Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some type of google redirecting virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 Kewlone

Kewlone

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 21 March 2012 - 03:39 PM

When clicking on search results and some web site links I am redirected to bogus search sites/results including 63.209.69.107. I normally am able to research and remove viruses on my own but this one has me stumped. I have tried TDSSKiller, Combofix(before coming here. Now I understand to only use when directed to from now on), SuperantiSpyware, Avast, AD-Aware, Hitman Pro, and spybot S/D. I really appreciate any help you can give!

P.S. I am using windows 64 bit so I did not get a Gmer report. Hope I read the instructions correctly.
Attached File  Attach.txt   14.06KB   2 downloads
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by owner at 14:50:36 on 2012-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7932.5556 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: MRI_DISABLED - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {26193d99-2718-27f0-643e-09ad73aa1e85} - C:\Windows\SysWow64\FXSSXXP32.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2D8BF439-2D9F-420C-9A91-DEF0C5E1C4ED} : DhcpNameServer = 40.4.1.100
TCP: Interfaces\{73BEAA2C-4381-439D-9046-C279021B7B7E} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: MRI_DISABLED - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: HelloWorldBHO - No File
BHO-X64: HP Smart BHO Class - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO-X64: Skype add-on (mastermind) - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {26193D99-2718-27F0-643E-09AD73AA1E85} - C:\Windows\SysWow64\FXSSXXP32.dll
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-15 44768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2009-12-2 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
RUnknown pavboot;pavboot; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-17 17152]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-21 18:55:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6728B6B-FA8D-4C3B-97BB-2D7F1CCE0632}\offreg.dll
2012-03-21 18:40:52 -------- d-----w- C:\sh4ldr
2012-03-21 18:40:52 -------- d-----w- C:\Program Files\Enigma Software Group
2012-03-21 18:40:05 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-21 17:18:17 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-21 16:20:51 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-03-21 16:14:17 -------- d-----w- C:\Program Files\HitmanPro
2012-03-21 16:13:21 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-21 04:18:10 6144 ------w- C:\Windows\System32\AAF3.tmp
2012-03-21 04:17:21 -------- d-----w- C:\Program Files (x86)\Sophos
2012-03-21 04:14:29 -------- d-----w- C:\Users\owner\Pavark
2012-03-21 00:20:37 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-03-21 00:14:42 -------- d-----w- C:\Program Files (x86)\Softwin
2012-03-20 22:07:03 -------- d-----w- C:\MGtools
2012-03-20 21:54:33 -------- d-----w- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2012-03-20 21:53:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-20 21:53:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-20 11:31:43 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6728B6B-FA8D-4C3B-97BB-2D7F1CCE0632}\mpengine.dll
2012-03-19 17:27:55 98816 ----a-w- C:\Windows\sed.exe
2012-03-19 17:27:55 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-19 17:27:55 256000 ----a-w- C:\Windows\PEV.exe
2012-03-19 17:27:55 208896 ----a-w- C:\Windows\MBR.exe
2012-03-19 16:58:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 00:26:40 -------- d-----w- C:\Program Files (x86)\Games
2012-03-17 21:47:26 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-17 15:40:46 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-17 15:38:19 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-17 15:37:57 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-17 15:12:08 -------- d-----w- C:\Windows\SysWow64\2030
2012-03-17 04:02:21 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-17 04:00:47 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-17 04:00:47 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-17 04:00:35 -------- d-----w- C:\ProgramData\PC Tools
2012-03-17 04:00:34 -------- d-----w- C:\Users\owner\AppData\Roaming\TestApp
2012-03-15 18:55:53 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-15 18:54:32 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-15 18:54:25 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-14 05:30:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 05:30:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:30:55 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 02:17:12 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:17:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:17:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:16:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:16:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:16:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:16:28 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:16:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:16:28 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 02:16:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-10 17:57:51 -------- d-----w- C:\Users\owner\AppData\Roaming\TheBookofLegends_Saves
2012-03-10 17:57:03 -------- d-----w- C:\Program Files (x86)\The Book of Legends
2012-03-10 17:56:15 -------- d-----w- C:\Windows\SysWow64\1022
2012-03-04 02:05:21 -------- d-----w- C:\Users\owner\.scorched3d
2012-03-04 01:11:23 -------- d-----w- C:\Program Files (x86)\Scorched3D
2012-03-02 00:57:19 -------- d-----w- C:\Program Files (x86)\Isotope244 Graphics
2012-02-21 23:17:03 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
.
==================== Find3M ====================
.
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 20:52:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:51:36.33 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 22 March 2012 - 11:54 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Kewlone

Kewlone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 23 March 2012 - 01:57 AM

Thank you for your quick response! I verified that my search links are still redirecting after running ComboFix. I had no problems running it.

