Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting and/or other virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 tosh011

tosh011

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 12 April 2012 - 11:07 PM

hey everyone! i'm back with my new laptop.

SAMSUNG NP300E4Z S04PH
WINDOWS 7 Ultimate 64-bit [still on trial version]

1. whenever i'm searching something in google, *example, facebook* once i click the link, it redirects me to random links like hokkasearch.com, findcarsonline.net etcetera.

2. also, when other people uses my laptop, they report me about crashes in facebook chatbox. which weren't happening on my profile.

STEPS i've taken, nothing actually. i'm scared i might ruined my laptop. :(
saw one post online bout using combofix. but in the website, it says don't use the program if it wasn't suggested by a professional. so here i am again.
hope you could help me. i'm still saving for an OS. please, help me.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:24 PM

Posted 12 April 2012 - 11:09 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 13 April 2012 - 12:26 AM

SECURITY CHECK LOG [checkup.txt]

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

---------------------------------------------------------
FFS Log


Farbar Service Scanner Version: 01-03-2012
Ran by Samsung (administrator) on 13-04-2012 at 12:48:28
Running from "C:\Users\Samsung\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-03-13 12:20] - [2011-03-01 16:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

-----------------------------------------------------------
MiniToolBox Log

MiniToolBox by Farbar Version: 18-01-2012
Ran by Samsung (administrator) on 13-04-2012 at 12:52:58
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 hl2rcv.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90

There are 1 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 130 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : toshiXD
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : B8-03-05-1E-66-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 130
Physical Address. . . . . . . . . : B8-03-05-1E-66-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4fa:80ce:db04:c297%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.36(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, April 13, 2012 6:35:48 AM
Lease Expires . . . . . . . . . . : Monday, April 16, 2012 11:32:32 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 364380933
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-F0-81-99-E8-03-9A-2E-81-FA
DNS Servers . . . . . . . . . . . : 124.106.5.2
124.106.4.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E8-03-9A-2E-81-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : B8-03-05-1E-66-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1301A45D-F4A9-47C1-AAA1-629DAD437AFC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BAC2CA2C-2731-4A23-A2F7-74539024D11C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1886:a78e:8f31:eb21(Preferred)
Link-local IPv6 Address . . . . . : fe80::1886:a78e:8f31:eb21%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 124.106.5.2

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.71.139
74.125.71.100
74.125.71.101
74.125.71.102
74.125.71.113
74.125.71.138


Pinging google.com [74.125.71.139] with 32 bytes of data:
Reply from 74.125.71.139: bytes=32 time=81ms TTL=54
Reply from 74.125.71.139: bytes=32 time=59ms TTL=51

Ping statistics for 74.125.71.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 81ms, Average = 70ms
Server: UnKnown
Address: 124.106.5.2

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=209ms TTL=48
Reply from 209.191.122.70: bytes=32 time=208ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 208ms, Maximum = 209ms, Average = 208ms
Server: UnKnown
Address: 124.106.5.2

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...b8 03 05 1e 66 ef ......Microsoft Virtual WiFi Miniport Adapter
14...b8 03 05 1e 66 ee ......Intel® Centrino® Wireless-N 130
13...e8 03 9a 2e 81 fa ......Realtek PCIe GBE Family Controller
12...b8 03 05 1e 66 f2 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.36 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.36 281
192.168.1.36 255.255.255.255 On-link 192.168.1.36 281
192.168.1.255 255.255.255.255 On-link 192.168.1.36 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.36 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.36 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:1886:a78e:8f31:eb21/128
On-link
14 281 fe80::/64 On-link
15 306 fe80::/64 On-link
14 281 fe80::4fa:80ce:db04:c297/128
On-link
15 306 fe80::1886:a78e:8f31:eb21/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/13/2012 06:06:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:23:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/12/2012 10:05:52 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/12/2012 10:05:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/12/2012 10:05:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/12/2012 10:05:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/12/2012 10:04:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/12/2012 10:04:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/12/2012 10:04:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/12/2012 10:04:49 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/13/2012 06:15:45 AM) (Source: Service Control Manager) (User: )
Description: The NPPTNT2 service failed to start due to the following error:
%%2

Error: (04/12/2012 09:23:56 AM) (Source: Service Control Manager) (User: )
Description: The NPPTNT2 service failed to start due to the following error:
%%2

Error: (04/11/2012 10:34:03 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (04/10/2012 08:25:21 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (04/10/2012 05:11:39 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (04/09/2012 08:28:53 PM) (Source: DCOM) (User: )
Description: {7160A13D-73DA-4CEA-95B9-37356478588A}

Error: (04/09/2012 01:04:53 PM) (Source: Service Control Manager) (User: )
Description: The NPPTNT2 service failed to start due to the following error:
%%2

Error: (04/09/2012 10:24:45 AM) (Source: Service Control Manager) (User: )
Description: The NPPTNT2 service failed to start due to the following error:
%%2

Error: (04/09/2012 10:22:19 AM) (Source: Service Control Manager) (User: )
Description: The NPPTNT2 service failed to start due to the following error:
%%2

Error: (04/09/2012 10:20:49 AM) (Source: Service Control Manager) (User: )
Description: The NPPTNT2 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (04/13/2012 06:06:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:23:51 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/12/2012 10:05:52 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/12/2012 10:05:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/12/2012 10:05:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/12/2012 10:05:00 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/12/2012 10:04:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/12/2012 10:04:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/12/2012 10:04:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/12/2012 10:04:49 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.228)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X MUI (Version: 10.0.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Bandisoft MPEG-1 Decoder
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-J125 (Version: 1.0.3.0)
CCleaner (Version: 3.09)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Easy Settings (Version: 1.1)
Easy Software Manager (Version: 1.1.16.14)
ETDWare PS/2-X64 10.0.7.2_WHQL (Version: 10.0.7.2)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Flyff (Version: Flyff)
Google Chrome (Version: 18.0.1025.152)
Google Update Helper (Version: 1.3.21.111)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2266)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 1.1.0.0157)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.0.0537)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (Version: 10.1.5.1001)
IrisOnline (Version: 1.17)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
NVIDIA Control Panel 268.83 (Version: 268.83)
NVIDIA Graphics Driver 268.83 (Version: 268.83)
NVIDIA Install Application (Version: 2.265.42.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Update Components (Version: 1.0.23)
Pando Media Booster (Version: 2.6.0.6)
PDF Settings CS5 (Version: 10.0)
PowerISO (Version: 4.8)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6413)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl Toolbar (Version: 6.8.5.1)
Warcraft III Reign of Chaos & The Frozen Throne
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zipeg (Version: 2.9.0.1177)
μTorrent (Version: 3.0.0)

