - ok
15:03:22.0227 6008 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:22.0248 6008 FontCache3.0.0.0 - ok
15:03:22.0304 6008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:03:22.0330 6008 FsDepends - ok
15:03:22.0352 6008 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:03:22.0368 6008 Fs_Rec - ok
15:03:22.0407 6008 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:03:22.0427 6008 fvevol - ok
15:03:22.0449 6008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:03:22.0462 6008 gagp30kx - ok
15:03:22.0518 6008 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:03:22.0546 6008 GameConsoleService - ok
15:03:22.0629 6008 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:03:22.0724 6008 gpsvc - ok
15:03:22.0800 6008 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:22.0824 6008 gupdate - ok
15:03:22.0831 6008 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:22.0842 6008 gupdatem - ok
15:03:22.0911 6008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:03:22.0965 6008 hcw85cir - ok
15:03:23.0003 6008 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:03:23.0037 6008 HdAudAddService - ok
15:03:23.0059 6008 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:03:23.0078 6008 HDAudBus - ok
15:03:23.0090 6008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:03:23.0107 6008 HidBatt - ok
15:03:23.0127 6008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:03:23.0160 6008 HidBth - ok
15:03:23.0175 6008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:03:23.0200 6008 HidIr - ok
15:03:23.0267 6008 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:03:23.0351 6008 hidserv - ok
15:03:23.0398 6008 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:03:23.0430 6008 HidUsb - ok
15:03:23.0465 6008 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:03:23.0540 6008 hkmsvc - ok
15:03:23.0577 6008 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:03:23.0638 6008 HomeGroupListener - ok
15:03:23.0679 6008 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:03:23.0710 6008 HomeGroupProvider - ok
15:03:23.0784 6008 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:03:23.0807 6008 HP Support Assistant Service - ok
15:03:23.0857 6008 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:03:23.0879 6008 HP Wireless Assistant Service - ok
15:03:23.0898 6008 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:03:23.0910 6008 HPDrvMntSvc.exe - ok
15:03:23.0933 6008 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:03:23.0957 6008 hpqwmiex - ok
15:03:24.0037 6008 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:03:24.0062 6008 HpSAMD - ok
15:03:24.0107 6008 HPWMISVC (ddd6eb8c32aaf5797d71413f2fc7a00f) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:03:24.0127 6008 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
15:03:24.0127 6008 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
15:03:24.0183 6008 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:03:24.0249 6008 HTTP - ok
15:03:24.0333 6008 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:03:24.0357 6008 hwpolicy - ok
15:03:24.0398 6008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:03:24.0415 6008 i8042prt - ok
15:03:24.0461 6008 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:03:24.0492 6008 iaStorV - ok
15:03:24.0539 6008 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:24.0572 6008 idsvc - ok
15:03:24.0745 6008 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111220.001\IDSvia64.sys
15:03:24.0785 6008 IDSVia64 - ok
15:03:24.0956 6008 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:03:25.0076 6008 igfx - ok
15:03:25.0154 6008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:03:25.0180 6008 iirsp - ok
15:03:25.0241 6008 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:03:25.0300 6008 IKEEXT - ok
15:03:25.0430 6008 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
15:03:25.0474 6008 IMFservice - ok
15:03:25.0620 6008 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
15:03:25.0683 6008 IntcAzAudAddService - ok
15:03:25.0720 6008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:03:25.0733 6008 intelide - ok
15:03:25.0766 6008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:03:25.0795 6008 intelppm - ok
15:03:25.0867 6008 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:03:25.0958 6008 IPBusEnum - ok
15:03:26.0011 6008 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:26.0102 6008 IpFilterDriver - ok
15:03:26.0130 6008 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:03:26.0194 6008 iphlpsvc - ok
15:03:26.0278 6008 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:03:26.0323 6008 IPMIDRV - ok
15:03:26.0356 6008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:03:26.0430 6008 IPNAT - ok
15:03:26.0445 6008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:03:26.0497 6008 IRENUM - ok
15:03:26.0523 6008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:03:26.0534 6008 isapnp - ok
15:03:26.0612 6008 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:03:26.0643 6008 iScsiPrt - ok
15:03:26.0787 6008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:03:26.0851 6008 kbdclass - ok
15:03:26.0871 6008 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:03:26.0901 6008 kbdhid - ok
15:03:26.0934 6008 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:26.0948 6008 KeyIso - ok
15:03:26.0972 6008 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:03:26.0985 6008 KSecDD - ok
15:03:27.0025 6008 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:03:27.0038 6008 KSecPkg - ok
15:03:27.0062 6008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:03:27.0112 6008 ksthunk - ok
15:03:27.0183 6008 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:03:27.0252 6008 KtmRm - ok
15:03:27.0293 6008 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:03:27.0343 6008 LanmanServer - ok
15:03:27.0385 6008 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:03:27.0456 6008 LanmanWorkstation - ok
15:03:27.0530 6008 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:03:27.0542 6008 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:03:27.0542 6008 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:03:27.0604 6008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:03:27.0690 6008 lltdio - ok
15:03:27.0720 6008 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:03:27.0776 6008 lltdsvc - ok
15:03:27.0802 6008 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:03:27.0843 6008 lmhosts - ok
15:03:27.0871 6008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:03:27.0884 6008 LSI_FC - ok
15:03:27.0896 6008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:03:27.0910 6008 LSI_SAS - ok
15:03:27.0941 6008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:03:27.0953 6008 LSI_SAS2 - ok
15:03:28.0012 6008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:03:28.0041 6008 LSI_SCSI - ok
15:03:28.0062 6008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:03:28.0140 6008 luafv - ok
15:03:28.0208 6008 McComponentHostService (fd3ad5e1ecdaa94a89d6697f5c5465d6) C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
15:03:28.0237 6008 McComponentHostService - ok
15:03:28.0285 6008 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:03:28.0320 6008 Mcx2Svc - ok
15:03:28.0384 6008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:03:28.0409 6008 megasas - ok
15:03:28.0443 6008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:03:28.0459 6008 MegaSR - ok
15:03:28.0479 6008 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:28.0535 6008 MMCSS - ok
15:03:28.0550 6008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:03:28.0602 6008 Modem - ok
15:03:28.0619 6008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:03:28.0651 6008 monitor - ok
15:03:28.0705 6008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:03:28.0729 6008 mouclass - ok
15:03:28.0784 6008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:03:28.0808 6008 mouhid - ok
15:03:28.0856 6008 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:03:28.0882 6008 mountmgr - ok
15:03:28.0902 6008 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:03:28.0917 6008 mpio - ok
15:03:28.0930 6008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:03:28.0975 6008 mpsdrv - ok
15:03:29.0020 6008 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:03:29.0116 6008 MpsSvc - ok
15:03:29.0193 6008 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:03:29.0248 6008 MRxDAV - ok
15:03:29.0286 6008 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:29.0341 6008 mrxsmb - ok