ComboFix 12-03-22.01 - owner 03/23/2012 1:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7932.6001 [GMT -5:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 06:34 . 2012-03-23 06:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-21 18:40 . 2012-03-21 19:06 -------- d-----w- C:\sh4ldr
2012-03-21 18:40 . 2012-03-21 18:40 -------- d-----w- c:\program files\Enigma Software Group
2012-03-21 18:40 . 2012-03-21 19:06 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-21 16:20 . 2012-03-21 16:20 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-21 16:14 . 2012-03-21 16:14 -------- d-----w- c:\program files\HitmanPro
2012-03-21 16:13 . 2012-03-21 16:20 -------- d-----w- c:\programdata\HitmanPro
2012-03-21 04:18 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\AAF3.tmp
2012-03-21 04:17 . 2012-03-21 04:17 -------- d-----w- c:\program files (x86)\Sophos
2012-03-21 04:14 . 2012-03-21 04:14 -------- d-----w- c:\users\owner\Pavark
2012-03-21 00:20 . 2012-03-21 00:20 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-21 00:14 . 2012-03-21 00:14 -------- d-----w- c:\program files (x86)\Softwin
2012-03-20 22:07 . 2012-03-21 00:05 -------- d-----w- C:\MGtools
2012-03-20 21:54 . 2012-03-20 21:54 -------- d-----w- c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com
2012-03-20 21:53 . 2012-03-20 21:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-20 21:53 . 2012-03-20 21:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-19 16:58 . 2012-03-21 19:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 00:26 . 2012-03-18 00:26 -------- d-----w- c:\program files (x86)\Games
2012-03-17 21:47 . 2012-03-17 15:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-17 15:40 . 2012-03-17 15:40 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-17 15:38 . 2011-12-23 12:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-17 15:37 . 2012-03-17 15:38 -------- d-----w- c:\programdata\Lavasoft
2012-03-17 15:37 . 2012-03-17 15:37 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-17 15:12 . 2012-03-17 15:12 -------- d-----w- c:\windows\SysWow64\2030
2012-03-17 04:02 . 2012-03-17 04:21 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-17 04:00 . 2012-03-17 04:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-17 04:00 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-17 04:00 . 2012-03-17 04:20 -------- d-----w- c:\programdata\PC Tools
2012-03-17 04:00 . 2012-03-17 04:00 -------- d-----w- c:\users\owner\AppData\Roaming\TestApp
2012-03-15 18:55 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-15 18:54 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-15 18:54 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-15 18:54 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-14 05:30 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 05:30 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:30 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 02:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 02:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 17:57 . 2012-03-10 18:32 -------- d-----w- c:\users\owner\AppData\Roaming\TheBookofLegends_Saves
2012-03-10 17:57 . 2012-03-10 17:57 -------- d-----w- c:\program files (x86)\The Book of Legends
2012-03-10 17:56 . 2012-03-17 15:12 -------- d-----w- c:\windows\SysWow64\1022
2012-03-04 02:05 . 2012-03-04 04:10 -------- d-----w- c:\users\owner\.scorched3d
2012-03-04 01:11 . 2012-03-04 05:19 -------- d-----w- c:\program files (x86)\Scorched3D
2012-03-02 00:57 . 2012-03-02 00:57 -------- d-----w- c:\program files (x86)\Isotope244 Graphics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 00:05 . 2012-03-20 22:07 450608 ----a-w- C:\MGlogs.zip
2012-03-14 03:27 . 2012-03-23 05:08 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF48ADC4-6F1E-4D06-8C4A-0BED19C71B42}\mpengine.dll
2012-03-06 23:15 . 2009-12-02 05:30 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:04 . 2009-12-02 05:31 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2009-12-02 05:31 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-12-02 05:31 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-12-02 05:31 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 14:18 . 2009-11-30 16:45 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 20:52 . 2011-06-07 03:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-15 16:56 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 16:56 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 16:56 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 16:56 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 16:56 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-21_16.57.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-23 06:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-21 16:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-21 16:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-23 06:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-23 06:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 16:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-15 05:40 . 2012-03-23 06:39 41308 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-23 06:39 53106 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-21 08:34 . 2012-03-23 05:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 08:34 . 2012-03-21 00:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 08:34 . 2012-03-21 00:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-21 08:34 . 2012-03-23 05:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-23 05:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 00:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-21 21:39 94472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-21 19:05 . 2012-03-21 19:05 66956 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCall.dll
- 2012-03-17 15:12 . 2012-03-18 17:26 7086 c:\windows\SysWOW64\2030\inf2030.dat
+ 2012-03-17 15:12 . 2012-03-21 17:38 7086 c:\windows\SysWOW64\2030\inf2030.dat
+ 2009-11-30 16:24 . 2012-03-23 06:39 8576 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2512113493-16393812-3965047723-1000_UserData.bin
- 2012-03-21 16:55 . 2012-03-21 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-23 06:36 . 2012-03-23 06:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-21 16:55 . 2012-03-21 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-23 06:36 . 2012-03-23 06:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2012-03-15 16:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-23 05:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-03-23 06:36 346320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-21 16:54 346320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-10 17:52 . 2012-03-15 16:28 876928 c:\windows\assembly\temp\OSZVFCL06C\HP.SupportFramework.dll
+ 2012-02-10 17:52 . 2012-03-23 05:15 877952 c:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
+ 2012-03-21 19:05 . 2012-03-21 19:05 189844 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla36.exe
+ 2012-03-21 19:05 . 2012-03-21 19:05 175992 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla34.dll
+ 2012-03-21 19:05 . 2012-03-21 19:05 176035 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla33.dll
+ 2012-03-21 19:05 . 2012-03-21 19:05 176545 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla32.dll
+ 2012-03-21 19:05 . 2012-03-21 19:05 184966 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla31.exe
+ 2012-03-21 19:05 . 2012-03-21 19:05 189750 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla21.dll
+ 2012-03-21 19:05 . 2012-03-21 19:05 176035 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla2.dll
+ 2012-03-21 19:05 . 2012-03-21 19:05 179526 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla.dll
+ 2009-08-15 09:04 . 2012-03-23 06:36 2603560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-12-17 03:32 . 2012-03-23 06:36 19559248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2512113493-16393812-3965047723-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26193D99-2718-27F0-643E-09AD73AA1E85}]
2009-07-14 01:15 73728 ----a-w- c:\windows\SysWOW64\FXSSXXP32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-10-15 2646128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-03-23 2937528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Impulse Now.lnk - c:\program files (x86)\Stardock\Impulse\Now\ImpulseNow.exe [2010-5-3 476464]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-4-29 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-30 1207312]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-02-25 21:40 218408 ------w- c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-02 19:32 98304 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\Java\jre6\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ------w- c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-17 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-17 17152]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-10-15 24176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 19:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-17 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\sethhc.exe [2011-07-07 12:17]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 07:02]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 07:02]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512113493-16393812-3965047723-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 00:55]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512113493-16393812-3965047723-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 00:55]
.
2012-03-15 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
SafeBoot-56362475.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2512113493-16393812-3965047723-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,90,bc,4f,bd,0c,3c,05,ff,f2,5f,6c,e0,ef,95,c5,68,43,b2,ed,ed,56,35,
57,3e,cb,f8,4d,13,ef,e4,88,70,83,bc,a9,c9,0f,d1,d8,45,b6,31,63,db,3e,09,8b,\
"??"=hex:de,8e,32,1e,00,d7,8c,b2,a1,1b,8b,96,91,bb,99,de
.
[HKEY_USERS\S-1-5-21-2512113493-16393812-3965047723-1000\Software\SecuROM\License information*]
"datasecu"=hex:35,1b,2a,3d,e8,e2,d8,e5,87,c3,7a,56,20,c3,6e,ef,c1,69,5b,40,79,
86,55,0f,b8,6a,89,0f,64,85,3b,6d,7c,67,80,e6,9d,09,60,e9,72,ee,e5,fa,32,16,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-03-23 01:46:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-23 06:46
ComboFix2.txt 2012-03-20 23:41
ComboFix3.txt 2012-03-20 20:20
ComboFix4.txt 2012-03-20 00:39
ComboFix5.txt 2012-03-21 16:43
.
Pre-Run: 159,179,423,744 bytes free
Post-Run: 158,600,110,080 bytes free
.
- - End Of File - - 24C0CD0580A8A0F9B8EDAAF314E397B9

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 23 March 2012 - 02:02 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Kewlone

Kewlone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 23 March 2012 - 02:39 AM

Verified redirect problem is still there. It took about 6 searches before I could reproduce the problem this time. Normally I get redirected on the first link I click on in the search.

Log Results:

