Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Happili, SCOUR and other redirects.


  • This topic is locked This topic is locked
38 replies to this topic

#1 mtownfootball44

mtownfootball44

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 04 May 2012 - 03:22 PM

My computer has had nmberous issues with malware and viruses. I am currently having extensive troubles with Happili and SCOUR redirects, along with a few other that will also appear. I was re-directed to post in this section from a moderator in another section on BleepingComputer. They stated to run steps 6-9 on the Preparation Guide. So I ran everything they listed. Below I have posted the DDS.txt and have attached the Attach.txt. (I have 64-bit Windows so could not run GMER). Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Collin at 16:05:06 on 2012-05-04
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Collin\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Users\Collin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Collin\Desktop\dds.scr
C:\Windows\SysWOW64\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
uRun: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Collin\AppData\Local\Akamai\netsession_win.exe"
uRun: [Adobe] rundll32.exe "C:\Users\Collin\AppData\Local\Apple\Adobe\weiplhyp.dll",DllRegisterServer
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [Dell PC TuneUp Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://rhnaccas1.net.towson.edu/auth/taweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4968C901-1293-43CB-B17C-A374A123E19B} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Fingerprint Software Extension - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
BHO-X64: Comcast Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [Dell PC TuneUp Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? EagleX64;EagleX64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate1cabb31fe8ebf40;Google Update Service (gupdate1cabb31fe8ebf40)
R? gupdatem;Google Update Service (gupdatem)
R? mfeavfk;McAfee Inc. mfeavfk
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? PerfHost;Performance Counter DLL Host
R? USBAAPL64;Apple Mobile USB Driver
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTFilters;Andrea ST Filters Service
S? Akamai;Akamai NetSession Interface
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? AntiSpywareService;Comcast AntiSpyware
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? ATService;AuthenTec Fingerprint Service
S? ATSwpWDF;AuthenTec TruePrint USB WDF Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? DockLoginService;Dock Login Service
S? ElRawDisk;ElRawDisk
S? FontCache;Windows Font Cache Service
S? ioloSystemService;iolo System Service
S? itecir;ITECIR Infrared Receiver
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? mfehidk;McAfee Inc. mfehidk
S? NACAgent;Cisco NAC Agent
S? NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit
S? OA001Ufd;Creative Camera OA001 Upper Filter Driver
S? OA001Vid;Creative Camera OA001 Function Driver
S? pcCMService;pcCMService
S? pcCMService64;pcCMService64
S? PxHlpa64;PxHlpa64
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-04-27 16:20:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-18 00:08:15 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-15 01:31:45 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\91A1.tmp.dat
2012-04-13 19:13:37 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-13 19:12:36 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 19:12:36 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-13 19:12:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-13 19:12:36 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-13 19:12:36 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-13 19:12:36 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 19:12:36 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 20:05:14 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 20:05:14 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-04-05 13:31:11 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco
.
==================== Find3M ====================
.
2012-04-18 00:08:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 14:11:54 49152 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-04-17 14:11:38 17920 ----a-w- C:\Windows\System32\smrgdf.exe
2012-04-17 13:37:06 2154032 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-04-17 13:37:02 2095816 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-04-17 12:25:02 31432 ----a-w- C:\Windows\System32\drivers\elrawdsk.sys
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 09:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 16:05:31.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 04 May 2012 - 10:13 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mtownfootball44

mtownfootball44
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 06 May 2012 - 10:52 PM

I followed the instructions you followed and will post the Security Check and ComboFix logs below. (As a side note, the first time I ran ComboFix I accidentally x-ed out of the note log, so I ran ComboFix again immedietly after. Sorry if this misstep caused any issues, mental error on my part). Thank you.

Security Check

Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
iolo technologies' System Mechanic
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
iolo Common Lib ioloServiceManager.exe
``````````End of Log````````````






ComboFix

ComboFix 12-05-06.04 - Collin 05/06/2012 23:32:03.5.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2338 [GMT -4:00]
Running from: c:\users\Collin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 03:38 . 2012-05-07 03:42 -------- d-----w- c:\users\Collin\AppData\Local\temp
2012-05-07 03:38 . 2012-05-07 03:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-07 03:38 . 2012-05-07 03:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-07 03:38 . 2012-05-07 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 03:38 . 2012-05-07 03:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-04 23:45 . 2012-05-04 23:45 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 16:20 . 2012-05-03 15:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 00:08 . 2012-05-05 16:07 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 01:31 . 2012-04-15 01:31 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\91A1.tmp.dat
2012-04-13 19:13 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 19:12 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 19:12 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 19:12 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 19:12 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-13 19:12 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 19:12 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 19:12 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:05 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 20:05 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 16:07 . 2011-05-19 17:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 14:11 . 2012-01-21 19:58 49152 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-04-17 14:11 . 2012-01-21 19:58 17920 ----a-w- c:\windows\system32\smrgdf.exe
2012-04-17 13:37 . 2012-01-21 20:00 2154032 ----a-w- c:\windows\system32\Incinerator64.dll
2012-04-17 13:37 . 2012-01-21 20:00 2095816 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-04-17 12:25 . 2012-01-21 19:59 31432 ----a-w- c:\windows\system32\drivers\elrawdsk.sys
2012-04-04 19:56 . 2011-01-15 15:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 02:29 . 2012-04-03 02:29 118272 ----a-w- c:\programdata\Microsoft\Windows\DRM\5BE1.tmp.dat
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:49 . 2012-03-13 23:59 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-13 23:59 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-13 23:59 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 23:59 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-13 23:59 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-13 23:59 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-13 23:59 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-13 23:59 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-13 23:59 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-13 23:59 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 07:13 . 2012-02-24 08:04 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A6E36E2-ABC0-4FC8-A8F6-E0BD1F665D28}\mpengine.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-07_03.22.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-05-07 03:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-05-07 03:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-05-07 03:19 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-05-07 03:40 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-05-07 03:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-05-07 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-07 03:19 . 2012-05-07 03:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-07 03:40 . 2012-05-07 03:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-07 03:19 . 2012-05-07 03:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-07 03:40 . 2012-05-07 03:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-05-07 00:57 672792 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-05-07 03:27 672792 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-05-07 03:27 132182 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-05-07 00:57 132182 c:\windows\system32\perfc009.dat
- 2011-05-19 19:33 . 2012-05-07 03:18 255328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-19 19:33 . 2012-05-07 03:38 255328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-19 19:33 . 2012-05-07 03:38 1659540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-350838838-2967598172-3116561866-1000-8192.dat
- 2011-05-19 19:33 . 2012-05-07 03:18 1659540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-350838838-2967598172-3116561866-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-05-05 1622488]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-13 2969496]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"Akamai NetSession Interface"="c:\users\Collin\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"Dell PC TuneUp Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-03-09 524512]
.
c:\users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-27 1196048]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 00:31]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 00:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-19 272896]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2011-12-06 2727936]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://rhnaccas1.net.towson.edu/auth/taweb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe
c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
c:\program files (x86)\Common Files\Motive\pcCMService.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\Common Files\Motive\pcContextHookShim.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2012-05-06 23:47:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-07 03:47
ComboFix2.txt 2012-05-07 03:28
ComboFix3.txt 2011-02-22 02:40
ComboFix4.txt 2011-02-19 02:22
.