========================= Devices: ================================

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 6057.55 MB
Available physical RAM: 3842.65 MB
Total Pagefile: 12113.29 MB
Available Pagefile: 9724.38 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:828.96 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHIXD

Administrator Guest Samsung
Unauthorized UpdatusUser


**** End of log ****

-----------------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Samsung :: TOSHIXD [administrator]

4/13/2012 12:59:04 PM
mbam-log-2012-04-13 (12-59-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232067
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 2
C:\ProgramData\Common Files\Microsoft Shared\Web Components\svchost.exe (PUP.BitMiner) -> 780 -> Delete on reboot.
C:\ProgramData\Common Files\Microsoft Shared\Web Components\svchost.exe (PUP.BitMiner) -> 5056 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Video Library (Trojan.Agent) -> Data: C:\Windows\system32\rundll32.exe C:\Users\Samsung\AppData\Local\Temp\Rpcqt.dll,Sets -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\Common Files\Microsoft Shared\Web Components\svchost.exe (PUP.BitMiner) -> Delete on reboot.
C:\messenger.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Common Files\microsoft shared\Web Components\messenger.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)


---------

during the scan of aswMBR, i got bluescreen error. :|
Posted Image

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:24 PM

Posted 13 April 2012 - 04:36 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 13 April 2012 - 10:36 PM