02:10:46.0970 2828 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
02:10:47.0423 2828 ============================================================
02:10:47.0423 2828 Current date / time: 2012/03/23 02:10:47.0423
02:10:47.0423 2828 SystemInfo:
02:10:47.0423 2828
02:10:47.0423 2828 OS Version: 6.1.7601 ServicePack: 1.0
02:10:47.0423 2828 Product type: Workstation
02:10:47.0423 2828 ComputerName: JDLAPTOP
02:10:47.0423 2828 UserName: owner
02:10:47.0423 2828 Windows directory: C:\Windows
02:10:47.0423 2828 System windows directory: C:\Windows
02:10:47.0423 2828 Running under WOW64
02:10:47.0423 2828 Processor architecture: Intel x64
02:10:47.0423 2828 Number of processors: 2
02:10:47.0423 2828 Page size: 0x1000
02:10:47.0423 2828 Boot type: Normal boot
02:10:47.0423 2828 ============================================================
02:10:48.0624 2828 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:10:48.0624 2828 \Device\Harddisk0\DR0:
02:10:48.0624 2828 MBR used
02:10:48.0624 2828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
02:10:48.0624 2828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388B6000
02:10:48.0624 2828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3891A000, BlocksNum 0x1A38000
02:10:48.0624 2828 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
02:10:48.0718 2828 Initialize success
02:10:48.0718 2828 ============================================================
02:10:52.0072 4308 ============================================================
02:10:52.0072 4308 Scan started
02:10:52.0072 4308 Mode: Manual;
02:10:52.0072 4308 ============================================================
02:10:52.0446 4308 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
02:10:52.0446 4308 !SASCORE - ok
02:10:52.0555 4308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:10:52.0555 4308 1394ohci - ok
02:10:52.0602 4308 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
02:10:52.0602 4308 Accelerometer - ok
02:10:52.0680 4308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:10:52.0680 4308 ACPI - ok
02:10:52.0727 4308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:10:52.0727 4308 AcpiPmi - ok
02:10:52.0852 4308 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:10:52.0867 4308 AdobeARMservice - ok
02:10:52.0945 4308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:10:52.0945 4308 adp94xx - ok
02:10:52.0992 4308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:10:52.0992 4308 adpahci - ok
02:10:53.0039 4308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:10:53.0039 4308 adpu320 - ok
02:10:53.0070 4308 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:10:53.0086 4308 AeLookupSvc - ok
02:10:53.0164 4308 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
02:10:53.0164 4308 AESTFilters - ok
02:10:53.0242 4308 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:10:53.0242 4308 AFD - ok
02:10:53.0288 4308 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
02:10:53.0288 4308 AgereModemAudio - ok
02:10:53.0398 4308 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
02:10:53.0398 4308 AgereSoftModem - ok
02:10:53.0460 4308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:10:53.0460 4308 agp440 - ok
02:10:53.0538 4308 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:10:53.0538 4308 ALG - ok
02:10:53.0600 4308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:10:53.0600 4308 aliide - ok
02:10:53.0678 4308 AMD External Events Utility (d0d8877969011d1b0ed9c3c55a9a9108) C:\Windows\system32\atiesrxx.exe
02:10:53.0678 4308 AMD External Events Utility - ok
02:10:53.0725 4308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:10:53.0725 4308 amdide - ok
02:10:53.0772 4308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:10:53.0772 4308 AmdK8 - ok
02:10:53.0803 4308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:10:53.0803 4308 AmdPPM - ok
02:10:53.0866 4308 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:10:53.0866 4308 amdsata - ok
02:10:53.0928 4308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:10:53.0928 4308 amdsbs - ok
02:10:53.0944 4308 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:10:53.0944 4308 amdxata - ok
02:10:54.0022 4308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:10:54.0022 4308 AppID - ok
02:10:54.0053 4308 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:10:54.0053 4308 AppIDSvc - ok
02:10:54.0115 4308 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:10:54.0115 4308 Appinfo - ok
02:10:54.0209 4308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:10:54.0209 4308 arc - ok
02:10:54.0240 4308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:10:54.0240 4308 arcsas - ok
02:10:54.0412 4308 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:10:54.0412 4308 aspnet_state - ok
02:10:54.0536 4308 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
02:10:54.0536 4308 aswFsBlk - ok
02:10:54.0568 4308 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
02:10:54.0568 4308 aswMonFlt - ok
02:10:54.0646 4308 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
02:10:54.0646 4308 aswRdr - ok
02:10:54.0724 4308 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
02:10:54.0724 4308 aswSnx - ok
02:10:54.0848 4308 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
02:10:54.0848 4308 aswSP - ok
02:10:54.0864 4308 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
02:10:54.0864 4308 aswTdi - ok
02:10:54.0911 4308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:10:54.0911 4308 AsyncMac - ok
02:10:54.0958 4308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:10:54.0958 4308 atapi - ok
02:10:55.0051 4308 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
02:10:55.0067 4308 athr - ok
02:10:55.0145 4308 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
02:10:55.0145 4308 AtiHdmiService - ok
02:10:55.0301 4308 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
02:10:55.0332 4308 atikmdag - ok
02:10:55.0379 4308 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
02:10:55.0379 4308 AtiPcie - ok
02:10:55.0441 4308 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:10:55.0441 4308 AudioEndpointBuilder - ok
02:10:55.0472 4308 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:10:55.0472 4308 AudioSrv - ok
02:10:55.0675 4308 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
02:10:55.0675 4308 avast! Antivirus - ok
02:10:55.0784 4308 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:10:55.0784 4308 AxInstSV - ok
02:10:55.0847 4308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:10:55.0847 4308 b06bdrv - ok
02:10:55.0894 4308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:10:55.0894 4308 b57nd60a - ok
02:10:55.0940 4308 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:10:55.0940 4308 BDESVC - ok
02:10:56.0003 4308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:10:56.0003 4308 Beep - ok
02:10:56.0081 4308 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:10:56.0081 4308 BFE - ok
02:10:56.0143 4308 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:10:56.0159 4308 BITS - ok
02:10:56.0206 4308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:10:56.0206 4308 blbdrive - ok
02:10:56.0252 4308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:10:56.0268 4308 bowser - ok
02:10:56.0284 4308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:10:56.0284 4308 BrFiltLo - ok
02:10:56.0315 4308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:10:56.0315 4308 BrFiltUp - ok
02:10:56.0424 4308 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:10:56.0424 4308 BridgeMP - ok
02:10:56.0471 4308 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:10:56.0471 4308 Browser - ok
02:10:56.0502 4308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:10:56.0502 4308 Brserid - ok
02:10:56.0549 4308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:10:56.0549 4308 BrSerWdm - ok
02:10:56.0580 4308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:10:56.0580 4308 BrUsbMdm - ok
02:10:56.0611 4308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:10:56.0611 4308 BrUsbSer - ok
02:10:56.0658 4308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:10:56.0658 4308 BTHMODEM - ok
02:10:56.0705 4308 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:10:56.0705 4308 bthserv - ok
02:10:56.0752 4308 catchme - ok
02:10:56.0830 4308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:10:56.0830 4308 cdfs - ok
02:10:56.0892 4308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
02:10:56.0892 4308 cdrom - ok
02:10:56.0954 4308 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:10:56.0954 4308 CertPropSvc - ok
02:10:57.0001 4308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:10:57.0001 4308 circlass - ok
02:10:57.0032 4308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:10:57.0032 4308 CLFS - ok
02:10:57.0095 4308 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:10:57.0095 4308 clr_optimization_v2.0.50727_32 - ok
02:10:57.0157 4308 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:10:57.0157 4308 clr_optimization_v2.0.50727_64 - ok
02:10:57.0313 4308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:10:57.0313 4308 clr_optimization_v4.0.30319_32 - ok
02:10:57.0376 4308 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:10:57.0391 4308 clr_optimization_v4.0.30319_64 - ok
02:10:57.0454 4308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:10:57.0454 4308 CmBatt - ok
02:10:57.0485 4308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:10:57.0500 4308 cmdide - ok
02:10:57.0547 4308 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:10:57.0547 4308 CNG - ok
02:10:57.0656 4308 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
02:10:57.0656 4308 Com4QLBEx - ok
02:10:57.0703 4308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:10:57.0703 4308 Compbatt - ok
02:10:57.0766 4308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:10:57.0766 4308 CompositeBus - ok
