Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with google redirect - happili malware.


  • This topic is locked This topic is locked
52 replies to this topic

#1 pspoopy

pspoopy

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 28 March 2012 - 09:06 PM

Well I got the Happili thing. Great. I have had my credit card Info, and my mothers credit card info stolen in the past month that I have had this thing. Can this be the reason? Also I cannot connect with my normal isp because I keep getting the DNS server cannot be reached, but my Ipad and other computers connect just fine? Is this trojan affecting this aswell. Have used other credit cards on this computer aswell, are they at risk too, like they have been stolen, but noone has used them yet? Thanks in advance! PSPoopy - a toilet tool.

I ran into a problem getting gmer to work correctly as I could not click some boxes for the scan because they were "grayed" out, I have attached a jpeg image.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Eric at 21:32:17 on 2012-03-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4113 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe
C:\Program Files (x86)\Symantec\LiveUpdate\luall.exe
C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files (x86)\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files (x86)\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302033307.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DisplayManagerVerifier] rundll32.exe "C:\ProgramData\DisplayManagerVerifier.dll",DllRegisterServer
uRun: [Apple Update] rundll32 "C:\Users\Eric\AppData\Local\VirtualStore\VirtualStoreUpdate\VirtualStoreupdt32.DLL",DllRegisterServer
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://caspair1.ecu.edu/auth/taweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A29534B-4532-4423-A462-F4BF17FFB329} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A29534B-4532-4423-A462-F4BF17FFB329}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1A29534B-4532-4423-A462-F4BF17FFB329}\34552565543535D414254502E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A29534B-4532-4423-A462-F4BF17FFB329}\4414E4D20534F5E4564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A29534B-4532-4423-A462-F4BF17FFB329}\C696E6B6379737 : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302033307.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-6-26 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-4 60928]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-9 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-9 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-4 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-4 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-4 161168]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-1-26 827616]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-4 673088]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-4 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-11 136176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-9 138360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-11 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 NMRKUSBA;Numark USB2 WDM;C:\Windows\system32\drivers\nmrkusba.sys --> C:\Windows\system32\drivers\nmrkusba.sys [?]
S3 NMRKUSBU;Numark USB2 driver;C:\Windows\system32\Drivers\nmrkusbu.sys --> C:\Windows\system32\Drivers\nmrkusbu.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-9 249936]
S4 PuranDefrag;PuranDefrag;"C:\Windows\system32\PuranDefragS.exe" --> C:\Windows\system32\PuranDefragS.exe [?]
.
=============== Created Last 30 ================
.
2012-03-17 16:07:08 -------- d-----w- C:\Users\Eric\AppData\Local\ElevatedDiagnostics
2012-03-13 23:57:09 289792 ----a-w- C:\Windows\System32\PuranDefragS.exe
2012-03-13 23:57:09 284672 ----a-w- C:\Windows\System32\PuranDC.exe
2012-03-13 23:57:09 253952 ----a-w- C:\Windows\System32\PuranDefrag.dll
2012-03-13 23:57:09 1363968 ----a-w- C:\Windows\System32\PuranFD.exe
2012-03-13 23:57:09 130048 ----a-w- C:\Windows\System32\PuranDefragBT.exe
2012-03-13 23:57:05 -------- d-----w- C:\Program Files\Puran Defrag
2012-03-13 21:02:45 -------- d-----w- C:\Users\Eric\AppData\Roaming\Malwarebytes
2012-03-13 21:02:31 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-13 21:02:29 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-13 21:02:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-07 20:20:28 65536 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-03-07 20:20:25 -------- d-----w- C:\Windows\usb-audio.deNumarkNS6
2012-03-07 20:20:17 -------- d-----w- C:\Windows\usb-audio.deNumarkV7
2012-03-07 20:20:10 -------- d-----w- C:\Windows\usb-audio.deNumarkNS7
2012-03-07 20:20:04 -------- d-----w- C:\Program Files (x86)\Serato
2012-03-07 20:18:22 -------- d-----w- C:\Windows\Downloaded Installations
2012-03-01 23:44:03 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-03-01 23:42:52 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-03-01 23:41:51 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-03-01 23:41:51 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-03-01 23:41:37 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-03-01 23:41:32 -------- d-----w- C:\Program Files (x86)\Outsim
2012-03-01 23:35:37 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-03-01 17:21:42 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
==================== Find3M ====================
.
2012-03-08 20:02:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-01 00:25:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 21:34:02.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 29 March 2012 - 12:11 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pspoopy