11:34:19.0560 5656 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:34:20.0625 5656 ============================================================
11:34:20.0625 5656 Current date / time: 2012/04/14 11:34:20.0625
11:34:20.0625 5656 SystemInfo:
11:34:20.0625 5656
11:34:20.0626 5656 OS Version: 6.1.7601 ServicePack: 1.0
11:34:20.0626 5656 Product type: Workstation
11:34:20.0626 5656 ComputerName: TOSHIXD
11:34:20.0627 5656 UserName: Samsung
11:34:20.0628 5656 Windows directory: C:\Windows
11:34:20.0628 5656 System windows directory: C:\Windows
11:34:20.0628 5656 Running under WOW64
11:34:20.0628 5656 Processor architecture: Intel x64
11:34:20.0628 5656 Number of processors: 4
11:34:20.0628 5656 Page size: 0x1000
11:34:20.0628 5656 Boot type: Normal boot
11:34:20.0628 5656 ============================================================
11:34:21.0432 5656 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:34:21.0440 5656 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:34:21.0445 5656 \Device\Harddisk0\DR0:
11:34:21.0445 5656 MBR used
11:34:21.0445 5656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:34:21.0445 5656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
11:34:21.0445 5656 \Device\Harddisk1\DR1:
11:34:21.0446 5656 MBR used
11:34:21.0446 5656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xE8E07481
11:34:21.0905 5656 Initialize success
11:34:21.0905 5656 ============================================================
11:34:31.0924 3864 ============================================================
11:34:31.0924 3864 Scan started
11:34:31.0924 3864 Mode: Manual;
11:34:31.0924 3864 ============================================================
11:34:33.0960 3864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:34:33.0966 3864 1394ohci - ok
11:34:34.0142 3864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:34:34.0149 3864 ACPI - ok
11:34:34.0308 3864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:34:34.0310 3864 AcpiPmi - ok
11:34:34.0563 3864 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:34:34.0569 3864 AdobeFlashPlayerUpdateSvc - ok
11:34:34.0763 3864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:34:34.0773 3864 adp94xx - ok
11:34:34.0965 3864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:34:34.0973 3864 adpahci - ok
11:34:35.0149 3864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:34:35.0156 3864 adpu320 - ok
11:34:35.0250 3864 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:34:35.0253 3864 AeLookupSvc - ok
11:34:35.0520 3864 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:34:35.0530 3864 AFD - ok
11:34:35.0623 3864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:34:35.0626 3864 agp440 - ok
11:34:35.0795 3864 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:34:35.0798 3864 ALG - ok
11:34:35.0960 3864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:34:35.0962 3864 aliide - ok
11:34:36.0069 3864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:34:36.0073 3864 amdide - ok
11:34:36.0235 3864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:34:36.0238 3864 AmdK8 - ok
11:34:36.0402 3864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:34:36.0405 3864 AmdPPM - ok
11:34:36.0510 3864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:34:36.0514 3864 amdsata - ok
11:34:36.0657 3864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:34:36.0662 3864 amdsbs - ok
11:34:36.0780 3864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:34:36.0783 3864 amdxata - ok
11:34:36.0956 3864 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\AMPPAL.sys
11:34:36.0966 3864 AMPPAL - ok
11:34:37.0134 3864 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\amppal.sys
11:34:37.0139 3864 AMPPALP - ok
11:34:37.0257 3864 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:34:37.0283 3864 AMPPALR3 - ok
11:34:37.0419 3864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:34:37.0422 3864 AppID - ok
11:34:37.0471 3864 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:34:37.0473 3864 AppIDSvc - ok
11:34:37.0628 3864 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:34:37.0631 3864 Appinfo - ok
11:34:37.0764 3864 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:34:37.0767 3864 Apple Mobile Device - ok
11:34:37.0866 3864 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:34:37.0871 3864 AppMgmt - ok
11:34:37.0934 3864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:34:37.0937 3864 arc - ok
11:34:37.0955 3864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:34:37.0958 3864 arcsas - ok
11:34:37.0998 3864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:38.0000 3864 AsyncMac - ok
11:34:38.0197 3864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:34:38.0199 3864 atapi - ok
11:34:38.0305 3864 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:34:38.0318 3864 AudioEndpointBuilder - ok
11:34:38.0404 3864 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:34:38.0414 3864 AudioSrv - ok
11:34:38.0516 3864 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:34:38.0520 3864 AxInstSV - ok
11:34:38.0731 3864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:34:38.0742 3864 b06bdrv - ok
11:34:38.0974 3864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:34:38.0983 3864 b57nd60a - ok
11:34:39.0099 3864 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:34:39.0102 3864 BDESVC - ok
11:34:39.0265 3864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:34:39.0266 3864 Beep - ok
11:34:39.0431 3864 BFBackupUtilityService - ok
11:34:39.0477 3864 BFBackupUtilityVSSService - ok
11:34:39.0607 3864 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:34:39.0621 3864 BFE - ok
11:34:39.0784 3864 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:34:39.0817 3864 BITS - ok
11:34:39.0958 3864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:34:39.0960 3864 blbdrive - ok
11:34:40.0092 3864 Bluetooth Device Monitor (55b0c8441de7d91a819a39d0351154a2) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:34:40.0106 3864 Bluetooth Device Monitor - ok
11:34:40.0268 3864 Bluetooth Media Service (7e262330df0c4be4ece853b59b9cbe4c) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
11:34:40.0289 3864 Bluetooth Media Service - ok
11:34:40.0487 3864 Bluetooth OBEX Service (8bf4b9956e13871a88a3810074e2e110) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:34:40.0503 3864 Bluetooth OBEX Service - ok
11:34:40.0582 3864 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:34:40.0590 3864 Bonjour Service - ok
11:34:40.0799 3864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:34:40.0802 3864 bowser - ok
11:34:40.0950 3864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:34:40.0951 3864 BrFiltLo - ok
11:34:40.0960 3864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:34:40.0961 3864 BrFiltUp - ok
11:34:40.0996 3864 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:34:40.0999 3864 BridgeMP - ok
11:34:41.0049 3864 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:34:41.0053 3864 Browser - ok
11:34:41.0091 3864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:34:41.0098 3864 Brserid - ok
11:34:41.0108 3864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:34:41.0110 3864 BrSerWdm - ok
11:34:41.0171 3864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:34:41.0172 3864 BrUsbMdm - ok
11:34:41.0198 3864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:34:41.0199 3864 BrUsbSer - ok
11:34:41.0289 3864 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
11:34:41.0293 3864 BrYNSvc - ok
11:34:41.0458 3864 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:34:41.0459 3864 BthEnum - ok
11:34:41.0528 3864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:34:41.0531 3864 BTHMODEM - ok
11:34:41.0647 3864 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:34:41.0650 3864 BthPan - ok
11:34:41.0717 3864 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:34:41.0729 3864 BTHPORT - ok
11:34:41.0870 3864 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:34:41.0872 3864 bthserv - ok
11:34:41.0956 3864 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:34:41.0959 3864 BTHSSecurityMgr - ok
11:34:42.0133 3864 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:34:42.0137 3864 BTHUSB - ok
11:34:42.0201 3864 btmaux (270fba230e78e25726d065a924589a72) C:\Windows\system32\DRIVERS\btmaux.sys
11:34:42.0203 3864 btmaux - ok
11:34:42.0300 3864 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
11:34:42.0307 3864 btmhsf - ok
11:34:42.0348 3864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:34:42.0351 3864 cdfs - ok
11:34:42.0458 3864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:34:42.0463 3864 cdrom - ok
11:34:42.0526 3864 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:34:42.0529 3864 CertPropSvc - ok
11:34:42.0557 3864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:34:42.0559 3864 circlass - ok
11:34:42.0591 3864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:34:42.0601 3864 CLFS - ok
11:34:42.0691 3864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:42.0700 3864 clr_optimization_v2.0.50727_32 - ok
11:34:42.0790 3864 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:34:42.0794 3864 clr_optimization_v2.0.50727_64 - ok
11:34:42.0929 3864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:34:42.0955 3864 clr_optimization_v4.0.30319_32 - ok
11:34:43.0065 3864 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:34:43.0069 3864 clr_optimization_v4.0.30319_64 - ok
11:34:43.0181 3864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:34:43.0183 3864 CmBatt - ok
