Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Redirect to Bing (Malware?)


  • This topic is locked This topic is locked
31 replies to this topic

#1 ezen3000

ezen3000

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 20 April 2012 - 05:54 PM

I've searched this problem all over the internet and I've tried all of the solutions I have been able to find, but to no avail. I am running Windows 7 Home Premium.

Bing has become the default search in my address bar - it should be Google. The Problem is not in the search bar in the top right - it is in the Address Bar.

I have gone to about:config and changed the keyword.url to GOOGLE it will then work - but when I close Firefox and reopen it the address bar search goes right back to Bing.

Then I went into Control Panel>Network and Internet>Manage browser add-ons>manage add-ons>Search Providers> and removed Bing - and made Google the default.

...None of this worked. I ended up here and tried the few steps included on that thread before it left me to creating my own regarding this situation.

I am attaching copies of a minitoolbox scan and dds scan (both files) - hopefully these help you help me.

I am going crazy because of this. I don't like change and just want Google back - please help me fix this!



I will not download or delete anything in the meantime... thank you to anyone that tries to help me.

Attached Files



BC AdBot (Login to Remove)

 


#2 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 20 April 2012 - 07:31 PM

I was able to get google back as my keyword search. If someone could still tell me if something is wrong because i'm not sure what caused this to happen.

Solution to that issue: about:config> keyword.url there was an extra one called community.tool something or other - changed that to default and it deleted. From there I closed firefox and reopened and changed it to http://www.google.com/search?ie=UTF-8&oe=utf-8&q= and it worked.

Hopefully this helps anyone else experiencing this issue.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 21 April 2012 - 07:32 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 21 April 2012 - 07:42 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 21 April 2012 - 12:41 PM

Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

TuneUp Companion 2.4.4.3
Java™ 6 Update 31
Adobe Reader X (10.1.1)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
``````````End of Log````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 21 April 2012 - 02:11 PM

let me have the combofix report next please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 21 April 2012 - 02:30 PM

Combofix is still running. On stage 27 now - way past the ten minutes it said it should take. Almost an hour and a half now.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 21 April 2012 - 02:33 PM

as long as it is going leave it alone - I will be around all day and most of the night


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 21 April 2012 - 02:53 PM

Ok thanks for your help gringo.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 21 April 2012 - 03:19 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 21 April 2012 - 11:14 PM

ComboFix 12-04-20.03 - Owner 04/21/2012 13:51:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7659.5468 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 20:02 . 2012-04-21 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 21:01 . 2012-04-20 21:01 -------- d-----w- c:\users\Owner\AppData\Roaming\IObit
2012-04-20 21:01 . 2012-04-20 21:01 -------- d-----w- c:\program files (x86)\IObit
2012-04-17 23:19 . 2012-04-17 23:19 -------- d-----w- c:\program files (x86)\TuneUpMedia
2012-04-17 23:18 . 2012-04-21 17:26 -------- d-----w- c:\users\Owner\AppData\Roaming\TuneUpMedia
2012-04-17 23:18 . 2012-04-20 04:53 -------- d-----w- c:\programdata\TuneUpMedia
2012-04-12 12:09 . 2012-04-12 12:09 -------- d-----w- c:\users\Owner\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2012-04-12 11:48 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 11:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 11:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 11:44 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 11:44 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 11:44 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 11:44 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 11:44 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 11:44 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 11:44 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 19:23 . 2012-04-11 19:23 -------- d-----w- c:\users\Owner\AppData\Local\Western Digital
2012-04-03 21:58 . 2012-04-07 22:58 -------- d-----w- c:\windows\system32\drivers\NAVx64\1207010.003
2012-04-01 17:30 . 2012-04-01 17:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 17:30 . 2012-04-01 17:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 02:17 . 2012-04-01 02:17 -------- d-----w- c:\users\Owner\dm
2012-04-01 02:17 . 2012-04-07 17:15 -------- d-----w- c:\program files (x86)\Draft Master
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 22:15 . 2011-12-22 21:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-14 11:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 03:00 . 2011-05-08 19:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 11:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 11:55 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 11:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 11:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 11:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DS3 Tool"="c:\program files (x86)\MotioninJoy\ds3\DS3_Tool.exe" [2011-01-01 110352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"lxddmon.exe"="c:\program files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-01-12 4453208]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120420.001\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-12-05 529768]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-03 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yqrm2xij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-04-21 16:31:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-21 20:31
.
Pre-Run: 561,177,214,976 bytes free
Post-Run: 561,182,597,120 bytes free
.
- - End Of File - - FD95946D114E944B19974A0418320609

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 21 April 2012 - 11:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo




Code:
Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 22 April 2012 - 12:37 AM

01:34:41.0944 7728 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
01:34:42.0349 7728 ============================================================
01:34:42.0349 7728 Current date / time: 2012/04/22 01:34:42.0349
01:34:42.0349 7728 SystemInfo:
01:34:42.0349 7728
01:34:42.0349 7728 OS Version: 6.1.7601 ServicePack: 1.0
01:34:42.0349 7728 Product type: Workstation
01:34:42.0350 7728 ComputerName: OWNER-HP
01:34:42.0350 7728 UserName: Owner
01:34:42.0350 7728 Windows directory: C:\Windows
01:34:42.0350 7728 System windows directory: C:\Windows
01:34:42.0350 7728 Running under WOW64
01:34:42.0350 7728 Processor architecture: Intel x64
01:34:42.0350 7728 Number of processors: 4
01:34:42.0350 7728 Page size: 0x1000
01:34:42.0350 7728 Boot type: Normal boot
01:34:42.0350 7728 ============================================================
01:34:43.0965 7728 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:34:43.0971 7728 Drive \Device\Harddisk1\DR2 - Size: 0x15D27100000 (1396.61 Gb), SectorSize: 0x200, Cylinders: 0x2C82B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:34:43.0990 7728 \Device\Harddisk0\DR0:
01:34:43.0990 7728 MBR partitions:
01:34:43.0990 7728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
01:34:43.0990 7728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48ACE000
01:34:43.0990 7728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48B32000, BlocksNum 0x1CF2000
01:34:43.0990 7728 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
01:34:43.0990 7728 \Device\Harddisk1\DR2:
01:34:43.0991 7728 MBR partitions:
01:34:43.0991 7728 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAE938000
01:34:44.0017 7728 C: <-> \Device\Harddisk0\DR0\Partition1
01:34:44.0074 7728 D: <-> \Device\Harddisk0\DR0\Partition2
01:34:44.0091 7728 H: <-> \Device\Harddisk0\DR0\Partition3
01:34:44.0112 7728 G: <-> \Device\Harddisk1\DR2\Partition0
01:34:44.0112 7728 Initialize success
01:34:44.0112 7728 ============================================================
01:35:07.0798 3712 ============================================================
01:35:07.0798 3712 Scan started
01:35:07.0798 3712 Mode: Manual;
01:35:07.0798 3712 ============================================================
01:35:08.0326 3712 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:35:08.0334 3712 1394ohci - ok
01:35:08.0437 3712 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
01:35:08.0441 3712 Accelerometer - ok
01:35:08.0550 3712 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:35:08.0559 3712 ACPI - ok
01:35:08.0649 3712 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:35:08.0652 3712 AcpiPmi - ok
01:35:08.0744 3712 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:35:08.0748 3712 AdobeARMservice - ok
01:35:08.0854 3712 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:35:08.0880 3712 adp94xx - ok
01:35:08.0997 3712 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:35:09.0006 3712 adpahci - ok
01:35:09.0109 3712 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:35:09.0116 3712 adpu320 - ok
01:35:09.0203 3712 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:35:09.0205 3712 AeLookupSvc - ok
01:35:09.0292 3712 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
01:35:09.0296 3712 AESTFilters - ok
01:35:09.0406 3712 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:35:09.0419 3712 AFD - ok
01:35:09.0506 3712 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:35:09.0510 3712 agp440 - ok