15:03:29.0388 6008 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:29.0431 6008 mrxsmb10 - ok
15:03:29.0463 6008 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:29.0479 6008 mrxsmb20 - ok
15:03:29.0510 6008 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:03:29.0521 6008 msahci - ok
15:03:29.0604 6008 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:03:29.0636 6008 msdsm - ok
15:03:29.0662 6008 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:03:29.0709 6008 MSDTC - ok
15:03:29.0749 6008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:03:29.0788 6008 Msfs - ok
15:03:29.0807 6008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:03:29.0846 6008 mshidkmdf - ok
15:03:29.0862 6008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:03:29.0872 6008 msisadrv - ok
15:03:29.0901 6008 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:03:29.0954 6008 MSiSCSI - ok
15:03:30.0001 6008 msiserver - ok
15:03:30.0037 6008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:03:30.0085 6008 MSKSSRV - ok
15:03:30.0116 6008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:30.0169 6008 MSPCLOCK - ok
15:03:30.0176 6008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:03:30.0226 6008 MSPQM - ok
15:03:30.0272 6008 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:03:30.0290 6008 MsRPC - ok
15:03:30.0379 6008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:03:30.0405 6008 mssmbios - ok
15:03:30.0423 6008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:03:30.0483 6008 MSTEE - ok
15:03:30.0501 6008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:03:30.0527 6008 MTConfig - ok
15:03:30.0558 6008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:03:30.0577 6008 Mup - ok
15:03:30.0607 6008 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:03:30.0676 6008 napagent - ok
15:03:30.0763 6008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:03:30.0816 6008 NativeWifiP - ok
15:03:30.0932 6008 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\ENG64.SYS
15:03:30.0958 6008 NAVENG - ok
15:03:31.0027 6008 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\EX64.SYS
15:03:31.0093 6008 NAVEX15 - ok
15:03:31.0192 6008 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:03:31.0242 6008 NDIS - ok
15:03:31.0269 6008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:31.0342 6008 NdisCap - ok
15:03:31.0361 6008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:31.0401 6008 NdisTapi - ok
15:03:31.0436 6008 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:31.0509 6008 Ndisuio - ok
15:03:31.0599 6008 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:31.0682 6008 NdisWan - ok
15:03:31.0715 6008 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:03:31.0763 6008 NDProxy - ok
15:03:31.0775 6008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:03:31.0815 6008 NetBIOS - ok
15:03:31.0892 6008 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:03:31.0959 6008 NetBT - ok
15:03:31.0994 6008 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:32.0015 6008 Netlogon - ok
15:03:32.0085 6008 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:03:32.0175 6008 Netman - ok
15:03:32.0197 6008 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:03:32.0252 6008 netprofm - ok
15:03:32.0307 6008 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:03:32.0331 6008 NetTcpPortSharing - ok
15:03:32.0527 6008 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:03:32.0630 6008 netw5v64 - ok
15:03:32.0706 6008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:03:32.0731 6008 nfrd960 - ok
15:03:32.0822 6008 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
15:03:32.0847 6008 NIS - ok
15:03:32.0889 6008 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:03:32.0998 6008 NlaSvc - ok
15:03:33.0021 6008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:03:33.0061 6008 Npfs - ok
15:03:33.0084 6008 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:03:33.0125 6008 nsi - ok
15:03:33.0198 6008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:03:33.0273 6008 nsiproxy - ok
15:03:33.0357 6008 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:03:33.0415 6008 Ntfs - ok
15:03:33.0495 6008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:03:33.0586 6008 Null - ok
15:03:33.0624 6008 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:03:33.0652 6008 nvraid - ok
15:03:33.0672 6008 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:03:33.0686 6008 nvstor - ok
15:03:33.0723 6008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:03:33.0751 6008 nv_agp - ok
15:03:33.0827 6008 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:03:33.0854 6008 odserv - ok
15:03:33.0937 6008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:03:33.0979 6008 ohci1394 - ok
15:03:34.0011 6008 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:34.0024 6008 ose - ok
15:03:34.0063 6008 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:34.0102 6008 p2pimsvc - ok
15:03:34.0125 6008 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:03:34.0148 6008 p2psvc - ok
15:03:34.0224 6008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:03:34.0253 6008 Parport - ok
15:03:34.0294 6008 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:03:34.0306 6008 partmgr - ok
15:03:34.0330 6008 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:03:34.0364 6008 PcaSvc - ok
15:03:34.0398 6008 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:03:34.0412 6008 pci - ok
15:03:34.0429 6008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:03:34.0440 6008 pciide - ok
15:03:34.0467 6008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:03:34.0482 6008 pcmcia - ok
15:03:34.0495 6008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:03:34.0506 6008 pcw - ok
15:03:34.0598 6008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:03:34.0672 6008 PEAUTH - ok
15:03:34.0745 6008 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:03:34.0789 6008 PerfHost - ok
15:03:34.0885 6008 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:03:34.0966 6008 pla - ok
15:03:35.0048 6008 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:03:35.0102 6008 PlugPlay - ok
15:03:35.0135 6008 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:03:35.0160 6008 PNRPAutoReg - ok
15:03:35.0180 6008 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:35.0199 6008 PNRPsvc - ok
15:03:35.0245 6008 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:03:35.0306 6008 PolicyAgent - ok
15:03:35.0377 6008 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:03:35.0451 6008 Power - ok
15:03:35.0502 6008 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:03:35.0590 6008 PptpMiniport - ok
15:03:35.0625 6008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:03:35.0650 6008 Processor - ok
15:03:35.0689 6008 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:03:35.0745 6008 ProfSvc - ok
15:03:35.0819 6008 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:35.0849 6008 ProtectedStorage - ok
15:03:35.0887 6008 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:03:35.0929 6008 Psched - ok
15:03:35.0992 6008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:03:36.0035 6008 ql2300 - ok
15:03:36.0051 6008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:03:36.0065 6008 ql40xx - ok
15:03:36.0137 6008 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:03:36.0183 6008 QWAVE - ok
15:03:36.0225 6008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:03:36.0263 6008 QWAVEdrv - ok
15:03:36.0283 6008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:03:36.0353 6008 RasAcd - ok
15:03:36.0377 6008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:36.0417 6008 RasAgileVpn - ok
15:03:36.0435 6008 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:03:36.0516 6008 RasAuto - ok
15:03:36.0594 6008 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:36.0676 6008 Rasl2tp - ok
15:03:36.0716 6008 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:03:36.0769 6008 RasMan - ok
15:03:36.0785 6008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:36.0835 6008 RasPppoe - ok
15:03:36.0867 6008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:03:36.0961 6008 RasSstp - ok
15:03:37.0103 6008 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:03:37.0163 6008 rdbss - ok
15:03:37.0234 6008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:37.0286 6008 rdpbus - ok
15:03:37.0303 6008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:37.0347 6008 RDPCDD - ok
15:03:37.0364 6008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:03:37.0429 6008 RDPENCDD - ok