Pre-Run: 233,837,539,328 bytes free
Post-Run: 233,669,545,984 bytes free
.
- - End Of File - - D3C2AE4F05E9CF17FD551BEC8393B4D7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 06 May 2012 - 10:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 08 May 2012 - 11:49 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 11 May 2012 - 11:16 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mtownfootball44

mtownfootball44
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 12 May 2012 - 05:58 PM

Sorry it took me a few days to respond, I had some things come up. Thank you for your patience though. I am still having the redirect virus issues though, they had gone away for a few days but have returned. Today I ran ComboFix again, since it had been a long time and that was the previous instruction you had outlined. After that I ran TDSSkiller and it ran fine (I will post the Report Log below). After this I installed aswMBR and allowed for the extra definitions. However, when I started the scan my computer went to blue screen and the scan didn't complete. I had no other programs running on my computer at the time also. And now, since the computer restarted after going to blue screen, Internet Explorer is not working at all. The browser window comes up, but it will not display any information on the window at all. I also have Google Chrome installed on my computer and it is working (with the Redirect issue still). Thank you.

TDSSkiller Report:


18:54:12.0184 4716 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:54:12.0417 4716 ============================================================
18:54:12.0417 4716 Current date / time: 2012/05/12 18:54:12.0417
18:54:12.0417 4716 SystemInfo:
18:54:12.0417 4716
18:54:12.0417 4716 OS Version: 6.0.6002 ServicePack: 2.0
18:54:12.0417 4716 Product type: Workstation
18:54:12.0417 4716 ComputerName: COLLIN-PC
18:54:12.0417 4716 UserName: Collin
18:54:12.0417 4716 Windows directory: C:\Windows
18:54:12.0417 4716 System windows directory: C:\Windows
18:54:12.0417 4716 Running under WOW64
18:54:12.0417 4716 Processor architecture: Intel x64
18:54:12.0417 4716 Number of processors: 2
18:54:12.0417 4716 Page size: 0x1000
18:54:12.0417 4716 Boot type: Normal boot
18:54:12.0417 4716 ============================================================
18:54:13.0890 4716 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:54:13.0898 4716 ============================================================
18:54:13.0899 4716 \Device\Harddisk0\DR0:
18:54:13.0899 4716 MBR partitions:
18:54:13.0899 4716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1388000
18:54:13.0899 4716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139B9C5, BlocksNum 0x240928EB
18:54:13.0899 4716 ============================================================
18:54:13.0954 4716 C: <-> \Device\Harddisk0\DR0\Partition1
18:54:14.0008 4716 D: <-> \Device\Harddisk0\DR0\Partition0
18:54:14.0009 4716 ============================================================
18:54:14.0009 4716 Initialize success
18:54:14.0009 4716 ============================================================
18:54:15.0070 4344 ============================================================
18:54:15.0070 4344 Scan started
18:54:15.0070 4344 Mode: Manual;
18:54:15.0070 4344 ============================================================
18:54:16.0890 4344 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:54:16.0896 4344 ACPI - ok
18:54:16.0994 4344 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:54:17.0011 4344 adp94xx - ok
18:54:17.0056 4344 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:54:17.0078 4344 adpahci - ok
18:54:17.0112 4344 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:54:17.0126 4344 adpu160m - ok
18:54:17.0153 4344 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:54:17.0163 4344 adpu320 - ok
18:54:17.0203 4344 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
18:54:17.0204 4344 AeLookupSvc - ok
18:54:17.0326 4344 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
18:54:17.0327 4344 AESTFilters - ok
18:54:17.0446 4344 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
18:54:17.0456 4344 AFD - ok
18:54:17.0501 4344 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:54:17.0502 4344 agp440 - ok
18:54:17.0553 4344 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:54:17.0555 4344 aic78xx - ok
18:54:17.0952 4344 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
18:54:17.0952 4344 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
18:54:17.0958 4344 Akamai ( HiddenFile.Multi.Generic ) - warning
18:54:17.0958 4344 Akamai - detected HiddenFile.Multi.Generic (1)
18:54:18.0372 4344 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
18:54:18.0374 4344 ALG - ok
18:54:18.0439 4344 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
18:54:18.0441 4344 aliide - ok
18:54:18.0546 4344 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
18:54:18.0548 4344 AMD External Events Utility - ok
18:54:18.0567 4344 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:54:18.0569 4344 amdide - ok
18:54:18.0593 4344 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:54:18.0595 4344 AmdK8 - ok
18:54:19.0421 4344 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
18:54:19.0679 4344 amdkmdag - ok
18:54:19.0893 4344 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:54:19.0899 4344 amdkmdap - ok
18:54:20.0065 4344 AntiSpywareService (03eccb9bf434817e47dee71efe8b690e) C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
18:54:20.0069 4344 AntiSpywareService - ok
18:54:20.0137 4344 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:54:20.0139 4344 ApfiltrService - ok
18:54:20.0191 4344 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
18:54:20.0192 4344 Appinfo - ok
18:54:20.0277 4344 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:54:20.0278 4344 Apple Mobile Device - ok
18:54:20.0341 4344 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:54:20.0344 4344 arc - ok
18:54:20.0376 4344 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:54:20.0379 4344 arcsas - ok
18:54:20.0414 4344 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:20.0415 4344 AsyncMac - ok
18:54:20.0446 4344 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:54:20.0446 4344 atapi - ok
18:54:20.0513 4344 AtiHDAudioService (9e66c9e321a7c596ca12d839a77fcb95) C:\Windows\system32\drivers\AtihdLH6.sys
18:54:20.0514 4344 AtiHDAudioService - ok
18:54:22.0112 4344 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
18:54:22.0174 4344 atikmdag - ok
18:54:22.0497 4344 ATService (bf4320ef1b088177435d6a6a879d4353) C:\Program Files (x86)\Fingerprint Sensor\ATService.exe
18:54:22.0507 4344 ATService - ok
18:54:22.0710 4344 ATSwpWDF (424541492074517ed738d5ebbf43cf90) C:\Windows\system32\Drivers\ATSwpWDF.sys
18:54:22.0714 4344 ATSwpWDF - ok
18:54:22.0813 4344 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:54:22.0871 4344 AudioEndpointBuilder - ok
18:54:22.0875 4344 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:54:22.0878 4344 AudioSrv - ok
18:54:23.0481 4344 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:54:23.0507 4344 AVGIDSAgent - ok
18:54:23.0695 4344 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:54:23.0696 4344 AVGIDSDriver - ok
18:54:23.0787 4344 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:54:23.0788 4344 AVGIDSFilter - ok
18:54:23.0837 4344 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
18:54:23.0838 4344 AVGIDSHA - ok
18:54:23.0879 4344 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
18:54:23.0881 4344 Avgldx64 - ok
18:54:23.0900 4344 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:54:23.0901 4344 Avgmfx64 - ok
