Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot install Chrome after computer was hijacked


  • Please log in to reply
3 replies to this topic

#1 the19trier

the19trier

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 22 July 2012 - 10:37 AM

A few days ago, my computer was suddenly shut down, and after I restarted it, IE automatically popped out and my chrome and firefox disappeared.

The IE consumes lots of resources and cause the pc non-responding all the time. I tried to use Toolwiz care, Ibit and then I found this forum and used Malwarebytes. Below are the logs. Now Malwarebytes says everything is ok. But I still cannot install chrome. What can I do? Thanks.

MiniToolBox by Farbar Version: 15-07-2012
Ran by Stephen (administrator) on 22-07-2012 at 10:01:43
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
------ 屏蔽迅雷看看广告 ------
0.0.0.0 211.94.190.80
0.0.0.0 211.94.190.80
0.0.0.0 adsresult.joywell.com.cn
0.0.0.0 server1.adpolestar.net

0.0.0.0 server1.adpolestar.net
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com

========================= IP Configuration: ================================

Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Stephen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : E8-39-DF-25-67-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : E8-39-DF-25-67-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c86:64aa:21e1:9212%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 22, 2012 9:33:13 AM
Lease Expires . . . . . . . . . . : Sunday, July 22, 2012 11:03:13 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 350763487
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FE-0C-D3-00-26-6C-58-3E-8B
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-26-6C-58-3E-8B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.puc.cl:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.ing.puc.cl:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2800:3f0:4002:800::1000
173.194.74.102
173.194.74.113
173.194.74.139
173.194.74.138
173.194.74.101
173.194.74.100


Pinging google.com [173.194.74.100] with 32 bytes of data:
Reply from 173.194.74.100: bytes=32 time=973ms TTL=43
Reply from 173.194.74.100: bytes=32 time=1296ms TTL=42

Ping statistics for 173.194.74.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 973ms, Maximum = 1296ms, Average = 1134ms
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=1697ms TTL=45
Reply from 98.139.183.24: bytes=32 time=1317ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1317ms, Maximum = 1697ms, Average = 1507ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...e8 39 df 25 67 b2 ......Microsoft Virtual WiFi Miniport Adapter
14...e8 39 df 25 67 b2 ......Broadcom 802.11n Network Adapter
11...00 26 6c 58 3e 8b ......Atheros AR8151 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.20 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.20 281
192.168.0.20 255.255.255.255 On-link 192.168.0.20 281
192.168.0.255 255.255.255.255 On-link 192.168.0.20 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.20 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.20 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 281 fe80::/64 On-link
14 281 fe80::c86:64aa:21e1:9212/128
On-link
1 306 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2012 09:25:37 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:25:37 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:25:37 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:25:05 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:25:05 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:25:05 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:24:33 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:24:33 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/22/2012 09:24:33 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (07/17/2012 03:55:49 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)


System errors:
=============
Error: (07/22/2012 09:25:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).

Error: (07/22/2012 09:25:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218174.

Error: (07/22/2012 09:25:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/22/2012 09:25:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218174.

Error: (07/22/2012 09:24:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/22/2012 09:24:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218174.

Error: (07/17/2012 03:55:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 63 time(s).

Error: (07/17/2012 03:55:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218174.

Error: (07/17/2012 03:55:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 62 time(s).

Error: (07/17/2012 03:55:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218174.


Microsoft Office Sessions:
=========================
Error: (09/28/2011 03:38:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:38:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:38:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:38:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:38:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:38:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:38:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:38:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:37:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/28/2011 03:37:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 7.2.4)
Adobe Acrobat X Pro - English, Fran鏰is, Deutsch (Version: 10.1.3)
Adobe Digital Editions
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe SVG Viewer 3.0 (Version: 3.0)
Advanced SystemCare 5 (Version: 5.3.0)
AI Solver Studio (Version: 1.0.0)
Apple Software Update (Version: 2.1.2.120)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.26)
Broadcom 802.11 Network Adapter (Version: 5.60.48.35)
calibre (Version: 0.8.58)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Copistar (Version: 1.505 Trial)
Copistar (Version: 1.542 Trial)
D3DX10 (Version: 15.4.2368.0902)
Dropbox (Version: 1.4.7)
eMule
EndNote X4 (Version: 14.0.0.4845)
FlashGet 1.9.6.1073 (Version: 1.9.6.1073)
Foxit Creator (Version: 3,0,2,0506)
Foxit Reader (Version: 4.1.1.805)
FreeApps (Version: 1.3.1)
GANetXL (Version: 1.0.4.0)
Google Chrome (Version: 19.0.1084.56)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Talk (remove only)
Google Talk Plugin (Version: 2.9.10.7526)
Google Talk Plugin (Version: 3.1.4.8140)
Google Update Helper (Version: 1.3.21.115)
IBM SPSS Statistics 19 (Version: 19.0.0)
Intel® Management Engine Components (Version: 6.0.0.1179)
IObit Malware Fighter (Version: 1.0)
iTunes (Version: 10.2.2.14)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 26 (64-bit) (Version: 6.0.260)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Kernel EML Viewer ver 11.05.01
KMPlayer V2.9.4.1437 安装版 (Version: V2.9.4.1437 安装版)
Lingoes 2.8.1 (Version: 2.8.1)
MathType 6 (Version: 6.6)
MATLAB R2012a (Version: 7.14)
McAfee Agent (Version: 4.0.0.1496)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee VirusScan Enterprise (Version: 8.7.00004)
Mendeley Desktop 1.1.3 (Version: 1.1.3)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Reader
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox (3.6.18) (Version: 3.6.18 (en-US))
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
Nitro Reader 2 (Version: 2.3.1.7)
Norton PC Checkup (Version: 3.0.2.90.0)
Office Tab Professional (64-bit) (Version: 7.00)
OpenAL
OptWorks (remove only)
Pandora Service
PASW Statistics 18 (Version: 18.0.0)
Picasa 3 (Version: 3.8)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickTime (Version: 7.69.80.9)
Readon TV Movie Radio Player 7.5.0.0 (Version: 7.5.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
ResearchSoft Direct Export Helper
Roozz plugin 2.8.16
Rosetta Stone Version 3 (Version: 3.4.7.0)
Skype Click to Call (Version: 6.1.10441)
Skype? 5.9 (Version: 5.9.123)
Smart Defrag 2 (Version: 2.1)
SmartDraw VP
SopCast 3.2.9 (Version: 3.2.9)
SPSS 14.0 for Windows Evaluation Version (Version: 14.0.0)
StormPlayer
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
The KMPlayer (remove only)
Toolwiz Care (Version: 1.0.0.2100)
Toshiba Laptop Checkup (Version: 2.0.3.198)
TOSHIBA Media Controller (Version: 1.0.80.5.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
Tropico 3 1.00 (Version: 1.00)
Tropico 4 1.00 (Version: 1.00)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WebQQ视频插件
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinMount V3.4.1020 (Version: 3.4.1020)
WinRAR archiver
腾讯QQ2012 (Version: 1.75.2991.0)
迅雷7

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3894.85 MB
Available physical RAM: 1675.59 MB
Total Pagefile: 7787.85 MB
Available Pagefile: 5154.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:464.29 GB) (Free:8.69 GB) NTFS

========================= Users: ========================================

User accounts for \\STEPHEN-PC

Administrator Guest Stephen


**** End of log ****




Farbar Service Scanner Version: 19-07-2012
Ran by Stephen (administrator) on 22-07-2012 at 10:05:37
Running from "C:\Users\Stephen\Downloads"
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Demand
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-20 23:06] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 13:30] - [2012-05-09 13:30] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 15:23] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Stephen :: STEPHEN-PC [administrator]

Protection: Enabled

7/22/2012 10:12:58 AM
mbam-log-2012-07-22 (10-12-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203221
Time elapsed: 16 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31A0D938-3055-46BA-8919-59E44E0D7E51} (Adware.Torang) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31A0D938-3055-46BA-8919-59E44E0D7E51} (Adware.Torang) -> Quarantined and deleted successfully.
HKCR\thunder (Trojan.Agent) -> Delete on reboot.
HKCU\SOFTWARE\bisoft (Worm.Bagle) -> Quarantined and deleted successfully.
HKCU\Software\sistemanet (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCR\batfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\ProgramData\1CfESutaalCb.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\ProgramData\7KFjQXKu8ch.cpl (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\cjV34iCv.cpl (Trojan.Banker) -> Quarantined and deleted successfully.
C:\ProgramData\Lg4UcFQF.cpl (Trojan.BanLoad) -> Quarantined and deleted successfully.
C:\ProgramData\SeuxtbV\AbvesgJ\QiolisC.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Stephen\Documents\Downloads\UUSEE_9v_Setup_30469.exe (PUP.Uusee) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:57 PM

Posted 22 July 2012 - 11:13 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 the19trier

the19trier
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 24 July 2012 - 08:44 PM

Thank you. See below:

21:27:14.0947 10000 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012

13:16:32
21:27:15.0435 10000

============================================================
21:27:15.0435 10000 Current date / time: 2012/07/24 21:27:15.0435
21:27:15.0435 10000 SystemInfo:
21:27:15.0435 10000
21:27:15.0435 10000 OS Version: 6.1.7600 ServicePack: 0.0
21:27:15.0435 10000 Product type: Workstation
21:27:15.0435 10000 ComputerName: STEPHEN-PC
21:27:15.0435 10000 UserName: Stephen
21:27:15.0435 10000 Windows directory: C:\Windows
21:27:15.0435 10000 System windows directory: C:\Windows
21:27:15.0435 10000 Running under WOW64
21:27:15.0435 10000 Processor architecture: Intel x64
21:27:15.0435 10000 Number of processors: 4
21:27:15.0435 10000 Page size: 0x1000
21:27:15.0435 10000 Boot type: Normal boot
21:27:15.0435 10000

============================================================
21:27:18.0299 10000 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000

(465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:18.0306 10000

============================================================
21:27:18.0306 10000 \Device\Harddisk0\DR0:
21:27:18.0306 10000 MBR partitions:
21:27:18.0306 10000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7,

StartLBA 0x2EE800, BlocksNum 0x3A097030
21:27:18.0306 10000

============================================================
21:27:18.0336 10000 C: <-> \Device\Harddisk0\DR0\Partition0
21:27:18.0337 10000

============================================================
21:27:18.0337 10000 Initialize success
21:27:18.0337 10000

============================================================
21:27:31.0533 8572

============================================================
21:27:31.0533 8572 Scan started
21:27:31.0533 8572 Mode: Manual;
21:27:31.0533 8572

============================================================
21:27:32.0941 8572 1394ohci (1b00662092f9f9568b995902f0cc40d5)

C:\Windows\system32\DRIVERS\1394ohci.sys
21:27:32.0955 8572 1394ohci - ok
21:27:32.0991 8572 ACPI (6f11e88748cdefd2f76aa215f97ddfe5)

C:\Windows\system32\DRIVERS\ACPI.sys
21:27:33.0015 8572 ACPI - ok
21:27:33.0029 8572 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254)

C:\Windows\system32\DRIVERS\acpipmi.sys
21:27:33.0033 8572 AcpiPmi - ok
21:27:33.0346 8572 AdobeFlashPlayerUpdateSvc

(5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
21:27:33.0348 8572 AdobeFlashPlayerUpdateSvc - ok
21:27:33.0401 8572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4)