02:10:57.0781 4308 COMSysApp - ok
02:10:57.0812 4308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:10:57.0812 4308 crcdisk - ok
02:10:57.0859 4308 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
02:10:57.0859 4308 CryptSvc - ok
02:10:57.0937 4308 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
02:10:57.0937 4308 dc3d - ok
02:10:58.0000 4308 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:10:58.0000 4308 DcomLaunch - ok
02:10:58.0062 4308 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:10:58.0078 4308 defragsvc - ok
02:10:58.0156 4308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:10:58.0156 4308 DfsC - ok
02:10:58.0218 4308 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:10:58.0234 4308 Dhcp - ok
02:10:58.0249 4308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:10:58.0249 4308 discache - ok
02:10:58.0327 4308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:10:58.0327 4308 Disk - ok
02:10:58.0374 4308 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:10:58.0390 4308 Dnscache - ok
02:10:58.0436 4308 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:10:58.0436 4308 dot3svc - ok
02:10:58.0499 4308 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:10:58.0499 4308 DPS - ok
02:10:58.0530 4308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:10:58.0530 4308 drmkaud - ok
02:10:58.0608 4308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:10:58.0608 4308 DXGKrnl - ok
02:10:58.0655 4308 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:10:58.0670 4308 EapHost - ok
02:10:58.0764 4308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:10:58.0795 4308 ebdrv - ok
02:10:58.0842 4308 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:10:58.0858 4308 EFS - ok
02:10:58.0936 4308 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:10:58.0936 4308 ehRecvr - ok
02:10:58.0967 4308 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:10:58.0982 4308 ehSched - ok
02:10:59.0060 4308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:10:59.0060 4308 elxstor - ok
02:10:59.0107 4308 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
02:10:59.0107 4308 enecir - ok
02:10:59.0170 4308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:10:59.0170 4308 ErrDev - ok
02:10:59.0263 4308 esgiguard - ok
02:10:59.0357 4308 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:10:59.0357 4308 EventSystem - ok
02:10:59.0404 4308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:10:59.0404 4308 exfat - ok
02:10:59.0435 4308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:10:59.0435 4308 fastfat - ok
02:10:59.0497 4308 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:10:59.0497 4308 Fax - ok
02:10:59.0544 4308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:10:59.0544 4308 fdc - ok
02:10:59.0560 4308 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:10:59.0575 4308 fdPHost - ok
02:10:59.0591 4308 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:10:59.0606 4308 FDResPub - ok
02:10:59.0638 4308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:10:59.0638 4308 FileInfo - ok
02:10:59.0669 4308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:10:59.0669 4308 Filetrace - ok
02:10:59.0700 4308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:10:59.0700 4308 flpydisk - ok
02:10:59.0762 4308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:10:59.0762 4308 FltMgr - ok
02:10:59.0825 4308 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:10:59.0825 4308 FontCache - ok
02:10:59.0903 4308 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:10:59.0903 4308 FontCache3.0.0.0 - ok
02:10:59.0965 4308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:10:59.0965 4308 FsDepends - ok
02:10:59.0996 4308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:10:59.0996 4308 Fs_Rec - ok
02:11:00.0137 4308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:11:00.0137 4308 fvevol - ok
02:11:00.0246 4308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:11:00.0246 4308 gagp30kx - ok
02:11:00.0308 4308 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:11:00.0324 4308 gpsvc - ok
02:11:00.0449 4308 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:11:00.0449 4308 gupdate - ok
02:11:00.0480 4308 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:11:00.0496 4308 gupdatem - ok
02:11:00.0574 4308 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:11:00.0574 4308 gusvc - ok
02:11:00.0620 4308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:11:00.0636 4308 hcw85cir - ok
02:11:00.0808 4308 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:11:00.0823 4308 HdAudAddService - ok
02:11:00.0886 4308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:11:00.0886 4308 HDAudBus - ok
02:11:00.0932 4308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:11:00.0932 4308 HidBatt - ok
02:11:00.0964 4308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:11:00.0964 4308 HidBth - ok
02:11:00.0995 4308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:11:00.0995 4308 HidIr - ok
02:11:01.0026 4308 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:11:01.0026 4308 hidserv - ok
02:11:01.0120 4308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:11:01.0120 4308 HidUsb - ok
02:11:01.0166 4308 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:11:01.0166 4308 hkmsvc - ok
02:11:01.0213 4308 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:11:01.0229 4308 HomeGroupListener - ok
02:11:01.0276 4308 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:11:01.0276 4308 HomeGroupProvider - ok
02:11:01.0385 4308 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
02:11:01.0385 4308 HP Support Assistant Service - ok
02:11:01.0447 4308 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
02:11:01.0447 4308 HPDrvMntSvc.exe - ok
02:11:01.0510 4308 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
02:11:01.0510 4308 hpdskflt - ok
02:11:01.0556 4308 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
02:11:01.0572 4308 HpqKbFiltr - ok
02:11:01.0697 4308 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
02:11:01.0697 4308 hpqwmiex - ok
02:11:01.0790 4308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:11:01.0790 4308 HpSAMD - ok
02:11:01.0822 4308 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
02:11:01.0822 4308 hpsrv - ok
02:11:01.0900 4308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:11:01.0915 4308 HTTP - ok
02:11:01.0946 4308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:11:01.0946 4308 hwpolicy - ok
02:11:02.0024 4308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:11:02.0024 4308 i8042prt - ok
02:11:02.0071 4308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:11:02.0071 4308 iaStorV - ok
02:11:02.0227 4308 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:11:02.0227 4308 IDriverT - ok
02:11:02.0321 4308 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:11:02.0321 4308 idsvc - ok
02:11:02.0508 4308 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:11:02.0539 4308 igfx - ok
02:11:02.0586 4308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:11:02.0586 4308 iirsp - ok
02:11:02.0664 4308 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:11:02.0664 4308 IKEEXT - ok
02:11:02.0726 4308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:11:02.0726 4308 intelide - ok
02:11:02.0758 4308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:11:02.0758 4308 intelppm - ok
02:11:02.0851 4308 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
02:11:02.0851 4308 IntuitUpdateService - ok
02:11:02.0898 4308 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:11:02.0898 4308 IPBusEnum - ok
02:11:02.0960 4308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:11:02.0960 4308 IpFilterDriver - ok
02:11:03.0023 4308 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:11:03.0023 4308 iphlpsvc - ok
02:11:03.0070 4308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:11:03.0070 4308 IPMIDRV - ok
02:11:03.0116 4308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:11:03.0116 4308 IPNAT - ok
02:11:03.0163 4308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:11:03.0163 4308 IRENUM - ok
02:11:03.0210 4308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:11:03.0210 4308 isapnp - ok
02:11:03.0241 4308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:11:03.0241 4308 iScsiPrt - ok
02:11:03.0350 4308 ivusb (5922922b27a57247aa62f5ab1a59af7c) C:\Windows\system32\DRIVERS\ivusb.sys
02:11:03.0350 4308 ivusb - ok
02:11:03.0397 4308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:11:03.0397 4308 kbdclass - ok
02:11:03.0428 4308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:11:03.0428 4308 kbdhid - ok
02:11:03.0475 4308 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:11:03.0475 4308 KeyIso - ok
02:11:03.0506 4308 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:11:03.0506 4308 KSecDD - ok
02:11:03.0553 4308 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:11:03.0553 4308 KSecPkg - ok
02:11:03.0584 4308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:11:03.0584 4308 ksthunk - ok
02:11:03.0616 4308 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:11:03.0616 4308 KtmRm - ok
02:11:03.0678 4308 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:11:03.0678 4308 LanmanServer - ok
02:11:03.0725 4308 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:11:03.0740 4308 LanmanWorkstation - ok
02:11:03.0850 4308 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
02:11:03.0865 4308 Lavasoft Ad-Aware Service - ok
02:11:03.0896 4308 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
02:11:03.0896 4308 Lavasoft Kernexplorer - ok
02:11:03.0990 4308 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
02:11:03.0990 4308 Lbd - ok
02:11:04.0084 4308 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
02:11:04.0099 4308 LBTServ - ok