11:34:43.0314 3864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:34:43.0316 3864 cmdide - ok
11:34:43.0364 3864 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:34:43.0375 3864 CNG - ok
11:34:43.0516 3864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:34:43.0518 3864 Compbatt - ok
11:34:43.0586 3864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:34:43.0588 3864 CompositeBus - ok
11:34:43.0614 3864 COMSysApp - ok
11:34:43.0678 3864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:34:43.0680 3864 crcdisk - ok
11:34:43.0716 3864 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:34:43.0721 3864 CryptSvc - ok
11:34:43.0784 3864 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:34:43.0795 3864 CSC - ok
11:34:43.0831 3864 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:34:43.0846 3864 CscService - ok
11:34:43.0963 3864 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:34:43.0976 3864 DcomLaunch - ok
11:34:44.0009 3864 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:34:44.0017 3864 defragsvc - ok
11:34:44.0179 3864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:34:44.0183 3864 DfsC - ok
11:34:44.0343 3864 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:34:44.0351 3864 Dhcp - ok
11:34:44.0419 3864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:34:44.0421 3864 discache - ok
11:34:44.0529 3864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:34:44.0531 3864 Disk - ok
11:34:44.0593 3864 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:34:44.0597 3864 dmvsc - ok
11:34:44.0705 3864 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:34:44.0710 3864 Dnscache - ok
11:34:44.0746 3864 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:34:44.0754 3864 dot3svc - ok
11:34:44.0783 3864 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:34:44.0788 3864 DPS - ok
11:34:44.0854 3864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:34:44.0856 3864 drmkaud - ok
11:34:44.0904 3864 dump_wmimmc - ok
11:34:44.0968 3864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:34:44.0988 3864 DXGKrnl - ok
11:34:45.0028 3864 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:34:45.0031 3864 EapHost - ok
11:34:45.0215 3864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:34:45.0287 3864 ebdrv - ok
11:34:45.0448 3864 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:34:45.0451 3864 EFS - ok
11:34:45.0532 3864 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:34:45.0601 3864 ehRecvr - ok
11:34:45.0630 3864 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:34:45.0634 3864 ehSched - ok
11:34:45.0734 3864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:34:45.0746 3864 elxstor - ok
11:34:45.0780 3864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:34:45.0781 3864 ErrDev - ok
11:34:45.0929 3864 ETD (98b103d1d5c426a10219437e36e03fe8) C:\Windows\system32\DRIVERS\ETD.sys
11:34:45.0934 3864 ETD - ok
11:34:45.0985 3864 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:34:45.0995 3864 EventSystem - ok
11:34:46.0030 3864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:34:46.0035 3864 exfat - ok
11:34:46.0059 3864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:34:46.0065 3864 fastfat - ok
11:34:46.0205 3864 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:34:46.0220 3864 Fax - ok
11:34:46.0275 3864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:34:46.0277 3864 fdc - ok
11:34:46.0311 3864 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:34:46.0313 3864 fdPHost - ok
11:34:46.0373 3864 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:34:46.0375 3864 FDResPub - ok
11:34:46.0405 3864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:34:46.0408 3864 FileInfo - ok
11:34:46.0419 3864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:34:46.0421 3864 Filetrace - ok
11:34:46.0477 3864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:34:46.0479 3864 flpydisk - ok
11:34:46.0590 3864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:34:46.0598 3864 FltMgr - ok
11:34:46.0657 3864 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:34:46.0682 3864 FontCache - ok
11:34:46.0809 3864 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:34:46.0813 3864 FontCache3.0.0.0 - ok
11:34:46.0928 3864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:34:46.0930 3864 FsDepends - ok
11:34:46.0970 3864 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:34:46.0972 3864 Fs_Rec - ok
11:34:47.0062 3864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:34:47.0069 3864 fvevol - ok
11:34:47.0113 3864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:34:47.0115 3864 gagp30kx - ok
11:34:47.0209 3864 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:34:47.0211 3864 GEARAspiWDM - ok
11:34:47.0272 3864 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:34:47.0289 3864 gpsvc - ok
11:34:47.0466 3864 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:34:47.0470 3864 gupdate - ok
11:34:47.0531 3864 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:34:47.0533 3864 gupdatem - ok
11:34:47.0679 3864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:34:47.0681 3864 hcw85cir - ok
11:34:47.0727 3864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:34:47.0794 3864 HdAudAddService - ok
11:34:47.0873 3864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:34:47.0877 3864 HDAudBus - ok
11:34:47.0982 3864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:34:47.0984 3864 HidBatt - ok
11:34:47.0997 3864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:34:48.0000 3864 HidBth - ok
11:34:48.0031 3864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:34:48.0034 3864 HidIr - ok
11:34:48.0064 3864 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:34:48.0067 3864 hidserv - ok
11:34:48.0099 3864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:34:48.0102 3864 HidUsb - ok
11:34:48.0136 3864 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:34:48.0142 3864 hkmsvc - ok
11:34:48.0232 3864 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:34:48.0239 3864 HomeGroupListener - ok
11:34:48.0277 3864 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:34:48.0284 3864 HomeGroupProvider - ok
11:34:48.0353 3864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:34:48.0356 3864 HpSAMD - ok
11:34:48.0521 3864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:34:48.0538 3864 HTTP - ok
11:34:48.0564 3864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:34:48.0565 3864 hwpolicy - ok
11:34:48.0606 3864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:34:48.0610 3864 i8042prt - ok
11:34:48.0674 3864 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\Windows\system32\DRIVERS\iaStor.sys
11:34:48.0682 3864 iaStor - ok
11:34:48.0830 3864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:34:48.0839 3864 iaStorV - ok
11:34:48.0875 3864 iBtFltCoex (de9e40baee2e48fd1e3eb423074c014c) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
11:34:48.0878 3864 iBtFltCoex - ok
11:34:49.0046 3864 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:34:49.0066 3864 idsvc - ok
11:34:49.0567 3864 igfx (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:34:49.0940 3864 igfx - ok
11:34:50.0128 3864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:34:50.0130 3864 iirsp - ok
11:34:50.0265 3864 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:34:50.0285 3864 IKEEXT - ok
11:34:50.0507 3864 IntcAzAudAddService (8e05adb4b809b478b2ec65a1a1633deb) C:\Windows\system32\drivers\RTKVHD64.sys
11:34:50.0570 3864 IntcAzAudAddService - ok
11:34:50.0759 3864 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:34:50.0766 3864 IntcDAud - ok
11:34:50.0818 3864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:34:50.0820 3864 intelide - ok
11:34:50.0848 3864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:34:50.0850 3864 intelppm - ok
11:34:50.0957 3864 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:34:50.0961 3864 IPBusEnum - ok
11:34:51.0024 3864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:34:51.0027 3864 IpFilterDriver - ok
11:34:51.0135 3864 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:34:51.0149 3864 iphlpsvc - ok
11:34:51.0185 3864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:34:51.0188 3864 IPMIDRV - ok
11:34:51.0201 3864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:34:51.0205 3864 IPNAT - ok
11:34:51.0326 3864 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
11:34:51.0343 3864 iPod Service - ok
11:34:51.0516 3864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:34:51.0518 3864 IRENUM - ok
11:34:51.0544 3864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:34:51.0546 3864 isapnp - ok
11:34:51.0571 3864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:34:51.0578 3864 iScsiPrt - ok
11:34:51.0607 3864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:34:51.0609 3864 kbdclass - ok
11:34:51.0632 3864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:34:51.0634 3864 kbdhid - ok
11:34:51.0671 3864 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:34:51.0674 3864 KeyIso - ok
11:34:51.0694 3864 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:34:51.0698 3864 KSecDD - ok
11:34:51.0730 3864 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:34:51.0734 3864 KSecPkg - ok
11:34:51.0753 3864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:34:51.0755 3864 ksthunk - ok
11:34:51.0796 3864 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:34:51.0888 3864 KtmRm - ok