C:\Windows\system32\DRIVERS\adp94xx.sys
21:27:33.0431 8572 adp94xx - ok
21:27:33.0463 8572 adpahci (597f78224ee9224ea1a13d6350ced962)

C:\Windows\system32\DRIVERS\adpahci.sys
21:27:33.0532 8572 adpahci - ok
21:27:33.0620 8572 adpu320 (e109549c90f62fb570b9540c4b148e54)

C:\Windows\system32\DRIVERS\adpu320.sys
21:27:33.0641 8572 adpu320 - ok
21:27:33.0792 8572 AdvancedSystemCareService5

(b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced

SystemCare 5\ASCService.exe
21:27:33.0797 8572 AdvancedSystemCareService5 - ok
21:27:33.0825 8572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61)

C:\Windows\System32\aelupsvc.dll
21:27:33.0826 8572 AeLookupSvc - ok
21:27:34.0445 8572 AFD (db9d6c6b2cd95a9ca414d045b627422e)

C:\Windows\system32\drivers\afd.sys
21:27:34.0526 8572 AFD - ok
21:27:34.0555 8572 agp440 (608c14dba7299d8cb6ed035a68a15799)

C:\Windows\system32\DRIVERS\agp440.sys
21:27:34.0561 8572 agp440 - ok
21:27:34.0585 8572 ALG (3290d6946b5e30e70414990574883ddb)

C:\Windows\System32\alg.exe
21:27:34.0591 8572 ALG - ok
21:27:34.0606 8572 aliide (5812713a477a3ad7363c7438ca2ee038)

C:\Windows\system32\DRIVERS\aliide.sys
21:27:34.0612 8572 aliide - ok
21:27:34.0622 8572 amdide (1ff8b4431c353ce385c875f194924c0c)

C:\Windows\system32\DRIVERS\amdide.sys
21:27:34.0626 8572 amdide - ok
21:27:34.0637 8572 AmdK8 (7024f087cff1833a806193ef9d22cda9)

C:\Windows\system32\DRIVERS\amdk8.sys
21:27:34.0641 8572 AmdK8 - ok
21:27:34.0653 8572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217)

C:\Windows\system32\DRIVERS\amdppm.sys
21:27:34.0658 8572 AmdPPM - ok
21:27:34.0689 8572 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9)

C:\Windows\system32\drivers\amdsata.sys
21:27:34.0756 8572 amdsata - ok
21:27:34.0783 8572 amdsbs (f67f933e79241ed32ff46a4f29b5120b)

C:\Windows\system32\DRIVERS\amdsbs.sys
21:27:34.0791 8572 amdsbs - ok
21:27:34.0807 8572 amdxata (db27766102c7bf7e95140a2aa81d042e)

C:\Windows\system32\drivers\amdxata.sys
21:27:34.0871 8572 amdxata - ok
21:27:34.0874 8572 aos21qrl - ok
21:27:34.0888 8572 AppID (42fd751b27fa0e9c69bb39f39e409594)

C:\Windows\system32\drivers\appid.sys
21:27:34.0894 8572 AppID - ok
21:27:34.0914 8572 AppIDSvc (0bc381a15355a3982216f7172f545de1)

C:\Windows\System32\appidsvc.dll
21:27:34.0919 8572 AppIDSvc - ok
21:27:34.0932 8572 Appinfo (d065be66822847b7f127d1f90158376e)

C:\Windows\System32\appinfo.dll
21:27:34.0937 8572 Appinfo - ok
21:27:34.0962 8572 AppMgmt (4aba3e75a76195a3e38ed2766c962899)

C:\Windows\System32\appmgmts.dll
21:27:34.0978 8572 AppMgmt - ok
21:27:34.0999 8572 arc (c484f8ceb1717c540242531db7845c4e)

C:\Windows\system32\DRIVERS\arc.sys
21:27:35.0004 8572 arc - ok
21:27:35.0022 8572 arcsas (019af6924aefe7839f61c830227fe79c)

C:\Windows\system32\DRIVERS\arcsas.sys
21:27:35.0030 8572 arcsas - ok
21:27:35.0050 8572 AsyncMac (769765ce2cc62867468cea93969b2242)

C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:35.0056 8572 AsyncMac - ok
21:27:35.0066 8572 atapi (02062c0b390b7729edc9e69c680a6f3c)

C:\Windows\system32\DRIVERS\atapi.sys
21:27:35.0066 8572 atapi - ok
21:27:35.0121 8572 AudioEndpointBuilder

(07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:27:35.0161 8572 AudioEndpointBuilder - ok
21:27:35.0179 8572 AudioSrv (07721a77180edd4d39ccb865bf63c7fd)

C:\Windows\System32\Audiosrv.dll
21:27:35.0182 8572 AudioSrv - ok
21:27:35.0198 8572 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32)

C:\Windows\System32\AxInstSV.dll
21:27:35.0204 8572 AxInstSV - ok
21:27:35.0247 8572 b06bdrv (3e5b191307609f7514148c6832bb0842)

C:\Windows\system32\DRIVERS\bxvbda.sys
21:27:35.0269 8572 b06bdrv - ok
21:27:35.0294 8572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2)

C:\Windows\system32\DRIVERS\b57nd60a.sys
21:27:35.0311 8572 b57nd60a - ok
21:27:35.0498 8572 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7)

C:\Windows\system32\DRIVERS\bcmwl664.sys
21:27:35.0636 8572 BCM43XX - ok
21:27:35.0737 8572 BDESVC (fde360167101b4e45a96f939f388aeb0)

C:\Windows\System32\bdesvc.dll
21:27:35.0742 8572 BDESVC - ok
21:27:35.0776 8572 Beep (16a47ce2decc9b099349a5f840654746)

C:\Windows\system32\drivers\Beep.sys
21:27:35.0783 8572 Beep - ok
21:27:35.0841 8572 BFE (4992c609a6315671463e30f6512bc022)

C:\Windows\System32\bfe.dll
21:27:35.0877 8572 BFE - ok
21:27:35.0924 8572 BITS (7f0c323fe3da28aa4aa1bda3f575707f)

C:\Windows\System32\qmgr.dll
21:27:36.0013 8572 BITS - ok
21:27:36.0055 8572 blbdrive (61583ee3c3a17003c4acd0475646b4d3)

C:\Windows\system32\DRIVERS\blbdrive.sys
21:27:36.0062 8572 blbdrive - ok
21:27:36.0116 8572 bowser (19d20159708e152267e53b66677a4995)

C:\Windows\system32\DRIVERS\bowser.sys
21:27:36.0189 8572 bowser - ok
21:27:36.0210 8572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8)

C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:27:36.0215 8572 BrFiltLo - ok
21:27:36.0229 8572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6)

C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:27:36.0234 8572 BrFiltUp - ok
21:27:36.0267 8572 Browser (94fbc06f294d58d02361918418f996e3)

C:\Windows\System32\browser.dll
21:27:36.0276 8572 Browser - ok
21:27:36.0298 8572 Brserid (43bea8d483bf1870f018e2d02e06a5bd)

C:\Windows\System32\Drivers\Brserid.sys
21:27:36.0318 8572 Brserid - ok
21:27:36.0331 8572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42)

C:\Windows\System32\Drivers\BrSerWdm.sys
21:27:36.0337 8572 BrSerWdm - ok
21:27:36.0351 8572 BrUsbMdm (b79968002c277e869cf38bd22cd61524)

C:\Windows\System32\Drivers\BrUsbMdm.sys
21:27:36.0357 8572 BrUsbMdm - ok
21:27:36.0372 8572 BrUsbSer (a87528880231c54e75ea7a44943b38bf)

C:\Windows\System32\Drivers\BrUsbSer.sys
21:27:36.0376 8572 BrUsbSer - ok
21:27:36.0396 8572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8)

C:\Windows\system32\DRIVERS\bthmodem.sys
21:27:36.0400 8572 BTHMODEM - ok
21:27:36.0421 8572 bthserv (95f9c2976059462cbbf227f7aab10de9)

C:\Windows\system32\bthserv.dll
21:27:36.0426 8572 bthserv - ok
21:27:36.0491 8572 BTOWSFF (68873928bff66faa0a66377e45c8658c)

C:\Windows\System32\Drivers\BTOWSFF.sys
21:27:36.0574 8572 BTOWSFF - ok
21:27:36.0595 8572 BTOWSVF (c0b599b9c9d85d2a0d6c0e7e34ad7065)

C:\Windows\system32\Drivers\BTOWSVF.sys
21:27:36.0646 8572 BTOWSVF - ok
21:27:36.0697 8572 cdfs (b8bd2bb284668c84865658c77574381a)

C:\Windows\system32\DRIVERS\cdfs.sys
21:27:36.0703 8572 cdfs - ok
21:27:36.0740 8572 cdrom (83d2d75e1efb81b3450c18131443f7db)

C:\Windows\system32\DRIVERS\cdrom.sys
21:27:36.0745 8572 cdrom - ok
21:27:36.0770 8572 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f)

C:\Windows\System32\certprop.dll
21:27:36.0776 8572 CertPropSvc - ok
21:27:36.0797 8572 circlass (d7cd5c4e1b71fa62050515314cfb52cf)

C:\Windows\system32\DRIVERS\circlass.sys
21:27:36.0802 8572 circlass - ok
21:27:36.0834 8572 CLFS (fe1ec06f2253f691fe36217c592a0206)

C:\Windows\system32\CLFS.sys
21:27:36.0859 8572 CLFS - ok
21:27:36.0935 8572 clr_optimization_v2.0.50727_32

(d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework

\v2.0.50727\mscorsvw.exe
21:27:36.0941 8572 clr_optimization_v2.0.50727_32 - ok
21:27:36.0981 8572 clr_optimization_v2.0.50727_64

(d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET

\Framework64\v2.0.50727\mscorsvw.exe
21:27:36.0987 8572 clr_optimization_v2.0.50727_64 - ok
21:27:37.0097 8572 clr_optimization_v4.0.30319_32

(c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe
21:27:37.0100 8572 clr_optimization_v4.0.30319_32 - ok
21:27:37.0140 8572 clr_optimization_v4.0.30319_64

(c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe
21:27:37.0144 8572 clr_optimization_v4.0.30319_64 - ok
21:27:37.0173 8572 CmBatt (0840155d0bddf1190f84a663c284bd33)

C:\Windows\system32\DRIVERS\CmBatt.sys
21:27:37.0178 8572 CmBatt - ok
21:27:37.0197 8572 cmdide (e19d3f095812725d88f9001985b94edd)

C:\Windows\system32\DRIVERS\cmdide.sys
21:27:37.0202 8572 cmdide - ok
21:27:37.0286 8572 CNG (ca7720b73446fddec5c69519c1174c98)

C:\Windows\system32\Drivers\cng.sys
21:27:37.0339 8572 CNG - ok
21:27:37.0356 8572 Compbatt (102de219c3f61415f964c88e9085ad14)

C:\Windows\system32\DRIVERS\compbatt.sys
21:27:37.0362 8572 Compbatt - ok
21:27:37.0372 8572 CompositeBus (f26b3a86f6fa87ca360b879581ab4123)

C:\Windows\system32\DRIVERS\CompositeBus.sys
21:27:37.0376 8572 CompositeBus - ok
21:27:37.0382 8572 COMSysApp - ok
21:27:37.0394 8572 crcdisk (1c827878a998c18847245fe1f34ee597)

C:\Windows\system32\DRIVERS\crcdisk.sys
21:27:37.0397 8572 crcdisk - ok
21:27:37.0442 8572 CryptSvc (f02786b66375292e58c8777082d4396d)