01:35:09.0599 3712 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:35:09.0604 3712 ALG - ok
01:35:09.0695 3712 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:35:09.0699 3712 aliide - ok
01:35:09.0825 3712 AMD External Events Utility (5580856001f78fecef19202a60334e7e) C:\Windows\system32\atiesrxx.exe
01:35:09.0832 3712 AMD External Events Utility - ok
01:35:09.0893 3712 AMD FUEL Service - ok
01:35:09.0992 3712 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
01:35:09.0997 3712 amdhub30 - ok
01:35:10.0081 3712 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:35:10.0085 3712 amdide - ok
01:35:10.0186 3712 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
01:35:10.0205 3712 amdiox64 - ok
01:35:10.0322 3712 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:35:10.0326 3712 AmdK8 - ok
01:35:10.0610 3712 amdkmdag (69bc235b7983d67b8967ce634023ced1) C:\Windows\system32\DRIVERS\atikmdag.sys
01:35:10.0814 3712 amdkmdag - ok
01:35:10.0919 3712 amdkmdap (2a8496af669f282777f9e17d04d0aa22) C:\Windows\system32\DRIVERS\atikmpag.sys
01:35:10.0924 3712 amdkmdap - ok
01:35:11.0017 3712 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:35:11.0019 3712 AmdPPM - ok
01:35:11.0106 3712 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:35:11.0110 3712 amdsata - ok
01:35:11.0202 3712 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:35:11.0209 3712 amdsbs - ok
01:35:11.0311 3712 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:35:11.0314 3712 amdxata - ok
01:35:11.0414 3712 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
01:35:11.0421 3712 amdxhc - ok
01:35:11.0511 3712 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
01:35:11.0513 3712 amd_sata - ok
01:35:11.0602 3712 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
01:35:11.0605 3712 amd_xata - ok
01:35:11.0700 3712 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:35:11.0715 3712 AppID - ok
01:35:11.0812 3712 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:35:11.0816 3712 AppIDSvc - ok
01:35:11.0916 3712 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:35:11.0919 3712 Appinfo - ok
01:35:11.0999 3712 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:35:12.0004 3712 Apple Mobile Device - ok
01:35:12.0133 3712 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:35:12.0138 3712 arc - ok
01:35:12.0230 3712 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:35:12.0243 3712 arcsas - ok
01:35:12.0364 3712 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:35:12.0368 3712 aspnet_state - ok
01:35:12.0455 3712 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:35:12.0471 3712 AsyncMac - ok
01:35:12.0597 3712 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:35:12.0601 3712 atapi - ok
01:35:12.0744 3712 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
01:35:12.0749 3712 AtiHDAudioService - ok
01:35:12.0853 3712 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:35:12.0869 3712 AudioEndpointBuilder - ok
01:35:12.0889 3712 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:35:12.0895 3712 AudioSrv - ok
01:35:12.0982 3712 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:35:12.0988 3712 AxInstSV - ok
01:35:13.0098 3712 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:35:13.0111 3712 b06bdrv - ok
01:35:13.0217 3712 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:35:13.0226 3712 b57nd60a - ok
01:35:13.0357 3712 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
01:35:13.0377 3712 BCM43XX - ok
01:35:13.0463 3712 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:35:13.0469 3712 BDESVC - ok
01:35:13.0563 3712 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:35:13.0566 3712 Beep - ok
01:35:13.0677 3712 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:35:13.0693 3712 BFE - ok
01:35:13.0871 3712 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
01:35:13.0891 3712 BHDrvx64 - ok
01:35:13.0988 3712 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:35:14.0006 3712 BITS - ok
01:35:14.0096 3712 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
01:35:14.0100 3712 blbdrive - ok
01:35:14.0168 3712 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
01:35:14.0180 3712 Bonjour Service - ok
01:35:14.0266 3712 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:35:14.0271 3712 bowser - ok
01:35:14.0362 3712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:35:14.0366 3712 BrFiltLo - ok
01:35:14.0450 3712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:35:14.0454 3712 BrFiltUp - ok
01:35:14.0603 3712 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:35:14.0608 3712 BridgeMP - ok
01:35:14.0711 3712 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:35:14.0716 3712 Browser - ok
01:35:14.0815 3712 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:35:14.0824 3712 Brserid - ok
01:35:14.0923 3712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:35:14.0927 3712 BrSerWdm - ok
01:35:15.0018 3712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:35:15.0022 3712 BrUsbMdm - ok
01:35:15.0121 3712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:35:15.0125 3712 BrUsbSer - ok
01:35:15.0221 3712 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
01:35:15.0226 3712 BTHMODEM - ok
01:35:15.0312 3712 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:35:15.0317 3712 bthserv - ok
01:35:15.0390 3712 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:35:15.0413 3712 cdfs - ok
01:35:15.0525 3712 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:35:15.0530 3712 cdrom - ok
01:35:15.0612 3712 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:35:15.0616 3712 CertPropSvc - ok
01:35:15.0713 3712 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:35:15.0717 3712 circlass - ok
01:35:15.0815 3712 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:35:15.0826 3712 CLFS - ok
01:35:15.0922 3712 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:35:15.0927 3712 clr_optimization_v2.0.50727_32 - ok
01:35:16.0011 3712 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:35:16.0017 3712 clr_optimization_v2.0.50727_64 - ok
01:35:16.0150 3712 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:35:16.0155 3712 clr_optimization_v4.0.30319_32 - ok
01:35:16.0263 3712 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:35:16.0268 3712 clr_optimization_v4.0.30319_64 - ok
01:35:16.0378 3712 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
01:35:16.0383 3712 clwvd - ok
01:35:16.0471 3712 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
01:35:16.0474 3712 CmBatt - ok
01:35:16.0560 3712 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:35:16.0564 3712 cmdide - ok
01:35:16.0652 3712 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:35:16.0664 3712 CNG - ok
01:35:16.0762 3712 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
01:35:16.0766 3712 Compbatt - ok
01:35:16.0860 3712 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:35:16.0864 3712 CompositeBus - ok
01:35:16.0922 3712 COMSysApp - ok
01:35:16.0975 3712 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:35:16.0979 3712 crcdisk - ok
01:35:17.0059 3712 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:35:17.0066 3712 CryptSvc - ok
01:35:17.0163 3712 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:35:17.0177 3712 DcomLaunch - ok
01:35:17.0261 3712 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:35:17.0270 3712 defragsvc - ok
01:35:17.0365 3712 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:35:17.0385 3712 DfsC - ok
01:35:17.0485 3712 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:35:17.0493 3712 Dhcp - ok
01:35:17.0578 3712 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:35:17.0583 3712 discache - ok
01:35:17.0688 3712 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:35:17.0693 3712 Disk - ok
01:35:17.0831 3712 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:35:17.0838 3712 Dnscache - ok