18:54:23.0943 4344 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:54:23.0944 4344 Avgrkx64 - ok
18:54:23.0987 4344 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
18:54:23.0990 4344 Avgtdia - ok
18:54:24.0076 4344 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:54:24.0078 4344 avgwd - ok
18:54:24.0082 4344 Beep - ok
18:54:24.0206 4344 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
18:54:24.0222 4344 BFE - ok
18:54:24.0374 4344 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
18:54:24.0418 4344 BITS - ok
18:54:24.0461 4344 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:54:24.0463 4344 blbdrive - ok
18:54:24.0607 4344 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:54:24.0609 4344 Bonjour Service - ok
18:54:24.0714 4344 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:54:24.0716 4344 bowser - ok
18:54:24.0815 4344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:54:24.0816 4344 BrFiltLo - ok
18:54:24.0832 4344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:54:24.0833 4344 BrFiltUp - ok
18:54:24.0878 4344 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
18:54:24.0880 4344 Browser - ok
18:54:25.0047 4344 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:54:25.0049 4344 Brserid - ok
18:54:25.0088 4344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:54:25.0090 4344 BrSerWdm - ok
18:54:25.0102 4344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:54:25.0103 4344 BrUsbMdm - ok
18:54:25.0110 4344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:54:25.0111 4344 BrUsbSer - ok
18:54:25.0140 4344 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:54:25.0142 4344 BTHMODEM - ok
18:54:25.0160 4344 catchme - ok
18:54:25.0191 4344 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:54:25.0193 4344 cdfs - ok
18:54:25.0243 4344 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:54:25.0245 4344 cdrom - ok
18:54:25.0310 4344 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:54:25.0312 4344 CertPropSvc - ok
18:54:25.0328 4344 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:54:25.0330 4344 circlass - ok
18:54:25.0388 4344 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:54:25.0399 4344 CLFS - ok
18:54:25.0510 4344 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:54:25.0512 4344 clr_optimization_v2.0.50727_32 - ok
18:54:25.0566 4344 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:54:25.0568 4344 clr_optimization_v2.0.50727_64 - ok
18:54:25.0649 4344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:54:25.0650 4344 clr_optimization_v4.0.30319_32 - ok
18:54:25.0710 4344 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:54:25.0711 4344 clr_optimization_v4.0.30319_64 - ok
18:54:25.0749 4344 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:25.0750 4344 CmBatt - ok
18:54:25.0847 4344 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:54:25.0848 4344 cmdide - ok
18:54:25.0882 4344 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:54:25.0884 4344 Compbatt - ok
18:54:25.0886 4344 COMSysApp - ok
18:54:25.0893 4344 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:54:25.0894 4344 crcdisk - ok
18:54:25.0946 4344 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
18:54:25.0957 4344 CryptSvc - ok
18:54:26.0060 4344 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:54:26.0076 4344 DcomLaunch - ok
18:54:26.0103 4344 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:54:26.0106 4344 DfsC - ok
18:54:26.0486 4344 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
18:54:26.0564 4344 DFSR - ok
18:54:26.0794 4344 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
18:54:26.0831 4344 Dhcp - ok
18:54:26.0870 4344 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:54:26.0872 4344 disk - ok
18:54:26.0925 4344 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
18:54:26.0939 4344 Dnscache - ok
18:54:27.0040 4344 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
18:54:27.0041 4344 DockLoginService - ok
18:54:27.0085 4344 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
18:54:27.0095 4344 dot3svc - ok
18:54:27.0182 4344 DpHost (0c23bf4cddbecbaca8659a96c359e0dd) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
18:54:27.0184 4344 DpHost - ok
18:54:27.0263 4344 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
18:54:27.0287 4344 DPS - ok
18:54:27.0317 4344 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:54:27.0319 4344 drmkaud - ok
18:54:27.0428 4344 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:54:27.0433 4344 DXGKrnl - ok
18:54:27.0543 4344 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
18:54:27.0567 4344 e1express - ok
18:54:27.0601 4344 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:54:27.0613 4344 E1G60 - ok
18:54:27.0675 4344 EagleX64 (d52ba5254f28105ed80624580d93a776) C:\Windows\system32\drivers\EagleX64.sys
18:54:27.0690 4344 EagleX64 - ok
18:54:27.0722 4344 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
18:54:27.0724 4344 EapHost - ok
18:54:27.0813 4344 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:54:27.0836 4344 Ecache - ok
18:54:27.0914 4344 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
18:54:27.0978 4344 ehRecvr - ok
18:54:28.0006 4344 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
18:54:28.0019 4344 ehSched - ok
18:54:28.0048 4344 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
18:54:28.0049 4344 ehstart - ok
18:54:28.0092 4344 ElRawDisk (f21a07780bbd64adef872f50e8ce2e75) C:\Windows\system32\drivers\elrawdsk.sys
18:54:28.0093 4344 ElRawDisk - ok
18:54:28.0151 4344 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:54:28.0214 4344 elxstor - ok
18:54:28.0272 4344 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
18:54:28.0281 4344 EMDMgmt - ok
18:54:28.0300 4344 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:54:28.0301 4344 ErrDev - ok
18:54:28.0366 4344 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
18:54:28.0377 4344 EventSystem - ok
18:54:28.0410 4344 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:54:28.0420 4344 exfat - ok
18:54:28.0455 4344 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:54:28.0464 4344 fastfat - ok
18:54:28.0480 4344 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:54:28.0481 4344 fdc - ok
18:54:28.0510 4344 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
18:54:28.0511 4344 fdPHost - ok
18:54:28.0527 4344 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
18:54:28.0529 4344 FDResPub - ok
18:54:28.0541 4344 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:54:28.0544 4344 FileInfo - ok
18:54:28.0564 4344 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:54:28.0565 4344 Filetrace - ok
18:54:28.0585 4344 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:28.0586 4344 flpydisk - ok
18:54:28.0619 4344 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:54:28.0635 4344 FltMgr - ok
18:54:28.0922 4344 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
18:54:28.0979 4344 FontCache - ok
18:54:29.0054 4344 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:54:29.0055 4344 FontCache3.0.0.0 - ok
18:54:29.0126 4344 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:54:29.0128 4344 fssfltr - ok
18:54:29.0351 4344 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:54:29.0377 4344 fsssvc - ok
18:54:29.0526 4344 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
18:54:29.0528 4344 Fs_Rec - ok
18:54:29.0556 4344 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:54:29.0558 4344 gagp30kx - ok
18:54:29.0601 4344 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:54:29.0602 4344 GEARAspiWDM - ok