C:\Windows\system32\cryptsvc.dll
21:27:37.0499 8572 CryptSvc - ok
21:27:37.0535 8572 CSC (4a6173c2279b498cd8f57cae504564cb)

C:\Windows\system32\drivers\csc.sys
21:27:37.0557 8572 CSC - ok
21:27:37.0615 8572 CscService (873fbf927c06e5cee04dec617502f8fd)

C:\Windows\System32\cscsvc.dll
21:27:37.0636 8572 CscService - ok
21:27:37.0705 8572 DcomLaunch (7266972e86890e2b30c0c322e906b027)

C:\Windows\system32\rpcss.dll
21:27:37.0726 8572 DcomLaunch - ok
21:27:37.0756 8572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d)

C:\Windows\System32\defragsvc.dll
21:27:37.0781 8572 defragsvc - ok
21:27:38.0030 8572 DfsC (9c253ce7311ca60fc11c774692a13208)

C:\Windows\system32\Drivers\dfsc.sys
21:27:38.0102 8572 DfsC - ok
21:27:38.0159 8572 Dhcp (ce3b9562d997f69b330d181a8875960f)

C:\Windows\system32\dhcpcore.dll
21:27:38.0183 8572 Dhcp - ok
21:27:38.0206 8572 discache (13096b05847ec78f0977f2c0f79e9ab3)

C:\Windows\system32\drivers\discache.sys
21:27:38.0210 8572 discache - ok
21:27:38.0273 8572 Disk (9819eee8b5ea3784ec4af3b137a5244c)

C:\Windows\system32\DRIVERS\disk.sys
21:27:38.0281 8572 Disk - ok
21:27:38.0568 8572 Dnscache (85cf424c74a1d5ec33533e1dbff9920a)

C:\Windows\System32\dnsrslvr.dll
21:27:38.0631 8572 Dnscache - ok
21:27:38.0662 8572 dot3svc (14452acdb09b70964c8c21bf80a13acb)

C:\Windows\System32\dot3svc.dll
21:27:38.0679 8572 dot3svc - ok
21:27:38.0728 8572 DPS (8c2ba6bea949ee6e68385f5692bafb94)

C:\Windows\system32\dps.dll
21:27:38.0737 8572 DPS - ok
21:27:38.0759 8572 drmkaud (9b19f34400d24df84c858a421c205754)

C:\Windows\system32\drivers\drmkaud.sys
21:27:38.0768 8572 drmkaud - ok
21:27:38.0860 8572 DXGKrnl (1633b9abf52784a1331476397a48cbef)

C:\Windows\System32\drivers\dxgkrnl.sys
21:27:38.0964 8572 DXGKrnl - ok
21:27:39.0127 8572 EapHost (e2dda8726da9cb5b2c4000c9018a9633)

C:\Windows\System32\eapsvc.dll
21:27:39.0147 8572 EapHost - ok
21:27:45.0864 8572 ebdrv (dc5d737f51be844d8c82c695eb17372f)

C:\Windows\system32\DRIVERS\evbda.sys
21:27:46.0490 8572 ebdrv - ok
21:27:47.0395 8572 EFS (156f6159457d0aa7e59b62681b56eb90)

C:\Windows\System32\lsass.exe
21:27:47.0482 8572 EFS - ok
21:27:48.0008 8572 ehRecvr (47c071994c3f649f23d9cd075ac9304a)

C:\Windows\ehome\ehRecvr.exe
21:27:48.0130 8572 ehRecvr - ok
21:27:48.0303 8572 ehSched (4705e8ef9934482c5bb488ce28afc681)

C:\Windows\ehome\ehsched.exe
21:27:48.0392 8572 ehSched - ok
21:27:48.0620 8572 elxstor (0e5da5369a0fcaea12456dd852545184)

C:\Windows\system32\DRIVERS\elxstor.sys
21:27:48.0645 8572 elxstor - ok
21:27:48.0673 8572 ErrDev (34a3c54752046e79a126e15c51db409b)

C:\Windows\system32\DRIVERS\errdev.sys
21:27:48.0678 8572 ErrDev - ok
21:27:48.0852 8572 EventSystem (4166f82be4d24938977dd1746be9b8a0)

C:\Windows\system32\es.dll
21:27:48.0868 8572 EventSystem - ok
21:27:48.0987 8572 exfat (a510c654ec00c1e9bdd91eeb3a59823b)

C:\Windows\system32\drivers\exfat.sys
21:27:49.0044 8572 exfat - ok
21:27:49.0130 8572 fastfat (0adc83218b66a6db380c330836f3e36d)

C:\Windows\system32\drivers\fastfat.sys
21:27:49.0141 8572 fastfat - ok
21:27:49.0223 8572 Fax (d607b2f1bee3992aa6c2c92c0a2f0855)

C:\Windows\system32\fxssvc.exe
21:27:49.0305 8572 Fax - ok
21:27:49.0350 8572 fdc (d765d19cd8ef61f650c384f62fac00ab)

C:\Windows\system32\DRIVERS\fdc.sys
21:27:49.0355 8572 fdc - ok
21:27:49.0369 8572 fdPHost (0438cab2e03f4fb61455a7956026fe86)

C:\Windows\system32\fdPHost.dll
21:27:49.0375 8572 fdPHost - ok
21:27:49.0395 8572 FDResPub (802496cb59a30349f9a6dd22d6947644)

C:\Windows\system32\fdrespub.dll
21:27:49.0400 8572 FDResPub - ok
21:27:49.0455 8572 FileInfo (655661be46b5f5f3fd454e2c3095b930)

C:\Windows\system32\drivers\fileinfo.sys
21:27:49.0459 8572 FileInfo - ok
21:27:49.0626 8572 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8)

C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers

\win7_amd64\FileMonitor.sys
21:27:49.0785 8572 FileMonitor - ok
21:27:49.0808 8572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47)

C:\Windows\system32\drivers\filetrace.sys
21:27:49.0813 8572 Filetrace - ok
21:27:49.0957 8572 FLEXnet Licensing Service

(bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files

\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:27:50.0064 8572 FLEXnet Licensing Service - ok
21:27:50.0085 8572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5)

C:\Windows\system32\DRIVERS\flpydisk.sys
21:27:50.0090 8572 flpydisk - ok
21:27:50.0128 8572 FltMgr (f7866af72abbaf84b1fa5aa195378c59)

C:\Windows\system32\drivers\fltmgr.sys
21:27:50.0148 8572 FltMgr - ok
21:27:50.0386 8572 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051)

C:\Windows\system32\FntCache.dll
21:27:50.0468 8572 FontCache - ok
21:27:50.0622 8572 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a)

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:27:50.0650 8572 FontCache3.0.0.0 - ok
21:27:50.0734 8572 FsDepends (d43703496149971890703b4b1b723eac)

C:\Windows\system32\drivers\FsDepends.sys
21:27:50.0748 8572 FsDepends - ok
21:27:50.0868 8572 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064)

C:\Windows\system32\drivers\Fs_Rec.sys
21:27:50.0987 8572 Fs_Rec - ok
21:27:51.0079 8572 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed)

C:\Windows\system32\DRIVERS\fvevol.sys
21:27:51.0176 8572 fvevol - ok
21:27:51.0198 8572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6)

C:\Windows\system32\DRIVERS\gagp30kx.sys
21:27:51.0206 8572 gagp30kx - ok
21:27:51.0211 8572 GbpKm - ok
21:27:51.0353 8572 GbpSv (3f533397532aadf1e8c957bd4e18260f)

C:\PROGRA~2\GbPlugin\GbpSv.exe
21:27:51.0354 8572 GbpSv - ok
21:27:51.0458 8572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311)

C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:27:51.0530 8572 GEARAspiWDM - ok
21:27:51.0658 8572 GoogleDesktopManager-051210-111108

(9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files (x86)\Google\Google

Desktop Search\GoogleDesktop.exe
21:27:51.0659 8572 GoogleDesktopManager-051210-111108 - ok
21:27:51.0710 8572 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b)

C:\Windows\System32\gpsvc.dll
21:27:51.0714 8572 gpsvc - ok
21:27:51.0719 8572 gupdate - ok
21:27:51.0725 8572 gupdatem - ok
21:27:51.0730 8572 gusvc - ok
21:27:51.0785 8572 hcw85cir (f2523ef6460fc42405b12248338ab2f0)

C:\Windows\system32\drivers\hcw85cir.sys
21:27:51.0789 8572 hcw85cir - ok
21:27:51.0860 8572 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12)

C:\Windows\system32\drivers\HdAudio.sys
21:27:51.0879 8572 HdAudAddService - ok
21:27:51.0894 8572 HDAudBus (0a49913402747a0b67de940fb42cbdbb)

C:\Windows\system32\DRIVERS\HDAudBus.sys
21:27:51.0901 8572 HDAudBus - ok
21:27:51.0921 8572 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af)

C:\Windows\system32\DRIVERS\HECIx64.sys
21:27:51.0999 8572 HECIx64 - ok
21:27:52.0025 8572 HidBatt (78e86380454a7b10a5eb255dc44a355f)

C:\Windows\system32\DRIVERS\HidBatt.sys
21:27:52.0031 8572 HidBatt - ok
21:27:52.0045 8572 HidBth (7fd2a313f7afe5c4dab14798c48dd104)

C:\Windows\system32\DRIVERS\hidbth.sys
21:27:52.0051 8572 HidBth - ok
21:27:52.0063 8572 HidIr (0a77d29f311b88cfae3b13f9c1a73825)

C:\Windows\system32\DRIVERS\hidir.sys
21:27:52.0067 8572 HidIr - ok
21:27:52.0096 8572 hidserv (bd9eb3958f213f96b97b1d897dee006d)

C:\Windows\system32\hidserv.dll
21:27:52.0102 8572 hidserv - ok
21:27:52.0120 8572 HidUsb (b3bf6b5b50006def50b66306d99fcf6f)

C:\Windows\system32\DRIVERS\hidusb.sys
21:27:52.0125 8572 HidUsb - ok
21:27:52.0141 8572 hkmsvc (efa58ede58dd74388ffd04cb32681518)

C:\Windows\system32\kmsvc.dll
21:27:52.0149 8572 hkmsvc - ok
21:27:52.0170 8572 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8)

C:\Windows\system32\ListSvc.dll
21:27:52.0184 8572 HomeGroupListener - ok
21:27:52.0210 8572 HomeGroupProvider (06a7422224d9865a5613710a089987df)

C:\Windows\system32\provsvc.dll
21:27:52.0229 8572 HomeGroupProvider - ok
21:27:52.0256 8572 HpSAMD (0886d440058f203eba0e1825e4355914)

C:\Windows\system32\DRIVERS\HpSAMD.sys
21:27:52.0261 8572 HpSAMD - ok
21:27:52.0320 8572 HTTP (cee049cac4efa7f4e1e4ad014414a5d4)

C:\Windows\system32\drivers\HTTP.sys
21:27:52.0355 8572 HTTP - ok
21:27:52.0366 8572 hwpolicy (f17766a19145f111856378df337a5d79)

C:\Windows\system32\drivers\hwpolicy.sys
21:27:52.0371 8572 hwpolicy - ok
21:27:52.0388 8572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3)

C:\Windows\system32\DRIVERS\i8042prt.sys
21:27:52.0395 8572 i8042prt - ok
21:27:52.0439 8572 iaStorV (b75e45c564e944a2657167d197ab29da)