01:35:17.0916 3712 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:35:17.0925 3712 dot3svc - ok
01:35:18.0018 3712 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:35:18.0023 3712 DPS - ok
01:35:18.0162 3712 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:35:18.0165 3712 drmkaud - ok
01:35:18.0271 3712 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:35:18.0293 3712 DXGKrnl - ok
01:35:18.0388 3712 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:35:18.0394 3712 EapHost - ok
01:35:18.0554 3712 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:35:18.0651 3712 ebdrv - ok
01:35:18.0731 3712 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
01:35:18.0742 3712 eeCtrl - ok
01:35:18.0829 3712 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:35:18.0834 3712 EFS - ok
01:35:18.0917 3712 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:35:18.0951 3712 ehRecvr - ok
01:35:19.0026 3712 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:35:19.0032 3712 ehSched - ok
01:35:19.0140 3712 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:35:19.0153 3712 elxstor - ok
01:35:19.0218 3712 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:35:19.0233 3712 EraserUtilRebootDrv - ok
01:35:19.0324 3712 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:35:19.0327 3712 ErrDev - ok
01:35:19.0446 3712 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:35:19.0456 3712 EventSystem - ok
01:35:19.0548 3712 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:35:19.0573 3712 exfat - ok
01:35:19.0645 3712 ezSharedSvc - ok
01:35:19.0703 3712 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:35:19.0711 3712 fastfat - ok
01:35:19.0856 3712 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:35:19.0874 3712 Fax - ok
01:35:19.0956 3712 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
01:35:19.0961 3712 fdc - ok
01:35:20.0050 3712 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:35:20.0054 3712 fdPHost - ok
01:35:20.0137 3712 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:35:20.0141 3712 FDResPub - ok
01:35:20.0225 3712 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:35:20.0230 3712 FileInfo - ok
01:35:20.0294 3712 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
01:35:20.0311 3712 FileMonitor - ok
01:35:20.0395 3712 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:35:20.0399 3712 Filetrace - ok
01:35:20.0490 3712 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:35:20.0494 3712 flpydisk - ok
01:35:20.0589 3712 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:35:20.0598 3712 FltMgr - ok
01:35:20.0704 3712 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:35:20.0725 3712 FontCache - ok
01:35:20.0815 3712 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:35:20.0817 3712 FontCache3.0.0.0 - ok
01:35:20.0882 3712 FPLService (6aa4e6b4ea50620ab622a048394c4aa2) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
01:35:20.0926 3712 FPLService - ok
01:35:21.0001 3712 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:35:21.0004 3712 FsDepends - ok
01:35:21.0096 3712 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:35:21.0110 3712 Fs_Rec - ok
01:35:21.0202 3712 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:35:21.0210 3712 fvevol - ok
01:35:21.0308 3712 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:35:21.0313 3712 gagp30kx - ok
01:35:21.0388 3712 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
01:35:21.0403 3712 GamesAppService - ok
01:35:21.0494 3712 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:35:21.0498 3712 GEARAspiWDM - ok
01:35:21.0596 3712 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:35:21.0614 3712 gpsvc - ok
01:35:21.0706 3712 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:35:21.0709 3712 hcw85cir - ok
01:35:21.0832 3712 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:35:21.0857 3712 HdAudAddService - ok
01:35:21.0957 3712 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:35:21.0961 3712 HDAudBus - ok
01:35:22.0037 3712 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:35:22.0041 3712 HidBatt - ok
01:35:22.0133 3712 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:35:22.0138 3712 HidBth - ok
01:35:22.0235 3712 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:35:22.0240 3712 HidIr - ok
01:35:22.0312 3712 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:35:22.0317 3712 hidserv - ok
01:35:22.0413 3712 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:35:22.0415 3712 HidUsb - ok
01:35:22.0481 3712 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:35:22.0487 3712 hkmsvc - ok
01:35:22.0576 3712 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:35:22.0584 3712 HomeGroupListener - ok
01:35:22.0741 3712 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:35:22.0749 3712 HomeGroupProvider - ok
01:35:22.0875 3712 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
01:35:22.0878 3712 HP Support Assistant Service - ok
01:35:22.0961 3712 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
01:35:22.0971 3712 HPClientSvc - ok
01:35:23.0105 3712 hpCMSrv (c5d2f308e1c12a5c328ef549696dbc05) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
01:35:23.0175 3712 hpCMSrv - ok
01:35:23.0259 3712 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
01:35:23.0266 3712 HPDrvMntSvc.exe - ok
01:35:23.0367 3712 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
01:35:23.0372 3712 hpdskflt - ok
01:35:23.0506 3712 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
01:35:23.0526 3712 hpqwmiex - ok
01:35:23.0617 3712 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:35:23.0622 3712 HpSAMD - ok
01:35:23.0704 3712 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
01:35:23.0709 3712 hpsrv - ok
01:35:23.0813 3712 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
01:35:23.0817 3712 HPWMISVC - ok
01:35:23.0949 3712 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:35:23.0967 3712 HTTP - ok
01:35:24.0049 3712 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:35:24.0052 3712 hwpolicy - ok
01:35:24.0153 3712 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:35:24.0169 3712 i8042prt - ok
01:35:24.0272 3712 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:35:24.0283 3712 iaStorV - ok
01:35:24.0412 3712 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
01:35:24.0461 3712 IconMan_R - ok
01:35:24.0569 3712 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:35:24.0599 3712 idsvc - ok
01:35:24.0741 3712 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120420.001\IDSvia64.sys
01:35:24.0754 3712 IDSVia64 - ok
01:35:24.0854 3712 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:35:24.0859 3712 iirsp - ok
01:35:24.0955 3712 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:35:24.0973 3712 IKEEXT - ok
01:35:25.0065 3712 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
01:35:25.0111 3712 IMFservice - ok
01:35:25.0207 3712 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:35:25.0211 3712 intelide - ok
01:35:25.0322 3712 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
01:35:25.0326 3712 intelppm - ok
01:35:25.0426 3712 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:35:25.0431 3712 IPBusEnum - ok
01:35:25.0518 3712 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:35:25.0538 3712 IpFilterDriver - ok
01:35:25.0640 3712 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:35:25.0653 3712 iphlpsvc - ok
01:35:25.0743 3712 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:35:25.0769 3712 IPMIDRV - ok
01:35:25.0857 3712 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:35:25.0863 3712 IPNAT - ok
01:35:25.0961 3712 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
01:35:25.0977 3712 iPod Service - ok
01:35:26.0063 3712 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:35:26.0067 3712 IRENUM - ok
