Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is very slow and keeps freezing


  • This topic is locked This topic is locked
14 replies to this topic

#1 Slayer90

Slayer90

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 01 May 2012 - 04:40 PM

My computer is infected with an unknown undetectable trojan. I tried with Malwarebytes, F secure, Eset, Emsisoft, norton, Kaspersky Virus Removal Too, tddskiller and Dr.Web anti-virus scanner. All them said there no malware found. My computer was doing fine until couple days ago .It keeps slowing down and freezing every so often. I made no new installations of any programs. I did not have any new add ons. Clearly its a undetectable trojan. I want top get rid of this trojan without having to uninstall everything and completely havin to start all over again.

Here is my DDS report.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by alvin at 10:26:08 on 2012-05-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.899 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = Preserve
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.7.1.3\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\alvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\alvin\appdata\local\temp\_uninst_70274088.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55B7C7B4-46C4-432F-A42D-13B216CBE3CD} : DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcf8a7f59-fee4-4135-b48f-be787814ecc5%7D&mid=b0557703bfcb47d08d33d1509db84070-06ce4fc639803a2e3563922518183d8e94088cb9&ds=od011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-18%2017%3A42%3A09&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Bitdefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\IPSFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 67092826;67092826;c:\windows\system32\drivers\67092826.sys [2012-4-20 133208]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\bashdefs\20120413.001\BHDrvx86.sys [2012-4-17 821880]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\ipsdefs\20120428.001\IDSvix86.sys [2012-4-27 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys [2012-4-3 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-5 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-9 654408]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-29 932736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-9 22344]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-2 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-2 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-30 15:19:31 -------- d-----w- c:\users\alvin\appdata\local\AVG Secure Search
2012-04-23 22:44:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-04-23 22:26:32 -------- d-----w- c:\users\alvin\appdata\roaming\QuickScan
2012-04-23 04:46:18 -------- d-----w- c:\programdata\boost_interprocess
2012-04-22 22:16:44 -------- d-----w- c:\users\alvin\appdata\roaming\PC Cleaners
2012-04-22 22:16:30 4107024 ----a-w- c:\windows\uninst.exe
2012-04-22 22:16:30 -------- d-----w- c:\users\alvin\appdata\roaming\PCPro
2012-04-22 22:16:28 -------- d-----w- c:\programdata\PC1Data
2012-04-21 04:42:45 133208 ----a-w- c:\windows\system32\drivers\67092826.sys
2012-04-21 00:52:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-19 00:42:08 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-19 00:42:05 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-19 00:42:03 -------- d-----w- c:\program files\AVG Secure Search
2012-04-19 00:41:24 -------- d--h--w- c:\programdata\Common Files
2012-04-19 00:41:10 -------- d-----w- c:\users\alvin\appdata\roaming\OpenCandy
2012-04-13 05:16:02 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-13 05:01:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 05:01:32 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 00:10:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-03 21:41:13 744568 ----a-r- c:\windows\system32\drivers\nav\1207010.003\symefa.sys
2012-04-03 21:41:13 516216 ----a-r- c:\windows\system32\drivers\nav\1207010.003\srtsp.sys
2012-04-03 21:41:13 50168 ----a-r- c:\windows\system32\drivers\nav\1207010.003\srtspx.sys
2012-04-03 21:41:13 340088 ----a-r- c:\windows\system32\drivers\nav\1207010.003\symds.sys
2012-04-03 21:41:13 331384 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys
2012-04-03 21:41:13 299640 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symnets.sys
2012-04-03 21:41:13 136312 ----a-r- c:\windows\system32\drivers\nav\1207010.003\ironx86.sys
2012-04-03 21:41:03 -------- d-----w- c:\windows\system32\drivers\nav\1207010.003
.
==================== Find3M ====================
.
2012-04-22 22:25:44 3008 ----a-w- c:\windows\system32\tmp.reg
2012-04-07 15:43:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:27:08.60 ===============


Here is my GMER report


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by alvin at 10:26:08 on 2012-05-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.899 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = Preserve
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.7.1.3\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\alvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\alvin\appdata\local\temp\_uninst_70274088.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55B7C7B4-46C4-432F-A42D-13B216CBE3CD} : DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcf8a7f59-fee4-4135-b48f-be787814ecc5%7D&mid=b0557703bfcb47d08d33d1509db84070-06ce4fc639803a2e3563922518183d8e94088cb9&ds=od011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-18%2017%3A42%3A09&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\aad1f5qt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Bitdefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\IPSFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 67092826;67092826;c:\windows\system32\drivers\67092826.sys [2012-4-20 133208]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\bashdefs\20120413.001\BHDrvx86.sys [2012-4-17 821880]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\ipsdefs\20120428.001\IDSvix86.sys [2012-4-27 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys [2012-4-3 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-5 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-9 654408]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-29 932736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-9 22344]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-2 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-2 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-30 15:19:31 -------- d-----w- c:\users\alvin\appdata\local\AVG Secure Search
2012-04-23 22:44:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-04-23 22:26:32 -------- d-----w- c:\users\alvin\appdata\roaming\QuickScan
2012-04-23 04:46:18 -------- d-----w- c:\programdata\boost_interprocess
2012-04-22 22:16:44 -------- d-----w- c:\users\alvin\appdata\roaming\PC Cleaners
2012-04-22 22:16:30 4107024 ----a-w- c:\windows\uninst.exe
2012-04-22 22:16:30 -------- d-----w- c:\users\alvin\appdata\roaming\PCPro
2012-04-22 22:16:28 -------- d-----w- c:\programdata\PC1Data
2012-04-21 04:42:45 133208 ----a-w- c:\windows\system32\drivers\67092826.sys
2012-04-21 00:52:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-19 00:42:08 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-19 00:42:05 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-19 00:42:03 -------- d-----w- c:\program files\AVG Secure Search
2012-04-19 00:41:24 -------- d--h--w- c:\programdata\Common Files
2012-04-19 00:41:10 -------- d-----w- c:\users\alvin\appdata\roaming\OpenCandy
2012-04-13 05:16:02 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-13 05:01:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 05:01:32 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 00:10:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-03 21:41:13 744568 ----a-r- c:\windows\system32\drivers\nav\1207010.003\symefa.sys
2012-04-03 21:41:13 516216 ----a-r- c:\windows\system32\drivers\nav\1207010.003\srtsp.sys
2012-04-03 21:41:13 50168 ----a-r- c:\windows\system32\drivers\nav\1207010.003\srtspx.sys
2012-04-03 21:41:13 340088 ----a-r- c:\windows\system32\drivers\nav\1207010.003\symds.sys
2012-04-03 21:41:13 331384 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys
2012-04-03 21:41:13 299640 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symnets.sys
2012-04-03 21:41:13 136312 ----a-r- c:\windows\system32\drivers\nav\1207010.003\ironx86.sys
2012-04-03 21:41:03 -------- d-----w- c:\windows\system32\drivers\nav\1207010.003
.
==================== Find3M ====================
.
2012-04-22 22:25:44 3008 ----a-w- c:\windows\system32\tmp.reg
2012-04-07 15:43:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:27:08.60 ===============

My computer still is really slow and freezes. I got rid of Trojan horse Generic3_c.AUMD and xerces-depdom_2_7.dll.