02:11:04.0177 4308 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
02:11:04.0177 4308 LHidFilt - ok
02:11:04.0286 4308 LightScribeService (c2e324014d54daa2b5a4de47cb696fd8) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
02:11:04.0286 4308 LightScribeService - ok
02:11:04.0380 4308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:11:04.0380 4308 lltdio - ok
02:11:04.0427 4308 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:11:04.0427 4308 lltdsvc - ok
02:11:04.0458 4308 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:11:04.0458 4308 lmhosts - ok
02:11:04.0489 4308 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
02:11:04.0505 4308 LMouFilt - ok
02:11:04.0583 4308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:11:04.0598 4308 LSI_FC - ok
02:11:04.0614 4308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:11:04.0630 4308 LSI_SAS - ok
02:11:04.0661 4308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:11:04.0661 4308 LSI_SAS2 - ok
02:11:04.0692 4308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:11:04.0692 4308 LSI_SCSI - ok
02:11:04.0739 4308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:11:04.0739 4308 luafv - ok
02:11:04.0817 4308 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
02:11:04.0817 4308 mcdbus - ok
02:11:04.0895 4308 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:11:04.0895 4308 Mcx2Svc - ok
02:11:04.0942 4308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:11:04.0942 4308 megasas - ok
02:11:04.0988 4308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:11:04.0988 4308 MegaSR - ok
02:11:05.0035 4308 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:11:05.0035 4308 MMCSS - ok
02:11:05.0082 4308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:11:05.0082 4308 Modem - ok
02:11:05.0113 4308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:11:05.0113 4308 monitor - ok
02:11:05.0191 4308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:11:05.0191 4308 mouclass - ok
02:11:05.0238 4308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:11:05.0254 4308 mouhid - ok
02:11:05.0332 4308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:11:05.0332 4308 mountmgr - ok
02:11:05.0394 4308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:11:05.0394 4308 mpio - ok
02:11:05.0441 4308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:11:05.0441 4308 mpsdrv - ok
02:11:05.0488 4308 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:11:05.0503 4308 MpsSvc - ok
02:11:05.0550 4308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:11:05.0550 4308 MRxDAV - ok
02:11:05.0597 4308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:11:05.0612 4308 mrxsmb - ok
02:11:05.0644 4308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:11:05.0644 4308 mrxsmb10 - ok
02:11:05.0690 4308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:11:05.0690 4308 mrxsmb20 - ok
02:11:05.0737 4308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:11:05.0737 4308 msahci - ok
02:11:05.0800 4308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:11:05.0800 4308 msdsm - ok
02:11:05.0924 4308 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:11:05.0924 4308 MSDTC - ok
02:11:06.0018 4308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:11:06.0018 4308 Msfs - ok
02:11:06.0049 4308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:11:06.0049 4308 mshidkmdf - ok
02:11:06.0096 4308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:11:06.0096 4308 msisadrv - ok
02:11:06.0174 4308 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:11:06.0174 4308 MSiSCSI - ok
02:11:06.0190 4308 msiserver - ok
02:11:06.0236 4308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:11:06.0236 4308 MSKSSRV - ok
02:11:06.0268 4308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:11:06.0268 4308 MSPCLOCK - ok
02:11:06.0299 4308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:11:06.0299 4308 MSPQM - ok
02:11:06.0346 4308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:11:06.0346 4308 MsRPC - ok
02:11:06.0392 4308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:11:06.0408 4308 mssmbios - ok
02:11:06.0439 4308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:11:06.0439 4308 MSTEE - ok
02:11:06.0470 4308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:11:06.0470 4308 MTConfig - ok
02:11:06.0517 4308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:11:06.0517 4308 Mup - ok
02:11:06.0564 4308 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:11:06.0564 4308 napagent - ok
02:11:06.0626 4308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:11:06.0626 4308 NativeWifiP - ok
02:11:06.0689 4308 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:11:06.0704 4308 NDIS - ok
02:11:06.0720 4308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:11:06.0720 4308 NdisCap - ok
02:11:06.0767 4308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:11:06.0767 4308 NdisTapi - ok
02:11:06.0829 4308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:11:06.0829 4308 Ndisuio - ok
02:11:06.0892 4308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:11:06.0892 4308 NdisWan - ok
02:11:06.0938 4308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:11:06.0938 4308 NDProxy - ok
02:11:06.0985 4308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:11:06.0985 4308 NetBIOS - ok
02:11:07.0032 4308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:11:07.0032 4308 NetBT - ok
02:11:07.0079 4308 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:11:07.0079 4308 Netlogon - ok
02:11:07.0126 4308 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:11:07.0141 4308 Netman - ok
02:11:07.0266 4308 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:11:07.0266 4308 NetMsmqActivator - ok
02:11:07.0266 4308 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:11:07.0266 4308 NetPipeActivator - ok
02:11:07.0328 4308 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:11:07.0328 4308 netprofm - ok
02:11:07.0422 4308 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:11:07.0422 4308 NetTcpActivator - ok
02:11:07.0422 4308 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:11:07.0422 4308 NetTcpPortSharing - ok
02:11:07.0594 4308 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
02:11:07.0625 4308 netw5v64 - ok
02:11:07.0687 4308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:11:07.0687 4308 nfrd960 - ok
02:11:07.0750 4308 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:11:07.0750 4308 NlaSvc - ok
02:11:07.0796 4308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:11:07.0796 4308 Npfs - ok
02:11:07.0843 4308 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:11:07.0843 4308 nsi - ok
02:11:07.0859 4308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:11:07.0859 4308 nsiproxy - ok
02:11:07.0937 4308 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:11:07.0952 4308 Ntfs - ok
02:11:07.0999 4308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:11:07.0999 4308 Null - ok
02:11:08.0046 4308 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:11:08.0062 4308 nvraid - ok
02:11:08.0093 4308 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:11:08.0093 4308 nvstor - ok
02:11:08.0140 4308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:11:08.0140 4308 nv_agp - ok
02:11:08.0171 4308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:11:08.0171 4308 ohci1394 - ok
02:11:08.0202 4308 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:11:08.0218 4308 p2pimsvc - ok
02:11:08.0233 4308 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:11:08.0249 4308 p2psvc - ok
02:11:08.0296 4308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:11:08.0296 4308 Parport - ok
02:11:08.0342 4308 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:11:08.0342 4308 partmgr - ok
02:11:08.0467 4308 pbfilter (5418d3d8a2135c533f232e3c2b83f153) C:\Program Files\PeerBlock\pbfilter.sys
02:11:08.0467 4308 pbfilter - ok
02:11:08.0576 4308 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:11:08.0576 4308 PcaSvc - ok
02:11:08.0623 4308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:11:08.0623 4308 pci - ok
02:11:08.0686 4308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:11:08.0686 4308 pciide - ok
02:11:08.0717 4308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:11:08.0717 4308 pcmcia - ok
02:11:08.0857 4308 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
02:11:08.0857 4308 pcouffin - ok
02:11:08.0904 4308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:11:08.0904 4308 pcw - ok
02:11:08.0935 4308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:11:08.0951 4308 PEAUTH - ok
02:11:08.0998 4308 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:11:09.0013 4308 PerfHost - ok
02:11:09.0122 4308 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:11:09.0138 4308 pla - ok
02:11:09.0200 4308 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:11:09.0216 4308 PlugPlay - ok
02:11:09.0263 4308 PnkBstrA - ok
02:11:09.0294 4308 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:11:09.0294 4308 PNRPAutoReg - ok
02:11:09.0325 4308 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:11:09.0325 4308 PNRPsvc - ok
02:11:09.0419 4308 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
02:11:09.0419 4308 Point64 - ok
02:11:09.0481 4308 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:11:09.0481 4308 PolicyAgent - ok
02:11:09.0528 4308 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:11:09.0528 4308 Power - ok
02:11:09.0575 4308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:11:09.0575 4308 PptpMiniport - ok
02:11:09.0622 4308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:11:09.0622 4308 Processor - ok
02:11:09.0700 4308 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
02:11:09.0700 4308 ProfSvc - ok
02:11:09.0746 4308 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:11:09.0762 4308 ProtectedStorage - ok