11:34:51.0952 3864 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:34:51.0960 3864 LanmanServer - ok
11:34:52.0019 3864 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:34:52.0025 3864 LanmanWorkstation - ok
11:34:52.0200 3864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:34:52.0202 3864 lltdio - ok
11:34:52.0297 3864 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:34:52.0305 3864 lltdsvc - ok
11:34:52.0335 3864 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:34:52.0338 3864 lmhosts - ok
11:34:52.0490 3864 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:34:52.0496 3864 LMS - ok
11:34:52.0673 3864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:34:52.0677 3864 LSI_FC - ok
11:34:52.0698 3864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:34:52.0702 3864 LSI_SAS - ok
11:34:52.0721 3864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:34:52.0724 3864 LSI_SAS2 - ok
11:34:52.0752 3864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:34:52.0756 3864 LSI_SCSI - ok
11:34:52.0826 3864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:34:52.0830 3864 luafv - ok
11:34:52.0879 3864 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:34:52.0885 3864 Mcx2Svc - ok
11:34:52.0926 3864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:34:52.0929 3864 megasas - ok
11:34:52.0965 3864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:34:52.0972 3864 MegaSR - ok
11:34:53.0106 3864 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:34:53.0108 3864 MEIx64 - ok
11:34:53.0212 3864 Microsoft SharePoint Workspace Audit Service - ok
11:34:53.0370 3864 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:34:53.0374 3864 MMCSS - ok
11:34:53.0417 3864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:34:53.0419 3864 Modem - ok
11:34:53.0446 3864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:34:53.0448 3864 monitor - ok
11:34:53.0476 3864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:34:53.0479 3864 mouclass - ok
11:34:53.0572 3864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:34:53.0574 3864 mouhid - ok
11:34:53.0598 3864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:34:53.0601 3864 mountmgr - ok
11:34:53.0637 3864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:34:53.0641 3864 mpio - ok
11:34:53.0660 3864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:34:53.0664 3864 mpsdrv - ok
11:34:53.0717 3864 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:34:53.0737 3864 MpsSvc - ok
11:34:53.0762 3864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:34:53.0767 3864 MRxDAV - ok
11:34:53.0799 3864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:34:53.0804 3864 mrxsmb - ok
11:34:53.0825 3864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:34:53.0832 3864 mrxsmb10 - ok
11:34:53.0852 3864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:34:53.0856 3864 mrxsmb20 - ok
11:34:53.0935 3864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:34:53.0937 3864 msahci - ok
11:34:54.0005 3864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:34:54.0010 3864 msdsm - ok
11:34:54.0042 3864 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:34:54.0056 3864 MSDTC - ok
11:34:54.0090 3864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:34:54.0092 3864 Msfs - ok
11:34:54.0113 3864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:34:54.0114 3864 mshidkmdf - ok
11:34:54.0133 3864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:34:54.0135 3864 msisadrv - ok
11:34:54.0165 3864 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:34:54.0170 3864 MSiSCSI - ok
11:34:54.0178 3864 msiserver - ok
11:34:54.0219 3864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:34:54.0220 3864 MSKSSRV - ok
11:34:54.0322 3864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:34:54.0323 3864 MSPCLOCK - ok
11:34:54.0343 3864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:34:54.0344 3864 MSPQM - ok
11:34:54.0379 3864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:34:54.0386 3864 MsRPC - ok
11:34:54.0414 3864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:34:54.0415 3864 mssmbios - ok
11:34:54.0436 3864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:34:54.0437 3864 MSTEE - ok
11:34:54.0447 3864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:34:54.0449 3864 MTConfig - ok
11:34:54.0469 3864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:34:54.0471 3864 Mup - ok
11:34:54.0570 3864 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:34:54.0583 3864 napagent - ok
11:34:54.0646 3864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:34:54.0654 3864 NativeWifiP - ok
11:34:54.0759 3864 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:34:54.0780 3864 NDIS - ok
11:34:54.0888 3864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:34:54.0890 3864 NdisCap - ok
11:34:54.0924 3864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:34:54.0926 3864 NdisTapi - ok
11:34:54.0956 3864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:34:54.0959 3864 Ndisuio - ok
11:34:54.0993 3864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:34:55.0000 3864 NdisWan - ok
11:34:55.0112 3864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:34:55.0115 3864 NDProxy - ok
11:34:55.0166 3864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:34:55.0168 3864 NetBIOS - ok
11:34:55.0216 3864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:34:55.0222 3864 NetBT - ok
11:34:55.0321 3864 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:34:55.0323 3864 Netlogon - ok
11:34:55.0389 3864 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:34:55.0399 3864 Netman - ok
11:34:55.0418 3864 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:34:55.0430 3864 netprofm - ok
11:34:55.0580 3864 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:34:55.0584 3864 NetTcpPortSharing - ok
11:34:55.0887 3864 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
11:34:56.0143 3864 NETwNs64 - ok
11:34:56.0261 3864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:34:56.0264 3864 nfrd960 - ok
11:34:56.0311 3864 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:34:56.0320 3864 NlaSvc - ok
11:34:56.0346 3864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:34:56.0348 3864 Npfs - ok
11:34:56.0430 3864 npggsvc - ok
11:34:56.0459 3864 NPPTNT2 - ok
11:34:56.0488 3864 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:34:56.0491 3864 nsi - ok
11:34:56.0520 3864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:34:56.0521 3864 nsiproxy - ok
11:34:56.0634 3864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:34:56.0668 3864 Ntfs - ok
11:34:56.0818 3864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:34:56.0819 3864 Null - ok
11:34:57.0211 3864 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:34:57.0542 3864 nvlddmkm - ok
11:34:57.0698 3864 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\Windows\system32\DRIVERS\nvpciflt.sys
11:34:57.0701 3864 nvpciflt - ok
11:34:57.0758 3864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:34:57.0766 3864 nvraid - ok
11:34:57.0872 3864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:34:57.0877 3864 nvstor - ok
11:34:57.0931 3864 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\Windows\system32\nvvsvc.exe
11:34:57.0953 3864 NVSvc - ok
11:34:58.0119 3864 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:34:58.0151 3864 nvUpdatusService - ok
11:34:58.0305 3864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:34:58.0309 3864 nv_agp - ok
11:34:58.0364 3864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:34:58.0367 3864 ohci1394 - ok
11:34:58.0521 3864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:34:58.0525 3864 ose - ok
11:34:58.0759 3864 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:34:58.0852 3864 osppsvc - ok
11:34:58.0959 3864 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:34:58.0968 3864 p2pimsvc - ok
11:34:58.0995 3864 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:34:59.0006 3864 p2psvc - ok
11:34:59.0057 3864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:34:59.0061 3864 Parport - ok
11:34:59.0138 3864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:34:59.0141 3864 partmgr - ok
11:34:59.0173 3864 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:34:59.0180 3864 PcaSvc - ok
11:34:59.0203 3864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:34:59.0208 3864 pci - ok
11:34:59.0245 3864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:34:59.0247 3864 pciide - ok
11:34:59.0278 3864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:34:59.0283 3864 pcmcia - ok
11:34:59.0308 3864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:34:59.0311 3864 pcw - ok
11:34:59.0439 3864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:34:59.0454 3864 PEAUTH - ok
11:34:59.0514 3864 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:34:59.0542 3864 PeerDistSvc - ok
11:34:59.0694 3864 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:34:59.0697 3864 PerfHost - ok
11:34:59.0820 3864 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:34:59.0851 3864 pla - ok
11:34:59.0967 3864 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:34:59.0978 3864 PlugPlay - ok
11:35:00.0016 3864 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:35:00.0020 3864 PNRPAutoReg - ok
11:35:00.0046 3864 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:35:00.0053 3864 PNRPsvc - ok
11:35:00.0114 3864 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:35:00.0125 3864 PolicyAgent - ok