18:54:29.0672 4344 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
18:54:29.0674 4344 GoToAssist - ok
18:54:29.0763 4344 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
18:54:29.0779 4344 gpsvc - ok
18:54:29.0856 4344 gupdate1cabb31fe8ebf40 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:54:29.0857 4344 gupdate1cabb31fe8ebf40 - ok
18:54:29.0871 4344 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:54:29.0872 4344 gupdatem - ok
18:54:29.0920 4344 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:54:29.0922 4344 gusvc - ok
18:54:29.0973 4344 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
18:54:29.0990 4344 HdAudAddService - ok
18:54:30.0097 4344 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:54:30.0122 4344 HDAudBus - ok
18:54:30.0145 4344 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:54:30.0147 4344 HidBth - ok
18:54:30.0172 4344 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
18:54:30.0174 4344 HidIr - ok
18:54:30.0200 4344 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
18:54:30.0202 4344 hidserv - ok
18:54:30.0231 4344 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:54:30.0232 4344 HidUsb - ok
18:54:30.0261 4344 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
18:54:30.0263 4344 hkmsvc - ok
18:54:30.0300 4344 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:54:30.0302 4344 HpCISSs - ok
18:54:30.0366 4344 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:54:30.0386 4344 HTTP - ok
18:54:30.0403 4344 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:54:30.0404 4344 i2omp - ok
18:54:30.0445 4344 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:54:30.0447 4344 i8042prt - ok
18:54:30.0488 4344 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:54:30.0516 4344 iaStorV - ok
18:54:30.0743 4344 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:54:30.0759 4344 idsvc - ok
18:54:30.0780 4344 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:54:30.0782 4344 iirsp - ok
18:54:30.0844 4344 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
18:54:30.0862 4344 IKEEXT - ok
18:54:30.0893 4344 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:54:30.0894 4344 intelide - ok
18:54:30.0917 4344 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:54:30.0918 4344 intelppm - ok
18:54:31.0096 4344 ioloSystemService (440a02fa25be8dccd2103d820036eda1) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
18:54:31.0102 4344 ioloSystemService - ok
18:54:31.0132 4344 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
18:54:31.0134 4344 IPBusEnum - ok
18:54:31.0164 4344 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:54:31.0166 4344 IpFilterDriver - ok
18:54:31.0226 4344 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
18:54:31.0235 4344 iphlpsvc - ok
18:54:31.0237 4344 IpInIp - ok
18:54:31.0270 4344 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:54:31.0273 4344 IPMIDRV - ok
18:54:31.0290 4344 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:54:31.0304 4344 IPNAT - ok
18:54:31.0451 4344 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:54:31.0456 4344 iPod Service - ok
18:54:31.0476 4344 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:54:31.0478 4344 IRENUM - ok
18:54:31.0504 4344 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:54:31.0506 4344 isapnp - ok
18:54:31.0569 4344 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:54:31.0571 4344 iScsiPrt - ok
18:54:31.0613 4344 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:54:31.0615 4344 iteatapi - ok
18:54:31.0649 4344 itecir (e157d6b89d87a1b467ecdd66d280a1c2) C:\Windows\system32\DRIVERS\itecir.sys
18:54:31.0650 4344 itecir - ok
18:54:31.0698 4344 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:54:31.0699 4344 iteraid - ok
18:54:31.0773 4344 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
18:54:31.0775 4344 ITMRTSVC - ok
18:54:31.0858 4344 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:54:31.0909 4344 k57nd60a - ok
18:54:31.0952 4344 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:54:31.0953 4344 kbdclass - ok
18:54:32.0007 4344 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:54:32.0009 4344 kbdhid - ok
18:54:32.0041 4344 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:54:32.0042 4344 KeyIso - ok
18:54:32.0128 4344 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
18:54:32.0171 4344 KSecDD - ok
18:54:32.0213 4344 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:54:32.0215 4344 ksthunk - ok
18:54:32.0357 4344 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
18:54:32.0365 4344 KtmRm - ok
18:54:32.0443 4344 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
18:54:32.0453 4344 LanmanServer - ok
18:54:32.0504 4344 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
18:54:32.0509 4344 LanmanWorkstation - ok
18:54:32.0626 4344 LBTServ (4d25a79a9f67a7e2d8d5382e75fcb124) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
18:54:32.0627 4344 LBTServ - ok
18:54:32.0669 4344 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:54:32.0670 4344 LHidFilt - ok
18:54:32.0694 4344 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:54:32.0695 4344 lltdio - ok
18:54:32.0738 4344 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
18:54:32.0774 4344 lltdsvc - ok
18:54:32.0793 4344 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
18:54:32.0794 4344 lmhosts - ok
18:54:32.0815 4344 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:54:32.0817 4344 LMouFilt - ok
18:54:32.0858 4344 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:54:32.0873 4344 LSI_FC - ok
18:54:32.0899 4344 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:54:32.0902 4344 LSI_SAS - ok
18:54:32.0941 4344 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:54:32.0944 4344 LSI_SCSI - ok
18:54:32.0970 4344 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:54:32.0985 4344 luafv - ok
18:54:33.0008 4344 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
18:54:33.0011 4344 Mcx2Svc - ok
18:54:33.0026 4344 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:54:33.0027 4344 megasas - ok
18:54:33.0079 4344 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:54:33.0097 4344 MegaSR - ok
18:54:33.0141 4344 mfeavfk (e9266b1be3b2110277e5f1071f05f3d9) C:\Windows\system32\drivers\mfeavfk.sys
18:54:33.0143 4344 mfeavfk - ok
18:54:33.0190 4344 mfehidk (4216409c03faceb8331708884b7c8abb) C:\Windows\system32\drivers\mfehidk.sys
18:54:33.0192 4344 mfehidk - ok
18:54:33.0222 4344 mferkdk (87a4b421520bcdc3eb9c2e39292dd81d) C:\Windows\system32\drivers\mferkdk.sys
18:54:33.0224 4344 mferkdk - ok
18:54:33.0257 4344 mfesmfk (03a7b08beb5d607f801ab455f87a6508) C:\Windows\system32\drivers\mfesmfk.sys
18:54:33.0259 4344 mfesmfk - ok
18:54:33.0272 4344 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:54:33.0274 4344 MMCSS - ok
18:54:33.0297 4344 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:54:33.0299 4344 Modem - ok
18:54:33.0318 4344 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:54:33.0320 4344 monitor - ok
18:54:33.0343 4344 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:54:33.0344 4344 mouclass - ok
18:54:33.0360 4344 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:54:33.0361 4344 mouhid - ok
18:54:33.0379 4344 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:54:33.0381 4344 MountMgr - ok
18:54:33.0423 4344 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:54:33.0436 4344 mpio - ok
18:54:33.0453 4344 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:54:33.0455 4344 mpsdrv - ok
18:54:33.0546 4344 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
18:54:33.0566 4344 MpsSvc - ok