02:11:09.0824 4308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:11:09.0824 4308 Psched - ok
02:11:09.0887 4308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:11:09.0902 4308 ql2300 - ok
02:11:09.0934 4308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:11:09.0934 4308 ql40xx - ok
02:11:09.0980 4308 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:11:09.0980 4308 QWAVE - ok
02:11:10.0027 4308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:11:10.0027 4308 QWAVEdrv - ok
02:11:10.0121 4308 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
02:11:10.0121 4308 RapiMgr - ok
02:11:10.0183 4308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:11:10.0183 4308 RasAcd - ok
02:11:10.0246 4308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:11:10.0246 4308 RasAgileVpn - ok
02:11:10.0277 4308 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:11:10.0277 4308 RasAuto - ok
02:11:10.0339 4308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:11:10.0339 4308 Rasl2tp - ok
02:11:10.0386 4308 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:11:10.0386 4308 RasMan - ok
02:11:10.0464 4308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:11:10.0464 4308 RasPppoe - ok
02:11:10.0495 4308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:11:10.0495 4308 RasSstp - ok
02:11:10.0558 4308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:11:10.0558 4308 rdbss - ok
02:11:10.0589 4308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:11:10.0604 4308 rdpbus - ok
02:11:10.0620 4308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:11:10.0620 4308 RDPCDD - ok
02:11:10.0682 4308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:11:10.0682 4308 RDPENCDD - ok
02:11:10.0729 4308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:11:10.0729 4308 RDPREFMP - ok
02:11:10.0776 4308 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
02:11:10.0776 4308 RDPWD - ok
02:11:10.0870 4308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:11:10.0870 4308 rdyboost - ok
02:11:10.0916 4308 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:11:10.0916 4308 RemoteAccess - ok
02:11:10.0948 4308 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:11:10.0948 4308 RemoteRegistry - ok
02:11:11.0088 4308 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:11:11.0088 4308 RpcEptMapper - ok
02:11:11.0135 4308 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:11:11.0135 4308 RpcLocator - ok
02:11:11.0197 4308 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:11:11.0197 4308 RpcSs - ok
02:11:11.0244 4308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:11:11.0244 4308 rspndr - ok
02:11:11.0322 4308 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
02:11:11.0322 4308 RSUSBSTOR - ok
02:11:11.0384 4308 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:11:11.0400 4308 RTL8167 - ok
02:11:11.0416 4308 RtsUIR - ok
02:11:11.0447 4308 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:11:11.0447 4308 SamSs - ok
02:11:11.0509 4308 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
02:11:11.0509 4308 SASDIFSV - ok
02:11:11.0572 4308 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
02:11:11.0572 4308 SASKUTIL - ok
02:11:11.0650 4308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:11:11.0665 4308 sbp2port - ok
02:11:11.0696 4308 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:11:11.0696 4308 SCardSvr - ok
02:11:11.0759 4308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:11:11.0759 4308 scfilter - ok
02:11:11.0821 4308 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:11:11.0837 4308 Schedule - ok
02:11:11.0899 4308 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:11:11.0899 4308 SCPolicySvc - ok
02:11:11.0977 4308 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
02:11:11.0977 4308 sdbus - ok
02:11:12.0024 4308 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:11:12.0024 4308 SDRSVC - ok
02:11:12.0071 4308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:11:12.0071 4308 secdrv - ok
02:11:12.0118 4308 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:11:12.0133 4308 seclogon - ok
02:11:12.0164 4308 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:11:12.0164 4308 SENS - ok
02:11:12.0196 4308 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:11:12.0196 4308 SensrSvc - ok
02:11:12.0242 4308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:11:12.0242 4308 Serenum - ok
02:11:12.0258 4308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:11:12.0258 4308 Serial - ok
02:11:12.0305 4308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:11:12.0305 4308 sermouse - ok
02:11:12.0383 4308 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:11:12.0383 4308 SessionEnv - ok
02:11:12.0430 4308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:11:12.0430 4308 sffdisk - ok
02:11:12.0445 4308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:11:12.0461 4308 sffp_mmc - ok
02:11:12.0476 4308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:11:12.0476 4308 sffp_sd - ok
02:11:12.0508 4308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:11:12.0508 4308 sfloppy - ok
02:11:12.0539 4308 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:11:12.0539 4308 SharedAccess - ok
02:11:12.0601 4308 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:11:12.0601 4308 ShellHWDetection - ok
02:11:12.0664 4308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:11:12.0664 4308 SiSRaid2 - ok
02:11:12.0695 4308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:11:12.0695 4308 SiSRaid4 - ok
02:11:12.0742 4308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:11:12.0742 4308 Smb - ok
02:11:12.0788 4308 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:11:12.0788 4308 SNMPTRAP - ok
02:11:12.0835 4308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:11:12.0835 4308 spldr - ok
02:11:12.0898 4308 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:11:12.0898 4308 Spooler - ok
02:11:13.0007 4308 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:11:13.0038 4308 sppsvc - ok
02:11:13.0085 4308 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:11:13.0085 4308 sppuinotify - ok
02:11:13.0147 4308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:11:13.0163 4308 srv - ok
02:11:13.0210 4308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:11:13.0225 4308 srv2 - ok
02:11:13.0256 4308 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
02:11:13.0256 4308 SrvHsfHDA - ok
02:11:13.0319 4308 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
02:11:13.0334 4308 SrvHsfV92 - ok
02:11:13.0381 4308 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
02:11:13.0381 4308 SrvHsfWinac - ok
02:11:13.0428 4308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:11:13.0428 4308 srvnet - ok
02:11:13.0475 4308 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:11:13.0475 4308 SSDPSRV - ok
02:11:13.0490 4308 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:11:13.0490 4308 SstpSvc - ok
02:11:13.0568 4308 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
02:11:13.0568 4308 STacSV - ok
02:11:13.0709 4308 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
02:11:13.0709 4308 StarWindServiceAE - ok
02:11:13.0740 4308 Steam Client Service - ok
02:11:13.0802 4308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:11:13.0802 4308 stexstor - ok
02:11:13.0880 4308 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
02:11:13.0880 4308 STHDA - ok
02:11:13.0958 4308 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:11:13.0958 4308 stisvc - ok
02:11:14.0021 4308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:11:14.0021 4308 swenum - ok
02:11:14.0052 4308 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:11:14.0052 4308 swprv - ok
02:11:14.0114 4308 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
02:11:14.0114 4308 SynTP - ok
02:11:14.0192 4308 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:11:14.0208 4308 SysMain - ok
02:11:14.0270 4308 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:11:14.0270 4308 TabletInputService - ok
02:11:14.0302 4308 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:11:14.0302 4308 TapiSrv - ok
02:11:14.0333 4308 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:11:14.0348 4308 TBS - ok
02:11:14.0442 4308 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
02:11:14.0458 4308 Tcpip - ok
02:11:14.0536 4308 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
02:11:14.0536 4308 TCPIP6 - ok
02:11:14.0598 4308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:11:14.0614 4308 tcpipreg - ok
02:11:14.0676 4308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:11:14.0676 4308 TDPIPE - ok
02:11:14.0723 4308 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:11:14.0723 4308 TDTCP - ok
02:11:14.0785 4308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:11:14.0785 4308 tdx - ok
02:11:14.0832 4308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:11:14.0832 4308 TermDD - ok
02:11:14.0894 4308 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:11:14.0894 4308 TermService - ok
02:11:14.0941 4308 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:11:14.0941 4308 Themes - ok
02:11:14.0972 4308 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:11:14.0972 4308 THREADORDER - ok
02:11:14.0988 4308 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:11:15.0004 4308 TrkWks - ok
02:11:15.0066 4308 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:11:15.0066 4308 TrustedInstaller - ok
02:11:15.0128 4308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:11:15.0128 4308 tssecsrv - ok
02:11:15.0175 4308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:11:15.0175 4308 TsUsbFlt - ok
02:11:15.0238 4308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:11:15.0238 4308 tunnel - ok
02:11:15.0269 4308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:11:15.0269 4308 uagp35 - ok
02:11:15.0316 4308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:11:15.0331 4308 udfs - ok