01:35:26.0152 3712 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:35:26.0156 3712 isapnp - ok
01:35:26.0255 3712 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:35:26.0274 3712 iScsiPrt - ok
01:35:26.0370 3712 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:35:26.0375 3712 kbdclass - ok
01:35:26.0465 3712 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:35:26.0467 3712 kbdhid - ok
01:35:26.0551 3712 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:35:26.0555 3712 KeyIso - ok
01:35:26.0638 3712 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:35:26.0643 3712 KSecDD - ok
01:35:26.0730 3712 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:35:26.0737 3712 KSecPkg - ok
01:35:26.0825 3712 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:35:26.0829 3712 ksthunk - ok
01:35:26.0908 3712 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:35:26.0920 3712 KtmRm - ok
01:35:27.0023 3712 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:35:27.0032 3712 LanmanServer - ok
01:35:27.0113 3712 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:35:27.0121 3712 LanmanWorkstation - ok
01:35:27.0207 3712 libusb0 - ok
01:35:27.0279 3712 libusbd - ok
01:35:27.0379 3712 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:35:27.0384 3712 lltdio - ok
01:35:27.0455 3712 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:35:27.0466 3712 lltdsvc - ok
01:35:27.0536 3712 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:35:27.0541 3712 lmhosts - ok
01:35:27.0667 3712 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:35:27.0673 3712 LSI_FC - ok
01:35:27.0892 3712 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:35:27.0898 3712 LSI_SAS - ok
01:35:28.0002 3712 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:35:28.0029 3712 LSI_SAS2 - ok
01:35:28.0130 3712 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:35:28.0135 3712 LSI_SCSI - ok
01:35:28.0224 3712 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:35:28.0229 3712 luafv - ok
01:35:28.0299 3712 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:35:28.0314 3712 Mcx2Svc - ok
01:35:28.0405 3712 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:35:28.0426 3712 megasas - ok
01:35:28.0526 3712 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:35:28.0535 3712 MegaSR - ok
01:35:28.0646 3712 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:35:28.0652 3712 Microsoft Office Groove Audit Service - ok
01:35:28.0746 3712 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:35:28.0750 3712 MMCSS - ok
01:35:28.0828 3712 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:35:28.0833 3712 Modem - ok
01:35:28.0926 3712 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:35:28.0929 3712 monitor - ok
01:35:29.0024 3712 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
01:35:29.0063 3712 MotioninJoyXFilter - ok
01:35:29.0165 3712 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:35:29.0170 3712 mouclass - ok
01:35:29.0260 3712 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:35:29.0263 3712 mouhid - ok
01:35:29.0356 3712 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:35:29.0361 3712 mountmgr - ok
01:35:29.0443 3712 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:35:29.0450 3712 mpio - ok
01:35:29.0546 3712 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:35:29.0551 3712 mpsdrv - ok
01:35:29.0642 3712 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:35:29.0661 3712 MpsSvc - ok
01:35:29.0742 3712 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:35:29.0748 3712 MRxDAV - ok
01:35:29.0872 3712 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:35:29.0892 3712 mrxsmb - ok
01:35:29.0981 3712 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:35:29.0990 3712 mrxsmb10 - ok
01:35:30.0079 3712 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:35:30.0084 3712 mrxsmb20 - ok
01:35:30.0162 3712 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:35:30.0167 3712 msahci - ok
01:35:30.0258 3712 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:35:30.0265 3712 msdsm - ok
01:35:30.0345 3712 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:35:30.0353 3712 MSDTC - ok
01:35:30.0447 3712 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:35:30.0460 3712 Msfs - ok
01:35:30.0562 3712 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:35:30.0565 3712 mshidkmdf - ok
01:35:30.0651 3712 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:35:30.0655 3712 msisadrv - ok
01:35:30.0749 3712 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:35:30.0774 3712 MSiSCSI - ok
01:35:30.0835 3712 msiserver - ok
01:35:30.0924 3712 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:35:30.0928 3712 MSKSSRV - ok
01:35:31.0018 3712 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:35:31.0022 3712 MSPCLOCK - ok
01:35:31.0103 3712 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:35:31.0107 3712 MSPQM - ok
01:35:31.0194 3712 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:35:31.0204 3712 MsRPC - ok
01:35:31.0292 3712 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:35:31.0295 3712 mssmbios - ok
01:35:31.0382 3712 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:35:31.0386 3712 MSTEE - ok
01:35:31.0470 3712 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:35:31.0474 3712 MTConfig - ok
01:35:31.0562 3712 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:35:31.0567 3712 Mup - ok
01:35:31.0663 3712 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:35:31.0676 3712 napagent - ok
01:35:31.0794 3712 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:35:31.0803 3712 NativeWifiP - ok
01:35:31.0902 3712 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
01:35:31.0906 3712 NAV - ok
01:35:32.0008 3712 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120421.017\ENG64.SYS
01:35:32.0010 3712 NAVENG - ok
01:35:32.0254 3712 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120421.017\EX64.SYS
01:35:32.0274 3712 NAVEX15 - ok
01:35:32.0440 3712 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:35:32.0455 3712 NDIS - ok
01:35:32.0538 3712 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:35:32.0543 3712 NdisCap - ok
01:35:32.0644 3712 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:35:32.0648 3712 NdisTapi - ok
01:35:32.0740 3712 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:35:32.0745 3712 Ndisuio - ok
01:35:32.0829 3712 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:35:32.0836 3712 NdisWan - ok
01:35:32.0915 3712 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:35:32.0919 3712 NDProxy - ok
01:35:33.0010 3712 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:35:33.0014 3712 NetBIOS - ok
01:35:33.0148 3712 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:35:33.0156 3712 NetBT - ok
01:35:33.0251 3712 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:35:33.0255 3712 Netlogon - ok
01:35:33.0343 3712 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:35:33.0354 3712 Netman - ok
01:35:33.0477 3712 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:35:33.0495 3712 NetMsmqActivator - ok
01:35:33.0519 3712 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:35:33.0523 3712 NetPipeActivator - ok
01:35:33.0606 3712 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:35:33.0619 3712 netprofm - ok
01:35:33.0743 3712 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys
01:35:33.0776 3712 netr28x - ok
01:35:33.0888 3712 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:35:33.0891 3712 NetTcpActivator - ok
01:35:33.0901 3712 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:35:33.0904 3712 NetTcpPortSharing - ok
01:35:33.0992 3712 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:35:33.0997 3712 nfrd960 - ok
01:35:34.0085 3712 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:35:34.0094 3712 NlaSvc - ok