18:54:33.0581 4344 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:54:33.0582 4344 Mraid35x - ok
18:54:33.0681 4344 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
18:54:33.0682 4344 MREMP50 - ok
18:54:33.0783 4344 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
18:54:33.0784 4344 MREMP50a64 - ok
18:54:33.0786 4344 MREMPR5 - ok
18:54:33.0789 4344 MRENDIS5 - ok
18:54:33.0870 4344 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
18:54:33.0872 4344 MRESP50 - ok
18:54:33.0891 4344 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
18:54:33.0893 4344 MRESP50a64 - ok
18:54:33.0927 4344 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:54:33.0940 4344 MRxDAV - ok
18:54:33.0976 4344 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:54:33.0988 4344 mrxsmb - ok
18:54:34.0033 4344 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:54:34.0049 4344 mrxsmb10 - ok
18:54:34.0068 4344 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:54:34.0072 4344 mrxsmb20 - ok
18:54:34.0112 4344 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
18:54:34.0113 4344 msahci - ok
18:54:34.0158 4344 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:54:34.0160 4344 msdsm - ok
18:54:34.0198 4344 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
18:54:34.0202 4344 MSDTC - ok
18:54:34.0218 4344 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:54:34.0219 4344 Msfs - ok
18:54:34.0249 4344 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:54:34.0250 4344 msisadrv - ok
18:54:34.0283 4344 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
18:54:34.0317 4344 MSiSCSI - ok
18:54:34.0319 4344 msiserver - ok
18:54:34.0349 4344 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:54:34.0350 4344 MSKSSRV - ok
18:54:34.0369 4344 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:54:34.0370 4344 MSPCLOCK - ok
18:54:34.0382 4344 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:54:34.0384 4344 MSPQM - ok
18:54:34.0424 4344 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:54:34.0482 4344 MsRPC - ok
18:54:34.0509 4344 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:54:34.0509 4344 mssmbios - ok
18:54:34.0529 4344 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:54:34.0530 4344 MSTEE - ok
18:54:34.0604 4344 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:54:34.0605 4344 Mup - ok
18:54:34.0770 4344 NACAgent (4fdde4568415ee067750840ba5ae0657) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
18:54:34.0776 4344 NACAgent - ok
18:54:34.0871 4344 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
18:54:34.0932 4344 napagent - ok
18:54:35.0022 4344 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:54:35.0076 4344 NativeWifiP - ok
18:54:35.0164 4344 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:54:35.0176 4344 NDIS - ok
18:54:35.0206 4344 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:54:35.0208 4344 NdisTapi - ok
18:54:35.0223 4344 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:54:35.0225 4344 Ndisuio - ok
18:54:35.0265 4344 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:54:35.0276 4344 NdisWan - ok
18:54:35.0400 4344 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:54:35.0402 4344 NDProxy - ok
18:54:35.0435 4344 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:54:35.0437 4344 NetBIOS - ok
18:54:35.0482 4344 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:54:35.0489 4344 netbt - ok
18:54:35.0521 4344 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:54:35.0522 4344 Netlogon - ok
18:54:35.0596 4344 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
18:54:35.0618 4344 Netman - ok
18:54:35.0697 4344 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
18:54:35.0704 4344 netprofm - ok
18:54:35.0798 4344 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:54:35.0835 4344 NetTcpPortSharing - ok
18:54:36.0513 4344 NETw5v64 (6d27b976934afc67f09a9553c2ce1309) C:\Windows\system32\DRIVERS\NETw5v64.sys
18:54:36.0691 4344 NETw5v64 - ok
18:54:36.0856 4344 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:54:36.0858 4344 nfrd960 - ok
18:54:36.0893 4344 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
18:54:36.0901 4344 NlaSvc - ok
18:54:36.0930 4344 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:54:36.0931 4344 Npfs - ok
18:54:36.0955 4344 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
18:54:36.0956 4344 nsi - ok
18:54:36.0969 4344 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:54:36.0971 4344 nsiproxy - ok
18:54:37.0149 4344 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:54:37.0175 4344 Ntfs - ok
18:54:37.0331 4344 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:54:37.0332 4344 Null - ok
18:54:37.0379 4344 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:54:37.0393 4344 nvraid - ok
18:54:37.0417 4344 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:54:37.0418 4344 nvstor - ok
18:54:37.0440 4344 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:54:37.0454 4344 nv_agp - ok
18:54:37.0457 4344 NwlnkFlt - ok
18:54:37.0461 4344 NwlnkFwd - ok
18:54:37.0512 4344 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
18:54:37.0524 4344 OA001Ufd - ok
18:54:37.0587 4344 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
18:54:37.0593 4344 OA001Vid - ok
18:54:37.0919 4344 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:54:37.0921 4344 odserv - ok
18:54:37.0983 4344 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:54:37.0984 4344 ohci1394 - ok
18:54:38.0061 4344 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:54:38.0064 4344 ose - ok
18:54:38.0270 4344 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:54:38.0291 4344 p2pimsvc - ok
18:54:38.0298 4344 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:54:38.0303 4344 p2psvc - ok
18:54:38.0346 4344 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:54:38.0349 4344 Parport - ok
18:54:38.0378 4344 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
18:54:38.0380 4344 partmgr - ok
18:54:38.0426 4344 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
18:54:38.0429 4344 PcaSvc - ok
18:54:38.0509 4344 pcCMService (9c049acd0cb71931af89e055427dfac9) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
18:54:38.0511 4344 pcCMService - ok
18:54:38.0701 4344 pcCMService64 (d8c295d4f9d0dcc03de7ff006c1f3034) C:\Program Files\Common Files\Motive\pcCMService.exe
18:54:38.0704 4344 pcCMService64 - ok
18:54:38.0739 4344 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:54:38.0741 4344 pci - ok
18:54:38.0786 4344 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
18:54:38.0787 4344 pciide - ok
18:54:38.0822 4344 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:54:38.0898 4344 pcmcia - ok
18:54:38.0973 4344 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:54:38.0990 4344 PEAUTH - ok
18:54:39.0148 4344 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
18:54:39.0150 4344 PerfHost - ok
18:54:39.0386 4344 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
18:54:39.0438 4344 pla - ok
18:54:39.0494 4344 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
18:54:39.0518 4344 PlugPlay - ok
18:54:39.0686 4344 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:54:39.0692 4344 PNRPAutoReg - ok
18:54:39.0700 4344 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:54:39.0705 4344 PNRPsvc - ok
18:54:39.0840 4344 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
18:54:39.0871 4344 PolicyAgent - ok
18:54:39.0935 4344 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:54:39.0938 4344 PptpMiniport - ok
18:54:39.0965 4344 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:54:39.0966 4344 Processor - ok