11:35:00.0183 3864 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:35:00.0261 3864 Power - ok
11:35:00.0346 3864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:35:00.0349 3864 PptpMiniport - ok
11:35:00.0460 3864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:35:00.0462 3864 Processor - ok
11:35:00.0512 3864 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:35:00.0519 3864 ProfSvc - ok
11:35:00.0601 3864 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:00.0604 3864 ProtectedStorage - ok
11:35:00.0690 3864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:35:00.0693 3864 Psched - ok
11:35:00.0822 3864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:35:00.0853 3864 ql2300 - ok
11:35:00.0877 3864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:35:00.0881 3864 ql40xx - ok
11:35:00.0916 3864 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:35:00.0925 3864 QWAVE - ok
11:35:00.0987 3864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:35:00.0990 3864 QWAVEdrv - ok
11:35:01.0000 3864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:35:01.0002 3864 RasAcd - ok
11:35:01.0048 3864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:35:01.0050 3864 RasAgileVpn - ok
11:35:01.0092 3864 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:35:01.0098 3864 RasAuto - ok
11:35:01.0159 3864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:35:01.0163 3864 Rasl2tp - ok
11:35:01.0186 3864 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:35:01.0196 3864 RasMan - ok
11:35:01.0230 3864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:35:01.0233 3864 RasPppoe - ok
11:35:01.0250 3864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:35:01.0253 3864 RasSstp - ok
11:35:01.0286 3864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:35:01.0294 3864 rdbss - ok
11:35:01.0313 3864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:35:01.0315 3864 rdpbus - ok
11:35:01.0348 3864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:35:01.0350 3864 RDPCDD - ok
11:35:01.0396 3864 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:35:01.0401 3864 RDPDR - ok
11:35:01.0425 3864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:35:01.0426 3864 RDPENCDD - ok
11:35:01.0445 3864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:35:01.0446 3864 RDPREFMP - ok
11:35:01.0495 3864 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:35:01.0498 3864 RdpVideoMiniport - ok
11:35:01.0547 3864 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:35:01.0553 3864 RDPWD - ok
11:35:01.0675 3864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:35:01.0680 3864 rdyboost - ok
11:35:01.0710 3864 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:35:01.0715 3864 RemoteAccess - ok
11:35:01.0760 3864 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:35:01.0766 3864 RemoteRegistry - ok
11:35:01.0815 3864 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:35:01.0820 3864 RFCOMM - ok
11:35:01.0858 3864 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:35:01.0862 3864 RpcEptMapper - ok
11:35:01.0897 3864 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:35:01.0900 3864 RpcLocator - ok
11:35:01.0934 3864 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:35:01.0945 3864 RpcSs - ok
11:35:02.0022 3864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:35:02.0025 3864 rspndr - ok
11:35:02.0121 3864 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:35:02.0132 3864 RTL8167 - ok
11:35:02.0159 3864 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:35:02.0161 3864 s3cap - ok
11:35:02.0291 3864 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
11:35:02.0293 3864 SABI - ok
11:35:02.0331 3864 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:02.0334 3864 SamSs - ok
11:35:02.0451 3864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:35:02.0455 3864 sbp2port - ok
11:35:02.0495 3864 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:35:02.0503 3864 SCardSvr - ok
11:35:02.0662 3864 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
11:35:02.0665 3864 SCDEmu - ok
11:35:02.0698 3864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:35:02.0700 3864 scfilter - ok
11:35:02.0764 3864 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:35:02.0789 3864 Schedule - ok
11:35:02.0817 3864 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:35:02.0819 3864 SCPolicySvc - ok
11:35:02.0841 3864 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:35:02.0847 3864 SDRSVC - ok
11:35:02.0899 3864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:35:02.0901 3864 secdrv - ok
11:35:02.0930 3864 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:35:02.0933 3864 seclogon - ok
11:35:02.0961 3864 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:35:02.0965 3864 SENS - ok
11:35:02.0983 3864 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:35:02.0987 3864 SensrSvc - ok
11:35:03.0023 3864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:35:03.0025 3864 Serenum - ok
11:35:03.0059 3864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:35:03.0062 3864 Serial - ok
11:35:03.0085 3864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:35:03.0087 3864 sermouse - ok
11:35:03.0135 3864 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:35:03.0141 3864 SessionEnv - ok
11:35:03.0152 3864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:35:03.0154 3864 sffdisk - ok
11:35:03.0180 3864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:35:03.0182 3864 sffp_mmc - ok
11:35:03.0196 3864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:35:03.0198 3864 sffp_sd - ok
11:35:03.0227 3864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:35:03.0229 3864 sfloppy - ok
11:35:03.0264 3864 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\Windows\system32\DRIVERS\SGdrv64.sys
11:35:03.0266 3864 SGDrv - ok
11:35:03.0356 3864 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:35:03.0366 3864 SharedAccess - ok
11:35:03.0408 3864 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:35:03.0418 3864 ShellHWDetection - ok
11:35:03.0477 3864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:35:03.0479 3864 SiSRaid2 - ok
11:35:03.0496 3864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:35:03.0499 3864 SiSRaid4 - ok
11:35:03.0542 3864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:35:03.0545 3864 Smb - ok
11:35:03.0633 3864 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:35:03.0637 3864 SNMPTRAP - ok
11:35:03.0653 3864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:35:03.0656 3864 spldr - ok
11:35:03.0680 3864 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:35:03.0694 3864 Spooler - ok
11:35:03.0790 3864 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:35:03.0864 3864 sppsvc - ok
11:35:03.0990 3864 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:35:03.0994 3864 sppuinotify - ok
11:35:04.0049 3864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:35:04.0059 3864 srv - ok
11:35:04.0083 3864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:35:04.0092 3864 srv2 - ok
11:35:04.0109 3864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:35:04.0114 3864 srvnet - ok
11:35:04.0148 3864 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:35:04.0155 3864 SSDPSRV - ok
11:35:04.0167 3864 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:35:04.0172 3864 SstpSvc - ok
11:35:04.0204 3864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:35:04.0206 3864 stexstor - ok
11:35:04.0259 3864 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:35:04.0273 3864 stisvc - ok
11:35:04.0308 3864 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:35:04.0311 3864 storflt - ok
11:35:04.0338 3864 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:35:04.0341 3864 storvsc - ok
11:35:04.0375 3864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:35:04.0377 3864 swenum - ok
11:35:04.0533 3864 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:35:04.0546 3864 SwitchBoard - ok
11:35:04.0627 3864 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:35:04.0642 3864 swprv - ok
11:35:04.0710 3864 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
11:35:04.0714 3864 Synth3dVsc - ok
11:35:04.0783 3864 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:35:04.0822 3864 SysMain - ok
11:35:04.0945 3864 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:35:04.0950 3864 TabletInputService - ok
11:35:05.0023 3864 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:35:05.0033 3864 TapiSrv - ok
11:35:05.0066 3864 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:35:05.0070 3864 TBS - ok
11:35:05.0220 3864 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:35:05.0261 3864 Tcpip - ok
11:35:05.0495 3864 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:35:05.0527 3864 TCPIP6 - ok
11:35:05.0637 3864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:35:05.0639 3864 tcpipreg - ok
11:35:05.0714 3864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:35:05.0716 3864 TDPIPE - ok
11:35:05.0759 3864 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:35:05.0761 3864 TDTCP - ok
11:35:05.0794 3864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:35:05.0798 3864 tdx - ok
11:35:05.0820 3864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:35:05.0823 3864 TermDD - ok
11:35:05.0864 3864 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
11:35:05.0867 3864 terminpt - ok
11:35:05.0920 3864 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:35:05.0988 3864 TermService - ok