15:03:37.0456 6008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:03:37.0495 6008 RDPREFMP - ok
15:03:37.0518 6008 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:03:37.0561 6008 RDPWD - ok
15:03:37.0595 6008 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:03:37.0610 6008 rdyboost - ok
15:03:37.0731 6008 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
15:03:37.0752 6008 RegFilter - ok
15:03:37.0822 6008 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:03:37.0894 6008 RemoteAccess - ok
15:03:37.0913 6008 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:03:37.0972 6008 RemoteRegistry - ok
15:03:38.0001 6008 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:03:38.0044 6008 RpcEptMapper - ok
15:03:38.0058 6008 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:03:38.0085 6008 RpcLocator - ok
15:03:38.0126 6008 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:03:38.0170 6008 RpcSs - ok
15:03:38.0247 6008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:03:38.0320 6008 rspndr - ok
15:03:38.0349 6008 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
15:03:38.0364 6008 RSUSBSTOR - ok
15:03:38.0413 6008 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:03:38.0435 6008 RTL8167 - ok
15:03:38.0498 6008 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
15:03:38.0519 6008 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
15:03:38.0520 6008 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
15:03:38.0552 6008 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:38.0576 6008 SamSs - ok
15:03:38.0654 6008 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:03:38.0677 6008 sbp2port - ok
15:03:38.0708 6008 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:03:38.0756 6008 SCardSvr - ok
15:03:38.0791 6008 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:03:38.0836 6008 scfilter - ok
15:03:38.0893 6008 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:03:38.0956 6008 Schedule - ok
15:03:39.0032 6008 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:39.0084 6008 SCPolicySvc - ok
15:03:39.0132 6008 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:03:39.0174 6008 sdbus - ok
15:03:39.0190 6008 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:03:39.0232 6008 SDRSVC - ok
15:03:39.0254 6008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:03:39.0296 6008 secdrv - ok
15:03:39.0315 6008 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:03:39.0375 6008 seclogon - ok
15:03:39.0398 6008 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:03:39.0460 6008 SENS - ok
15:03:39.0511 6008 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:03:39.0545 6008 SensrSvc - ok
15:03:39.0580 6008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:03:39.0612 6008 Serenum - ok
15:03:39.0628 6008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:03:39.0644 6008 Serial - ok
15:03:39.0678 6008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:03:39.0702 6008 sermouse - ok
15:03:39.0747 6008 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:03:39.0797 6008 SessionEnv - ok
15:03:39.0856 6008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:03:39.0898 6008 sffdisk - ok
15:03:39.0915 6008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:03:39.0937 6008 sffp_mmc - ok
15:03:39.0979 6008 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:03:40.0015 6008 sffp_sd - ok
15:03:40.0111 6008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:03:40.0136 6008 sfloppy - ok
15:03:40.0194 6008 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:03:40.0251 6008 SharedAccess - ok
15:03:40.0295 6008 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:03:40.0353 6008 ShellHWDetection - ok
15:03:40.0380 6008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:03:40.0392 6008 SiSRaid2 - ok
15:03:40.0448 6008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:03:40.0471 6008 SiSRaid4 - ok
15:03:40.0533 6008 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:03:40.0553 6008 SmartDefragDriver - ok
15:03:40.0594 6008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:03:40.0649 6008 Smb - ok
15:03:40.0681 6008 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:03:40.0711 6008 SNMPTRAP - ok
15:03:40.0738 6008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:03:40.0752 6008 spldr - ok
15:03:40.0809 6008 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:03:40.0875 6008 Spooler - ok
15:03:41.0010 6008 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:03:41.0162 6008 sppsvc - ok
15:03:41.0231 6008 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:03:41.0310 6008 sppuinotify - ok
15:03:41.0409 6008 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
15:03:41.0453 6008 SRTSP - ok
15:03:41.0483 6008 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
15:03:41.0492 6008 SRTSPX - ok
15:03:41.0534 6008 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:03:41.0579 6008 srv - ok
15:03:41.0650 6008 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:03:41.0689 6008 srv2 - ok
15:03:41.0719 6008 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:03:41.0747 6008 SrvHsfHDA - ok
15:03:41.0814 6008 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:03:41.0892 6008 SrvHsfV92 - ok
15:03:41.0997 6008 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:03:42.0038 6008 SrvHsfWinac - ok
15:03:42.0102 6008 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:03:42.0119 6008 srvnet - ok
15:03:42.0144 6008 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:03:42.0199 6008 SSDPSRV - ok
15:03:42.0256 6008 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:03:42.0328 6008 SstpSvc - ok
15:03:42.0367 6008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:03:42.0387 6008 stexstor - ok
15:03:42.0431 6008 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:03:42.0499 6008 stisvc - ok
15:03:42.0579 6008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:03:42.0603 6008 swenum - ok
15:03:42.0635 6008 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:03:42.0697 6008 swprv - ok
15:03:42.0777 6008 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
15:03:42.0813 6008 SymDS - ok
15:03:42.0925 6008 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
15:03:42.0972 6008 SymEFA - ok
15:03:43.0017 6008 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:03:43.0033 6008 SymEvent - ok
15:03:43.0096 6008 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
15:03:43.0124 6008 SymIRON - ok
15:03:43.0229 6008 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
15:03:43.0261 6008 SymNetS - ok
15:03:43.0336 6008 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
15:03:43.0379 6008 SynTP - ok
15:03:43.0460 6008 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:03:43.0534 6008 SysMain - ok
15:03:43.0617 6008 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:03:43.0656 6008 TabletInputService - ok
15:03:43.0682 6008 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:03:43.0751 6008 TapiSrv - ok
15:03:43.0778 6008 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:03:43.0821 6008 TBS - ok
15:03:43.0900 6008 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:03:43.0950 6008 Tcpip - ok
15:03:44.0023 6008 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:03:44.0065 6008 TCPIP6 - ok
15:03:44.0107 6008 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:03:44.0172 6008 tcpipreg - ok
15:03:44.0204 6008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:03:44.0230 6008 TDPIPE - ok
15:03:44.0269 6008 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:03:44.0291 6008 TDTCP - ok
15:03:44.0316 6008 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:03:44.0380 6008 tdx - ok
15:03:44.0415 6008 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:03:44.0427 6008 TermDD - ok
15:03:44.0521 6008 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:03:44.0582 6008 TermService - ok
15:03:44.0610 6008 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:03:44.0648 6008 Themes - ok
15:03:44.0680 6008 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:44.0724 6008 THREADORDER - ok
15:03:44.0781 6008 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:03:44.0843 6008 TrkWks - ok
15:03:44.0890 6008 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:03:44.0948 6008 TrustedInstaller - ok
15:03:45.0012 6008 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:45.0102 6008 tssecsrv - ok
15:03:45.0140 6008 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:03:45.0163 6008 TsUsbFlt - ok
15:03:45.0240 6008 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:03:45.0332 6008 tunnel - ok