C:\Windows\system32\drivers\iaStorV.sys
21:27:52.0529 8572 iaStorV - ok
21:27:52.0644 8572 idsvc (2f2be70d3e02b6fa877921ab9516d43c)

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation

\infocard.exe
21:27:52.0699 8572 idsvc - ok
21:27:53.0639 8572 igfx (2a22ab054f4630d2ef4bab2853f6d5f6)

C:\Windows\system32\DRIVERS\igdkmd64.sys
21:27:54.0446 8572 igfx - ok
21:27:54.0546 8572 iirsp (5c18831c61933628f5bb0ea2675b9d21)

C:\Windows\system32\DRIVERS\iirsp.sys
21:27:54.0555 8572 iirsp - ok
21:27:54.0619 8572 IKEEXT (c5b4683680df085b57bc53e5ef34861f)

C:\Windows\System32\ikeext.dll
21:27:54.0653 8572 IKEEXT - ok
21:27:54.0783 8572 IMFservice (8ae99ebe30e8338907361018d9030835)

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
21:27:54.0788 8572 IMFservice - ok
21:27:54.0982 8572 intelide (f00f20e70c6ec3aa366910083a0518aa)

C:\Windows\system32\DRIVERS\intelide.sys
21:27:54.0986 8572 intelide - ok
21:27:55.0002 8572 intelppm (ada036632c664caa754079041cf1f8c1)

C:\Windows\system32\DRIVERS\intelppm.sys
21:27:55.0009 8572 intelppm - ok
21:27:55.0034 8572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b)

C:\Windows\system32\ipbusenum.dll
21:27:55.0037 8572 IPBusEnum - ok
21:27:55.0055 8572 IpFilterDriver (722dd294df62483cecaae6e094b4d695)

C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:55.0060 8572 IpFilterDriver - ok
21:27:55.0103 8572 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5)

C:\Windows\System32\iphlpsvc.dll
21:27:55.0131 8572 iphlpsvc - ok
21:27:55.0150 8572 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5)

C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:27:55.0157 8572 IPMIDRV - ok
21:27:55.0175 8572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0)

C:\Windows\system32\drivers\ipnat.sys
21:27:55.0182 8572 IPNAT - ok
21:27:55.0393 8572 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de)

C:\Program Files\iPod\bin\iPodService.exe
21:27:55.0454 8572 iPod Service - ok
21:27:55.0575 8572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9)

C:\Windows\system32\drivers\irenum.sys
21:27:55.0579 8572 IRENUM - ok
21:27:55.0634 8572 isapnp (2f7b28dc3e1183e5eb418df55c204f38)

C:\Windows\system32\DRIVERS\isapnp.sys
21:27:55.0658 8572 isapnp - ok
21:27:55.0843 8572 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1)

C:\Windows\system32\DRIVERS\msiscsi.sys
21:27:55.0884 8572 iScsiPrt - ok
21:27:56.0076 8572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5)

C:\Windows\system32\DRIVERS\kbdclass.sys
21:27:56.0083 8572 kbdclass - ok
21:27:56.0129 8572 kbdhid (6def98f8541e1b5dceb2c822a11f7323)

C:\Windows\system32\DRIVERS\kbdhid.sys
21:27:56.0135 8572 kbdhid - ok
21:27:57.0638 8572 KDisk Update Service

(1384024461e9afd2ef124e5b81922581) C:\Program Files (x86)\kdisk.co.kr\Kdisk

(normal)\KAutoUp.exe
21:27:57.0736 8572 KDisk Update Service - ok
21:27:57.0871 8572 KeyIso (156f6159457d0aa7e59b62681b56eb90)

C:\Windows\system32\lsass.exe
21:27:57.0872 8572 KeyIso - ok
21:27:57.0978 8572 KSafeDISK (22da580bb84f39dfbe6a60f0b6d12b2c)

C:\Windows\system32\Drivers\KSafeDISK.sys
21:27:58.0046 8572 KSafeDISK - ok
21:27:58.0201 8572 KSecDD (4f4b5fde429416877de7143044582eb5)

C:\Windows\system32\Drivers\ksecdd.sys
21:27:58.0278 8572 KSecDD - ok
21:27:58.0490 8572 KSecPkg (6f40465a44ecdc1731befafec5bdd03c)

C:\Windows\system32\Drivers\ksecpkg.sys
21:27:58.0582 8572 KSecPkg - ok
21:27:58.0701 8572 ksthunk (6869281e78cb31a43e969f06b57347c4)

C:\Windows\system32\drivers\ksthunk.sys
21:27:58.0705 8572 ksthunk - ok
21:27:59.0593 8572 KtmRm (6ab66e16aa859232f64deb66887a8c9c)

C:\Windows\system32\msdtckrm.dll
21:27:59.0683 8572 KtmRm - ok
21:27:59.0742 8572 L1C (55480b9c63f3f91a8ebbadcbf28fe581)

C:\Windows\system32\DRIVERS\L1C62x64.sys
21:27:59.0846 8572 L1C - ok
21:28:00.0102 8572 LanmanServer (81f1d04d4d0e433099365127375fd501)

C:\Windows\system32\srvsvc.dll
21:28:00.0166 8572 LanmanServer - ok
21:28:00.0357 8572 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a)

C:\Windows\System32\wkssvc.dll
21:28:00.0382 8572 LanmanWorkstation - ok
21:28:00.0500 8572 lltdio (1538831cf8ad2979a04c423779465827)

C:\Windows\system32\DRIVERS\lltdio.sys
21:28:00.0546 8572 lltdio - ok
21:28:00.0643 8572 lltdsvc (c1185803384ab3feed115f79f109427f)

C:\Windows\System32\lltdsvc.dll
21:28:00.0663 8572 lltdsvc - ok
21:28:00.0734 8572 lmhosts (f993a32249b66c9d622ea5592a8b76b8)

C:\Windows\System32\lmhsvc.dll
21:28:00.0748 8572 lmhosts - ok
21:28:00.0844 8572 LMS (23de5b62b0445a6f874be633c95b483e)

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS

\LMS.exe
21:28:01.0012 8572 LMS - ok
21:28:01.0092 8572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6)

C:\Windows\system32\DRIVERS\lsi_fc.sys
21:28:01.0103 8572 LSI_FC - ok
21:28:01.0157 8572 LSI_SAS (1047184a9fdc8bdbff857175875ee810)

C:\Windows\system32\DRIVERS\lsi_sas.sys
21:28:01.0162 8572 LSI_SAS - ok
21:28:01.0179 8572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93)

C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:28:01.0183 8572 LSI_SAS2 - ok
21:28:01.0331 8572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a)

C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:28:01.0351 8572 LSI_SCSI - ok
21:28:01.0397 8572 luafv (43d0f98e1d56ccddb0d5254cff7b356e)

C:\Windows\system32\drivers\luafv.sys
21:28:01.0407 8572 luafv - ok
21:28:01.0442 8572 MBAMProtector (dc8490812a3b72811ae534f423b4c206)

C:\Windows\system32\drivers\mbam.sys
21:28:01.0585 8572 MBAMProtector - ok
21:28:01.0843 8572 MBAMService (43683e970f008c93c9429ef428147a54)

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:28:01.0846 8572 MBAMService - ok
21:28:02.0028 8572 McAfeeEngineService

(5d992ca633358dd0e7a16d88829da087) C:\Program Files (x86)\McAfee\VirusScan

Enterprise\x64\EngineServer.exe
21:28:02.0029 8572 McAfeeEngineService - ok
21:28:02.0222 8572 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d)

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
21:28:02.0223 8572 McAfeeFramework - ok
21:28:02.0396 8572 McComponentHostService

(f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security

Scan\2.0.181\McCHSvc.exe
21:28:02.0397 8572 McComponentHostService - ok
21:28:02.0500 8572 McShield (320bfa711222e371ef70e2acce7fa091)

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
21:28:02.0562 8572 McShield - ok
21:28:02.0580 8572 McTaskManager (d4e92375308343358a50bfed5d800a76)

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
21:28:02.0581 8572 McTaskManager - ok
21:28:02.0898 8572 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111)

C:\Windows\system32\Mcx2Svc.dll
21:28:02.0910 8572 Mcx2Svc - ok
21:28:03.0083 8572 MDM (7cf1b716372b89568ae4c0fe769f5869)

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:28:03.0105 8572 MDM - ok
21:28:03.0214 8572 megasas (a55805f747c6edb6a9080d7c633bd0f4)

C:\Windows\system32\DRIVERS\megasas.sys
21:28:03.0220 8572 megasas - ok
21:28:03.0250 8572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3)

C:\Windows\system32\DRIVERS\MegaSR.sys
21:28:03.0267 8572 MegaSR - ok
21:28:03.0382 8572 mfeapfk (07795c10658fa4350d222c7ef9077798)

C:\Windows\system32\drivers\mfeapfk.sys
21:28:03.0383 8572 mfeapfk - ok
21:28:03.0400 8572 mfeavfk (3825f334915733b85eed24f0640fadae)

C:\Windows\system32\drivers\mfeavfk.sys
21:28:03.0401 8572 mfeavfk - ok
21:28:03.0446 8572 mfehidk (6fe6964a4b4797eb6ef253e0de8d64e4)

C:\Windows\system32\drivers\mfehidk.sys
21:28:03.0448 8572 mfehidk - ok
21:28:03.0472 8572 mferkdet (5f21288266b9b51a61272b192365e87c)

C:\Windows\system32\drivers\mferkdet.sys
21:28:03.0473 8572 mferkdet - ok
21:28:03.0536 8572 mfetdik (b6170fad509317a963be6d4c2e104d2f)

C:\Windows\system32\drivers\mfetdik.sys
21:28:03.0537 8572 mfetdik - ok
21:28:03.0547 8572 mfevtp (edee0ad70a1461ab45bd62a07751a34b)

C:\Windows\system32\mfevtps.exe
21:28:03.0604 8572 mfevtp - ok
21:28:03.0722 8572 Microsoft Office Groove Audit Service

(123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office

\Office12\GrooveAuditService.exe
21:28:03.0724 8572 Microsoft Office Groove Audit Service - ok
21:28:03.0753 8572 MMCSS (e40e80d0304a73e8d269f7141d77250b)

C:\Windows\system32\mmcss.dll
21:28:03.0756 8572 MMCSS - ok
21:28:03.0781 8572 Modem (800ba92f7010378b09f9ed9270f07137)

C:\Windows\system32\drivers\modem.sys
21:28:03.0785 8572 Modem - ok
21:28:03.0806 8572 monitor (b03d591dc7da45ece20b3b467e6aadaa)

C:\Windows\system32\DRIVERS\monitor.sys
21:28:03.0812 8572 monitor - ok
21:28:03.0827 8572 mouclass (7d27ea49f3c1f687d357e77a470aea99)

C:\Windows\system32\DRIVERS\mouclass.sys
21:28:03.0833 8572 mouclass - ok
21:28:03.0852 8572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6)

C:\Windows\system32\DRIVERS\mouhid.sys
21:28:03.0858 8572 mouhid - ok
21:28:03.0872 8572 mountmgr (791af66c4d0e7c90a3646066386fb571)

C:\Windows\system32\drivers\mountmgr.sys
21:28:03.0880 8572 mountmgr - ok
21:28:03.0886 8572 MpFilter - ok
21:28:03.0926 8572 mpio (609d1d87649ecc19796f4d76d4c15cea)