11:35:06.0041 3864 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:35:06.0045 3864 Themes - ok
11:35:06.0083 3864 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:35:06.0086 3864 THREADORDER - ok
11:35:06.0207 3864 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:35:06.0213 3864 TrkWks - ok
11:35:06.0258 3864 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:35:06.0264 3864 TrustedInstaller - ok
11:35:06.0394 3864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:35:06.0397 3864 tssecsrv - ok
11:35:06.0473 3864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:35:06.0475 3864 TsUsbFlt - ok
11:35:06.0513 3864 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:35:06.0515 3864 TsUsbGD - ok
11:35:06.0549 3864 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
11:35:06.0553 3864 tsusbhub - ok
11:35:06.0629 3864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:35:06.0633 3864 tunnel - ok
11:35:06.0655 3864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:35:06.0658 3864 uagp35 - ok
11:35:06.0689 3864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:35:06.0697 3864 udfs - ok
11:35:06.0741 3864 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:35:06.0746 3864 UI0Detect - ok
11:35:06.0794 3864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:35:06.0797 3864 uliagpkx - ok
11:35:06.0886 3864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:35:06.0889 3864 umbus - ok
11:35:06.0912 3864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:35:06.0914 3864 UmPass - ok
11:35:06.0972 3864 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:35:07.0039 3864 UmRdpService - ok
11:35:07.0166 3864 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:35:07.0211 3864 UNS - ok
11:35:07.0302 3864 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:35:07.0312 3864 upnphost - ok
11:35:07.0413 3864 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:35:07.0415 3864 USBAAPL64 - ok
11:35:07.0458 3864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:35:07.0461 3864 usbccgp - ok
11:35:07.0556 3864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:35:07.0559 3864 usbcir - ok
11:35:07.0581 3864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:35:07.0584 3864 usbehci - ok
11:35:07.0628 3864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:35:07.0636 3864 usbhub - ok
11:35:07.0668 3864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:35:07.0670 3864 usbohci - ok
11:35:07.0693 3864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:35:07.0695 3864 usbprint - ok
11:35:07.0726 3864 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:35:07.0728 3864 usbscan - ok
11:35:07.0823 3864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:35:07.0826 3864 USBSTOR - ok
11:35:07.0876 3864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:35:07.0878 3864 usbuhci - ok
11:35:08.0001 3864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:35:08.0007 3864 usbvideo - ok
11:35:08.0042 3864 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:35:08.0120 3864 UxSms - ok
11:35:08.0178 3864 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:08.0181 3864 VaultSvc - ok
11:35:08.0306 3864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:35:08.0308 3864 vdrvroot - ok
11:35:08.0373 3864 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:35:08.0388 3864 vds - ok
11:35:08.0429 3864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:35:08.0431 3864 vga - ok
11:35:08.0457 3864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:35:08.0460 3864 VgaSave - ok
11:35:08.0555 3864 VGPU - ok
11:35:08.0580 3864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:35:08.0586 3864 vhdmp - ok
11:35:08.0613 3864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:35:08.0615 3864 viaide - ok
11:35:08.0648 3864 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:35:08.0653 3864 vmbus - ok
11:35:08.0681 3864 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:35:08.0684 3864 VMBusHID - ok
11:35:08.0706 3864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:35:08.0709 3864 volmgr - ok
11:35:08.0732 3864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:35:08.0742 3864 volmgrx - ok
11:35:08.0784 3864 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
11:35:08.0792 3864 volsnap - ok
11:35:08.0831 3864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:35:08.0835 3864 vsmraid - ok
11:35:08.0907 3864 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:35:08.0944 3864 VSS - ok
11:35:09.0007 3864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:35:09.0009 3864 vwifibus - ok
11:35:09.0126 3864 vwififlt (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
11:35:09.0129 3864 vwififlt - ok
11:35:09.0150 3864 vwifimp (49003b357d101cdc474937437ecf5abc) C:\Windows\system32\DRIVERS\vwifimp.sys
11:35:09.0151 3864 vwifimp - ok
11:35:09.0216 3864 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:35:09.0227 3864 W32Time - ok
11:35:09.0306 3864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:35:09.0309 3864 WacomPen - ok
11:35:09.0350 3864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:35:09.0353 3864 WANARP - ok
11:35:09.0362 3864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:35:09.0364 3864 Wanarpv6 - ok
11:35:09.0438 3864 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:35:09.0465 3864 WatAdminSvc - ok
11:35:09.0535 3864 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:35:09.0569 3864 wbengine - ok
11:35:09.0585 3864 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:35:09.0593 3864 WbioSrvc - ok
11:35:09.0612 3864 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:35:09.0622 3864 wcncsvc - ok
11:35:09.0632 3864 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:35:09.0637 3864 WcsPlugInService - ok
11:35:09.0690 3864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:35:09.0692 3864 Wd - ok
11:35:09.0774 3864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:35:09.0788 3864 Wdf01000 - ok
11:35:09.0810 3864 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:35:09.0816 3864 WdiServiceHost - ok
11:35:09.0823 3864 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:35:09.0828 3864 WdiSystemHost - ok
11:35:09.0852 3864 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:35:09.0861 3864 WebClient - ok
11:35:09.0933 3864 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:35:09.0941 3864 Wecsvc - ok
11:35:09.0953 3864 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:35:09.0958 3864 wercplsupport - ok
11:35:09.0980 3864 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:35:09.0985 3864 WerSvc - ok
11:35:10.0048 3864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:35:10.0050 3864 WfpLwf - ok
11:35:10.0081 3864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:35:10.0084 3864 WIMMount - ok
11:35:10.0122 3864 WinDefend - ok
11:35:10.0134 3864 WinHttpAutoProxySvc - ok
11:35:10.0252 3864 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:35:10.0258 3864 Winmgmt - ok
11:35:10.0334 3864 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:35:10.0459 3864 WinRM - ok
11:35:10.0638 3864 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:35:10.0640 3864 WinUsb - ok
11:35:10.0750 3864 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:35:10.0776 3864 Wlansvc - ok
11:35:10.0914 3864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:35:10.0916 3864 WmiAcpi - ok
11:35:10.0985 3864 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:35:10.0990 3864 wmiApSrv - ok
11:35:11.0098 3864 WMPNetworkSvc - ok
11:35:11.0151 3864 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:35:11.0156 3864 WPCSvc - ok
11:35:11.0190 3864 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:35:11.0196 3864 WPDBusEnum - ok
11:35:11.0293 3864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:35:11.0294 3864 ws2ifsl - ok
11:35:11.0323 3864 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:35:11.0329 3864 wscsvc - ok
11:35:11.0341 3864 WSearch - ok
11:35:11.0426 3864 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:35:11.0483 3864 wuauserv - ok
11:35:11.0534 3864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:35:11.0538 3864 WudfPf - ok
11:35:11.0624 3864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:35:11.0628 3864 WUDFRd - ok
11:35:11.0661 3864 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:35:11.0667 3864 wudfsvc - ok
11:35:11.0694 3864 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:35:11.0702 3864 WwanSvc - ok
11:35:11.0828 3864 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:35:11.0840 3864 YahooAUService - ok
11:35:11.0886 3864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:35:11.0960 3864 \Device\Harddisk0\DR0 - ok
11:35:11.0969 3864 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:35:12.0036 3864 \Device\Harddisk1\DR1 - ok
11:35:12.0043 3864 Boot (0x1200) (49dda4caf745c2a6a6c36f67b35d3bc4) \Device\Harddisk0\DR0\Partition0
11:35:12.0045 3864 \Device\Harddisk0\DR0\Partition0 - ok
11:35:12.0067 3864 Boot (0x1200) (7b024ecde32749370c11026939b252c9) \Device\Harddisk0\DR0\Partition1
11:35:12.0069 3864 \Device\Harddisk0\DR0\Partition1 - ok
11:35:12.0077 3864 Boot (0x1200) (173b166fc1dfe231f075c5bfb69dc63f) \Device\Harddisk1\DR1\Partition0
11:35:12.0081 3864 \Device\Harddisk1\DR1\Partition0 - ok
11:35:12.0084 3864 ============================================================
11:35:12.0084 3864 Scan finished
11:35:12.0084 3864 ============================================================
11:35:12.0108 5852 Detected object count: 0
11:35:12.0108 5852 Actual detected object count: 0