So it might be the three unknown file that might be rootkit. But those three unknown files could be a vital part of the computer.

"";"<unknown>";"Service function NtAlpcConnectPort hook -> 0x86AD3E30";"Object is hidden"
"";"<unknown>";"Service function NtMapViewOfSection hook -> 0x869037F0";"Object is hidden"
"";"<unknown>";"Service function NtCreateThreadEx hook -> 0x86F502D0";"Object is hidden"


help? My computer was not only very slow, I just had a blue screen of death and had to restart. I wasn't running any new programs. Its clearly a undetectable unidentified trojan. It must have terminated or rewritten my security system so none of them of the could detect it. My computer was being very slow and kept freezing to point I have restart for last weeks. I got AGV yesterday and the symptoms did not change but gotten worse.

I need help really bad. The symptoms gotten worst. My firefox google search button seems to be disable. So when I press enter after typing a search or click it doesn't not load. Its does nothing.

Edited by boopme, 03 May 2012 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 01 May 2012 - 08:09 PM

Nod EDIT:Merged 4 posts into one.


I scan my whole computer with AGV. There seems to be three unknown files. Are they rootkit or false positives?

"Scan ""Whole computer scan"" completed."
"Infections";"1";"1";"0"
"Rootkits";"3";"0";"3"
"Warnings";"1";"1";"0"
"Information";"1"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"Tuesday, May 01, 2012, 3:20:05 PM"
"Scan finished:";"Tuesday, May 01, 2012, 5:08:35 PM (1 hour(s) 48 minute(s) 30 second(s))"
"Total object scanned:";"1774250"
"User who launched the scan:";"alvin"

"Infections"
"";"File";"Infection";"Result"
"";"C:\Users\alvin\Desktop\Norton 2011 Reset\1BOX_NTR2011.exe";"Trojan horse Generic3_c.AUMD";"Moved to Virus Vault"

"Warnings"
"";"File";"Infection";"Result"
"";"C:\Windows\SMINST\xerces-depdom_2_7.dll";"Corrupted executable file";"Moved to Virus Vault"

"Rootkits"
"";"File";"Infection";"Result"
"";"<unknown>";"Service function NtAlpcConnectPort hook -> 0x86AD3E30";"Object is hidden"
"";"<unknown>";"Service function NtMapViewOfSection hook -> 0x869037F0";"Object is hidden"
"";"<unknown>";"Service function NtCreateThreadEx hook -> 0x86F502D0";"Object is hidden"

"Information"
"";"File";"Information";"Result"
"";"C:\Users\alvin\Desktop\uninstaller\Crack\urmain.exe";"The file is signed with a broken digital signature, issued by: URSoft.";""

Edited by boopme, 03 May 2012 - 10:33 AM.


#3 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 03 May 2012 - 10:02 PM

So far I haven't made no new installation or anything and my computer has gotten worst. It seems all the detected trojans are all false positives. Malwarebytes keeps blocking avast! This unidentified undetectable trojan or rootkit seems to have hide it self very well as well as terminated and rewritten my security systems to go against me.

#4 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 04 May 2012 - 10:38 AM

My computer just had the blue screen of death, I wasn't using the computer. It is also very slow and unresponsive both when I'm not on and of f the internet.

Edited by Slayer90, 04 May 2012 - 05:53 PM.


#5 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 04 May 2012 - 11:54 PM

I have some thing to report. I didn't run any scans and stuff anyways I found a strange report called PFRO and PICTAKER. Both report of dll files being deleted. PFRO is a very long report. Should I post both logs now? Please answer.
Posted Image

Edited by Slayer90, 05 May 2012 - 12:02 AM.


#6 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 04 May 2012 - 11:58 PM

PICTAKER Log

Self-Installing File 5.0.
Session log started at 12/21/2006 6:12:54 PM.
User: Administrator.
Workstation: LH-MSADZ4JNYN35.
/InstallPackage "D:\For Client Audit Mode\VISTAMHDC4.5-x86\VISTAMHDC4.5.EXE" /ShowErrors
Self-Installing File 5.0.
Session log ended at 12/21/2006 6:13:03 PM.


Self-Installing File 5.0.
Session log started at 8/2/2010 2:01:10 PM.
User: Administrator.
Workstation: LH-JNY59LUYL9BK.
/ApplyPending
Self-Installing File 5.0.
Session log ended at 8/2/2010 2:01:10 PM.

#7 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 05 May 2012 - 12:33 AM

The PFRO is extremely long so I attach a file. so I divide it into Multiple parts

Attached Files


Edited by Slayer90, 05 May 2012 - 12:41 AM.


#8 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 05 May 2012 - 12:55 AM

The file is too large for me to attach. I can't post them all. SO I'll post the last part. Keep in mind that this is not completely log



7/8/2011 12:24:41 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\~nsu.tmp, |delete operation|, 0xc0000101
7/8/2011 12:24:41 - 2 Successful PFRO operations

9/6/2011 10:7:25 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910, |delete operation|, 0xc0000034
9/6/2011 10:7:25 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642, |delete operation|, 0xc0000101
9/6/2011 10:7:25 - 4 Successful PFRO operations

9/17/2011 11:13:55 - PFRO Error: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\tmp5d37.tmp\cur.scr, |delete operation|, 0xc000003a
9/17/2011 11:13:55 - PFRO Error: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\tmp5d37.tmp, |delete operation|, 0xc0000034
9/17/2011 11:13:55 - 0 Successful PFRO operations

12/1/2011 9:17:14 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642, |delete operation|, 0xc0000034
12/1/2011 9:17:14 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622, |delete operation|, 0xc0000101
12/1/2011 9:17:14 - PFRO Error: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\tmp882.tmp\cur.scr, |delete operation|, 0xc000003a
12/1/2011 9:17:14 - PFRO Error: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\tmp882.tmp, |delete operation|, 0xc0000034
12/1/2011 9:17:14 - 4 Successful PFRO operations

1/11/2012 9:24:8 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622, |delete operation|, 0xc0000034
1/11/2012 9:24:8 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100, |delete operation|, 0xc0000101
1/11/2012 9:24:8 - 4 Successful PFRO operations

1/17/2012 10:45:6 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\~nsu.tmp, |delete operation|, 0xc0000101
1/17/2012 10:45:6 - 1 Successful PFRO operations

4/13/2012 9:50:2 - PFRO Error: \??\C:\Program Files\Google\Chrome, |delete operation|, 0xc0000101
4/13/2012 9:50:3 - 7 Successful PFRO operations

4/20/2012 19:44:15 - PFRO Error: \??\C:\Program Files\ESET\ESET Online Scanner\, |delete operation|, 0xc0000101
4/20/2012 19:44:15 - PFRO Error: \??\C:\Program Files\ESET, |delete operation|, 0xc0000101
4/20/2012 19:44:15 - 1 Successful PFRO operations