C:\Windows\system32\DRIVERS\mpio.sys
21:28:03.0933 8572 mpio - ok
21:28:03.0953 8572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f)

C:\Windows\system32\drivers\mpsdrv.sys
21:28:03.0960 8572 mpsdrv - ok
21:28:04.0029 8572 MpsSvc (aecab449567d1846dad63ece49e893e3)

C:\Windows\system32\mpssvc.dll
21:28:04.0066 8572 MpsSvc - ok
21:28:04.0092 8572 MRxDAV (30524261bb51d96d6fcbac20c810183c)

C:\Windows\system32\drivers\mrxdav.sys
21:28:04.0099 8572 MRxDAV - ok
21:28:04.0154 8572 mrxsmb (040d62a9d8ad28922632137acdd984f2)

C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:04.0259 8572 mrxsmb - ok
21:28:04.0341 8572 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb)

C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:04.0420 8572 mrxsmb10 - ok
21:28:04.0485 8572 mrxsmb20 (3c142d31de9f2f193218a53fe2632051)

C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:04.0544 8572 mrxsmb20 - ok
21:28:04.0590 8572 msahci (5c37497276e3b3a5488b23a326a754b7)

C:\Windows\system32\DRIVERS\msahci.sys
21:28:04.0594 8572 msahci - ok
21:28:04.0621 8572 msdsm (8d27b597229aed79430fb9db3bcbfbd0)

C:\Windows\system32\DRIVERS\msdsm.sys
21:28:04.0628 8572 msdsm - ok
21:28:05.0046 8572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8)

C:\Windows\System32\msdtc.exe
21:28:05.0057 8572 MSDTC - ok
21:28:05.0090 8572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96)

C:\Windows\system32\drivers\Msfs.sys
21:28:05.0095 8572 Msfs - ok
21:28:05.0137 8572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326)

C:\Windows\System32\drivers\mshidkmdf.sys
21:28:05.0142 8572 mshidkmdf - ok
21:28:05.0177 8572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d)

C:\Windows\system32\DRIVERS\msisadrv.sys
21:28:05.0180 8572 msisadrv - ok
21:28:05.0360 8572 MSiSCSI (808e98ff49b155c522e6400953177b08)

C:\Windows\system32\iscsiexe.dll
21:28:05.0372 8572 MSiSCSI - ok
21:28:05.0377 8572 msiserver - ok
21:28:05.0407 8572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366)

C:\Windows\system32\drivers\MSKSSRV.sys
21:28:05.0413 8572 MSKSSRV - ok
21:28:05.0474 8572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3)

C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:05.0483 8572 MSPCLOCK - ok
21:28:05.0535 8572 MSPQM (4ed981241db27c3383d72092b618a1d0)

C:\Windows\system32\drivers\MSPQM.sys
21:28:05.0536 8572 MSPQM - ok
21:28:05.0759 8572 MsRPC (89cb141aa8616d8c6a4610fa26c60964)

C:\Windows\system32\drivers\MsRPC.sys
21:28:05.0791 8572 MsRPC - ok
21:28:05.0829 8572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288)

C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:05.0841 8572 mssmbios - ok
21:28:05.0894 8572 MSTEE (2e66f9ecb30b4221a318c92ac2250779)

C:\Windows\system32\drivers\MSTEE.sys
21:28:05.0902 8572 MSTEE - ok
21:28:05.0940 8572 MTConfig (7ea404308934e675bffde8edf0757bcd)

C:\Windows\system32\DRIVERS\MTConfig.sys
21:28:05.0944 8572 MTConfig - ok
21:28:06.0069 8572 Mup (f9a18612fd3526fe473c1bda678d61c8)

C:\Windows\system32\Drivers\mup.sys
21:28:06.0078 8572 Mup - ok
21:28:06.0153 8572 napagent (4987e079a4530fa737a128be54b63b12)

C:\Windows\system32\qagentRT.dll
21:28:06.0186 8572 napagent - ok
21:28:06.0244 8572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33)

C:\Windows\system32\DRIVERS\nwifi.sys
21:28:06.0263 8572 NativeWifiP - ok
21:28:06.0362 8572 NDIS (cad515dbd07d082bb317d9928ce8962c)

C:\Windows\system32\drivers\ndis.sys
21:28:06.0409 8572 NDIS - ok
21:28:06.0425 8572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac)

C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:06.0431 8572 NdisCap - ok
21:28:06.0491 8572 Ndisrd (7d570382a76bc329c33ed66051ad452f)

C:\Windows\system32\DRIVERS\ndisrd.sys
21:28:06.0577 8572 Ndisrd - ok
21:28:06.0580 8572 NdisrdMP (7d570382a76bc329c33ed66051ad452f)

C:\Windows\system32\DRIVERS\ndisrd.sys
21:28:06.0581 8572 NdisrdMP - ok
21:28:06.0614 8572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5)

C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:06.0619 8572 NdisTapi - ok
21:28:06.0640 8572 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec)

C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:06.0646 8572 Ndisuio - ok
21:28:06.0672 8572 NdisWan (557dfab9ca1fcb036ac77564c010dad3)

C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:06.0682 8572 NdisWan - ok
21:28:06.0701 8572 NDProxy (659b74fb74b86228d6338d643cd3e3cf)

C:\Windows\system32\drivers\NDProxy.sys
21:28:06.0706 8572 NDProxy - ok
21:28:06.0842 8572 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b)

C:\Windows\system32\HPZinw12.dll
21:28:06.0910 8572 Net Driver HPZ12 - ok
21:28:07.0037 8572 NetAccelerator - ok
21:28:07.0132 8572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4)

C:\Windows\system32\DRIVERS\netbios.sys
21:28:07.0138 8572 NetBIOS - ok
21:28:07.0294 8572 NetBT (9162b273a44ab9dce5b44362731d062a)

C:\Windows\system32\DRIVERS\netbt.sys
21:28:07.0334 8572 NetBT - ok
21:28:07.0439 8572 Netlogon (156f6159457d0aa7e59b62681b56eb90)

C:\Windows\system32\lsass.exe
21:28:07.0441 8572 Netlogon - ok
21:28:07.0642 8572 Netman (847d3ae376c0817161a14a82c8922a9e)

C:\Windows\System32\netman.dll
21:28:07.0666 8572 Netman - ok
21:28:08.0112 8572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8)

C:\Windows\System32\netprofm.dll
21:28:08.0134 8572 netprofm - ok
21:28:08.0641 8572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe)

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation

\SMSvcHost.exe
21:28:08.0674 8572 NetTcpPortSharing - ok
21:28:08.0801 8572 nfrd960 (77889813be4d166cdab78ddba990da92)

C:\Windows\system32\DRIVERS\nfrd960.sys
21:28:08.0847 8572 nfrd960 - ok
21:28:09.0091 8572 NitroReaderDriverReadSpool2

(c9161bc998b33ca78a728c842ac6bdf6) C:\Program Files\Common Files\Nitro PDF

\Reader\2.0\NitroPDFReaderDriverService2x64.exe
21:28:09.0095 8572 NitroReaderDriverReadSpool2 - ok
21:28:09.0122 8572 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8)

C:\Windows\System32\nlasvc.dll
21:28:09.0142 8572 NlaSvc - ok
21:28:09.0148 8572 nmwcdcx64 - ok
21:28:09.0154 8572 nmwcdnsux64 - ok
21:28:09.0164 8572 nmwcdx64 - ok
21:28:09.0226 8572 Norton PC Checkup Application Launcher - ok
21:28:09.0254 8572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7)

C:\Windows\system32\drivers\Npfs.sys
21:28:09.0258 8572 Npfs - ok
21:28:09.0313 8572 nsi (d54bfdf3e0c953f823b3d0bfe4732528)

C:\Windows\system32\nsisvc.dll
21:28:09.0322 8572 nsi - ok
21:28:09.0362 8572 nsiproxy (e7f5ae18af4168178a642a9247c63001)

C:\Windows\system32\drivers\nsiproxy.sys
21:28:09.0366 8572 nsiproxy - ok
21:28:09.0990 8572 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc)

C:\Windows\system32\drivers\Ntfs.sys
21:28:10.0096 8572 Ntfs - ok
21:28:10.0244 8572 Null (9899284589f75fa8724ff3d16aed75c1)

C:\Windows\system32\drivers\Null.sys
21:28:10.0251 8572 Null - ok
21:28:10.0272 8572 nvraid (a4d9c9a608a97f59307c2f2600edc6a4)

C:\Windows\system32\drivers\nvraid.sys
21:28:10.0327 8572 nvraid - ok
21:28:10.0374 8572 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9)

C:\Windows\system32\drivers\nvstor.sys
21:28:10.0433 8572 nvstor - ok
21:28:10.0459 8572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05)

C:\Windows\system32\DRIVERS\nv_agp.sys
21:28:10.0466 8572 nv_agp - ok
21:28:10.0636 8572 odserv (785f487a64950f3cb8e9f16253ba3b7b)

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:28:10.0733 8572 odserv - ok
21:28:10.0755 8572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0)

C:\Windows\system32\DRIVERS\ohci1394.sys
21:28:10.0761 8572 ohci1394 - ok
21:28:10.0795 8572 ose (5a432a042dae460abe7199b758e8606c)

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:10.0866 8572 ose - ok
21:28:10.0929 8572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe)

C:\Windows\system32\pnrpsvc.dll
21:28:10.0953 8572 p2pimsvc - ok
21:28:10.0990 8572 p2psvc (927463ecb02179f88e4b9a17568c63c3)

C:\Windows\system32\p2psvc.dll
21:28:11.0019 8572 p2psvc - ok
21:28:11.0152 8572 PanService (77cdc6c43d8c3e05d0e21b36eaabebae)

C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
21:28:11.0156 8572 PanService - ok
21:28:11.0206 8572 Parport (0086431c29c35be1dbc43f52cc273887)

C:\Windows\system32\DRIVERS\parport.sys
21:28:11.0211 8572 Parport - ok
21:28:11.0273 8572 partmgr (90061b1acfe8ccaa5345750ffe08d8b8)

C:\Windows\system32\drivers\partmgr.sys
21:28:11.0346 8572 partmgr - ok
21:28:11.0379 8572 PcaSvc (3aeaa8b561e63452c655dc0584922257)

C:\Windows\System32\pcasvc.dll
21:28:11.0387 8572 PcaSvc - ok
21:28:11.0414 8572 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24)

C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:28:11.0463 8572 pccsmcfd - ok
21:28:11.0515 8572 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb)

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
21:28:11.0592 8572 PCCUJobMgr - ok
21:28:11.0657 8572 pci (f36f6504009f2fb0dfd1b17a116ad74b)

C:\Windows\system32\DRIVERS\pci.sys
21:28:11.0666 8572 pci - ok
21:28:11.0679 8572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa)

C:\Windows\system32\DRIVERS\pciide.sys
21:28:11.0684 8572 pciide - ok
21:28:11.0708 8572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f)

C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:11.0715 8572 pcmcia - ok
21:28:11.0732 8572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603)

C:\Windows\system32\drivers\pcw.sys
21:28:11.0737 8572 pcw - ok
21:28:11.0774 8572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e)

C:\Windows\system32\drivers\peauth.sys
21:28:11.0801 8572 PEAUTH - ok
21:28:11.0882 8572 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680)

C:\Windows\system32\peerdistsvc.dll
21:28:11.0945 8572 PeerDistSvc - ok
21:28:12.0014 8572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa)