01:35:34.0179 3712 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:35:34.0184 3712 Npfs - ok
01:35:34.0262 3712 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:35:34.0267 3712 nsi - ok
01:35:34.0347 3712 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:35:34.0351 3712 nsiproxy - ok
01:35:34.0475 3712 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:35:34.0499 3712 Ntfs - ok
01:35:34.0590 3712 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:35:34.0593 3712 Null - ok
01:35:34.0701 3712 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
01:35:34.0711 3712 NVENETFD - ok
01:35:34.0805 3712 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:35:34.0809 3712 nvraid - ok
01:35:34.0895 3712 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:35:34.0899 3712 nvstor - ok
01:35:34.0987 3712 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:35:34.0991 3712 nv_agp - ok
01:35:35.0077 3712 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:35:35.0097 3712 odserv - ok
01:35:35.0183 3712 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:35:35.0188 3712 ohci1394 - ok
01:35:35.0262 3712 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:35:35.0278 3712 ose - ok
01:35:35.0490 3712 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:35:35.0614 3712 osppsvc - ok
01:35:35.0698 3712 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:35:35.0708 3712 p2pimsvc - ok
01:35:35.0814 3712 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:35:35.0827 3712 p2psvc - ok
01:35:35.0913 3712 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:35:35.0918 3712 Parport - ok
01:35:36.0012 3712 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:35:36.0017 3712 partmgr - ok
01:35:36.0093 3712 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:35:36.0100 3712 PcaSvc - ok
01:35:36.0197 3712 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:35:36.0201 3712 pci - ok
01:35:36.0290 3712 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:35:36.0294 3712 pciide - ok
01:35:36.0378 3712 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:35:36.0404 3712 pcmcia - ok
01:35:36.0486 3712 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:35:36.0491 3712 pcw - ok
01:35:36.0586 3712 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:35:36.0601 3712 PEAUTH - ok
01:35:36.0680 3712 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:35:36.0686 3712 PerfHost - ok
01:35:36.0815 3712 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:35:36.0839 3712 pla - ok
01:35:36.0925 3712 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:35:36.0938 3712 PlugPlay - ok
01:35:37.0008 3712 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:35:37.0014 3712 PNRPAutoReg - ok
01:35:37.0098 3712 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:35:37.0106 3712 PNRPsvc - ok
01:35:37.0194 3712 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:35:37.0206 3712 PolicyAgent - ok
01:35:37.0292 3712 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:35:37.0300 3712 Power - ok
01:35:37.0393 3712 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:35:37.0399 3712 PptpMiniport - ok
01:35:37.0488 3712 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:35:37.0493 3712 Processor - ok
01:35:37.0598 3712 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:35:37.0606 3712 ProfSvc - ok
01:35:37.0686 3712 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:35:37.0689 3712 ProtectedStorage - ok
01:35:37.0800 3712 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:35:37.0805 3712 Psched - ok
01:35:37.0929 3712 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:35:37.0953 3712 ql2300 - ok
01:35:38.0047 3712 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:35:38.0053 3712 ql40xx - ok
01:35:38.0141 3712 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:35:38.0152 3712 QWAVE - ok
01:35:38.0230 3712 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:35:38.0235 3712 QWAVEdrv - ok
01:35:38.0315 3712 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:35:38.0319 3712 RasAcd - ok
01:35:38.0417 3712 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:35:38.0421 3712 RasAgileVpn - ok
01:35:38.0503 3712 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:35:38.0511 3712 RasAuto - ok
01:35:38.0606 3712 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:35:38.0611 3712 Rasl2tp - ok
01:35:38.0702 3712 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:35:38.0713 3712 RasMan - ok
01:35:38.0798 3712 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:35:38.0803 3712 RasPppoe - ok
01:35:38.0899 3712 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:35:38.0904 3712 RasSstp - ok
01:35:38.0998 3712 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:35:39.0008 3712 rdbss - ok
01:35:39.0096 3712 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
01:35:39.0101 3712 rdpbus - ok
01:35:39.0196 3712 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:35:39.0200 3712 RDPCDD - ok
01:35:39.0294 3712 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:35:39.0298 3712 RDPENCDD - ok
01:35:39.0392 3712 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:35:39.0396 3712 RDPREFMP - ok
01:35:39.0479 3712 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:35:39.0496 3712 RDPWD - ok
01:35:39.0598 3712 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:35:39.0617 3712 rdyboost - ok
01:35:39.0715 3712 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
01:35:39.0734 3712 RegFilter - ok
01:35:39.0875 3712 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:35:39.0882 3712 RemoteAccess - ok
01:35:39.0987 3712 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:35:39.0996 3712 RemoteRegistry - ok
01:35:40.0062 3712 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
01:35:40.0072 3712 RoxioNow Service - ok
01:35:40.0176 3712 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:35:40.0182 3712 RpcEptMapper - ok
01:35:40.0247 3712 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:35:40.0253 3712 RpcLocator - ok
01:35:40.0354 3712 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:35:40.0365 3712 RpcSs - ok
01:35:40.0459 3712 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
01:35:40.0468 3712 RSPCIESTOR - ok
01:35:40.0571 3712 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:35:40.0576 3712 rspndr - ok
01:35:40.0677 3712 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:35:40.0688 3712 RTL8167 - ok
01:35:40.0775 3712 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:35:40.0778 3712 SamSs - ok
01:35:40.0860 3712 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:35:40.0866 3712 sbp2port - ok
01:35:40.0954 3712 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:35:40.0961 3712 SCardSvr - ok
01:35:41.0044 3712 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:35:41.0047 3712 scfilter - ok
01:35:41.0140 3712 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:35:41.0156 3712 Schedule - ok
01:35:41.0236 3712 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:35:41.0239 3712 SCPolicySvc - ok
01:35:41.0334 3712 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
01:35:41.0339 3712 sdbus - ok
01:35:41.0428 3712 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:35:41.0437 3712 SDRSVC - ok
01:35:41.0532 3712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:35:41.0536 3712 secdrv - ok
01:35:41.0615 3712 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:35:41.0620 3712 seclogon - ok
01:35:41.0704 3712 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:35:41.0710 3712 SENS - ok
01:35:41.0821 3712 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:35:41.0828 3712 SensrSvc - ok
01:35:41.0911 3712 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
01:35:41.0916 3712 Serenum - ok
01:35:42.0033 3712 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