pspoopy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 30 March 2012 - 01:52 PM

thankyou gringo i am currently away from home i will be back tommorow just wanted to let you know that so you dont close the thread

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 30 March 2012 - 02:54 PM

ok I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pspoopy

pspoopy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 31 March 2012 - 06:08 PM

ComboFix 12-03-31.03 - Eric 03/31/2012 18:50:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4546 [GMT -4:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1D0AB0C4-6903-415D-9845-CD8124FBF889}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2908A964-4FB7-49EC-9D4E-BCA7B3AE8ED9}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2EF08104-24B7-4F1A-82A7-5C454E0D61C3}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4BFCE648-CEAE-4F1C-98D6-CFDF8E7192EE}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{55F74292-5011-4D10-AA4C-7C600C042354}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{572B93C9-D8BE-4F0A-8861-69E10714D4D5}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{61911C8B-DE15-4001-AE43-11E8B5D7354C}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{84B61417-32F2-4329-B179-AB2DA44FAB65}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8FAA4C34-6C6F-4703-8DB5-7AB7761A9BC2}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BDA662CB-DAD4-4A95-AFA7-8030169D3008}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D77B3BA3-7154-48B6-AE6A-24FEED428BA7}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F254E95E-487E-4528-B6A8-EF07846D6B0A}.xps
c:\users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FACFEB1E-7543-4C2F-B51D-84294A8D19E5}.xps
c:\users\Eric\Documents\~WRL0003.tmp
c:\users\Eric\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 22:55 . 2012-03-31 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 16:07 . 2012-03-17 16:07 -------- d-----w- c:\users\Eric\AppData\Local\ElevatedDiagnostics
2012-03-13 23:57 . 2011-12-26 19:33 284672 ----a-w- c:\windows\system32\PuranDC.exe
2012-03-13 23:57 . 2011-12-26 19:33 1363968 ----a-w- c:\windows\system32\PuranFD.exe
2012-03-13 23:57 . 2011-12-26 19:33 289792 ----a-w- c:\windows\system32\PuranDefragS.exe
2012-03-13 23:57 . 2011-12-26 19:33 130048 ----a-w- c:\windows\system32\PuranDefragBT.exe
2012-03-13 23:57 . 2011-12-26 17:51 253952 ----a-w- c:\windows\system32\PuranDefrag.dll
2012-03-13 23:57 . 2012-03-14 00:39 -------- d-----w- c:\program files\Puran Defrag
2012-03-13 21:02 . 2012-03-13 21:02 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2012-03-13 21:02 . 2012-03-13 21:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 21:02 . 2012-03-13 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 21:02 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 20:03 . 2012-03-08 20:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-07 20:20 . 2012-03-07 20:20 65536 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-03-07 20:20 . 2012-03-07 20:20 -------- d-----w- c:\windows\usb-audio.deNumarkNS6
2012-03-07 20:20 . 2012-03-07 20:20 -------- d-----w- c:\windows\usb-audio.deNumarkV7
2012-03-07 20:20 . 2012-03-07 20:20 -------- d-----w- c:\windows\usb-audio.deNumarkNS7
2012-03-07 20:20 . 2012-03-07 20:20 -------- d-----w- c:\program files (x86)\Serato
2012-03-07 20:18 . 2012-03-07 20:18 -------- d-----w- c:\windows\Downloaded Installations
2012-03-01 23:44 . 2012-03-01 23:44 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-03-01 23:42 . 2012-03-01 23:42 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-03-01 23:41 . 2012-03-01 23:41 -------- d-----w- c:\program files (x86)\VstPlugins
2012-03-01 23:41 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-03-01 23:41 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-03-01 23:41 . 2012-03-01 23:41 -------- d-----w- c:\program files (x86)\Outsim
2012-03-01 23:35 . 2012-03-01 23:41 -------- d-----w- c:\program files (x86)\Image-Line
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:02 . 2010-08-04 22:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 17:21 . 2012-03-01 17:21 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-01 00:25 . 2011-12-09 06:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02 . 2012-02-15 03:30 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 09:58 . 2012-02-15 03:31 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 03:31 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 03:30 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 03:30 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
"Facebook Update"="c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-03 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-01-27 483552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-01-27 827616]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2216984286-2448163383-3908782814-1000Core.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 16:28]
.
2012-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2216984286-2448163383-3908782814-1000UA.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 16:28]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 16:16]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 16:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3217056]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.1.1
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://caspair1.ecu.edu/auth/taweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DisplayManagerVerifier - c:\programdata\DisplayManagerVerifier.dll
Wow6432Node-HKCU-Run-Apple Update - c:\users\Eric\AppData\Local\VirtualStore\VirtualStoreUpdate\VirtualStoreupdt32.DLL
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-31 19:03:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 23:03
.
Pre-Run: 343,030,321,152 bytes free
Post-Run: 343,817,830,400 bytes free
.
- - End Of File - - 98FF118EC7D7C64CCA57842C058D465A