02:11:15.0362 4308 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:11:15.0362 4308 UI0Detect - ok
02:11:15.0425 4308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:11:15.0425 4308 uliagpkx - ok
02:11:15.0456 4308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:11:15.0456 4308 umbus - ok
02:11:15.0487 4308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:11:15.0487 4308 UmPass - ok
02:11:15.0518 4308 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:11:15.0534 4308 upnphost - ok
02:11:15.0581 4308 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:11:15.0581 4308 usbccgp - ok
02:11:15.0596 4308 USBCCID - ok
02:11:15.0643 4308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:11:15.0643 4308 usbcir - ok
02:11:15.0706 4308 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
02:11:15.0706 4308 usbehci - ok
02:11:15.0799 4308 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
02:11:15.0799 4308 usbfilter - ok
02:11:15.0862 4308 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:11:15.0862 4308 usbhub - ok
02:11:15.0893 4308 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
02:11:15.0893 4308 usbohci - ok
02:11:15.0924 4308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:11:15.0924 4308 usbprint - ok
02:11:15.0971 4308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
02:11:15.0971 4308 USBSTOR - ok
02:11:16.0002 4308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:11:16.0002 4308 usbuhci - ok
02:11:16.0049 4308 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:11:16.0049 4308 usbvideo - ok
02:11:16.0127 4308 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
02:11:16.0127 4308 usb_rndisx - ok
02:11:16.0158 4308 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:11:16.0158 4308 UxSms - ok
02:11:16.0205 4308 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:11:16.0205 4308 VaultSvc - ok
02:11:16.0283 4308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:11:16.0283 4308 vdrvroot - ok
02:11:16.0330 4308 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:11:16.0330 4308 vds - ok
02:11:16.0361 4308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:11:16.0376 4308 vga - ok
02:11:16.0392 4308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:11:16.0392 4308 VgaSave - ok
02:11:16.0439 4308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:11:16.0439 4308 vhdmp - ok
02:11:16.0486 4308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:11:16.0501 4308 viaide - ok
02:11:16.0548 4308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:11:16.0548 4308 volmgr - ok
02:11:16.0610 4308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:11:16.0610 4308 volmgrx - ok
02:11:16.0673 4308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:11:16.0673 4308 volsnap - ok
02:11:16.0751 4308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:11:16.0751 4308 vsmraid - ok
02:11:16.0813 4308 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:11:16.0829 4308 VSS - ok
02:11:16.0860 4308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:11:16.0860 4308 vwifibus - ok
02:11:16.0891 4308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:11:16.0891 4308 vwififlt - ok
02:11:16.0954 4308 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:11:16.0969 4308 W32Time - ok
02:11:17.0032 4308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:11:17.0032 4308 WacomPen - ok
02:11:17.0110 4308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:11:17.0110 4308 WANARP - ok
02:11:17.0110 4308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:11:17.0110 4308 Wanarpv6 - ok
02:11:17.0219 4308 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:11:17.0234 4308 WatAdminSvc - ok
02:11:17.0312 4308 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:11:17.0328 4308 wbengine - ok
02:11:17.0359 4308 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:11:17.0375 4308 WbioSrvc - ok
02:11:17.0484 4308 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
02:11:17.0484 4308 WcesComm - ok
02:11:17.0531 4308 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:11:17.0546 4308 wcncsvc - ok
02:11:17.0578 4308 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:11:17.0578 4308 WcsPlugInService - ok
02:11:17.0624 4308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:11:17.0624 4308 Wd - ok
02:11:17.0671 4308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:11:17.0671 4308 Wdf01000 - ok
02:11:17.0718 4308 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:11:17.0718 4308 WdiServiceHost - ok
02:11:17.0734 4308 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:11:17.0734 4308 WdiSystemHost - ok
02:11:17.0780 4308 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:11:17.0780 4308 WebClient - ok
02:11:17.0812 4308 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:11:17.0812 4308 Wecsvc - ok
02:11:17.0843 4308 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:11:17.0858 4308 wercplsupport - ok
02:11:17.0890 4308 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:11:17.0890 4308 WerSvc - ok
02:11:17.0999 4308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:11:17.0999 4308 WfpLwf - ok
02:11:18.0030 4308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:11:18.0030 4308 WIMMount - ok
02:11:18.0061 4308 WinDefend - ok
02:11:18.0077 4308 WinHttpAutoProxySvc - ok
02:11:18.0139 4308 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:11:18.0155 4308 Winmgmt - ok
02:11:18.0233 4308 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:11:18.0248 4308 WinRM - ok
02:11:18.0342 4308 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:11:18.0342 4308 WinUsb - ok
02:11:18.0404 4308 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:11:18.0404 4308 Wlansvc - ok
02:11:18.0576 4308 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:11:18.0592 4308 wlidsvc - ok
02:11:18.0685 4308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:11:18.0685 4308 WmiAcpi - ok
02:11:18.0732 4308 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:11:18.0732 4308 wmiApSrv - ok
02:11:18.0763 4308 WMPNetworkSvc - ok
02:11:18.0826 4308 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:11:18.0826 4308 WPCSvc - ok
02:11:18.0872 4308 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:11:18.0888 4308 WPDBusEnum - ok
02:11:18.0919 4308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:11:18.0919 4308 ws2ifsl - ok
02:11:18.0950 4308 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:11:18.0950 4308 wscsvc - ok
02:11:18.0966 4308 WSearch - ok
02:11:19.0075 4308 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
02:11:19.0091 4308 wuauserv - ok
02:11:19.0184 4308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:11:19.0184 4308 WudfPf - ok
02:11:19.0231 4308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:11:19.0231 4308 WUDFRd - ok
02:11:19.0278 4308 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:11:19.0278 4308 wudfsvc - ok
02:11:19.0325 4308 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:11:19.0325 4308 WwanSvc - ok
02:11:19.0387 4308 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
02:11:19.0403 4308 yukonw7 - ok
02:11:19.0450 4308 MBR (0x1B8) (cacd25999a387c4eb6974de5b0236404) \Device\Harddisk0\DR0
02:11:19.0481 4308 \Device\Harddisk0\DR0 - ok
02:11:19.0512 4308 Boot (0x1200) (16ddd009f419749f430f3fce8fc5e844) \Device\Harddisk0\DR0\Partition0
02:11:19.0512 4308 \Device\Harddisk0\DR0\Partition0 - ok
02:11:19.0512 4308 Boot (0x1200) (abcd04d584b1d6fe1d0cec7b8ca46e99) \Device\Harddisk0\DR0\Partition1
02:11:19.0528 4308 \Device\Harddisk0\DR0\Partition1 - ok
02:11:19.0559 4308 Boot (0x1200) (80ae40168a1d855f0458a4f85a55865f) \Device\Harddisk0\DR0\Partition2
02:11:19.0574 4308 \Device\Harddisk0\DR0\Partition2 - ok
02:11:19.0590 4308 Boot (0x1200) (c7ae349907086206870a31918c01002f) \Device\Harddisk0\DR0\Partition3
02:11:19.0590 4308 \Device\Harddisk0\DR0\Partition3 - ok
02:11:19.0590 4308 ============================================================
02:11:19.0590 4308 Scan finished
02:11:19.0590 4308 ============================================================
02:11:19.0590 4316 Detected object count: 0
02:11:19.0590 4316 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 02:12:54
-----------------------------
02:12:54.426 OS Version: Windows x64 6.1.7601 Service Pack 1
02:12:54.426 Number of processors: 2 586 0x602
02:12:54.426 ComputerName: JDLAPTOP UserName: owner
02:12:56.485 Initialize success
02:12:56.578 AVAST engine defs: 12032201
02:13:23.660 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:13:23.676 Disk 0 Vendor: ST9500325AS 0005HPM1 Size: 476940MB BusType: 11
02:13:23.722 Disk 0 MBR read successfully
02:13:23.722 Disk 0 MBR scan
02:13:23.738 Disk 0 unknown MBR code
02:13:23.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
02:13:23.754 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463212 MB offset 409600
02:13:23.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13424 MB offset 949067776
02:13:23.800 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
02:13:23.847 Disk 0 scanning C:\Windows\system32\drivers
02:13:37.185 Service scanning
02:14:02.707 Modules scanning
02:14:02.707 Disk 0 trace - called modules:
02:14:02.785 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:14:02.785 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073e2060]
02:14:02.785 3 CLASSPNP.SYS[fffff880010d143f] -> nt!IofCallDriver -> [0xfffffa80073e1a10]
02:14:02.800 5 hpdskflt.sys[fffff880023e7289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800731c060]
02:14:04.984 AVAST engine scan C:\Windows
02:14:09.883 AVAST engine scan C:\Windows\system32
02:17:31.517 AVAST engine scan C:\Windows\system32\drivers
02:17:50.892 AVAST engine scan C:\Users\owner
02:27:03.211 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
02:27:03.227 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 23 March 2012 - 03:03 AM