01:35:42.0039 3712 Serial - ok
01:35:42.0158 3712 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:35:42.0163 3712 sermouse - ok
01:35:42.0264 3712 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:35:42.0272 3712 SessionEnv - ok
01:35:42.0351 3712 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:35:42.0355 3712 sffdisk - ok
01:35:42.0440 3712 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:35:42.0444 3712 sffp_mmc - ok
01:35:42.0530 3712 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:35:42.0534 3712 sffp_sd - ok
01:35:42.0611 3712 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
01:35:42.0615 3712 sfloppy - ok
01:35:42.0708 3712 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:35:42.0718 3712 SharedAccess - ok
01:35:42.0801 3712 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:35:42.0813 3712 ShellHWDetection - ok
01:35:42.0909 3712 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:35:42.0913 3712 SiSRaid2 - ok
01:35:43.0001 3712 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:35:43.0007 3712 SiSRaid4 - ok
01:35:43.0108 3712 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:35:43.0114 3712 Smb - ok
01:35:43.0215 3712 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:35:43.0222 3712 SNMPTRAP - ok
01:35:43.0317 3712 SplashtopRemoteService (9b5342e8a4e0838312413b9cd5d8b890) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
01:35:43.0360 3712 SplashtopRemoteService - ok
01:35:43.0446 3712 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:35:43.0450 3712 spldr - ok
01:35:43.0530 3712 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:35:43.0546 3712 Spooler - ok
01:35:43.0702 3712 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:35:43.0786 3712 sppsvc - ok
01:35:43.0863 3712 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:35:43.0867 3712 sppuinotify - ok
01:35:44.0014 3712 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
01:35:44.0032 3712 SRTSP - ok
01:35:44.0156 3712 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
01:35:44.0160 3712 SRTSPX - ok
01:35:44.0254 3712 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:35:44.0267 3712 srv - ok
01:35:44.0364 3712 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:35:44.0375 3712 srv2 - ok
01:35:44.0474 3712 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
01:35:44.0491 3712 SrvHsfHDA - ok
01:35:44.0606 3712 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
01:35:44.0634 3712 SrvHsfV92 - ok
01:35:44.0741 3712 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
01:35:44.0759 3712 SrvHsfWinac - ok
01:35:44.0847 3712 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:35:44.0852 3712 srvnet - ok
01:35:44.0935 3712 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:35:44.0944 3712 SSDPSRV - ok
01:35:45.0016 3712 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:35:45.0022 3712 SstpSvc - ok
01:35:45.0098 3712 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
01:35:45.0139 3712 SSUService - ok
01:35:45.0222 3712 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
01:35:45.0230 3712 STacSV - ok
01:35:45.0318 3712 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:35:45.0322 3712 stexstor - ok
01:35:45.0439 3712 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
01:35:45.0453 3712 STHDA - ok
01:35:45.0548 3712 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:35:45.0564 3712 stisvc - ok
01:35:45.0634 3712 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:35:45.0638 3712 swenum - ok
01:35:45.0717 3712 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:35:45.0733 3712 swprv - ok
01:35:45.0866 3712 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
01:35:45.0879 3712 SymDS - ok
01:35:46.0036 3712 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
01:35:46.0058 3712 SymEFA - ok
01:35:46.0149 3712 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
01:35:46.0163 3712 SymEvent - ok
01:35:46.0292 3712 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
01:35:46.0297 3712 SymIRON - ok
01:35:46.0444 3712 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
01:35:46.0454 3712 SymNetS - ok
01:35:46.0589 3712 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
01:35:46.0617 3712 SynTP - ok
01:35:46.0731 3712 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:35:46.0755 3712 SysMain - ok
01:35:46.0828 3712 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:35:46.0835 3712 TabletInputService - ok
01:35:46.0913 3712 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:35:46.0924 3712 TapiSrv - ok
01:35:47.0022 3712 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:35:47.0029 3712 TBS - ok
01:35:47.0155 3712 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:35:47.0183 3712 Tcpip - ok
01:35:47.0311 3712 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:35:47.0332 3712 TCPIP6 - ok
01:35:47.0419 3712 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:35:47.0423 3712 tcpipreg - ok
01:35:47.0507 3712 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:35:47.0511 3712 TDPIPE - ok
01:35:47.0599 3712 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:35:47.0614 3712 TDTCP - ok
01:35:47.0712 3712 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:35:47.0718 3712 tdx - ok
01:35:47.0820 3712 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:35:47.0824 3712 TermDD - ok
01:35:47.0924 3712 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:35:47.0943 3712 TermService - ok
01:35:48.0015 3712 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:35:48.0021 3712 Themes - ok
01:35:48.0124 3712 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:35:48.0128 3712 THREADORDER - ok
01:35:48.0222 3712 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:35:48.0229 3712 TrkWks - ok
01:35:48.0316 3712 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:35:48.0323 3712 TrustedInstaller - ok
01:35:48.0411 3712 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:35:48.0416 3712 tssecsrv - ok
01:35:48.0516 3712 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:35:48.0521 3712 TsUsbFlt - ok
01:35:48.0607 3712 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
01:35:48.0611 3712 TsUsbGD - ok
01:35:48.0707 3712 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:35:48.0712 3712 tunnel - ok
01:35:48.0797 3712 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:35:48.0803 3712 uagp35 - ok
01:35:48.0891 3712 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:35:48.0901 3712 udfs - ok
01:35:48.0989 3712 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:35:48.0996 3712 UI0Detect - ok
01:35:49.0092 3712 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:35:49.0097 3712 uliagpkx - ok
01:35:49.0195 3712 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:35:49.0210 3712 umbus - ok
01:35:49.0291 3712 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:35:49.0292 3712 UmPass - ok
01:35:49.0375 3712 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:35:49.0388 3712 upnphost - ok
01:35:49.0453 3712 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
01:35:49.0471 3712 UrlFilter - ok
01:35:49.0550 3712 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
01:35:49.0566 3712 USBAAPL64 - ok
01:35:49.0655 3712 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:35:49.0660 3712 usbccgp - ok
01:35:49.0761 3712 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:35:49.0766 3712 usbcir - ok
01:35:49.0855 3712 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:35:49.0860 3712 usbehci - ok
01:35:49.0950 3712 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
01:35:49.0972 3712 usbfilter - ok
01:35:50.0080 3712 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:35:50.0089 3712 usbhub - ok
01:35:50.0181 3712 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
01:35:50.0185 3712 usbohci - ok