15:03:45.0364 6008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:03:45.0384 6008 uagp35 - ok
15:03:45.0467 6008 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:03:45.0553 6008 udfs - ok
15:03:45.0593 6008 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:03:45.0610 6008 UI0Detect - ok
15:03:45.0690 6008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:03:45.0716 6008 uliagpkx - ok
15:03:45.0729 6008 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:03:45.0760 6008 umbus - ok
15:03:45.0790 6008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:03:45.0824 6008 UmPass - ok
15:03:45.0849 6008 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:03:45.0895 6008 upnphost - ok
15:03:46.0015 6008 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
15:03:46.0036 6008 UrlFilter - ok
15:03:46.0119 6008 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:46.0160 6008 usbccgp - ok
15:03:46.0200 6008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:03:46.0234 6008 usbcir - ok
15:03:46.0264 6008 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:03:46.0293 6008 usbehci - ok
15:03:46.0326 6008 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
15:03:46.0336 6008 usbfilter - ok
15:03:46.0363 6008 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:03:46.0390 6008 usbhub - ok
15:03:46.0471 6008 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:03:46.0511 6008 usbohci - ok
15:03:46.0529 6008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:03:46.0560 6008 usbprint - ok
15:03:46.0601 6008 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:46.0658 6008 USBSTOR - ok
15:03:46.0692 6008 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:03:46.0743 6008 usbuhci - ok
15:03:46.0836 6008 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:03:46.0870 6008 usbvideo - ok
15:03:46.0894 6008 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:03:46.0952 6008 UxSms - ok
15:03:46.0986 6008 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:47.0007 6008 VaultSvc - ok
15:03:47.0026 6008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:03:47.0037 6008 vdrvroot - ok
15:03:47.0090 6008 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:03:47.0172 6008 vds - ok
15:03:47.0412 6008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:47.0441 6008 vga - ok
15:03:47.0470 6008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:03:47.0535 6008 VgaSave - ok
15:03:47.0579 6008 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:03:47.0610 6008 vhdmp - ok
15:03:47.0620 6008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:03:47.0631 6008 viaide - ok
15:03:47.0688 6008 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:03:47.0715 6008 volmgr - ok
15:03:47.0766 6008 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:03:47.0795 6008 volmgrx - ok
15:03:47.0818 6008 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:03:47.0836 6008 volsnap - ok
15:03:47.0874 6008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:03:47.0906 6008 vsmraid - ok
15:03:47.0966 6008 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:03:48.0037 6008 VSS - ok
15:03:48.0117 6008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:03:48.0165 6008 vwifibus - ok
15:03:48.0188 6008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:03:48.0223 6008 vwififlt - ok
15:03:48.0266 6008 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:03:48.0331 6008 W32Time - ok
15:03:48.0353 6008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:03:48.0372 6008 WacomPen - ok
15:03:48.0407 6008 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:48.0456 6008 WANARP - ok
15:03:48.0464 6008 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:48.0506 6008 Wanarpv6 - ok
15:03:48.0610 6008 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:03:48.0653 6008 WatAdminSvc - ok
15:03:48.0721 6008 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:03:48.0780 6008 wbengine - ok
15:03:48.0849 6008 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:03:48.0885 6008 WbioSrvc - ok
15:03:48.0927 6008 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:03:48.0954 6008 wcncsvc - ok
15:03:48.0968 6008 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:03:48.0994 6008 WcsPlugInService - ok
15:03:49.0029 6008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:03:49.0042 6008 Wd - ok
15:03:49.0081 6008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:03:49.0102 6008 Wdf01000 - ok
15:03:49.0163 6008 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:49.0261 6008 WdiServiceHost - ok
15:03:49.0268 6008 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:49.0293 6008 WdiSystemHost - ok
15:03:49.0334 6008 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:03:49.0386 6008 WebClient - ok
15:03:49.0457 6008 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:03:49.0545 6008 Wecsvc - ok
15:03:49.0562 6008 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:03:49.0617 6008 wercplsupport - ok
15:03:49.0636 6008 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:03:49.0681 6008 WerSvc - ok
15:03:49.0711 6008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:49.0750 6008 WfpLwf - ok
15:03:49.0769 6008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:03:49.0780 6008 WIMMount - ok
15:03:49.0798 6008 WinDefend - ok
15:03:49.0810 6008 WinHttpAutoProxySvc - ok
15:03:49.0871 6008 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:03:49.0956 6008 Winmgmt - ok
15:03:50.0089 6008 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:03:50.0173 6008 WinRM - ok
15:03:50.0263 6008 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:03:50.0287 6008 WinUsb - ok
15:03:50.0328 6008 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:03:50.0382 6008 Wlansvc - ok
15:03:50.0519 6008 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:50.0585 6008 wlidsvc - ok
15:03:50.0666 6008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:03:50.0711 6008 WmiAcpi - ok
15:03:50.0768 6008 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:03:50.0821 6008 wmiApSrv - ok
15:03:50.0850 6008 WMPNetworkSvc - ok
15:03:50.0886 6008 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:03:50.0919 6008 WPCSvc - ok
15:03:50.0997 6008 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:03:51.0037 6008 WPDBusEnum - ok
15:03:51.0069 6008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:03:51.0123 6008 ws2ifsl - ok
15:03:51.0147 6008 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:03:51.0177 6008 wscsvc - ok
15:03:51.0186 6008 WSearch - ok
15:03:51.0274 6008 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:03:51.0356 6008 wuauserv - ok
15:03:51.0447 6008 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:03:51.0531 6008 WudfPf - ok
15:03:51.0549 6008 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:51.0590 6008 WUDFRd - ok
15:03:51.0629 6008 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:03:51.0685 6008 wudfsvc - ok
15:03:51.0712 6008 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:03:51.0757 6008 WwanSvc - ok
15:03:51.0801 6008 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:03:51.0825 6008 yukonw7 - ok
15:03:51.0843 6008 MBR (0x1B8) (13883b68fdea8a86f626f417b42fe9f7) \Device\Harddisk0\DR0
15:03:51.0898 6008 \Device\Harddisk0\DR0 - ok
15:03:51.0927 6008 Boot (0x1200) (e4bc08ec0c7f89e0182f31984f84934d) \Device\Harddisk0\DR0\Partition0
15:03:51.0930 6008 \Device\Harddisk0\DR0\Partition0 - ok
15:03:51.0946 6008 Boot (0x1200) (c506b2eccd42a2227f87cdb92ec8c3a5) \Device\Harddisk0\DR0\Partition1
15:03:51.0948 6008 \Device\Harddisk0\DR0\Partition1 - ok
15:03:51.0976 6008 Boot (0x1200) (776899cfecc457128bcbb092d5860e6a) \Device\Harddisk0\DR0\Partition2
15:03:51.0978 6008 \Device\Harddisk0\DR0\Partition2 - ok
15:03:51.0997 6008 Boot (0x1200) (ef5f8c4427d76ce8f1dd6ca433a8328d) \Device\Harddisk0\DR0\Partition3
15:03:51.0999 6008 \Device\Harddisk0\DR0\Partition3 - ok
15:03:52.0000 6008 ============================================================
15:03:52.0000 6008 Scan finished
15:03:52.0000 6008 ============================================================
15:03:52.0024 5676 Detected object count: 3
15:03:52.0024 5676 Actual detected object count: 3
15:04:37.0321 5676 HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:37.0321 5676 HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:37.0322 5676 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:37.0322 5676 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:37.0324 5676 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:37.0324 5676 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip


This was the rest of the TDSkiller scan it was too long to fit in the first reply

#6 this_sucks

this_sucks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 02 April 2012 - 04:24 PM

here is the log for the aswMBR i think..


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 15:12:36
-----------------------------
15:12:36.341 OS Version: Windows x64 6.1.7601 Service Pack 1
15:12:36.341 Number of processors: 2 586 0x603
15:12:36.342 ComputerName: MARKD-PC UserName: mark
15:12:40.237 Initialize success
15:13:33.948 AVAST engine defs: 12040201
15:13:46.124 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
15:13:46.129 Disk 0 Vendor: Hitachi_ PC2O Size: 238475MB BusType: 11
15:13:46.145 Disk 0 MBR read successfully
15:13:46.150 Disk 0 MBR scan
15:13:46.161 Disk 0 unknown MBR code
15:13:46.179 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:13:46.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224210 MB offset 409600
15:13:46.219 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13961 MB offset 459591680
15:13:46.240 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
15:13:46.283 Disk 0 scanning C:\Windows\system32\drivers
15:13:58.477 Service scanning
15:14:29.271 Modules scanning
15:14:29.291 Disk 0 trace - called modules:
15:14:29.330 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:14:29.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031d5060]
15:14:29.344 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80021db040]
15:14:29.356 5 amd_xata.sys[fffff8800111a7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800316a060]
15:14:30.614 AVAST engine scan C:\Windows
15:14:34.164 AVAST engine scan C:\Windows\system32
15:18:10.475 AVAST engine scan C:\Windows\system32\drivers
15:18:24.268 AVAST engine scan C:\Users\mark
15:29:21.548 AVAST engine scan C:\ProgramData
15:38:39.128 Scan finished successfully
16:13:06.102 Disk 0 MBR has been saved successfully to "C:\Users\mark\Desktop\MBR.dat"
16:13:06.108 The log file has been saved successfully to "C:\Users\mark\Desktop\aswMBR.txt"


the other file that got save MBR.dat i cant open. i need another program to open it i think.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 02 April 2012 - 04:40 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 this_sucks

this_sucks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 02 April 2012 - 05:48 PM

here is the OTL.txt report




OTL logfile created on: 4/2/2012 5:37:59 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mark\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 54.36% Memory free
5.49 Gb Paging File | 3.65 Gb Available in Paging File | 66.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.96 Gb Total Space | 135.49 Gb Free Space | 61.88% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 1.95 Gb Free Space | 14.32% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 89.04 Mb Free Space | 89.78% Space Free | Partition Type: FAT32

Computer Name: MARKD-PC | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mark\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko9.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll ()
MOD - C:\Program Files (x86)\AIM\nssckbi.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Users\mark\AppData\Roaming\PictureMover\EN-US\Presentation.dll ()
MOD - C:\Users\mark\AppData\Roaming\PictureMover\Bin\Core.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (RtVOsdService) -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe (Symantec Corporation)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys (Symantec Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111220.038\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111220.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx64.sys (Symantec Corporation)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011
IE - HKLM\..\SearchScopes\{5D152C6B-6772-4566-AC14-85DC76EA817E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{865F289C-1BC8-42B1-B73E-984276316BCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes,DefaultScope = {5D152C6B-6772-4566-AC14-85DC76EA817E}
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{5D152C6B-6772-4566-AC14-85DC76EA817E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{865F289C-1BC8-42B1-B73E-984276316BCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{C882A518-63A9-4233-AD26-3EF3A605127B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{e81fad9e-3bcd-4420-9d4f-053d4c5d209e}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011
IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.14
FF - prefs.js..extensions.enabledItems: {E4E6BF2A-1667-11DF-A01F-1F9655D89593}:4.0
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..extensions.enabledItems: {1aec5771-fcd6-4537-a6b7-5f1935fd527c}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.2.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/07 03:17:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/04/02 01:44:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/26 05:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/26 05:17:01 | 000,000,000 | ---D | M]