4/20/2012 21:40:38 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\E3BF9A0A-F0D3D7BE-D61E7BBC-3FD7D7A4\4f9220fd.tmp, |delete operation|, 0xc000003a
4/20/2012 21:40:38 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\E3BF9A0A-F0D3D7BE-D61E7BBC-3FD7D7A4, |delete operation|, 0xc0000034
4/20/2012 21:40:38 - 1 Successful PFRO operations

4/22/2012 9:39:52 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\FAF95222-8BA65992-26B95EDC-6134D75C\4f93a3c4.tmp, |delete operation|, 0xc0000034
4/22/2012 9:39:52 - 1 Successful PFRO operations

4/23/2012 19:50:28 - PFRO Error: \??\C:\Program Files\ESET\ESET Online Scanner\, |delete operation|, 0xc0000101
4/23/2012 19:50:28 - PFRO Error: \??\C:\Program Files\ESET, |delete operation|, 0xc0000101
4/23/2012 19:50:28 - PFRO Error: \??\C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe, |delete operation|, 0xc0000034
4/23/2012 19:50:28 - 7 Successful PFRO operations

4/23/2012 20:1:40 - PFRO Error: \??\C:\Program Files\Emsisoft Anti-Malware, |delete operation|, 0xc0000101
4/23/2012 20:1:40 - 2 Successful PFRO operations

5/1/2012 8:30:15 - PFRO Error: \??\C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe, |delete operation|, 0xc0000034
5/1/2012 8:30:15 - 2 Successful PFRO operations

5/2/2012 13:42:18 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\1F68AFBF-8E53F41E-6CF0B3CA-E634C1B2\4fa197b1.tmp, |delete operation|, 0xc0000034
5/2/2012 13:42:18 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\1C60547A-4AA1E44-9A7B8144-81B05B6A\4fa19866.tmp, |delete operation|, 0xc0000034
5/2/2012 13:42:18 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\2FD94454-29F4EBC4-14EBF508-B9DC945C\4fa198c1.tmp, |delete operation|, 0xc0000034
5/2/2012 13:42:18 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\E5B0381E-9BFD9133-5A04C061-AD024770\4fa19b5e.tmp, |delete operation|, 0xc0000034
5/2/2012 13:42:18 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\75C1600F-57227AE-64441793-83D64A08\4fa19b9b.tmp, |delete operation|, 0xc0000034
5/2/2012 13:42:18 - 5 Successful PFRO operations

5/2/2012 20:6:51 - PFRO Error: \??\C:\Program Files\Google\Chrome, |delete operation|, 0xc0000101
5/2/2012 20:6:51 - 2 Successful PFRO operations

5/4/2012 8:28:43 - PFRO Error: \??\C:\Users\alvin\AppData\Local\Temp\~nsu.tmp, |delete operation|, 0xc0000101
5/4/2012 8:28:43 - 1 Successful PFRO operations

#9 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 05 May 2012 - 10:50 AM

It has been five days. Please help me. The unknown trojan is deleting all my security system and doing other damage. Is the WMSysPr9.prx file a trojan?

Edited by Slayer90, 05 May 2012 - 10:59 AM.


#10 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 05 May 2012 - 02:42 PM

Please Respond. Why am I being ignored?

Edited by Slayer90, 05 May 2012 - 02:52 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 07 May 2012 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start at the beginning.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#12 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 07 May 2012 - 04:46 PM