C:\Windows\SysWow64\perfhost.exe
21:28:12.0019 8572 PerfHost - ok
21:28:12.0113 8572 PGEffect (663962900e7fea522126ba287715bb4a)

C:\Windows\system32\DRIVERS\pgeffect.sys
21:28:12.0170 8572 PGEffect - ok
21:28:12.0344 8572 pla (557e9a86f65f0de18c9b6751dfe9d3f1)

C:\Windows\system32\pla.dll
21:28:12.0380 8572 pla - ok
21:28:12.0835 8572 PlugPlay (98b1721b8718164293b9701b98c52d77)

C:\Windows\system32\umpnpmgr.dll
21:28:12.0926 8572 PlugPlay - ok
21:28:13.0148 8572 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76)

C:\Windows\system32\HPZipm12.dll
21:28:13.0211 8572 Pml Driver HPZ12 - ok
21:28:13.0285 8572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38)

C:\Windows\system32\pnrpauto.dll
21:28:13.0296 8572 PNRPAutoReg - ok
21:28:13.0659 8572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe)

C:\Windows\system32\pnrpsvc.dll
21:28:13.0663 8572 PNRPsvc - ok
21:28:13.0708 8572 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293)

C:\Windows\system32\DRIVERS\point64.sys
21:28:13.0780 8572 Point64 - ok
21:28:13.0886 8572 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243)

C:\Windows\System32\ipsecsvc.dll
21:28:13.0948 8572 PolicyAgent - ok
21:28:13.0984 8572 Power (6ba9d927dded70bd1a9caded45f8b184)

C:\Windows\system32\umpo.dll
21:28:13.0992 8572 Power - ok
21:28:14.0016 8572 PptpMiniport (27cc19e81ba5e3403c48302127bda717)

C:\Windows\system32\DRIVERS\raspptp.sys
21:28:14.0022 8572 PptpMiniport - ok
21:28:14.0036 8572 Processor (0d922e23c041efb1c3fac2a6f943c9bf)

C:\Windows\system32\DRIVERS\processr.sys
21:28:14.0040 8572 Processor - ok
21:28:14.0084 8572 ProfSvc (97293447431311c06703368ad0f6c4be)

C:\Windows\system32\profsvc.dll
21:28:14.0140 8572 ProfSvc - ok
21:28:14.0202 8572 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90)

C:\Windows\system32\lsass.exe
21:28:14.0204 8572 ProtectedStorage - ok
21:28:14.0232 8572 Psched (ee992183bd8eaefd9973f352e587a299)

C:\Windows\system32\DRIVERS\pacer.sys
21:28:14.0239 8572 Psched - ok
21:28:15.0902 8572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0)

C:\Windows\system32\DRIVERS\ql2300.sys
21:28:15.0990 8572 ql2300 - ok
21:28:16.0483 8572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8)

C:\Windows\system32\DRIVERS\ql40xx.sys
21:28:16.0488 8572 ql40xx - ok
21:28:16.0550 8572 QWAVE (906191634e99aea92c4816150bda3732)

C:\Windows\system32\qwave.dll
21:28:16.0559 8572 QWAVE - ok
21:28:16.0584 8572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c)

C:\Windows\system32\drivers\qwavedrv.sys
21:28:16.0590 8572 QWAVEdrv - ok
21:28:16.0607 8572 RasAcd (5a0da8ad5762fa2d91678a8a01311704)

C:\Windows\system32\DRIVERS\rasacd.sys
21:28:16.0612 8572 RasAcd - ok
21:28:16.0642 8572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90)

C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:16.0646 8572 RasAgileVpn - ok
21:28:16.0692 8572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7)

C:\Windows\System32\rasauto.dll
21:28:16.0701 8572 RasAuto - ok
21:28:16.0739 8572 Rasl2tp (87a6e852a22991580d6d39adc4790463)

C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:16.0746 8572 Rasl2tp - ok
21:28:16.0787 8572 RasMan (47394ed3d16d053f5906efe5ab51cc83)

C:\Windows\System32\rasmans.dll
21:28:16.0834 8572 RasMan - ok
21:28:16.0892 8572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25)

C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:16.0902 8572 RasPppoe - ok
21:28:16.0921 8572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb)

C:\Windows\system32\DRIVERS\rassstp.sys
21:28:16.0926 8572 RasSstp - ok
21:28:16.0963 8572 rdbss (3bac8142102c15d59a87757c1d41dce5)

C:\Windows\system32\DRIVERS\rdbss.sys
21:28:16.0982 8572 rdbss - ok
21:28:17.0002 8572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d)

C:\Windows\system32\DRIVERS\rdpbus.sys
21:28:17.0010 8572 rdpbus - ok
21:28:17.0035 8572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24)

C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:17.0038 8572 RDPCDD - ok
21:28:17.0069 8572 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3)

C:\Windows\system32\drivers\rdpdr.sys
21:28:17.0078 8572 RDPDR - ok
21:28:17.0092 8572 RDPENCDD (bb5971a4f00659529a5c44831af22365)

C:\Windows\system32\drivers\rdpencdd.sys
21:28:17.0097 8572 RDPENCDD - ok
21:28:17.0108 8572 RDPREFMP (216f3fa57533d98e1f74ded70113177a)

C:\Windows\system32\drivers\rdprefmp.sys
21:28:17.0111 8572 RDPREFMP - ok
21:28:17.0143 8572 RDPWD (447de7e3dea39d422c1504f245b668b1)

C:\Windows\system32\drivers\RDPWD.sys
21:28:17.0217 8572 RDPWD - ok
21:28:17.0261 8572 rdyboost (634b9a2181d98f15941236886164ec8b)

C:\Windows\system32\drivers\rdyboost.sys
21:28:17.0270 8572 rdyboost - ok
21:28:17.0438 8572 RegFilter (5f9ac3243c206ec95f32e4348ae67c13)

C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers

\win7_amd64\regfilter.sys
21:28:17.0513 8572 RegFilter - ok
21:28:17.0551 8572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192)

C:\Windows\System32\mprdim.dll
21:28:17.0558 8572 RemoteAccess - ok
21:28:17.0610 8572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702)

C:\Windows\system32\regsvc.dll
21:28:17.0617 8572 RemoteRegistry - ok
21:28:17.0770 8572 Roozz Updater (b6188d6c801ea753a60787eadd0edb2f)

C:\Program Files (x86)\Roozz\RoozzUpdater.exe
21:28:17.0773 8572 Roozz Updater - ok
21:28:17.0840 8572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb)

C:\Windows\System32\RpcEpMap.dll
21:28:17.0848 8572 RpcEptMapper - ok
21:28:17.0868 8572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c)

C:\Windows\system32\locator.exe
21:28:17.0875 8572 RpcLocator - ok
21:28:18.0003 8572 RpcSs (7266972e86890e2b30c0c322e906b027)

C:\Windows\system32\rpcss.dll
21:28:18.0007 8572 RpcSs - ok
21:28:18.0111 8572 rspndr (ddc86e4f8e7456261e637e3552e804ff)

C:\Windows\system32\DRIVERS\rspndr.sys
21:28:18.0117 8572 rspndr - ok
21:28:18.0146 8572 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc)

C:\Windows\system32\Drivers\RtsUStor.sys
21:28:18.0220 8572 RSUSBSTOR - ok
21:28:18.0246 8572 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6)

C:\Windows\system32\DRIVERS\vms3cap.sys
21:28:18.0253 8572 s3cap - ok
21:28:18.0389 8572 SamSs (156f6159457d0aa7e59b62681b56eb90)

C:\Windows\system32\lsass.exe
21:28:18.0390 8572 SamSs - ok
21:28:18.0659 8572 sbp2port (e3bbb89983daf5622c1d50cf49f28227)

C:\Windows\system32\DRIVERS\sbp2port.sys
21:28:18.0670 8572 sbp2port - ok
21:28:18.0786 8572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e)

C:\Windows\System32\SCardSvr.dll
21:28:18.0809 8572 SCardSvr - ok
21:28:18.0841 8572 scfilter (c94da20c7e3ba1dca269bc8460d98387)

C:\Windows\system32\DRIVERS\scfilter.sys
21:28:18.0848 8572 scfilter - ok
21:28:19.0000 8572 Schedule (624d0f5ff99428bb90a5b8a4123e918e)

C:\Windows\system32\schedsvc.dll
21:28:19.0094 8572 Schedule - ok
21:28:19.0135 8572 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f)

C:\Windows\System32\certprop.dll
21:28:19.0142 8572 SCPolicySvc - ok
21:28:19.0181 8572 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5)

C:\Windows\System32\SDRSVC.dll
21:28:19.0190 8572 SDRSVC - ok
21:28:19.0238 8572 secdrv (3ea8a16169c26afbeb544e0e48421186)

C:\Windows\system32\drivers\secdrv.sys
21:28:19.0242 8572 secdrv - ok
21:28:19.0272 8572 seclogon (463b386ebc70f98da5dff85f7e654346)

C:\Windows\system32\seclogon.dll
21:28:19.0282 8572 seclogon - ok
21:28:19.0320 8572 SENS (c32ab8fa018ef34c0f113bd501436d21)

C:\Windows\System32\sens.dll
21:28:19.0327 8572 SENS - ok
21:28:19.0394 8572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2)

C:\Windows\system32\sensrsvc.dll
21:28:19.0401 8572 SensrSvc - ok
21:28:19.0482 8572 Serenum (cb624c0035412af0debec78c41f5ca1b)

C:\Windows\system32\DRIVERS\serenum.sys
21:28:19.0488 8572 Serenum - ok
21:28:19.0685 8572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6)

C:\Windows\system32\DRIVERS\serial.sys
21:28:19.0689 8572 Serial - ok
21:28:19.0708 8572 sermouse (1c545a7d0691cc4a027396535691c3e3)

C:\Windows\system32\DRIVERS\sermouse.sys
21:28:19.0713 8572 sermouse - ok
21:28:19.0756 8572 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af)

C:\Windows\system32\sessenv.dll
21:28:19.0764 8572 SessionEnv - ok
21:28:19.0796 8572 sffdisk (a554811bcd09279536440c964ae35bbf)

C:\Windows\system32\DRIVERS\sffdisk.sys
21:28:19.0802 8572 sffdisk - ok
21:28:19.0863 8572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf)

C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:28:19.0867 8572 sffp_mmc - ok
21:28:19.0926 8572 sffp_sd (178298f767fe638c9fedcbdef58bb5e4)

C:\Windows\system32\DRIVERS\sffp_sd.sys
21:28:20.0037 8572 sffp_sd - ok
21:28:20.0084 8572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4)

C:\Windows\system32\DRIVERS\sfloppy.sys
21:28:20.0091 8572 sfloppy - ok
21:28:20.0135 8572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce)

C:\Windows\System32\ipnathlp.dll
21:28:20.0283 8572 SharedAccess - ok
21:28:20.0704 8572 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf)

C:\Windows\System32\shsvcs.dll
21:28:20.0716 8572 ShellHWDetection - ok
21:28:20.0757 8572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1)

C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:28:20.0762 8572 SiSRaid2 - ok
21:28:20.0825 8572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4)

C:\Windows\system32\DRIVERS\sisraid4.sys
21:28:20.0842 8572 SiSRaid4 - ok
21:28:21.0594 8572 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2)

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:28:21.0609 8572 Skype C2C Service - ok
21:28:21.0774 8572 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f)