redirecting is still happining. Still cant connect to my normal isp (still not sure if that is part of the problem or a totally different one)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 31 March 2012 - 08:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pspoopy

pspoopy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 02 April 2012 - 11:59 AM

tdss:

12:24:23.0345 5236 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
12:24:23.0610 5236 ============================================================
12:24:23.0610 5236 Current date / time: 2012/04/02 12:24:23.0610
12:24:23.0610 5236 SystemInfo:
12:24:23.0610 5236
12:24:23.0610 5236 OS Version: 6.1.7600 ServicePack: 0.0
12:24:23.0610 5236 Product type: Workstation
12:24:23.0610 5236 ComputerName: BIG_BOSS
12:24:23.0610 5236 UserName: Eric
12:24:23.0610 5236 Windows directory: C:\Windows
12:24:23.0610 5236 System windows directory: C:\Windows
12:24:23.0610 5236 Running under WOW64
12:24:23.0610 5236 Processor architecture: Intel x64
12:24:23.0610 5236 Number of processors: 4
12:24:23.0610 5236 Page size: 0x1000
12:24:23.0610 5236 Boot type: Normal boot
12:24:23.0610 5236 ============================================================
12:24:25.0529 5236 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:24:25.0544 5236 \Device\Harddisk0\DR0:
12:24:25.0544 5236 MBR used
12:24:25.0544 5236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x2328000
12:24:25.0544 5236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x233B9C5, BlocksNum 0x38049E6B
12:24:25.0622 5236 Initialize success
12:24:25.0622 5236 ============================================================
12:24:29.0210 7348 ============================================================
12:24:29.0210 7348 Scan started
12:24:29.0210 7348 Mode: Manual;
12:24:29.0210 7348 ============================================================
12:24:31.0004 7348 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
12:24:31.0020 7348 1394ohci - ok
12:24:31.0254 7348 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
12:24:31.0254 7348 Acceler - ok
12:24:31.0363 7348 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:24:31.0394 7348 ACPI - ok
12:24:31.0457 7348 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:24:31.0457 7348 AcpiPmi - ok
12:24:31.0519 7348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:24:31.0550 7348 adp94xx - ok
12:24:31.0566 7348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:24:31.0581 7348 adpahci - ok
12:24:31.0613 7348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:24:31.0659 7348 adpu320 - ok
12:24:31.0706 7348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:24:31.0706 7348 AeLookupSvc - ok
12:24:31.0925 7348 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
12:24:31.0940 7348 AESTFilters - ok
12:24:32.0096 7348 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:24:32.0112 7348 AFD - ok
12:24:32.0190 7348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:24:32.0205 7348 agp440 - ok
12:24:32.0237 7348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:24:32.0252 7348 ALG - ok
12:24:32.0346 7348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:24:32.0361 7348 aliide - ok
12:24:32.0408 7348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:24:32.0471 7348 amdide - ok
12:24:32.0517 7348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:24:32.0533 7348 AmdK8 - ok
12:24:32.0549 7348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:24:32.0564 7348 AmdPPM - ok
12:24:32.0595 7348 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:24:32.0611 7348 amdsata - ok
12:24:32.0642 7348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:24:32.0658 7348 amdsbs - ok
12:24:32.0689 7348 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:24:32.0689 7348 amdxata - ok
12:24:32.0767 7348 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:24:32.0783 7348 AppID - ok
12:24:32.0876 7348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:24:32.0892 7348 AppIDSvc - ok