13:49:55.0507 4856 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:49:57.0136 4856 ============================================================
13:49:57.0136 4856 Current date / time: 2012/05/07 13:49:57.0136
13:49:57.0136 4856 SystemInfo:
13:49:57.0136 4856
13:49:57.0136 4856 OS Version: 6.1.7601 ServicePack: 1.0
13:49:57.0136 4856 Product type: Workstation
13:49:57.0137 4856 ComputerName: ALFRED-HP
13:49:57.0137 4856 UserName: Alfred
13:49:57.0137 4856 Windows directory: C:\Windows
13:49:57.0137 4856 System windows directory: C:\Windows
13:49:57.0137 4856 Running under WOW64
13:49:57.0137 4856 Processor architecture: Intel x64
13:49:57.0138 4856 Number of processors: 2
13:49:57.0138 4856 Page size: 0x1000
13:49:57.0138 4856 Boot type: Normal boot
13:49:57.0138 4856 ============================================================
13:49:58.0144 4856 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:49:58.0160 4856 ============================================================
13:49:58.0160 4856 \Device\Harddisk0\DR0:
13:49:58.0161 4856 MBR partitions:
13:49:58.0161 4856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:49:58.0161 4856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72EA9800
13:49:58.0161 4856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72EDC000, BlocksNum 0x182A000
13:49:58.0161 4856 ============================================================
13:49:58.0187 4856 C: <-> \Device\Harddisk0\DR0\Partition1
13:49:58.0234 4856 D: <-> \Device\Harddisk0\DR0\Partition2
13:49:58.0234 4856 ============================================================
13:49:58.0235 4856 Initialize success
13:49:58.0235 4856 ============================================================
13:50:15.0925 4628 ============================================================
13:50:15.0925 4628 Scan started
13:50:15.0925 4628 Mode: Manual;
13:50:15.0925 4628 ============================================================
13:50:16.0721 4628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:50:16.0745 4628 1394ohci - ok
13:50:16.0803 4628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:50:16.0810 4628 ACPI - ok
13:50:16.0840 4628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:50:16.0844 4628 AcpiPmi - ok
13:50:17.0091 4628 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:50:17.0096 4628 AdobeFlashPlayerUpdateSvc - ok
13:50:17.0189 4628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:50:17.0217 4628 adp94xx - ok
13:50:17.0279 4628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:50:17.0297 4628 adpahci - ok
13:50:17.0327 4628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:50:17.0339 4628 adpu320 - ok
13:50:17.0376 4628 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:50:17.0378 4628 AeLookupSvc - ok
13:50:17.0457 4628 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
13:50:17.0480 4628 AFD - ok
13:50:17.0541 4628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:50:17.0547 4628 agp440 - ok
13:50:17.0559 4628 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:50:17.0566 4628 ALG - ok
13:50:17.0597 4628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:50:17.0601 4628 aliide - ok
13:50:17.0653 4628 AMD External Events Utility (23bc2ea87ab7d48756e6198a4e5d3ac0) C:\Windows\system32\atiesrxx.exe
13:50:17.0658 4628 AMD External Events Utility - ok
13:50:17.0672 4628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:50:17.0677 4628 amdide - ok
13:50:17.0696 4628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:50:17.0702 4628 AmdK8 - ok
13:50:18.0504 4628 amdkmdag (4837aa524c1aeb34201ba425237fb45b) C:\Windows\system32\DRIVERS\atikmdag.sys
13:50:18.0689 4628 amdkmdag - ok
13:50:19.0014 4628 amdkmdap (d7cc3eb2ae5bb29858f254c9aa356601) C:\Windows\system32\DRIVERS\atikmpag.sys
13:50:19.0048 4628 amdkmdap - ok
13:50:19.0077 4628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:50:19.0078 4628 AmdPPM - ok
13:50:19.0109 4628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:50:19.0129 4628 amdsata - ok
13:50:19.0157 4628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:50:19.0168 4628 amdsbs - ok
13:50:19.0188 4628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:50:19.0204 4628 amdxata - ok
13:50:19.0228 4628 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\drivers\amd_sata.sys
13:50:19.0229 4628 amd_sata - ok
13:50:19.0266 4628 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\drivers\amd_xata.sys
13:50:19.0283 4628 amd_xata - ok
13:50:19.0329 4628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:50:19.0335 4628 AppID - ok
13:50:19.0359 4628 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:50:19.0364 4628 AppIDSvc - ok
13:50:19.0377 4628 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:50:19.0381 4628 Appinfo - ok
13:50:19.0417 4628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:50:19.0424 4628 arc - ok
13:50:19.0450 4628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:50:19.0458 4628 arcsas - ok
13:50:19.0626 4628 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:50:19.0629 4628 aspnet_state - ok
13:50:19.0663 4628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:50:19.0667 4628 AsyncMac - ok
13:50:19.0687 4628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:50:19.0693 4628 atapi - ok
13:50:19.0792 4628 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:50:19.0805 4628 AudioEndpointBuilder - ok
13:50:19.0818 4628 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:50:19.0825 4628 AudioSrv - ok
13:50:19.0884 4628 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:50:19.0889 4628 AxInstSV - ok
13:50:19.0956 4628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:50:19.0979 4628 b06bdrv - ok
13:50:20.0006 4628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:50:20.0021 4628 b57nd60a - ok
13:50:20.0112 4628 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:50:20.0118 4628 BBSvc - ok
13:50:20.0153 4628 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:50:20.0161 4628 BDESVC - ok
13:50:20.0193 4628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:50:20.0196 4628 Beep - ok
13:50:20.0269 4628 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:50:20.0282 4628 BFE - ok
13:50:20.0569 4628 BHDrvx64 (2175fbc1639e623872081b0f057409c8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys
13:50:20.0593 4628 BHDrvx64 - ok
13:50:20.0891 4628 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:50:20.0907 4628 BITS - ok
13:50:21.0001 4628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:50:21.0010 4628 blbdrive - ok
13:50:21.0051 4628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:50:21.0060 4628 bowser - ok
13:50:21.0085 4628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:50:21.0090 4628 BrFiltLo - ok
13:50:21.0111 4628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:50:21.0115 4628 BrFiltUp - ok
13:50:21.0154 4628 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:50:21.0158 4628 Browser - ok
13:50:21.0197 4628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:50:21.0213 4628 Brserid - ok
13:50:21.0230 4628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:50:21.0235 4628 BrSerWdm - ok
13:50:21.0247 4628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:50:21.0252 4628 BrUsbMdm - ok
13:50:21.0268 4628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:50:21.0272 4628 BrUsbSer - ok
13:50:21.0295 4628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:50:21.0311 4628 BTHMODEM - ok
13:50:21.0359 4628 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:50:21.0365 4628 bthserv - ok
13:50:21.0445 4628 ccSet_NIS (9a2a298479be9354fed42c9a40a9c214) C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys
13:50:21.0474 4628 ccSet_NIS - ok
13:50:21.0494 4628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:50:21.0502 4628 cdfs - ok
13:50:21.0527 4628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:50:21.0536 4628 cdrom - ok
13:50:21.0571 4628 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:50:21.0575 4628 CertPropSvc - ok
13:50:21.0607 4628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:50:21.0613 4628 circlass - ok
13:50:21.0657 4628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:50:21.0675 4628 CLFS - ok
13:50:21.0802 4628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:50:21.0806 4628 clr_optimization_v2.0.50727_32 - ok
13:50:21.0873 4628 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:50:21.0876 4628 clr_optimization_v2.0.50727_64 - ok
13:50:22.0041 4628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:50:22.0046 4628 clr_optimization_v4.0.30319_32 - ok
13:50:22.0183 4628 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:50:22.0214 4628 clr_optimization_v4.0.30319_64 - ok
13:50:22.0251 4628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:50:22.0257 4628 CmBatt - ok
13:50:22.0283 4628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:50:22.0287 4628 cmdide - ok
13:50:22.0340 4628 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:50:22.0365 4628 CNG - ok
13:50:22.0381 4628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:50:22.0386 4628 Compbatt - ok
13:50:22.0420 4628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:50:22.0425 4628 CompositeBus - ok