[2010/12/23 23:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Extensions
[2012/03/17 15:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions
[2012/03/07 01:53:42 | 000,000,000 | ---D | M] (MiniEvony Community Toolbar) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}
[2011/01/09 00:49:40 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2012/01/25 20:34:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/09 03:46:46 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/01/09 02:08:54 | 000,000,000 | ---D | M] (Simppull Toolbar) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}
[2011/03/10 20:18:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com
[2011/11/18 20:40:09 | 000,002,242 | ---- | M] () -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\searchplugins\AOL Search.xml
[2011/12/26 11:30:59 | 000,002,470 | ---- | M] () -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\searchplugins\safesearch.xml
[2012/03/26 02:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/23 23:31:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/03/26 02:07:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/17 15:13:01 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/03/17 15:13:01 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF
[2012/04/02 01:44:03 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2011/12/07 03:17:42 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/26 02:07:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/18 20:40:09 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/02 01:30:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll ()
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll (Visicom Media)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-785568438-983534392-159955328-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-785568438-983534392-159955328-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-785568438-983534392-159955328-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-785568438-983534392-159955328-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-785568438-983534392-159955328-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-785568438-983534392-159955328-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-785568438-983534392-159955328-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59104C22-6501-4C5A-9183-9701C76982DB}: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/02 17:35:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2012/04/02 15:11:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mark\Desktop\aswMBR.exe
[2012/04/02 14:58:31 | 002,068,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mark\Desktop\tdsskiller.exe
[2012/04/02 01:38:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/02 01:30:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/02 01:14:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/02 01:14:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/02 01:14:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/02 01:14:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/02 01:14:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 03:28:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\mark\Desktop\dds.scr
[2012/04/01 03:17:20 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Local\Proxure
[2012/04/01 03:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012/03/26 02:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/26 02:07:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/26 02:07:35 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/26 02:07:35 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/26 02:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/23 18:11:57 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/23 18:11:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/23 18:11:57 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/23 18:11:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/23 18:11:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/23 18:11:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/23 18:11:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/23 18:10:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/23 18:10:32 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/21 15:26:13 | 000,000,000 | R--D | C] -- C:\Users\mark\Favorites
[2012/03/17 15:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/03/17 15:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar
[2012/03/17 15:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/03/08 23:01:29 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/08 23:00:59 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/08 23:00:59 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/08 22:59:56 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/08 22:59:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/08 22:59:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/08 22:59:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/08 22:59:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/08 22:59:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/08 22:59:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/08 22:47:06 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/03/08 22:18:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2012/04/02 17:35:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2012/04/02 16:51:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/02 16:13:06 | 000,000,512 | ---- | M] () -- C:\Users\mark\Desktop\MBR.dat
[2012/04/02 15:12:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mark\Desktop\aswMBR.exe
[2012/04/02 14:59:59 | 002,068,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mark\Desktop\tdsskiller.exe
[2012/04/02 01:50:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 01:50:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 01:47:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/02 01:47:25 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/02 01:47:25 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/02 01:43:34 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/02 01:43:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/02 01:43:02 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 01:30:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/01 03:29:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\mark\Desktop\dds.scr
[2012/04/01 03:25:10 | 000,000,168 | ---- | M] () -- C:\Users\mark\defogger_reenable
[2012/04/01 03:23:56 | 000,050,477 | ---- | M] () -- C:\Users\mark\Desktop\Defogger.exe
[2012/03/26 02:07:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/26 02:07:25 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/26 02:07:25 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/26 02:07:25 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/25 23:18:56 | 000,002,461 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/25 23:18:43 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormark.job
[2012/03/25 23:18:30 | 000,354,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/25 23:17:12 | 002,015,549 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB
[2012/03/25 23:16:48 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\VT20111023.024
[2012/03/23 18:11:57 | 005,559,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/23 18:11:57 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/23 18:11:57 | 003,913,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/23 18:11:36 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/23 18:11:36 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/23 18:11:36 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/23 18:11:19 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/23 18:10:32 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/23 18:10:32 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/23 14:11:41 | 000,001,228 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/03/23 14:11:40 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/03/23 06:07:07 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/23 06:07:07 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/23 06:07:07 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/22 23:34:06 | 000,000,774 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dplaysvr.lnk
[2012/03/21 15:26:13 | 000,001,325 | ---- | M] () -- C:\Users\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 16:24:22 | 001,274,374 | ---- | M] () -- C:\Users\mark\Desktop\Untitled.png
[2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini
[2012/03/08 23:01:29 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/08 23:00:59 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/08 23:00:59 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/08 22:59:56 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/08 22:59:56 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/08 22:59:56 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/08 22:59:56 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/08 22:59:56 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/08 22:59:56 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/08 22:59:56 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/08 22:47:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

========== Files Created - No Company Name ==========

[2012/04/02 16:13:06 | 000,000,512 | ---- | C] () -- C:\Users\mark\Desktop\MBR.dat
[2012/04/02 01:14:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/02 01:14:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/02 01:14:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/02 01:14:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/02 01:14:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/01 03:25:10 | 000,000,168 | ---- | C] () -- C:\Users\mark\defogger_reenable
[2012/04/01 03:23:22 | 000,050,477 | ---- | C] () -- C:\Users\mark\Desktop\Defogger.exe
[2012/03/22 23:34:09 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dplaysvr.lnk
[2012/03/20 16:24:21 | 001,274,374 | ---- | C] () -- C:\Users\mark\Desktop\Untitled.png
[2011/12/06 19:57:54 | 000,001,940 | ---- | C] () -- C:\Users\mark\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/10/14 20:17:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/10/14 20:17:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/10/14 20:17:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/10/14 20:16:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/10/14 20:13:22 | 000,019,610 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/06/30 13:47:54 | 000,000,000 | ---- | C] () -- C:\Users\mark\AppData\Local\{2D710AD4-D484-42E4-AFD7-4840316D68CA}
[2011/03/20 16:50:31 | 000,001,854 | ---- | C] () -- C:\Users\mark\AppData\Roaming\GhostObjGAFix.xml
[2011/01/22 18:02:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/09 00:54:04 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/12/25 05:55:07 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/28 03:32:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/28 03:27:30 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/28 03:27:30 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

< End of report >

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 03 April 2012 - 05:27 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
    IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011
    IE - HKLM\..\SearchScopes\{865F289C-1BC8-42B1-B73E-984276316BCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{865F289C-1BC8-42B1-B73E-984276316BCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19
    IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\SearchScopes\{e81fad9e-3bcd-4420-9d4f-053d4c5d209e}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011
    FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
    FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.14
    FF - prefs.js..extensions.enabledItems: {E4E6BF2A-1667-11DF-A01F-1F9655D89593}:4.0
    FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
    FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
    FF - prefs.js..extensions.enabledItems: {1aec5771-fcd6-4537-a6b7-5f1935fd527c}:3.3.2.1
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
    [2012/03/07 01:53:42 | 000,000,000 | ---D | M] (MiniEvony Community Toolbar) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}
    [2011/01/09 00:49:40 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
    [2012/03/09 03:46:46 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2011/01/09 02:08:54 | 000,000,000 | ---D | M] (Simppull Toolbar) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}
    [2011/03/10 20:18:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com
    [2012/03/17 15:13:01 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll ()
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll (Visicom Media)
    O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll ()
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-785568438-983534392-159955328-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    [2012/03/17 15:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 this_sucks

this_sucks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 03 April 2012 - 01:08 PM

here is the report log for the OTL scan.