- no reboot required.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:24 PM

Posted 13 April 2012 - 10:57 PM

Which browser is getting redirected?

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 13 April 2012 - 11:09 PM

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...


----
google chrome and mozilla firefox

#8 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 13 April 2012 - 11:09 PM

sorry for the spam. net interference. :|

Edited by tosh011, 13 April 2012 - 11:10 PM.


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:24 PM

Posted 13 April 2012 - 11:14 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Edited by Broni, 13 April 2012 - 11:14 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 13 April 2012 - 11:48 PM

no detection found on FixTDSS

--

bout the rootkit remover log awhile ago. [included in previous reply] there's this line:
931 GB \\.\PhysicalDrive0 Controlled by rootkit!

is it alright?

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:24 PM

Posted 13 April 2012 - 11:56 PM

No, it's not but more advanced tools will be needed to deal with your issue.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 April 2012 - 12:10 AM

Posted Image

i couldn't check the boxes on step 8.
will i still post on the malware removal request?

"Once your screen look similar to the above, click on the Scan button to scan your computer for rootkits. This may take a while, so please be patient. When it has finished you will be back at the main screen as shown in the figure below."

that's why i didn't continue on the scan.

Edited by tosh011, 14 April 2012 - 12:14 AM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:24 PM

Posted 14 April 2012 - 09:16 AM

Go ahead and scan it anyway.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 April 2012 - 08:38 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-15 09:37:41
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2@10f9ee39402b 0x64 0x0F 0x6C 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2@5c17d33e0f3d 0xF6 0xF9 0xAB 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2@3c8bfe0db3a4 0xF9 0xCE 0x23 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\50-67-f0-8f-b2-2b@TeredoAddress 2001:0:4137:9e76:24a3:d872:8f31:eb21
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 946
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2@10f9ee39402b 0x64 0x0F 0x6C 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2@5c17d33e0f3d 0xF6 0xF9 0xAB 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2@3c8bfe0db3a4 0xF9 0xCE 0x23 0x21 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\\x30d0\x30c3\x30af\x30a2\x30c3\x30d7 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\\x30d0\x30c3\x30af\x30a2\x30c3\x30d7 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\ 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\ 1

---- Files - GMER 1.0.15 ----

File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006b1 0 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0007cf 0 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F7F8.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F7F9.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80A.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80B.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80C.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80D.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F82D.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F82E.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F83F.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F840.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F850.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F851.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F852.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F853.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F864.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F865.tmp 150798 bytes
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes

---- EOF - GMER 1.0.15 ----


----
no red marks or anything shown on gmer log. shall i post another topic to that thread?

Edited by tosh011, 14 April 2012 - 08:39 PM.


#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:24 PM

Posted 14 April 2012 - 09:10 PM

You post all logs in your new topic in malware removal forum not here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users