13:50:22.0435 4628 COMSysApp - ok
13:50:22.0460 4628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:50:22.0467 4628 crcdisk - ok
13:50:22.0507 4628 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:50:22.0512 4628 CryptSvc - ok
13:50:22.0586 4628 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:50:22.0599 4628 DcomLaunch - ok
13:50:22.0637 4628 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:50:22.0653 4628 defragsvc - ok
13:50:22.0682 4628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:50:22.0690 4628 DfsC - ok
13:50:22.0727 4628 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:50:22.0734 4628 Dhcp - ok
13:50:22.0773 4628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:50:22.0778 4628 discache - ok
13:50:22.0810 4628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:50:22.0817 4628 Disk - ok
13:50:22.0858 4628 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:50:22.0864 4628 Dnscache - ok
13:50:22.0919 4628 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:50:22.0926 4628 dot3svc - ok
13:50:22.0948 4628 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:50:22.0954 4628 DPS - ok
13:50:22.0996 4628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:50:23.0000 4628 drmkaud - ok
13:50:23.0107 4628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:50:23.0148 4628 DXGKrnl - ok
13:50:23.0171 4628 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:50:23.0175 4628 EapHost - ok
13:50:23.0464 4628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:50:23.0530 4628 ebdrv - ok
13:50:23.0764 4628 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:50:23.0770 4628 EFS - ok
13:50:23.0888 4628 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:50:23.0900 4628 ehRecvr - ok
13:50:23.0939 4628 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:50:23.0942 4628 ehSched - ok
13:50:24.0110 4628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:50:24.0143 4628 elxstor - ok
13:50:24.0162 4628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:50:24.0166 4628 ErrDev - ok
13:50:24.0241 4628 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:50:24.0249 4628 EventSystem - ok
13:50:24.0277 4628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:50:24.0289 4628 exfat - ok
13:50:24.0310 4628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:50:24.0322 4628 fastfat - ok
13:50:24.0402 4628 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:50:24.0436 4628 Fax - ok
13:50:24.0463 4628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:50:24.0470 4628 fdc - ok
13:50:24.0486 4628 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:50:24.0490 4628 fdPHost - ok
13:50:24.0499 4628 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:50:24.0503 4628 FDResPub - ok
13:50:24.0514 4628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:50:24.0521 4628 FileInfo - ok
13:50:24.0530 4628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:50:24.0534 4628 Filetrace - ok
13:50:24.0549 4628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:50:24.0555 4628 flpydisk - ok
13:50:24.0594 4628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:50:24.0597 4628 FltMgr - ok
13:50:24.0713 4628 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:50:24.0730 4628 FontCache - ok
13:50:24.0789 4628 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:50:24.0790 4628 FontCache3.0.0.0 - ok
13:50:24.0893 4628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:50:24.0903 4628 FsDepends - ok
13:50:24.0914 4628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:50:24.0919 4628 Fs_Rec - ok
13:50:24.0945 4628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:50:24.0958 4628 fvevol - ok
13:50:24.0994 4628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:50:24.0999 4628 gagp30kx - ok
13:50:25.0097 4628 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:50:25.0104 4628 GamesAppService - ok
13:50:25.0195 4628 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:50:25.0211 4628 gpsvc - ok
13:50:25.0234 4628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:50:25.0239 4628 hcw85cir - ok
13:50:25.0291 4628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:50:25.0308 4628 HdAudAddService - ok
13:50:25.0343 4628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:50:25.0345 4628 HDAudBus - ok
13:50:25.0363 4628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:50:25.0368 4628 HidBatt - ok
13:50:25.0390 4628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:50:25.0397 4628 HidBth - ok
13:50:25.0419 4628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:50:25.0424 4628 HidIr - ok
13:50:25.0451 4628 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:50:25.0455 4628 hidserv - ok
13:50:25.0495 4628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:50:25.0499 4628 HidUsb - ok
13:50:25.0536 4628 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:50:25.0541 4628 hkmsvc - ok
13:50:25.0575 4628 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:50:25.0581 4628 HomeGroupListener - ok
13:50:25.0617 4628 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:50:25.0625 4628 HomeGroupProvider - ok
13:50:25.0733 4628 HP Support Assistant Service (531d1843c7a411f4e41ec6786f291e5f) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:50:25.0736 4628 HP Support Assistant Service - ok
13:50:25.0876 4628 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
13:50:25.0887 4628 HPAuto - ok
13:50:25.0945 4628 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:50:25.0950 4628 HPClientSvc - ok
13:50:25.0995 4628 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:50:25.0997 4628 HPDrvMntSvc.exe - ok
13:50:26.0093 4628 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:50:26.0107 4628 hpqwmiex - ok
13:50:26.0417 4628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:50:26.0428 4628 HpSAMD - ok
13:50:26.0517 4628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:50:26.0551 4628 HTTP - ok
13:50:26.0559 4628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:50:26.0563 4628 hwpolicy - ok
13:50:26.0590 4628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:50:26.0598 4628 i8042prt - ok
13:50:26.0663 4628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:50:26.0699 4628 iaStorV - ok
13:50:26.0848 4628 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:50:26.0863 4628 idsvc - ok
13:50:27.0048 4628 IDSVia64 (34ac90d62c9f003a470183393c061d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVia64.sys
13:50:27.0061 4628 IDSVia64 - ok
13:50:27.0870 4628 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:50:27.0972 4628 igfx - ok
13:50:28.0375 4628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:50:28.0384 4628 iirsp - ok
13:50:28.0532 4628 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:50:28.0548 4628 IKEEXT - ok
13:50:28.0816 4628 IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\Windows\system32\drivers\RTKVHD64.sys
13:50:28.0939 4628 IntcAzAudAddService - ok
13:50:29.0249 4628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:50:29.0256 4628 intelide - ok
13:50:29.0299 4628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:50:29.0306 4628 intelppm - ok
13:50:29.0339 4628 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:50:29.0345 4628 IPBusEnum - ok
13:50:29.0364 4628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:50:29.0373 4628 IpFilterDriver - ok
13:50:29.0423 4628 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:50:29.0433 4628 iphlpsvc - ok
13:50:29.0456 4628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:50:29.0463 4628 IPMIDRV - ok
13:50:29.0477 4628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:50:29.0486 4628 IPNAT - ok
13:50:29.0503 4628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:50:29.0507 4628 IRENUM - ok
13:50:29.0537 4628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:50:29.0541 4628 isapnp - ok
13:50:29.0593 4628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:50:29.0611 4628 iScsiPrt - ok
13:50:29.0627 4628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:50:29.0632 4628 kbdclass - ok
13:50:29.0666 4628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:50:29.0671 4628 kbdhid - ok
13:50:29.0696 4628 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:29.0699 4628 KeyIso - ok
13:50:29.0716 4628 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:50:29.0724 4628 KSecDD - ok
13:50:29.0742 4628 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:50:29.0753 4628 KSecPkg - ok
13:50:29.0762 4628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:50:29.0767 4628 ksthunk - ok
13:50:29.0808 4628 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:50:29.0828 4628 KtmRm - ok
13:50:29.0887 4628 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:50:29.0910 4628 L1C - ok
13:50:29.0960 4628 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:50:29.0968 4628 LanmanServer - ok
13:50:30.0004 4628 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:50:30.0012 4628 LanmanWorkstation - ok
13:50:30.0042 4628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:50:30.0048 4628 lltdio - ok
13:50:30.0099 4628 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:50:30.0119 4628 lltdsvc - ok