C:\Program Files (x86)\Skype\Updater\Updater.exe
21:28:27.0997 8572 SkypeUpdate - ok
21:28:28.0216 8572 Smb (548260a7b8654e024dc30bf8a7c5baa4)

C:\Windows\system32\DRIVERS\smb.sys
21:28:28.0224 8572 Smb - ok
21:28:28.0270 8572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d)

C:\Windows\System32\snmptrap.exe
21:28:28.0278 8572 SNMPTRAP - ok
21:28:28.0312 8572 spldr (b9e31e5cacdfe584f34f730a677803f9)

C:\Windows\system32\drivers\spldr.sys
21:28:28.0319 8572 spldr - ok
21:28:28.0371 8572 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b)

C:\Windows\System32\spoolsv.exe
21:28:28.0391 8572 Spooler - ok
21:28:28.0587 8572 sppsvc (913d843498553a1bc8f8dbad6358e49f)

C:\Windows\system32\sppsvc.exe
21:28:28.0756 8572 sppsvc - ok
21:28:29.0224 8572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45)

C:\Windows\system32\sppuinotify.dll
21:28:29.0235 8572 sppuinotify - ok
21:28:29.0354 8572 sptd (602884696850c86434530790b110e8eb)

C:\Windows\system32\Drivers\sptd.sys
21:28:29.0354 8572 Suspicious file (NoAccess): C:\Windows

\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
21:28:29.0373 8572 sptd ( LockedFile.Multi.Generic ) - warning
21:28:29.0373 8572 sptd - detected LockedFile.Multi.Generic (1)
21:28:29.0449 8572 srv (2408c0366d96bcdf63e8f1c78e4a29c5)

C:\Windows\system32\DRIVERS\srv.sys
21:28:29.0626 8572 srv - ok
21:28:29.0928 8572 srv2 (76548f7b818881b47d8d1ae1be9c11f8)

C:\Windows\system32\DRIVERS\srv2.sys
21:28:30.0022 8572 srv2 - ok
21:28:30.0110 8572 srvnet (0af6e19d39c70844c5caa8fb0183c36e)

C:\Windows\system32\DRIVERS\srvnet.sys
21:28:30.0206 8572 srvnet - ok
21:28:30.0264 8572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33)

C:\Windows\System32\ssdpsrv.dll
21:28:30.0274 8572 SSDPSRV - ok
21:28:30.0401 8572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb)

C:\Windows\system32\sstpsvc.dll
21:28:30.0408 8572 SstpSvc - ok
21:28:30.0433 8572 stexstor (f3817967ed533d08327dc73bc4d5542a)

C:\Windows\system32\DRIVERS\stexstor.sys
21:28:30.0440 8572 stexstor - ok
21:28:30.0587 8572 stisvc (52d0e33b681bd0f33fdc08812fee4f7d)

C:\Windows\System32\wiaservc.dll
21:28:30.0603 8572 stisvc - ok
21:28:30.0640 8572 storflt (ffd7a6f15b14234b5b0e5d49e7961895)

C:\Windows\system32\DRIVERS\vmstorfl.sys
21:28:30.0646 8572 storflt - ok
21:28:30.0677 8572 StorSvc (c40841817ef57d491f22eb103da587cc)

C:\Windows\system32\storsvc.dll
21:28:30.0682 8572 StorSvc - ok
21:28:30.0697 8572 storvsc (8fccbefc5c440b3c23454656e551b09a)

C:\Windows\system32\DRIVERS\storvsc.sys
21:28:30.0702 8572 storvsc - ok
21:28:30.0723 8572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90)

C:\Windows\system32\DRIVERS\swenum.sys
21:28:30.0731 8572 swenum - ok
21:28:30.0769 8572 swprv (e08e46fdd841b7184194011ca1955a0b)

C:\Windows\System32\swprv.dll
21:28:30.0791 8572 swprv - ok
21:28:31.0278 8572 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f)

C:\Windows\system32\DRIVERS\SynTP.sys
21:28:31.0346 8572 SynTP - ok
21:28:31.0480 8572 SysMain (3c1284516a62078fb68f768de4f1a7be)

C:\Windows\system32\sysmain.dll
21:28:31.0510 8572 SysMain - ok
21:28:31.0672 8572 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66)

C:\Windows\System32\TabSvc.dll
21:28:31.0686 8572 TabletInputService - ok
21:28:31.0723 8572 TapiSrv (884264ac597b690c5707c89723bb8e7b)

C:\Windows\System32\tapisrv.dll
21:28:31.0742 8572 TapiSrv - ok
21:28:31.0812 8572 TBS (1be03ac720f4d302ea01d40f588162f6)

C:\Windows\System32\tbssvc.dll
21:28:31.0837 8572 TBS - ok
21:28:31.0927 8572 tcphoc - ok
21:28:32.0894 8572 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0)

C:\Windows\system32\drivers\tcpip.sys
21:28:33.0069 8572 Tcpip - ok
21:28:33.0714 8572 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0)

C:\Windows\system32\DRIVERS\tcpip.sys
21:28:33.0723 8572 TCPIP6 - ok
21:28:34.0004 8572 tcpipreg (76d078af6f587b162d50210f761eb9ed)

C:\Windows\system32\drivers\tcpipreg.sys
21:28:34.0008 8572 tcpipreg - ok
21:28:34.0028 8572 TDPIPE (3371d21011695b16333a3934340c4e7c)

C:\Windows\system32\drivers\tdpipe.sys
21:28:34.0035 8572 TDPIPE - ok
21:28:34.0133 8572 TDTCP (7518f7bcfd4b308abc9192bacaf6c970)

C:\Windows\system32\drivers\tdtcp.sys
21:28:34.0241 8572 TDTCP - ok
21:28:34.0289 8572 tdx (079125c4b17b01fcaeebce0bcb290c0f)

C:\Windows\system32\DRIVERS\tdx.sys
21:28:34.0294 8572 tdx - ok
21:28:34.0312 8572 TermDD (c448651339196c0e869a355171875522)

C:\Windows\system32\DRIVERS\termdd.sys
21:28:34.0320 8572 TermDD - ok
21:28:34.0391 8572 TermService (0f05ec2887bfe197ad82a13287d2f404)

C:\Windows\System32\termsrv.dll
21:28:34.0427 8572 TermService - ok
21:28:34.0443 8572 Themes (f0344071948d1a1fa732231785a0664c)

C:\Windows\system32\themeservice.dll
21:28:34.0454 8572 Themes - ok
21:28:34.0506 8572 Thpevm (b4e609047434ed948af7bdef2fa66e38)

C:\Windows\system32\DRIVERS\Thpevm.SYS
21:28:34.0643 8572 Thpevm - ok
21:28:34.0721 8572 THREADORDER (e40e80d0304a73e8d269f7141d77250b)

C:\Windows\system32\mmcss.dll
21:28:34.0723 8572 THREADORDER - ok
21:28:34.0916 8572 TrkWks (7e7afd841694f6ac397e99d75cead49d)

C:\Windows\System32\trkwks.dll
21:28:34.0940 8572 TrkWks - ok
21:28:35.0388 8572 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920)

C:\Windows\servicing\TrustedInstaller.exe
21:28:35.0415 8572 TrustedInstaller - ok
21:28:35.0495 8572 tssecsrv (61b96c26131e37b24e93327a0bd1fb95)

C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:35.0529 8572 tssecsrv - ok
21:28:35.0691 8572 tunnel (3836171a2cdf3af8ef10856db9835a70)

C:\Windows\system32\DRIVERS\tunnel.sys
21:28:35.0706 8572 tunnel - ok
21:28:35.0755 8572 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8)

C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:28:35.0863 8572 TVALZ - ok
21:28:35.0911 8572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67)

C:\Windows\system32\DRIVERS\uagp35.sys
21:28:35.0918 8572 uagp35 - ok
21:28:35.0963 8572 udfs (d47baead86c65d4f4069d7ce0a4edceb)

C:\Windows\system32\DRIVERS\udfs.sys
21:28:35.0984 8572 udfs - ok
21:28:36.0026 8572 UI0Detect (3cbdec8d06b9968aba702eba076364a1)

C:\Windows\system32\UI0Detect.exe
21:28:36.0034 8572 UI0Detect - ok
21:28:36.0074 8572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320)

C:\Windows\system32\DRIVERS\uliagpkx.sys
21:28:36.0078 8572 uliagpkx - ok
21:28:36.0161 8572 umbus (eab6c35e62b1b0db0d1b48b671d3a117)

C:\Windows\system32\DRIVERS\umbus.sys
21:28:36.0167 8572 umbus - ok
21:28:36.0200 8572 UmPass (b2e8e8cb557b156da5493bbddcc1474d)

C:\Windows\system32\DRIVERS\umpass.sys
21:28:36.0203 8572 UmPass - ok
21:28:36.0854 8572 UmRdpService (af0ac98ee5077eb844413eb54287fde3)

C:\Windows\System32\umrdp.dll
21:28:36.0877 8572 UmRdpService - ok
21:28:37.0159 8572 UNS (cc3775100aba633984f73dfae1f55cae)

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS

\UNS.exe
21:28:37.0171 8572 UNS - ok
21:28:37.0279 8572 upnphost (d47ec6a8e81633dd18d2436b19baf6de)

C:\Windows\System32\upnphost.dll
21:28:37.0294 8572 upnphost - ok
21:28:37.0313 8572 upperdev - ok
21:28:37.0492 8572 UrlFilter (241080f1b28e68f0d00f8f1066a3780d)

C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers

\win7_amd64\UrlFilter.sys
21:28:37.0565 8572 UrlFilter - ok
21:28:37.0744 8572 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f)

C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:37.0800 8572 usbccgp - ok
21:28:37.0954 8572 usbcir (af0892a803fdda7492f595368e3b68e7)

C:\Windows\system32\DRIVERS\usbcir.sys
21:28:37.0978 8572 usbcir - ok
21:28:38.0076 8572 usbehci (92969ba5ac44e229c55a332864f79677)

C:\Windows\system32\DRIVERS\usbehci.sys
21:28:38.0142 8572 usbehci - ok
21:28:38.0641 8572 usbhub (e7df1cfd28ca86b35ef5add0735ceef3)

C:\Windows\system32\DRIVERS\usbhub.sys
21:28:38.0801 8572 usbhub - ok
21:28:38.0849 8572 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e)

C:\Windows\system32\drivers\usbohci.sys
21:28:38.0903 8572 usbohci - ok
21:28:38.0953 8572 usbprint (73188f58fb384e75c4063d29413cee3d)

C:\Windows\system32\DRIVERS\usbprint.sys
21:28:38.0956 8572 usbprint - ok
21:28:39.0067 8572 usbser (0f0c72a657c622286013788b886968ad)

C:\Windows\system32\drivers\usbser.sys
21:28:39.0075 8572 usbser - ok
21:28:39.0084 8572 UsbserFilt - ok
21:28:39.0203 8572 USBSTOR (f39983647bc1f3e6100778ddfe9dce29)

C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:39.0326 8572 USBSTOR - ok
21:28:39.0384 8572 usbuhci (bc3070350a491d84b518d7cca9abd36f)

C:\Windows\system32\drivers\usbuhci.sys
21:28:39.0435 8572 usbuhci - ok
21:28:39.0522 8572 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe)

C:\Windows\System32\Drivers\usbvideo.sys
21:28:39.0577 8572 usbvideo - ok
21:28:39.0594 8572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e)