12:24:32.0970 7348 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:24:32.0985 7348 Appinfo - ok
12:24:33.0110 7348 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:24:33.0157 7348 Apple Mobile Device - ok
12:24:33.0531 7348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:24:33.0563 7348 arc - ok
12:24:33.0687 7348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:24:33.0703 7348 arcsas - ok
12:24:33.0781 7348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:24:33.0781 7348 AsyncMac - ok
12:24:33.0843 7348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:24:33.0843 7348 atapi - ok
12:24:34.0046 7348 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:24:34.0124 7348 AudioEndpointBuilder - ok
12:24:34.0155 7348 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:24:34.0155 7348 AudioSrv - ok
12:24:34.0218 7348 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
12:24:34.0233 7348 AxInstSV - ok
12:24:34.0343 7348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:24:34.0374 7348 b06bdrv - ok
12:24:34.0436 7348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:24:34.0452 7348 b57nd60a - ok
12:24:34.0514 7348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:24:34.0545 7348 BDESVC - ok
12:24:34.0592 7348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:24:34.0608 7348 Beep - ok
12:24:34.0655 7348 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
12:24:34.0701 7348 BFE - ok
12:24:34.0811 7348 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
12:24:34.0857 7348 BITS - ok
12:24:34.0951 7348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:24:34.0967 7348 blbdrive - ok
12:24:35.0107 7348 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:24:35.0154 7348 Bonjour Service - ok
12:24:35.0341 7348 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:24:35.0341 7348 bowser - ok
12:24:35.0419 7348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:24:35.0419 7348 BrFiltLo - ok
12:24:35.0450 7348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:24:35.0450 7348 BrFiltUp - ok
12:24:35.0513 7348 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:24:35.0513 7348 BridgeMP - ok
12:24:35.0559 7348 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
12:24:35.0575 7348 Browser - ok
12:24:35.0606 7348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:24:35.0622 7348 Brserid - ok
12:24:35.0653 7348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:24:35.0684 7348 BrSerWdm - ok
12:24:35.0700 7348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:24:35.0715 7348 BrUsbMdm - ok
12:24:35.0747 7348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:24:35.0747 7348 BrUsbSer - ok
12:24:35.0809 7348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:24:35.0825 7348 BTHMODEM - ok
12:24:35.0871 7348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:24:35.0887 7348 bthserv - ok
12:24:35.0918 7348 catchme - ok
12:24:36.0121 7348 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:24:36.0152 7348 ccEvtMgr - ok
12:24:36.0152 7348 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:24:36.0152 7348 ccSetMgr - ok
12:24:36.0527 7348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:24:36.0542 7348 cdfs - ok
12:24:36.0605 7348 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:24:36.0620 7348 cdrom - ok
12:24:36.0698 7348 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:24:36.0761 7348 CertPropSvc - ok
12:24:36.0807 7348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:24:36.0823 7348 circlass - ok
12:24:36.0854 7348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:24:36.0854 7348 CLFS - ok
12:24:36.0932 7348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:24:36.0979 7348 clr_optimization_v2.0.50727_32 - ok
12:24:37.0088 7348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:24:37.0104 7348 clr_optimization_v2.0.50727_64 - ok
12:24:37.0197 7348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:24:37.0213 7348 clr_optimization_v4.0.30319_32 - ok