13:50:30.0128 4628 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:50:30.0133 4628 lmhosts - ok
13:50:30.0185 4628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:50:30.0193 4628 LSI_FC - ok
13:50:30.0215 4628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:50:30.0223 4628 LSI_SAS - ok
13:50:30.0247 4628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:50:30.0253 4628 LSI_SAS2 - ok
13:50:30.0269 4628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:50:30.0278 4628 LSI_SCSI - ok
13:50:30.0305 4628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:50:30.0311 4628 luafv - ok
13:50:30.0335 4628 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:50:30.0336 4628 MBAMProtector - ok
13:50:30.0440 4628 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:50:30.0455 4628 MBAMService - ok
13:50:30.0489 4628 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:50:30.0497 4628 Mcx2Svc - ok
13:50:30.0524 4628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:50:30.0529 4628 megasas - ok
13:50:30.0568 4628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:50:30.0583 4628 MegaSR - ok
13:50:30.0612 4628 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:50:30.0616 4628 MMCSS - ok
13:50:30.0640 4628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:50:30.0645 4628 Modem - ok
13:50:30.0653 4628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:50:30.0655 4628 monitor - ok
13:50:30.0682 4628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:50:30.0687 4628 mouclass - ok
13:50:30.0717 4628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:50:30.0722 4628 mouhid - ok
13:50:30.0737 4628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:50:30.0744 4628 mountmgr - ok
13:50:30.0815 4628 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:50:30.0818 4628 MozillaMaintenance - ok
13:50:30.0854 4628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:50:30.0864 4628 mpio - ok
13:50:30.0877 4628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:50:30.0884 4628 mpsdrv - ok
13:50:30.0977 4628 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:50:30.0992 4628 MpsSvc - ok
13:50:31.0009 4628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:50:31.0019 4628 MRxDAV - ok
13:50:31.0061 4628 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:50:31.0071 4628 mrxsmb - ok
13:50:31.0113 4628 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:50:31.0131 4628 mrxsmb10 - ok
13:50:31.0156 4628 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:50:31.0165 4628 mrxsmb20 - ok
13:50:31.0196 4628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:50:31.0201 4628 msahci - ok
13:50:31.0238 4628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:50:31.0249 4628 msdsm - ok
13:50:31.0291 4628 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:50:31.0302 4628 MSDTC - ok
13:50:31.0325 4628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:50:31.0330 4628 Msfs - ok
13:50:31.0338 4628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:50:31.0342 4628 mshidkmdf - ok
13:50:31.0356 4628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:50:31.0360 4628 msisadrv - ok
13:50:31.0400 4628 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:50:31.0411 4628 MSiSCSI - ok
13:50:31.0419 4628 msiserver - ok
13:50:31.0438 4628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:50:31.0442 4628 MSKSSRV - ok
13:50:31.0449 4628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:50:31.0453 4628 MSPCLOCK - ok
13:50:31.0461 4628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:50:31.0467 4628 MSPQM - ok
13:50:31.0500 4628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:50:31.0518 4628 MsRPC - ok
13:50:31.0552 4628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:50:31.0553 4628 mssmbios - ok
13:50:31.0567 4628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:50:31.0571 4628 MSTEE - ok
13:50:31.0585 4628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:50:31.0589 4628 MTConfig - ok
13:50:31.0599 4628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:50:31.0605 4628 Mup - ok
13:50:31.0677 4628 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:50:31.0688 4628 napagent - ok
13:50:31.0737 4628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:50:31.0754 4628 NativeWifiP - ok
13:50:31.0897 4628 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120507.002\ENG64.SYS
13:50:31.0902 4628 NAVENG - ok
13:50:32.0100 4628 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120507.002\EX64.SYS
13:50:32.0133 4628 NAVEX15 - ok
13:50:32.0528 4628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:50:32.0538 4628 NDIS - ok
13:50:32.0553 4628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:50:32.0558 4628 NdisCap - ok
13:50:32.0573 4628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:50:32.0577 4628 NdisTapi - ok
13:50:32.0588 4628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:50:32.0594 4628 Ndisuio - ok
13:50:32.0612 4628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:50:32.0622 4628 NdisWan - ok
13:50:32.0639 4628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:50:32.0644 4628 NDProxy - ok
13:50:32.0655 4628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:50:32.0661 4628 NetBIOS - ok
13:50:32.0689 4628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:50:32.0704 4628 NetBT - ok
13:50:32.0729 4628 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:32.0732 4628 Netlogon - ok
13:50:32.0788 4628 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:50:32.0797 4628 Netman - ok
13:50:32.0973 4628 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:32.0978 4628 NetMsmqActivator - ok
13:50:32.0991 4628 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:32.0995 4628 NetPipeActivator - ok
13:50:33.0055 4628 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:50:33.0063 4628 netprofm - ok
13:50:33.0070 4628 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:33.0073 4628 NetTcpActivator - ok
13:50:33.0082 4628 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:33.0086 4628 NetTcpPortSharing - ok
13:50:33.0206 4628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:50:33.0215 4628 nfrd960 - ok
13:50:33.0403 4628 NIS (efbfe525e03c7444187262c85d776532) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
13:50:33.0407 4628 NIS - ok
13:50:33.0478 4628 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:50:33.0490 4628 NlaSvc - ok
13:50:33.0760 4628 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
13:50:33.0799 4628 NOBU - ok
13:50:34.0134 4628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:50:34.0143 4628 Npfs - ok
13:50:34.0174 4628 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:50:34.0179 4628 nsi - ok
13:50:34.0188 4628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:50:34.0193 4628 nsiproxy - ok
13:50:34.0355 4628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:50:34.0435 4628 Ntfs - ok
13:50:34.0747 4628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:50:34.0753 4628 Null - ok
13:50:34.0792 4628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:50:34.0815 4628 nvraid - ok
13:50:34.0844 4628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:50:34.0868 4628 nvstor - ok
13:50:34.0907 4628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:50:34.0916 4628 nv_agp - ok
13:50:34.0935 4628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:50:34.0942 4628 ohci1394 - ok
13:50:34.0998 4628 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:50:35.0007 4628 p2pimsvc - ok
13:50:35.0054 4628 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:50:35.0066 4628 p2psvc - ok
13:50:35.0103 4628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:50:35.0111 4628 Parport - ok
13:50:35.0141 4628 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:50:35.0147 4628 partmgr - ok
13:50:35.0169 4628 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:50:35.0176 4628 PcaSvc - ok
13:50:35.0218 4628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:50:35.0221 4628 pci - ok
13:50:35.0234 4628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:50:35.0238 4628 pciide - ok
13:50:35.0272 4628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:50:35.0285 4628 pcmcia - ok
13:50:35.0299 4628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:50:35.0305 4628 pcw - ok
13:50:35.0362 4628 pdfcDispatcher - ok
13:50:35.0429 4628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:50:35.0457 4628 PEAUTH - ok
13:50:35.0677 4628 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:50:35.0683 4628 PerfHost - ok
13:50:35.0852 4628 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:50:35.0875 4628 pla - ok
13:50:35.0943 4628 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
13:50:35.0954 4628 PlugPlay - ok
13:50:35.0973 4628 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:50:35.0981 4628 PNRPAutoReg - ok
13:50:36.0014 4628 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:50:36.0020 4628 PNRPsvc - ok
13:50:36.0089 4628 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:50:36.0099 4628 PolicyAgent - ok
13:50:36.0121 4628 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:50:36.0129 4628 Power - ok
13:50:36.0249 4628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:50:36.0263 4628 PptpMiniport - ok