C:\Windows\System32\uxsms.dll
21:28:39.0599 8572 UxSms - ok
21:28:39.0666 8572 VaultSvc (156f6159457d0aa7e59b62681b56eb90)

C:\Windows\system32\lsass.exe
21:28:39.0668 8572 VaultSvc - ok
21:28:39.0691 8572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd)

C:\Windows\system32\DRIVERS\vdrvroot.sys
21:28:39.0697 8572 vdrvroot - ok
21:28:39.0940 8572 vds (44d73e0bbc1d3c8981304ba15135c2f2)

C:\Windows\System32\vds.exe
21:28:39.0971 8572 vds - ok
21:28:39.0993 8572 vga (da4da3f5e02943c2dc8c6ed875de68dd)

C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:39.0999 8572 vga - ok
21:28:40.0057 8572 VgaSave (53e92a310193cb3c03bea963de7d9cfc)

C:\Windows\System32\drivers\vga.sys
21:28:40.0063 8572 VgaSave - ok
21:28:40.0131 8572 vhdmp (c82e748660f62a242b2dfac1442f22a4)

C:\Windows\system32\DRIVERS\vhdmp.sys
21:28:40.0141 8572 vhdmp - ok
21:28:40.0157 8572 viaide (e5689d93ffe4e5d66c0178761240dd54)

C:\Windows\system32\DRIVERS\viaide.sys
21:28:40.0164 8572 viaide - ok
21:28:40.0194 8572 vmbus (1501699d7eda984abc4155a7da5738d1)

C:\Windows\system32\DRIVERS\vmbus.sys
21:28:40.0202 8572 vmbus - ok
21:28:40.0238 8572 VMBusHID (ae10c35761889e65a6f7176937c5592c)

C:\Windows\system32\DRIVERS\VMBusHID.sys
21:28:40.0244 8572 VMBusHID - ok
21:28:40.0266 8572 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3)

C:\Windows\system32\DRIVERS\volmgr.sys
21:28:40.0272 8572 volmgr - ok
21:28:40.0318 8572 volmgrx (99b0cbb569ca79acaed8c91461d765fb)

C:\Windows\system32\drivers\volmgrx.sys
21:28:40.0339 8572 volmgrx - ok
21:28:40.0364 8572 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c)

C:\Windows\system32\DRIVERS\volsnap.sys
21:28:40.0382 8572 volsnap - ok
21:28:40.0409 8572 vsmraid (5e2016ea6ebaca03c04feac5f330d997)

C:\Windows\system32\DRIVERS\vsmraid.sys
21:28:40.0417 8572 vsmraid - ok
21:28:40.0664 8572 VSS (787898bf9fb6d7bd87a36e2d95c899ba)

C:\Windows\system32\vssvc.exe
21:28:40.0697 8572 VSS - ok
21:28:41.0448 8572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1)

C:\Windows\system32\DRIVERS\vwifibus.sys
21:28:41.0452 8572 vwifibus - ok
21:28:41.0495 8572 vwififlt (6a3d66263414ff0d6fa754c646612f3f)

C:\Windows\system32\DRIVERS\vwififlt.sys
21:28:41.0502 8572 vwififlt - ok
21:28:41.0519 8572 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01)

C:\Windows\system32\DRIVERS\vwifimp.sys
21:28:41.0524 8572 vwifimp - ok
21:28:41.0597 8572 W32Time (1c9d80cc3849b3788048078c26486e1a)

C:\Windows\system32\w32time.dll
21:28:41.0615 8572 W32Time - ok
21:28:41.0644 8572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e)

C:\Windows\system32\DRIVERS\wacompen.sys
21:28:41.0650 8572 WacomPen - ok
21:28:41.0714 8572 WANARP (47ca49400643effd3f1c9a27e1d69324)

C:\Windows\system32\DRIVERS\wanarp.sys
21:28:41.0727 8572 WANARP - ok
21:28:41.0733 8572 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324)

C:\Windows\system32\DRIVERS\wanarp.sys
21:28:41.0734 8572 Wanarpv6 - ok
21:28:42.0537 8572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c)

C:\Windows\system32\Wat\WatAdminSvc.exe
21:28:42.0692 8572 WatAdminSvc - ok
21:28:43.0095 8572 wbengine (5ab1bb85bd8b5089cc5d64200dedae68)

C:\Windows\system32\wbengine.exe
21:28:43.0296 8572 wbengine - ok
21:28:44.0257 8572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3)

C:\Windows\System32\wbiosrvc.dll
21:28:44.0270 8572 WbioSrvc - ok
21:28:44.0497 8572 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68)

C:\Windows\System32\wcncsvc.dll
21:28:44.0568 8572 wcncsvc - ok
21:28:44.0602 8572 WcsPlugInService (20f7441334b18cee52027661df4a6129)

C:\Windows\System32\WcsPlugInService.dll
21:28:44.0607 8572 WcsPlugInService - ok
21:28:44.0722 8572 Wd (72889e16ff12ba0f235467d6091b17dc)

C:\Windows\system32\DRIVERS\wd.sys
21:28:44.0729 8572 Wd - ok
21:28:44.0888 8572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250)

C:\Windows\system32\drivers\Wdf01000.sys
21:28:44.0920 8572 Wdf01000 - ok
21:28:45.0020 8572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681)

C:\Windows\system32\wdi.dll
21:28:45.0029 8572 WdiServiceHost - ok
21:28:45.0036 8572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681)

C:\Windows\system32\wdi.dll
21:28:45.0039 8572 WdiSystemHost - ok
21:28:45.0337 8572 WebClient (733006127f235be7c35354ebee7b9a7b)

C:\Windows\System32\webclnt.dll
21:28:45.0397 8572 WebClient - ok
21:28:45.0447 8572 Wecsvc (c749025a679c5103e575e3b48e092c43)

C:\Windows\system32\wecsvc.dll
21:28:45.0466 8572 Wecsvc - ok
21:28:45.0520 8572 wercplsupport (7e591867422dc788b9e5bd337a669a08)

C:\Windows\System32\wercplsupport.dll
21:28:45.0528 8572 wercplsupport - ok
21:28:45.0551 8572 WerSvc (6d137963730144698cbd10f202e9f251)

C:\Windows\System32\WerSvc.dll
21:28:45.0555 8572 WerSvc - ok
21:28:45.0837 8572 WfpLwf (611b23304bf067451a9fdee01fbdd725)

C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:45.0841 8572 WfpLwf - ok
21:28:45.0934 8572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec)

C:\Windows\system32\drivers\wimmount.sys
21:28:45.0937 8572 WIMMount - ok
21:28:45.0993 8572 WinDefend - ok
21:28:46.0013 8572 WinHttpAutoProxySvc - ok
21:28:46.0206 8572 Winmgmt (19b07e7e8915d701225da41cb3877306)

C:\Windows\system32\wbem\WMIsvc.dll
21:28:46.0223 8572 Winmgmt - ok
21:28:48.0402 8572 WinRM (41fbb751936b387f9179e7f03a74fe29)

C:\Windows\system32\WsmSvc.dll
21:28:48.0561 8572 WinRM - ok
21:28:50.0232 8572 WinUsb (817eaff5d38674edd7713b9dfb8e9791)

C:\Windows\system32\DRIVERS\WinUsb.sys
21:28:50.0235 8572 WinUsb - ok
21:28:51.0360 8572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa)

C:\Windows\System32\wlansvc.dll
21:28:51.0451 8572 Wlansvc - ok
21:28:55.0825 8572 wlidsvc (2bacd71123f42cea603f4e205e1ae337)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:28:55.0836 8572 wlidsvc - ok
21:28:57.0265 8572 WMDrive (7b8c8244274817c382303895a339e43a)

C:\Windows\SysWOW64\drivers\WMDrive.sys
21:28:57.0351 8572 WMDrive - ok
21:28:59.0030 8572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778)

C:\Windows\system32\DRIVERS\wmiacpi.sys
21:28:59.0034 8572 WmiAcpi - ok
21:28:59.0628 8572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93)

C:\Windows\system32\wbem\WmiApSrv.exe
21:28:59.0716 8572 wmiApSrv - ok
21:28:59.0815 8572 WMPNetworkSvc - ok
21:28:59.0885 8572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca)

C:\Windows\System32\wpcsvc.dll
21:28:59.0900 8572 WPCSvc - ok
21:29:00.0107 8572 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b)

C:\Windows\system32\wpdbusenum.dll
21:29:00.0132 8572 WPDBusEnum - ok
21:29:00.0228 8572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52)

C:\Windows\system32\drivers\ws2ifsl.sys
21:29:00.0251 8572 ws2ifsl - ok
21:29:00.0451 8572 wscsvc (8f9f3969933c02da96eb0f84576db43e)

C:\Windows\System32\wscsvc.dll
21:29:00.0667 8572 wscsvc - ok
21:29:00.0996 8572 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8)

C:\Windows\system32\DRIVERS\WSDPrint.sys
21:29:01.0024 8572 WSDPrintDevice - ok
21:29:01.0031 8572 WSearch - ok
21:29:05.0961 8572 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4)

C:\Windows\system32\wuaueng.dll
21:29:06.0480 8572 wuauserv - ok
21:29:07.0638 8572 WudfPf (7cadc74271dd6461c452c271b30bd378)

C:\Windows\system32\drivers\WudfPf.sys
21:29:07.0645 8572 WudfPf - ok
21:29:08.0020 8572 WUDFRd (3b197af0fff08aa66b6b2241ca538d64)

C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:08.0053 8572 WUDFRd - ok
21:29:08.0374 8572 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b)

C:\Windows\System32\WUDFSvc.dll
21:29:08.0388 8572 wudfsvc - ok
21:29:08.0708 8572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae)

C:\Windows\System32\wwansvc.dll
21:29:08.0733 8572 WwanSvc - ok
21:29:09.0457 8572 XLServicePlatform (eef5c054655ffbea6ef60c6c488d7f4b)

C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll
21:29:09.0458 8572 XLServicePlatform - ok
21:29:09.0568 8572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31)

\Device\Harddisk0\DR0
21:29:16.0582 8572 \Device\Harddisk0\DR0 - ok
21:29:16.0611 8572 Boot (0x1200) (5ec2db4562ca95b1b7c6bcaece1663a8)

\Device\Harddisk0\DR0\Partition0
21:29:16.0613 8572 \Device\Harddisk0\DR0\Partition0 - ok
21:29:16.0614 8572

============================================================
21:29:16.0614 8572 Scan finished
21:29:16.0614 8572

============================================================
21:29:16.0725 10180 Detected object count: 1
21:29:16.0725 10180 Actual detected object count: 1
21:29:26.0851 10180 C:\Windows\system32\Drivers\sptd.sys - copied to

quarantine
21:29:27.0524 10180 sptd ( LockedFile.Multi.Generic ) - User select

action: Quarantine


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Stephen :: STEPHEN-PC [administrator]

Protection: Enabled

7/24/2012 9:27:53 PM
mbam-log-2012-07-24 (21-27-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System |

Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204009
Time elapsed: 13 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\ProgramData\suuXcraeMz.cpl a variant of Win32/Delf.QAM trojan

cleaned by deleting - quarantined
C:\Windows\System32\NeroUpdate.exe a variant of Win32/Delf.QAM trojan

cleaned by deleting (after the next restart) - quarantined

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:57 PM

Posted 24 July 2012 - 08:46 PM

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Let me know if you still issues installing chrome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users