18:54:40.0010 4344 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
18:54:40.0021 4344 ProfSvc - ok
18:54:40.0045 4344 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:54:40.0046 4344 ProtectedStorage - ok
18:54:40.0087 4344 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:54:40.0089 4344 PSched - ok
18:54:40.0131 4344 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:54:40.0133 4344 PxHlpa64 - ok
18:54:40.0245 4344 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:54:40.0291 4344 ql2300 - ok
18:54:40.0321 4344 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:54:40.0335 4344 ql40xx - ok
18:54:40.0384 4344 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
18:54:40.0400 4344 QWAVE - ok
18:54:40.0414 4344 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:54:40.0415 4344 QWAVEdrv - ok
18:54:41.0494 4344 R300 (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
18:54:41.0550 4344 R300 - ok
18:54:41.0663 4344 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:54:41.0664 4344 RasAcd - ok
18:54:41.0703 4344 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
18:54:41.0706 4344 RasAuto - ok
18:54:41.0754 4344 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:54:41.0768 4344 Rasl2tp - ok
18:54:41.0811 4344 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
18:54:41.0826 4344 RasMan - ok
18:54:41.0850 4344 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:54:41.0852 4344 RasPppoe - ok
18:54:41.0876 4344 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:54:41.0879 4344 RasSstp - ok
18:54:41.0916 4344 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:54:41.0964 4344 rdbss - ok
18:54:41.0984 4344 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:54:41.0985 4344 RDPCDD - ok
18:54:42.0027 4344 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:54:42.0051 4344 rdpdr - ok
18:54:42.0068 4344 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:54:42.0069 4344 RDPENCDD - ok
18:54:42.0145 4344 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
18:54:42.0150 4344 RDPWD - ok
18:54:42.0221 4344 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
18:54:42.0223 4344 RemoteAccess - ok
18:54:42.0261 4344 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
18:54:42.0271 4344 RemoteRegistry - ok
18:54:42.0295 4344 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
18:54:42.0297 4344 rimmptsk - ok
18:54:42.0320 4344 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
18:54:42.0322 4344 rimsptsk - ok
18:54:42.0354 4344 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
18:54:42.0356 4344 rismxdp - ok
18:54:42.0376 4344 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
18:54:42.0377 4344 RpcLocator - ok
18:54:42.0469 4344 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:54:42.0474 4344 RpcSs - ok
18:54:42.0504 4344 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:54:42.0506 4344 rspndr - ok
18:54:42.0524 4344 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:54:42.0525 4344 SamSs - ok
18:54:42.0545 4344 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:54:42.0548 4344 sbp2port - ok
18:54:42.0587 4344 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
18:54:42.0600 4344 SCardSvr - ok
18:54:42.0715 4344 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
18:54:42.0732 4344 Schedule - ok
18:54:42.0764 4344 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:54:42.0765 4344 SCPolicySvc - ok
18:54:42.0802 4344 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
18:54:42.0816 4344 sdbus - ok
18:54:42.0851 4344 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
18:54:42.0864 4344 SDRSVC - ok
18:54:42.0891 4344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:54:42.0893 4344 secdrv - ok
18:54:42.0912 4344 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
18:54:42.0914 4344 seclogon - ok
18:54:42.0925 4344 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
18:54:42.0927 4344 SENS - ok
18:54:42.0938 4344 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:54:42.0940 4344 Serenum - ok
18:54:42.0963 4344 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:54:42.0965 4344 Serial - ok
18:54:42.0979 4344 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:54:42.0980 4344 sermouse - ok
18:54:43.0005 4344 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
18:54:43.0008 4344 SessionEnv - ok
18:54:43.0029 4344 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
18:54:43.0030 4344 sffdisk - ok
18:54:43.0040 4344 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:54:43.0042 4344 sffp_mmc - ok
18:54:43.0073 4344 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:54:43.0075 4344 sffp_sd - ok
18:54:43.0093 4344 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:54:43.0094 4344 sfloppy - ok
18:54:43.0145 4344 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
18:54:43.0157 4344 SharedAccess - ok
18:54:43.0203 4344 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
18:54:43.0219 4344 ShellHWDetection - ok
18:54:43.0241 4344 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:54:43.0242 4344 SiSRaid2 - ok
18:54:43.0266 4344 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:54:43.0269 4344 SiSRaid4 - ok
18:54:43.0516 4344 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
18:54:43.0531 4344 slsvc - ok
18:54:43.0626 4344 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
18:54:43.0628 4344 SLUINotify - ok
18:54:43.0671 4344 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:54:43.0674 4344 Smb - ok
18:54:43.0704 4344 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
18:54:43.0706 4344 SNMPTRAP - ok
18:54:43.0737 4344 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:54:43.0738 4344 spldr - ok
18:54:43.0779 4344 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
18:54:43.0782 4344 Spooler - ok
18:54:43.0846 4344 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:54:43.0895 4344 srv - ok
18:54:43.0950 4344 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:54:43.0962 4344 srv2 - ok
18:54:43.0987 4344 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:54:44.0011 4344 srvnet - ok
18:54:44.0050 4344 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
18:54:44.0060 4344 SSDPSRV - ok
18:54:44.0105 4344 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
18:54:44.0117 4344 SstpSvc - ok
18:54:44.0253 4344 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
18:54:44.0255 4344 STacSV - ok
18:54:44.0356 4344 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
18:54:44.0365 4344 STHDA - ok
18:54:44.0440 4344 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
18:54:44.0501 4344 stisvc - ok
18:54:44.0827 4344 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:54:44.0830 4344 stllssvr - ok
18:54:44.0879 4344 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:54:44.0880 4344 swenum - ok
18:54:44.0990 4344 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
18:54:45.0009 4344 swprv - ok
18:54:45.0031 4344 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:54:45.0033 4344 Symc8xx - ok
18:54:45.0046 4344 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:54:45.0048 4344 Sym_hi - ok
18:54:45.0076 4344 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:54:45.0078 4344 Sym_u3 - ok
18:54:45.0292 4344 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
18:54:45.0364 4344 SysMain - ok
18:54:45.0400 4344 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
18:54:45.0402 4344 TabletInputService - ok
18:54:45.0446 4344 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
18:54:45.0460 4344 TapiSrv - ok
18:54:45.0474 4344 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
18:54:45.0476 4344 TBS - ok