01:35:50.0280 3712 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:35:50.0284 3712 usbprint - ok
01:35:50.0381 3712 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:35:50.0385 3712 USBSTOR - ok
01:35:50.0473 3712 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:35:50.0477 3712 usbuhci - ok
01:35:50.0570 3712 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
01:35:50.0590 3712 usbvideo - ok
01:35:50.0663 3712 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:35:50.0669 3712 UxSms - ok
01:35:50.0764 3712 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:35:50.0767 3712 VaultSvc - ok
01:35:50.0867 3712 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
01:35:50.0886 3712 VClone - ok
01:35:50.0978 3712 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:35:50.0983 3712 vdrvroot - ok
01:35:51.0063 3712 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:35:51.0078 3712 vds - ok
01:35:51.0182 3712 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:35:51.0186 3712 vga - ok
01:35:51.0277 3712 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:35:51.0281 3712 VgaSave - ok
01:35:51.0370 3712 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:35:51.0377 3712 vhdmp - ok
01:35:51.0465 3712 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:35:51.0469 3712 viaide - ok
01:35:51.0544 3712 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:35:51.0549 3712 volmgr - ok
01:35:51.0637 3712 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:35:51.0647 3712 volmgrx - ok
01:35:51.0739 3712 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:35:51.0747 3712 volsnap - ok
01:35:51.0849 3712 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:35:51.0856 3712 vsmraid - ok
01:35:51.0975 3712 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:35:51.0999 3712 VSS - ok
01:35:52.0087 3712 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:35:52.0091 3712 vwifibus - ok
01:35:52.0173 3712 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:35:52.0177 3712 vwififlt - ok
01:35:52.0259 3712 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:35:52.0272 3712 W32Time - ok
01:35:52.0369 3712 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:35:52.0374 3712 WacomPen - ok
01:35:52.0476 3712 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:35:52.0480 3712 WANARP - ok
01:35:52.0500 3712 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:35:52.0502 3712 Wanarpv6 - ok
01:35:52.0619 3712 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:35:52.0643 3712 WatAdminSvc - ok
01:35:52.0747 3712 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:35:52.0772 3712 wbengine - ok
01:35:52.0846 3712 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:35:52.0855 3712 WbioSrvc - ok
01:35:52.0937 3712 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:35:52.0948 3712 wcncsvc - ok
01:35:53.0024 3712 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:35:53.0032 3712 WcsPlugInService - ok
01:35:53.0124 3712 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:35:53.0128 3712 Wd - ok
01:35:53.0218 3712 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
01:35:53.0220 3712 WDC_SAM - ok
01:35:53.0325 3712 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:35:53.0341 3712 Wdf01000 - ok
01:35:53.0435 3712 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:35:53.0442 3712 WdiServiceHost - ok
01:35:53.0452 3712 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:35:53.0458 3712 WdiSystemHost - ok
01:35:53.0535 3712 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:35:53.0547 3712 WebClient - ok
01:35:53.0633 3712 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:35:53.0644 3712 Wecsvc - ok
01:35:53.0720 3712 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:35:53.0727 3712 wercplsupport - ok
01:35:53.0807 3712 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:35:53.0813 3712 WerSvc - ok
01:35:53.0910 3712 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:35:53.0913 3712 WfpLwf - ok
01:35:54.0006 3712 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:35:54.0010 3712 WIMMount - ok
01:35:54.0050 3712 WinDefend - ok
01:35:54.0075 3712 WinHttpAutoProxySvc - ok
01:35:54.0165 3712 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:35:54.0171 3712 Winmgmt - ok
01:35:54.0291 3712 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:35:54.0317 3712 WinRM - ok
01:35:54.0410 3712 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
01:35:54.0415 3712 WinUsb - ok
01:35:54.0508 3712 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:35:54.0530 3712 Wlansvc - ok
01:35:54.0595 3712 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:35:54.0604 3712 wlcrasvc - ok
01:35:54.0737 3712 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:35:54.0775 3712 wlidsvc - ok
01:35:54.0866 3712 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:35:54.0869 3712 WmiAcpi - ok
01:35:54.0972 3712 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:35:54.0980 3712 wmiApSrv - ok
01:35:55.0038 3712 WMPNetworkSvc - ok
01:35:55.0130 3712 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:35:55.0138 3712 WPCSvc - ok
01:35:55.0219 3712 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:35:55.0226 3712 WPDBusEnum - ok
01:35:55.0310 3712 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:35:55.0315 3712 ws2ifsl - ok
01:35:55.0387 3712 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:35:55.0395 3712 wscsvc - ok
01:35:55.0447 3712 WSearch - ok
01:35:55.0552 3712 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:35:55.0581 3712 wuauserv - ok
01:35:55.0669 3712 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:35:55.0674 3712 WudfPf - ok
01:35:55.0776 3712 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:35:55.0783 3712 WUDFRd - ok
01:35:55.0860 3712 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:35:55.0867 3712 wudfsvc - ok
01:35:55.0947 3712 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:35:55.0958 3712 WwanSvc - ok
01:35:56.0056 3712 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
01:35:56.0062 3712 xusb21 - ok
01:35:56.0103 3712 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:35:56.0149 3712 \Device\Harddisk0\DR0 - ok
01:35:56.0154 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
01:35:56.0158 3712 \Device\Harddisk1\DR2 - ok
01:35:56.0163 3712 Boot (0x1200) (d62d85f0838be1573bf7b8cdea12abfc) \Device\Harddisk0\DR0\Partition0
01:35:56.0164 3712 \Device\Harddisk0\DR0\Partition0 - ok
01:35:56.0196 3712 Boot (0x1200) (f012d396c07dfcf29a531801d81f2436) \Device\Harddisk0\DR0\Partition1
01:35:56.0199 3712 \Device\Harddisk0\DR0\Partition1 - ok
01:35:56.0231 3712 Boot (0x1200) (508346a6e73101d44a65b30e9c427127) \Device\Harddisk0\DR0\Partition2
01:35:56.0233 3712 \Device\Harddisk0\DR0\Partition2 - ok
01:35:56.0251 3712 Boot (0x1200) (1be805bbac5c4681fdaaaa8c531fabaa) \Device\Harddisk0\DR0\Partition3
01:35:56.0252 3712 \Device\Harddisk0\DR0\Partition3 - ok
01:35:56.0256 3712 Boot (0x1200) (9b5ce993eb309d3b72a0bfedbf25d666) \Device\Harddisk1\DR2\Partition0
01:35:56.0258 3712 \Device\Harddisk1\DR2\Partition0 - ok
01:35:56.0259 3712 ============================================================
01:35:56.0260 3712 Scan finished
01:35:56.0260 3712 ============================================================
01:35:56.0273 8344 Detected object count: 0
01:35:56.0273 8344 Actual detected object count: 0

#13 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 22 April 2012 - 12:44 AM

aswMBR wont load. the site just has a server error

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 22 April 2012 - 01:03 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ezen3000

ezen3000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 22 April 2012 - 01:02 PM

When I double click OTL.exe I get an error message - included a screen shot.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users