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
No active process named Program Files was found!
No active process named Program Files was found!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{865F289C-1BC8-42B1-B73E-984276316BCF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{865F289C-1BC8-42B1-B73E-984276316BCF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-785568438-983534392-159955328-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry key HKEY_USERS\S-1-5-21-785568438-983534392-159955328-1000\Software\Microsoft\Internet Explorer\SearchScopes\{865F289C-1BC8-42B1-B73E-984276316BCF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{865F289C-1BC8-42B1-B73E-984276316BCF}\ not found.
Registry key HKEY_USERS\S-1-5-21-785568438-983534392-159955328-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-785568438-983534392-159955328-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-785568438-983534392-159955328-1000\Software\Microsoft\Internet Explorer\SearchScopes\{e81fad9e-3bcd-4420-9d4f-053d4c5d209e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e81fad9e-3bcd-4420-9d4f-053d4c5d209e}\ not found.
Prefs.js: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 removed from extensions.enabledItems
Prefs.js: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.14 removed from extensions.enabledItems
Prefs.js: {E4E6BF2A-1667-11DF-A01F-1F9655D89593}:4.0 removed from extensions.enabledItems
Prefs.js: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 removed from extensions.enabledItems
Prefs.js: ShopperReports@ShopperReports.com:3.0.517.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.2.1 removed from extensions.enabledItems
Prefs.js: {1aec5771-fcd6-4537-a6b7-5f1935fd527c}:3.3.2.1 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions not found.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}\searchplugin folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}\modules folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}\META-INF folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}\defaults folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}\components folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}\chrome folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c} folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\skin folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\locale folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749} folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\components folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\searchbar folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\options folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib\panels folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin\lib folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\skin folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\data\search folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\data\rss folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\data\dynamicElements folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\data folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content\widgets\net.vmn.www.3.Twitter.1255 folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content\widgets folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content\newtab\images folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content\newtab folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content\modules folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content\lib folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome\content folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\chrome folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593} folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\extensions\engine@conduit.com folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}\ deleted successfully.
C:\Program Files (x86)\simppulltoolbar\simppulldx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ deleted successfully.
C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{627af46b-2076-42ae-a2fd-8428734d3e74} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}\ not found.
File C:\Program Files (x86)\simppulltoolbar\simppulldx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-785568438-983534392-159955328-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mark\Desktop\cmd.bat deleted successfully.
C:\Users\mark\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: mark
->Java cache emptied: 249911 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: mark
->Flash cache emptied: 3195580 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04032012_130048



i haven't tried any searches yet, i will soon to see how things are doing. it may take me awhile, cause even before it did it every now and then, but it did start happening more and more often. so lets see.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 03 April 2012 - 11:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 this_sucks

this_sucks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 04 April 2012 - 03:15 PM

here is the combofix log:


ComboFix 12-04-01.01 - mark 04/04/2012 14:43:25.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1580 [GMT -5:00]
Running from: c:\users\mark\Downloads\ComboFix.exe
Command switches used :: c:\users\mark\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 19:56 . 2012-04-04 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 21:36 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8A48AAB-9F1E-497D-8535-B51D98F2D0D4}\mpengine.dll
2012-04-03 18:00 . 2012-04-03 18:00 -------- d-----w- C:\_OTL
2012-04-01 08:17 . 2012-04-01 08:17 -------- d-----w- c:\users\mark\AppData\Local\Proxure
2012-04-01 08:17 . 2012-04-01 08:17 -------- d-----w- c:\programdata\ClubSanDisk
2012-03-26 07:07 . 2012-03-26 07:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-26 07:07 . 2012-03-26 07:07 -------- d-----w- c:\program files (x86)\Java
2012-03-23 23:11 . 2012-03-23 23:11 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-23 23:11 . 2012-03-23 23:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 23:11 . 2012-03-23 23:11 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-23 23:11 . 2012-03-23 23:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-23 23:11 . 2012-03-23 23:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-23 23:11 . 2012-03-23 23:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-23 23:11 . 2012-03-23 23:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 23:11 . 2012-03-23 23:11 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 23:10 . 2012-03-23 23:10 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 23:10 . 2012-03-23 23:10 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-23 23:10 . 2012-03-23 23:10 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-23 23:10 . 2012-03-23 23:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 23:10 . 2012-03-23 23:10 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-23 05:56 . 2012-03-26 04:16 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-17 20:12 . 2012-04-03 18:00 -------- d-----w- c:\program files (x86)\Application Updater
2012-03-17 20:12 . 2012-03-17 20:12 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-03-09 04:01 . 2012-03-09 04:01 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-09 04:01 . 2012-03-09 04:01 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-09 04:00 . 2012-03-09 04:00 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-09 04:00 . 2012-03-09 04:00 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-09 04:00 . 2012-03-09 04:00 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-09 03:47 . 2012-03-09 03:47 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-09 03:47 . 2012-03-09 03:47 634880 ----a-w- c:\windows\system32\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 07:07 . 2010-12-24 04:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-23 11:07 . 2010-12-24 00:16 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-25 02:25 . 2012-02-25 02:24 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-23 19:24 . 2012-01-25 10:03 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-23 14:18 . 2011-02-24 07:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 07:52 . 2012-01-14 07:53 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-01-14 07:52 . 2012-01-14 07:53 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-01-14 07:52 . 2012-01-14 07:53 1390640 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-01-14 07:52 . 2012-01-14 07:53 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-01-14 07:52 . 2012-01-14 07:53 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-01-14 07:52 . 2012-01-14 07:53 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-01-14 07:52 . 2012-01-14 07:53 271144 ----a-w- c:\windows\system32\SynCtrl.dll
2012-01-14 07:52 . 2012-01-14 07:53 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_06.30.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-02 19:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-30 19:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-30 19:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 19:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-30 19:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 19:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-30 08:04 . 2012-04-02 06:45 44396 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-02 06:45 51214 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-24 00:03 . 2012-04-02 06:45 16938 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-785568438-983534392-159955328-1000_UserData.bin
+ 2010-03-30 09:24 . 2009-02-27 08:42 66440 c:\windows\system32\spool\drivers\x64\msonpui.dll
- 2010-12-24 00:06 . 2012-04-02 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-24 00:06 . 2012-04-04 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-24 00:06 . 2012-04-02 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 00:06 . 2012-04-04 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-15 09:09 . 2011-12-15 09:09 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-04-04 19:33 . 2012-04-04 19:33 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-03-30 09:24 . 2012-04-04 19:38 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-03-30 09:24 . 2011-12-15 09:09 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-03-30 09:24 . 2011-12-15 09:09 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-03-30 09:24 . 2012-04-04 19:38 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-03-30 09:24 . 2011-12-15 09:09 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-03-30 09:24 . 2012-04-04 19:38 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-04-04 19:40 . 2012-04-04 19:40 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-15 09:09 . 2011-12-15 09:09 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-07-27 22:13 . 2012-04-04 19:40 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-07-27 22:13 . 2011-10-12 08:24 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-04-02 18:01 . 2009-04-02 18:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
+ 2009-04-04 00:46 . 2009-04-04 00:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-04-04 19:37 . 2012-04-04 19:37 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
- 2011-02-27 09:04 . 2011-02-27 09:04 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-04-04 19:37 . 2012-04-04 19:37 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-12-31 05:32 . 2012-04-02 06:42 4742 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-30 13:00 . 2012-04-02 06:31 1808 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2012-04-02 06:29 . 2012-04-02 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 19:58 . 2012-04-04 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 19:58 . 2012-04-04 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-02 06:29 . 2012-04-02 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-24 03:23 . 2012-04-04 19:32 282608 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-03-30 09:24 . 2009-02-27 08:42 863128 c:\windows\system32\spool\drivers\x64\msonpdrv.dll
- 2009-07-14 02:36 . 2012-04-01 08:15 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-02 06:47 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-01 08:15 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-02 06:47 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-02 06:28 313396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-04 19:56 313396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-03-30 09:24 . 2011-12-15 09:09 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-03-30 09:24 . 2012-04-04 19:38 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-03-30 09:24 . 2011-12-15 09:09 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-03-30 09:24 . 2012-04-04 19:38 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-03-30 09:24 . 2012-04-04 19:38 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-03-30 09:24 . 2011-12-15 09:09 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-03-30 09:24 . 2012-04-04 19:38 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-03-30 09:24 . 2011-12-15 09:09 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-04-04 19:35 . 2012-04-04 19:35 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-02-27 09:09 . 2011-02-27 09:09 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2007-06-08 01:51 . 2007-06-08 01:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 12:27 . 2008-03-19 12:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2008-10-25 06:51 . 2008-10-25 06:51 844696 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\OICE.EXE
- 2011-02-27 09:04 . 2011-02-27 09:04 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-04-04 19:37 . 2012-04-04 19:37 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-04-04 19:37 . 2012-04-04 19:37 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2011-07-07 07:28 . 2011-07-07 07:28 1193320 c:\windows\SysWOW64\FM20.DLL
+ 2011-09-15 23:40 . 2011-09-15 23:40 7959552 c:\windows\Installer\d0df735.msp
+ 2011-09-15 23:34 . 2011-09-15 23:34 8499712 c:\windows\Installer\d0df711.msp
+ 2010-03-30 09:24 . 2012-04-04 19:38 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-03-30 09:24 . 2011-12-15 09:09 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-10 05:10 . 2009-10-10 05:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-07 07:58 . 2011-07-07 07:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 05:14 . 2011-08-03 05:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2006-10-27 03:25 . 2006-10-27 03:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2011-08-17 14:49 . 2011-08-17 14:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-07 07:58 . 2011-07-07 07:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 05:14 . 2011-08-03 05:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-04-04 19:37 . 2012-04-04 19:37 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2010-12-26 09:45 . 2012-03-04 22:19 56297240 c:\windows\system32\MRT.exe
+ 2010-12-24 03:27 . 2012-04-04 19:57 17449452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-785568438-983534392-159955328-1000-8192.dat
+ 2011-09-15 23:37 . 2011-09-15 23:37 38176256 c:\windows\Installer\d0df75e.msp
+ 2012-04-04 19:39 . 2012-04-04 19:39 20333056 c:\windows\Installer\d0df742.msp
+ 2011-09-15 23:39 . 2011-09-15 23:39 11163136 c:\windows\Installer\d0df72a.msp
+ 2011-09-15 23:38 . 2011-09-15 23:38 10838528 c:\windows\Installer\d0df71d.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 34428416 c:\windows\Installer\d0df5d7.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 16691712 c:\windows\Installer\d0df5a3.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 37148160 c:\windows\Installer\d0df59b.msp
+ 2011-08-17 15:01 . 2011-08-17 15:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-09-15 23:34 . 2011-09-15 23:34 428804608 c:\windows\Installer\d0df702.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
dplaysvr.lnk - c:\users\mark\AppData\Local\dplaysvr.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-24 1156216]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111220.001\IDSvia64.sys [2011-12-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-21 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2012-03-26 c:\windows\Tasks\HPCeeScheduleFormark.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-12 451072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-22 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-30 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
FF - ProfilePath - c:\users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\6d95sxzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111119014023297&tb_oid=19-11-2011&tb_mrud=19-11-2011
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,f3,34,7a,9e,b3,7d,4f,b1,a8,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,f3,34,7a,9e,b3,7d,4f,b1,a8,eb,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2012-04-04 15:03:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 20:03
ComboFix2.txt 2012-04-02 06:38
.
Pre-Run: 145,918,038,016 bytes free
Post-Run: 145,860,292,608 bytes free
.
- - End Of File - - 71BDB9041107DC5BEEE1B273ADACA8EF




I forgot to turn off my firewall during this scan. would you like me to rescan? if so how?i did have my other malware devises turned off

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 04 April 2012 - 04:10 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 this_sucks

this_sucks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 05 April 2012 - 01:53 AM

here is the extra report:


Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Adobe AIR
Adobe Reader 9.4.7 MUI
Adobe Shockwave Player
Advanced SystemCare 5
AIM 7
Atheros Driver Installation Program
Blackhawk Striker 2
Blasterball 3
BroadCam Video Streaming Server
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
DAEMON Tools Lite
Debut Video Capture Software
Diablo II
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
FYZip 1.00
Game Booster 3
Google Earth
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Plan Utility
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
IObit Malware Fighter
IObit Toolbar v5.1
Java Auto Updater
Java™ 6 Update 31
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
League of Legends
LightScribe System Software
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Norton Internet Security
Norton Online Backup
Pando Media Booster
PhotoNow!
PictureMover
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Simppull Toolbar (Remove Toolbar Only)
Skype Toolbars
Skype™ 5.0
Smart Defrag 2
StarCraft II
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar
Virtual Villagers - The Secret City
WeatherBug
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin




for about a day and a half now it hasn't been redirecting me. so hopefully you may have fix it.. I don't quiet know yet.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 05 April 2012 - 02:23 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.4.7 MUI
McAfee Security Scan Plus
uTorrentControl2 Toolbar
WeatherBug
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users