18:54:45.0784 4344 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
18:54:45.0793 4344 Tcpip - ok
18:54:45.0847 4344 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
18:54:45.0855 4344 Tcpip6 - ok
18:54:45.0881 4344 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:54:45.0883 4344 tcpipreg - ok
18:54:45.0911 4344 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:54:45.0913 4344 TDPIPE - ok
18:54:45.0934 4344 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:54:45.0936 4344 TDTCP - ok
18:54:45.0957 4344 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:54:45.0985 4344 tdx - ok
18:54:46.0016 4344 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:54:46.0017 4344 TermDD - ok
18:54:46.0084 4344 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
18:54:46.0126 4344 TermService - ok
18:54:46.0171 4344 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
18:54:46.0174 4344 Themes - ok
18:54:46.0200 4344 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:54:46.0201 4344 THREADORDER - ok
18:54:46.0234 4344 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
18:54:46.0304 4344 TrkWks - ok
18:54:46.0335 4344 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
18:54:46.0336 4344 TrustedInstaller - ok
18:54:46.0367 4344 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:54:46.0368 4344 tssecsrv - ok
18:54:46.0402 4344 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:54:46.0404 4344 tunmp - ok
18:54:46.0430 4344 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:54:46.0431 4344 tunnel - ok
18:54:46.0452 4344 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:54:46.0454 4344 uagp35 - ok
18:54:46.0504 4344 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:54:46.0520 4344 udfs - ok
18:54:46.0553 4344 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
18:54:46.0555 4344 UI0Detect - ok
18:54:46.0577 4344 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:54:46.0580 4344 uliagpkx - ok
18:54:46.0612 4344 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:54:46.0628 4344 uliahci - ok
18:54:46.0653 4344 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:54:46.0666 4344 UlSata - ok
18:54:46.0689 4344 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:54:46.0700 4344 ulsata2 - ok
18:54:46.0737 4344 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:54:46.0738 4344 umbus - ok
18:54:46.0795 4344 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
18:54:46.0829 4344 upnphost - ok
18:54:46.0865 4344 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:54:46.0867 4344 USBAAPL64 - ok
18:54:46.0916 4344 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:54:46.0919 4344 usbccgp - ok
18:54:46.0946 4344 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:54:46.0949 4344 usbcir - ok
18:54:46.0993 4344 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:54:46.0994 4344 usbehci - ok
18:54:47.0033 4344 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:54:47.0063 4344 usbhub - ok
18:54:47.0083 4344 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:54:47.0085 4344 usbohci - ok
18:54:47.0125 4344 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:54:47.0127 4344 usbprint - ok
18:54:47.0178 4344 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:54:47.0180 4344 usbscan - ok
18:54:47.0198 4344 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:54:47.0200 4344 USBSTOR - ok
18:54:47.0234 4344 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:54:47.0235 4344 usbuhci - ok
18:54:47.0266 4344 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
18:54:47.0268 4344 UxSms - ok
18:54:47.0313 4344 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
18:54:47.0331 4344 vds - ok
18:54:47.0336 4344 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:54:47.0338 4344 vga - ok
18:54:47.0353 4344 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:54:47.0354 4344 VgaSave - ok
18:54:47.0384 4344 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:54:47.0386 4344 viaide - ok
18:54:47.0420 4344 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:54:47.0422 4344 volmgr - ok
18:54:47.0481 4344 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:54:47.0510 4344 volmgrx - ok
18:54:47.0549 4344 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:54:47.0566 4344 volsnap - ok
18:54:47.0604 4344 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:54:47.0608 4344 vsmraid - ok
18:54:47.0756 4344 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
18:54:47.0787 4344 VSS - ok
18:54:47.0834 4344 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
18:54:47.0845 4344 W32Time - ok
18:54:47.0876 4344 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:54:47.0877 4344 WacomPen - ok
18:54:47.0904 4344 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:47.0906 4344 Wanarp - ok
18:54:47.0909 4344 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:47.0910 4344 Wanarpv6 - ok
18:54:47.0974 4344 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
18:54:47.0995 4344 wcncsvc - ok
18:54:48.0025 4344 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
18:54:48.0028 4344 WcsPlugInService - ok
18:54:48.0033 4344 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:54:48.0034 4344 Wd - ok
18:54:48.0149 4344 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:54:48.0185 4344 Wdf01000 - ok
18:54:48.0208 4344 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:54:48.0211 4344 WdiServiceHost - ok
18:54:48.0214 4344 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:54:48.0216 4344 WdiSystemHost - ok
18:54:48.0271 4344 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
18:54:48.0280 4344 WebClient - ok
18:54:48.0330 4344 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
18:54:48.0338 4344 Wecsvc - ok
18:54:48.0374 4344 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
18:54:48.0377 4344 wercplsupport - ok
18:54:48.0400 4344 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
18:54:48.0414 4344 WerSvc - ok
18:54:48.0463 4344 WinDefend - ok
18:54:48.0469 4344 WinHttpAutoProxySvc - ok
18:54:48.0545 4344 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
18:54:48.0553 4344 Winmgmt - ok
18:54:48.0825 4344 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
18:54:48.0899 4344 WinRM - ok
18:54:49.0034 4344 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
18:54:49.0054 4344 Wlansvc - ok
18:54:49.0141 4344 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:54:49.0142 4344 wlcrasvc - ok
18:54:49.0560 4344 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:54:49.0572 4344 wlidsvc - ok
18:54:49.0806 4344 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:54:49.0807 4344 WmiAcpi - ok
18:54:49.0876 4344 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
18:54:49.0929 4344 wmiApSrv - ok
18:54:49.0972 4344 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
18:54:49.0985 4344 WPCSvc - ok
18:54:50.0040 4344 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
18:54:50.0055 4344 WPDBusEnum - ok
18:54:50.0082 4344 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:54:50.0084 4344 WpdUsb - ok
18:54:50.0287 4344 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:54:50.0295 4344 WPFFontCache_v0400 - ok
18:54:50.0334 4344 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:54:50.0335 4344 ws2ifsl - ok
18:54:50.0368 4344 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
18:54:50.0371 4344 wscsvc - ok
18:54:50.0374 4344 WSearch - ok
18:54:50.0602 4344 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
18:54:50.0652 4344 wuauserv - ok
18:54:50.0781 4344 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:54:50.0784 4344 WUDFRd - ok