13:50:36.0286 4628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:50:36.0293 4628 Processor - ok
13:50:36.0339 4628 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:50:36.0347 4628 ProfSvc - ok
13:50:36.0370 4628 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:36.0373 4628 ProtectedStorage - ok
13:50:36.0409 4628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:50:36.0416 4628 Psched - ok
13:50:36.0617 4628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:50:36.0685 4628 ql2300 - ok
13:50:37.0010 4628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:50:37.0025 4628 ql40xx - ok
13:50:37.0073 4628 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:50:37.0081 4628 QWAVE - ok
13:50:37.0097 4628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:50:37.0103 4628 QWAVEdrv - ok
13:50:37.0111 4628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:50:37.0115 4628 RasAcd - ok
13:50:37.0144 4628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:50:37.0150 4628 RasAgileVpn - ok
13:50:37.0166 4628 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:50:37.0175 4628 RasAuto - ok
13:50:37.0191 4628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:50:37.0199 4628 Rasl2tp - ok
13:50:37.0238 4628 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:50:37.0261 4628 RasMan - ok
13:50:37.0275 4628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:50:37.0282 4628 RasPppoe - ok
13:50:37.0294 4628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:50:37.0301 4628 RasSstp - ok
13:50:37.0334 4628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:50:37.0350 4628 rdbss - ok
13:50:37.0368 4628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:50:37.0373 4628 rdpbus - ok
13:50:37.0390 4628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:50:37.0395 4628 RDPCDD - ok
13:50:37.0414 4628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:50:37.0417 4628 RDPENCDD - ok
13:50:37.0431 4628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:50:37.0435 4628 RDPREFMP - ok
13:50:37.0468 4628 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:50:37.0493 4628 RDPWD - ok
13:50:37.0523 4628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:50:37.0535 4628 rdyboost - ok
13:50:37.0563 4628 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:50:37.0571 4628 RemoteAccess - ok
13:50:37.0612 4628 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:50:37.0624 4628 RemoteRegistry - ok
13:50:37.0665 4628 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:50:37.0671 4628 RpcEptMapper - ok
13:50:37.0689 4628 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:50:37.0694 4628 RpcLocator - ok
13:50:37.0751 4628 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:50:37.0761 4628 RpcSs - ok
13:50:37.0801 4628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:50:37.0809 4628 rspndr - ok
13:50:37.0853 4628 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:37.0856 4628 SamSs - ok
13:50:37.0887 4628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:50:37.0895 4628 sbp2port - ok
13:50:37.0939 4628 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:50:37.0947 4628 SCardSvr - ok
13:50:37.0955 4628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:50:37.0961 4628 scfilter - ok
13:50:38.0056 4628 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:50:38.0080 4628 Schedule - ok
13:50:38.0111 4628 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:50:38.0113 4628 SCPolicySvc - ok
13:50:38.0143 4628 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:50:38.0156 4628 SDRSVC - ok
13:50:38.0261 4628 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:50:38.0267 4628 SeaPort - ok
13:50:38.0359 4628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:50:38.0367 4628 secdrv - ok
13:50:38.0399 4628 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:50:38.0406 4628 seclogon - ok
13:50:38.0418 4628 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:50:38.0424 4628 SENS - ok
13:50:38.0444 4628 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:50:38.0451 4628 SensrSvc - ok
13:50:38.0467 4628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:50:38.0472 4628 Serenum - ok
13:50:38.0498 4628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:50:38.0506 4628 Serial - ok
13:50:38.0528 4628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:50:38.0533 4628 sermouse - ok
13:50:38.0579 4628 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:50:38.0585 4628 SessionEnv - ok
13:50:38.0605 4628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:50:38.0610 4628 sffdisk - ok
13:50:38.0630 4628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:50:38.0638 4628 sffp_mmc - ok
13:50:38.0669 4628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:50:38.0674 4628 sffp_sd - ok
13:50:38.0699 4628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:50:38.0703 4628 sfloppy - ok
13:50:38.0772 4628 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:50:38.0782 4628 SharedAccess - ok
13:50:38.0834 4628 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:50:38.0843 4628 ShellHWDetection - ok
13:50:38.0867 4628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:50:38.0872 4628 SiSRaid2 - ok
13:50:38.0907 4628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:50:38.0914 4628 SiSRaid4 - ok
13:50:38.0945 4628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:50:38.0953 4628 Smb - ok
13:50:38.0991 4628 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:50:38.0998 4628 SNMPTRAP - ok
13:50:39.0005 4628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:50:39.0010 4628 spldr - ok
13:50:39.0065 4628 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:50:39.0077 4628 Spooler - ok
13:50:39.0385 4628 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:50:39.0422 4628 sppsvc - ok
13:50:39.0679 4628 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:50:39.0689 4628 sppuinotify - ok
13:50:39.0900 4628 SRTSP (df26fa7825f9cd39fceb3f2f27e813a7) C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS
13:50:39.0947 4628 SRTSP - ok
13:50:39.0959 4628 SRTSPX (a8ade1e0092b8097ddb76c9a6dc5f193) C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS
13:50:39.0977 4628 SRTSPX - ok
13:50:40.0042 4628 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
13:50:40.0067 4628 srv - ok
13:50:40.0116 4628 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
13:50:40.0140 4628 srv2 - ok
13:50:40.0167 4628 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
13:50:40.0178 4628 srvnet - ok
13:50:40.0226 4628 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:50:40.0233 4628 SSDPSRV - ok
13:50:40.0245 4628 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:50:40.0251 4628 SstpSvc - ok
13:50:40.0281 4628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:50:40.0286 4628 stexstor - ok
13:50:40.0372 4628 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:50:40.0387 4628 stisvc - ok
13:50:40.0412 4628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:50:40.0416 4628 swenum - ok
13:50:40.0474 4628 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:50:40.0486 4628 swprv - ok
13:50:40.0595 4628 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS
13:50:40.0631 4628 SymDS - ok
13:50:40.0764 4628 SymEFA (f016d755aadd6a16555809d4b289497e) C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS
13:50:40.0827 4628 SymEFA - ok
13:50:40.0874 4628 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:50:40.0898 4628 SymEvent - ok
13:50:40.0921 4628 SymIRON (321b635a0c0ff48047d37f6f078c5342) C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS
13:50:40.0946 4628 SymIRON - ok
13:50:41.0014 4628 SymNetS (5ea027a364116963e37a281b1949ffd5) C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS
13:50:41.0054 4628 SymNetS - ok
13:50:41.0225 4628 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:50:41.0253 4628 SysMain - ok
13:50:41.0493 4628 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:50:41.0504 4628 TabletInputService - ok
13:50:41.0542 4628 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:50:41.0560 4628 TapiSrv - ok
13:50:41.0579 4628 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:50:41.0585 4628 TBS - ok
13:50:41.0892 4628 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
13:50:41.0967 4628 Tcpip - ok
13:50:42.0453 4628 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
13:50:42.0473 4628 TCPIP6 - ok
13:50:42.0807 4628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:50:42.0815 4628 tcpipreg - ok
13:50:42.0838 4628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:50:42.0845 4628 TDPIPE - ok
13:50:42.0877 4628 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:50:42.0893 4628 TDTCP - ok
13:50:42.0919 4628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:50:42.0927 4628 tdx - ok
13:50:42.0956 4628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:50:42.0962 4628 TermDD - ok
13:50:43.0039 4628 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:50:43.0055 4628 TermService - ok
13:50:43.0067 4628 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:50:43.0072 4628 Themes - ok
13:50:43.0102 4628 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:50:43.0105 4628 THREADORDER - ok