does this happen in all browsers are does it happen in just one - and which one?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Kewlone

Kewlone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 23 March 2012 - 03:16 AM

I always use internet explorer so I haven't tried anyother type of browser. I think I have google Chrome installed on that laptop so I could try that if you need me to tomorrow or download firefox or something if it will help. Going to bed for the evening and the infected laptop is shut down now. I'll look to see what you need me to do next tomorrow at work on break or on lunch. I can't stress this enough that I REALLY apreciate your help!! :thumbup2:

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 23 March 2012 - 03:26 AM

I would like you to go here to see how to run IE without any addons and see if you still get redirected



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Kewlone

Kewlone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 23 March 2012 - 11:29 AM

Did you try to post a link to show how to run internet explorer without addons? I don't see the link.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 23 March 2012 - 03:56 PM

Hello


very sorry about that !!!


http://www.addictivetips.com/windows-tips/run-internet-explorer-9-without-addons-in-safe-mode/


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Kewlone

Kewlone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 23 March 2012 - 04:21 PM

Ok so I made a shortcut to run Explorer without add ons and For 10 mins now I haven't been redirected once. I went into netflix because almost every movie link would redirect me to spam but this time it said the silverlight add on is needed to watch the movies (hmmmm? could that be infected?). I tried other links and I wasnt ever redirected. I'm at work so I can't keep trying it now but so far it seems like that stops the redirecting! What should I do next boss?


-JD

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 23 March 2012 - 05:07 PM

Hello


I want you to disable all the addons and then add them a few at a time until you find the bad one - http://news.softpedia.com/news/Internet-Explorer-9-IE9-Poor-Performance-at-Start-Due-to-Add-ons-161394.shtml
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Kewlone

Kewlone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 23 March 2012 - 09:21 PM

Ok Gringo,

I have narrowed it down and found the culprit it seems. There are two listings for "Java™ Plug-In 2 SSV Helper". One is listed under "Not Available". The other under "Sun Microsystems, Inc.". It seems to be the "sun microsystems" one but its unpredictable. I think the other one also caused it to happen once. I know for sure that if both are disabled and internet explorer is opened (must be reopened fresh when they are disabled) then I have no redirect system problems at all. Seems to be back to normal! What next?

-JD

#14 Kewlone

Kewlone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norman, Ok
  • Local time:01:48 AM

Posted 23 March 2012 - 09:38 PM

I experimented a little more. Because I have to restart Internet explorer to see the symptons I was off a little bit. The "Sun microsystems" one seems like its actually clean. It looks like it is only the the copy under the heading "Not Available" that causes the problem. Sorry I mixed it up in the last post.

-JD

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 23 March 2012 - 09:39 PM

can you remove it?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users