18:54:50.0821 4344 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
18:54:50.0824 4344 wudfsvc - ok
18:54:50.0926 4344 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:54:50.0946 4344 YahooAUService - ok
18:54:50.0965 4344 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:54:51.0020 4344 \Device\Harddisk0\DR0 - ok
18:54:51.0031 4344 Boot (0x1200) (ab52876bda9b0217505a04991d33c923) \Device\Harddisk0\DR0\Partition0
18:54:51.0032 4344 \Device\Harddisk0\DR0\Partition0 - ok
18:54:51.0035 4344 Boot (0x1200) (11c5abfc4f6be70d79d9de6352adfded) \Device\Harddisk0\DR0\Partition1
18:54:51.0037 4344 \Device\Harddisk0\DR0\Partition1 - ok
18:54:51.0037 4344 ============================================================
18:54:51.0037 4344 Scan finished
18:54:51.0037 4344 ============================================================
18:54:51.0046 3160 Detected object count: 1
18:54:51.0046 3160 Actual detected object count: 1
18:54:54.0793 3160 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:54:54.0793 3160 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#8 mtownfootball44

mtownfootball44
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 12 May 2012 - 06:29 PM

I did rerun aswMBR after that last post and it did successfully run without any issues. I will post the Report Log below.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 18:58:52
-----------------------------
18:58:52.550 OS Version: Windows x64 6.0.6002 Service Pack 2
18:58:52.550 Number of processors: 2 586 0x1706
18:58:52.550 ComputerName: COLLIN-PC UserName: Collin
18:58:53.891 Initialize success
18:59:04.452 AVAST engine defs: 12051201
18:59:06.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:59:06.246 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 3
18:59:06.278 Disk 0 MBR read successfully
18:59:06.278 Disk 0 MBR scan
18:59:06.278 Disk 0 Windows VISTA default MBR code
18:59:06.293 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:59:06.324 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 80325
18:59:06.324 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 295205 MB offset 20560325
18:59:06.371 Disk 0 scanning C:\Windows\system32\drivers
18:59:18.898 Service scanning
18:59:50.958 Modules scanning
18:59:50.958 Disk 0 trace - called modules:
18:59:50.989 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:59:51.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e36060]
18:59:51.005 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bda060]
18:59:52.830 AVAST engine scan C:\Windows
18:59:57.338 AVAST engine scan C:\Windows\system32
19:04:53.573 AVAST engine scan C:\Windows\system32\drivers
19:05:08.252 AVAST engine scan C:\Users\Collin
19:05:13.244 File: C:\Users\Collin\AppData\Local\Apple\Adobe\doxyvhk.dll **INFECTED** Win32:Sefnit-GT [Drp]
19:05:19.781 File: C:\Users\Collin\AppData\Local\ATI\Apps\zoebrjzmv.dll **INFECTED** Win32:Sefnit-GU [Drp]
19:05:20.327 File: C:\Users\Collin\AppData\Local\Citrix\ATI\xyqwy.dll **INFECTED** Win32:Sefnit-GT [Drp]
19:14:54.080 Disk 0 MBR has been saved successfully to "C:\Users\Collin\Documents\MBR.dat"
19:14:54.080 The log file has been saved successfully to "C:\Users\Collin\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 18:58:52
-----------------------------
18:58:52.550 OS Version: Windows x64 6.0.6002 Service Pack 2
18:58:52.550 Number of processors: 2 586 0x1706
18:58:52.550 ComputerName: COLLIN-PC UserName: Collin
18:58:53.891 Initialize success
18:59:04.452 AVAST engine defs: 12051201
18:59:06.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:59:06.246 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 3
18:59:06.278 Disk 0 MBR read successfully
18:59:06.278 Disk 0 MBR scan
18:59:06.278 Disk 0 Windows VISTA default MBR code
18:59:06.293 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:59:06.324 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 80325
18:59:06.324 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 295205 MB offset 20560325
18:59:06.371 Disk 0 scanning C:\Windows\system32\drivers
18:59:18.898 Service scanning
18:59:50.958 Modules scanning
18:59:50.958 Disk 0 trace - called modules:
18:59:50.989 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:59:51.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e36060]
18:59:51.005 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bda060]
18:59:52.830 AVAST engine scan C:\Windows
18:59:57.338 AVAST engine scan C:\Windows\system32
19:04:53.573 AVAST engine scan C:\Windows\system32\drivers
19:05:08.252 AVAST engine scan C:\Users\Collin
19:05:13.244 File: C:\Users\Collin\AppData\Local\Apple\Adobe\doxyvhk.dll **INFECTED** Win32:Sefnit-GT [Drp]
19:05:19.781 File: C:\Users\Collin\AppData\Local\ATI\Apps\zoebrjzmv.dll **INFECTED** Win32:Sefnit-GU [Drp]
19:05:20.327 File: C:\Users\Collin\AppData\Local\Citrix\ATI\xyqwy.dll **INFECTED** Win32:Sefnit-GT [Drp]
19:14:54.080 Disk 0 MBR has been saved successfully to "C:\Users\Collin\Documents\MBR.dat"
19:14:54.080 The log file has been saved successfully to "C:\Users\Collin\Documents\aswMBR.txt"
19:16:23.070 File: C:\Users\Collin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\3729c3c1-4c414c31 **INFECTED** Win32:Sirefef-WF [Trj]
19:23:37.489 AVAST engine scan C:\ProgramData
19:26:38.458 File: C:\ProgramData\Microsoft\Windows\DRM\5BE1.tmp.dat **INFECTED** Win32:MalOb-HP [Cryp]
19:26:38.552 File: C:\ProgramData\Microsoft\Windows\DRM\91A1.tmp.dat **INFECTED** Win32:Alureon-ASW [Trj]
19:27:48.315 Scan finished successfully
19:28:25.521 Disk 0 MBR has been saved successfully to "C:\Users\Collin\Documents\MBR.dat"
19:28:25.552 The log file has been saved successfully to "C:\Users\Collin\Documents\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 12 May 2012 - 08:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Microsoft\Windows\DRM
C:\Users\Collin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1

File::
C:\Users\Collin\AppData\Local\Apple\Adobe\doxyvhk.dll
C:\Users\Collin\AppData\Local\ATI\Apps\zoebrjzmv.dll
C:\Users\Collin\AppData\Local\Citrix\ATI\xyqwy.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mtownfootball44

mtownfootball44
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 12 May 2012 - 09:48 PM

So I did as you instructed and ran ComboFix with the .txt prompt. And ComboFix ran and everything, and restarted my computer, but it did not come back on once my computer restarted. I guess I will attempt to run it again with the .txt script and all.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 12 May 2012 - 09:54 PM

greetings

lets see if it made a report



extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo

Edited by gringo_pr, 12 May 2012 - 09:54 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mtownfootball44

mtownfootball44
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 May 2012 - 03:21 PM

Could not find anything. Should I run ComboFix with the CFScript.txt again?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 13 May 2012 - 10:13 PM

Yes run it once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mtownfootball44

mtownfootball44
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 15 May 2012 - 12:40 PM

I attempted to run the CFScript.txt with ComboFix once again and again it ran, restarted, and then never presented a report and no report exists on the computer. I still am having bad problems with the redirect virus (SCOUR primarily) and additionally, Internet Explorer still does not work at all since one of our previous steps (I can not open any webpage on it).

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 15 May 2012 - 12:57 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users