13:50:43.0127 4628 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:50:43.0133 4628 TrkWks - ok
13:50:43.0188 4628 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:50:43.0192 4628 TrustedInstaller - ok
13:50:43.0218 4628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:50:43.0224 4628 tssecsrv - ok
13:50:43.0234 4628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:50:43.0241 4628 TsUsbFlt - ok
13:50:43.0269 4628 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:50:43.0275 4628 TsUsbGD - ok
13:50:43.0306 4628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:50:43.0315 4628 tunnel - ok
13:50:43.0336 4628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:50:43.0342 4628 uagp35 - ok
13:50:43.0377 4628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:50:43.0394 4628 udfs - ok
13:50:43.0433 4628 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:50:43.0441 4628 UI0Detect - ok
13:50:43.0476 4628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:50:43.0482 4628 uliagpkx - ok
13:50:43.0500 4628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:50:43.0506 4628 umbus - ok
13:50:43.0519 4628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:50:43.0523 4628 UmPass - ok
13:50:43.0567 4628 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:50:43.0578 4628 upnphost - ok
13:50:43.0615 4628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:50:43.0637 4628 usbccgp - ok
13:50:43.0679 4628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:50:43.0687 4628 usbcir - ok
13:50:43.0708 4628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:50:43.0724 4628 usbehci - ok
13:50:43.0743 4628 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\drivers\usbfilter.sys
13:50:43.0760 4628 usbfilter - ok
13:50:43.0809 4628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
13:50:43.0845 4628 usbhub - ok
13:50:43.0879 4628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:50:43.0894 4628 usbohci - ok
13:50:43.0910 4628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:50:43.0915 4628 usbprint - ok
13:50:43.0931 4628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:50:43.0950 4628 USBSTOR - ok
13:50:43.0970 4628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:50:43.0985 4628 usbuhci - ok
13:50:44.0013 4628 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:50:44.0018 4628 UxSms - ok
13:50:44.0045 4628 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:44.0048 4628 VaultSvc - ok
13:50:44.0078 4628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:50:44.0084 4628 vdrvroot - ok
13:50:44.0143 4628 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:50:44.0175 4628 vds - ok
13:50:44.0199 4628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:50:44.0205 4628 vga - ok
13:50:44.0214 4628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:50:44.0219 4628 VgaSave - ok
13:50:44.0252 4628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:50:44.0265 4628 vhdmp - ok
13:50:44.0293 4628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:50:44.0298 4628 viaide - ok
13:50:44.0321 4628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:50:44.0328 4628 volmgr - ok
13:50:44.0365 4628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:50:44.0383 4628 volmgrx - ok
13:50:44.0421 4628 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
13:50:44.0450 4628 volsnap - ok
13:50:44.0484 4628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:50:44.0494 4628 vsmraid - ok
13:50:44.0707 4628 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:50:44.0734 4628 VSS - ok
13:50:45.0036 4628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:50:45.0043 4628 vwifibus - ok
13:50:45.0098 4628 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:50:45.0110 4628 W32Time - ok
13:50:45.0146 4628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:50:45.0152 4628 WacomPen - ok
13:50:45.0188 4628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:45.0196 4628 WANARP - ok
13:50:45.0203 4628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:45.0204 4628 Wanarpv6 - ok
13:50:45.0346 4628 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:50:45.0413 4628 wbengine - ok
13:50:45.0674 4628 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:50:45.0687 4628 WbioSrvc - ok
13:50:45.0728 4628 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:50:45.0738 4628 wcncsvc - ok
13:50:45.0758 4628 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:50:45.0766 4628 WcsPlugInService - ok
13:50:45.0873 4628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:50:45.0881 4628 Wd - ok
13:50:45.0957 4628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:50:45.0987 4628 Wdf01000 - ok
13:50:46.0000 4628 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:50:46.0006 4628 WdiServiceHost - ok
13:50:46.0013 4628 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:50:46.0017 4628 WdiSystemHost - ok
13:50:46.0053 4628 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:50:46.0072 4628 WebClient - ok
13:50:46.0099 4628 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:50:46.0107 4628 Wecsvc - ok
13:50:46.0121 4628 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:50:46.0127 4628 wercplsupport - ok
13:50:46.0145 4628 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:50:46.0149 4628 WerSvc - ok
13:50:46.0252 4628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:50:46.0259 4628 WfpLwf - ok
13:50:46.0271 4628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:50:46.0276 4628 WIMMount - ok
13:50:46.0310 4628 WinDefend - ok
13:50:46.0331 4628 WinHttpAutoProxySvc - ok
13:50:46.0478 4628 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:50:46.0486 4628 Winmgmt - ok
13:50:46.0688 4628 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:50:46.0721 4628 WinRM - ok
13:50:47.0045 4628 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:50:47.0064 4628 Wlansvc - ok
13:50:47.0137 4628 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:50:47.0140 4628 wlcrasvc - ok
13:50:47.0377 4628 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:50:47.0410 4628 wlidsvc - ok
13:50:47.0751 4628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:50:47.0757 4628 WmiAcpi - ok
13:50:47.0904 4628 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:50:47.0924 4628 wmiApSrv - ok
13:50:47.0980 4628 WMPNetworkSvc - ok
13:50:48.0011 4628 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:50:48.0018 4628 WPCSvc - ok
13:50:48.0034 4628 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:50:48.0041 4628 WPDBusEnum - ok
13:50:48.0070 4628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:50:48.0075 4628 ws2ifsl - ok
13:50:48.0096 4628 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:50:48.0102 4628 wscsvc - ok
13:50:48.0108 4628 WSearch - ok
13:50:48.0322 4628 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:50:48.0353 4628 wuauserv - ok
13:50:48.0661 4628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:50:48.0675 4628 WudfPf - ok
13:50:48.0734 4628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:50:48.0745 4628 WUDFRd - ok
13:50:48.0777 4628 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:50:48.0784 4628 wudfsvc - ok
13:50:48.0815 4628 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:50:48.0824 4628 WwanSvc - ok
13:50:48.0849 4628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:50:48.0919 4628 \Device\Harddisk0\DR0 - ok
13:50:48.0929 4628 Boot (0x1200) (f8c710a10bdf87e51dcd239c85c1c5c0) \Device\Harddisk0\DR0\Partition0
13:50:48.0934 4628 \Device\Harddisk0\DR0\Partition0 - ok
13:50:48.0972 4628 Boot (0x1200) (e822d2e1ad9efa0c13e04ae2f85ce1ea) \Device\Harddisk0\DR0\Partition1
13:50:48.0974 4628 \Device\Harddisk0\DR0\Partition1 - ok
13:50:49.0013 4628 Boot (0x1200) (c1fa3b04bb407e9d465fafd037bed791) \Device\Harddisk0\DR0\Partition2
13:50:49.0015 4628 \Device\Harddisk0\DR0\Partition2 - ok
13:50:49.0016 4628 ============================================================
13:50:49.0016 4628 Scan finished
13:50:49.0016 4628 ============================================================
13:50:49.0038 4440 Detected object count: 0
13:50:49.0038 4440 Actual detected object count: 0
13:55:34.0077 2384 Deinitialize success

#13 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 07 May 2012 - 07:59 PM

Help. Malwarebytes had detected two threats automatically. I accidentally press ignore. I did a quite scan and it fails to detect both of them. They are Pozeilhet.exe and Ubiq.exe. Help, How do I removed them? How I put them back in the list of threats and have them quarantine.


Alfred DETECTION C:\Users\Alfred\AppData\Local\Temp\Ubiq.exe Trojan.Agent.H ALLOW
2012/05/07 17:32:14 -0700 ALFRED-HP Alfred DETECTION C:\Users\Alfred\AppData\Local\Temp\Ubiq.exe Trojan.Agent.H ALLOW
2012/05/07 17:32:24 -0700 ALFRED-HP Alfred DETECTION C:\Users\Alfred\AppData\Local\Temp\Pozeilhet.exe Trojan.Agent.H ALLOW
2012/05/07 17:32:32 -0700 ALFRED-HP Alfred DETECTION C:\Users\Alfred\AppData\Local\Temp\Pozeilhet.exe Trojan.Agent.H ALLOW

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 08 May 2012 - 08:11 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 14 May 2012 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users