12:24:37.0275 7348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:24:37.0291 7348 clr_optimization_v4.0.30319_64 - ok
12:24:37.0416 7348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:24:37.0416 7348 CmBatt - ok
12:24:37.0478 7348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:24:37.0478 7348 cmdide - ok
12:24:37.0665 7348 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:24:37.0665 7348 CNG - ok
12:24:37.0759 7348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:24:37.0759 7348 Compbatt - ok
12:24:37.0821 7348 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:24:37.0821 7348 CompositeBus - ok
12:24:37.0884 7348 COMSysApp - ok
12:24:37.0931 7348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:24:37.0931 7348 crcdisk - ok
12:24:38.0024 7348 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
12:24:38.0040 7348 CryptSvc - ok
12:24:38.0196 7348 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:24:38.0211 7348 CtClsFlt - ok
12:24:38.0274 7348 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:24:38.0321 7348 DcomLaunch - ok
12:24:38.0399 7348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:24:38.0414 7348 defragsvc - ok
12:24:38.0508 7348 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:24:38.0523 7348 DfsC - ok
12:24:38.0586 7348 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
12:24:38.0601 7348 Dhcp - ok
12:24:38.0648 7348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:24:38.0648 7348 discache - ok
12:24:38.0711 7348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:24:38.0711 7348 Disk - ok
12:24:38.0789 7348 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
12:24:38.0867 7348 Dnscache - ok
12:24:39.0147 7348 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
12:24:39.0241 7348 DockLoginService - ok
12:24:39.0615 7348 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
12:24:39.0631 7348 dot3svc - ok
12:24:39.0678 7348 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
12:24:39.0678 7348 DPS - ok
12:24:39.0787 7348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:24:39.0787 7348 drmkaud - ok
12:24:39.0881 7348 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:24:39.0896 7348 DXGKrnl - ok
12:24:39.0974 7348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:24:39.0974 7348 EapHost - ok
12:24:40.0380 7348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:24:40.0505 7348 ebdrv - ok
12:24:40.0707 7348 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:24:40.0754 7348 eeCtrl - ok
12:24:40.0941 7348 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
12:24:40.0957 7348 EFS - ok
12:24:41.0129 7348 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
12:24:41.0207 7348 ehRecvr - ok
12:24:41.0238 7348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:24:41.0300 7348 ehSched - ok
12:24:41.0425 7348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:24:41.0456 7348 elxstor - ok
12:24:41.0643 7348 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:24:41.0659 7348 EraserUtilRebootDrv - ok
12:24:41.0815 7348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:24:41.0815 7348 ErrDev - ok
12:24:42.0002 7348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:24:42.0033 7348 EventSystem - ok
12:24:42.0267 7348 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:24:42.0345 7348 EvtEng - ok
12:24:42.0751 7348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:24:42.0767 7348 exfat - ok
12:24:42.0813 7348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:24:42.0829 7348 fastfat - ok
12:24:42.0985 7348 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
12:24:43.0016 7348 Fax - ok
12:24:43.0047 7348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:24:43.0063 7348 fdc - ok
12:24:43.0079 7348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:24:43.0094 7348 fdPHost - ok
12:24:43.0125 7348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:24:43.0141 7348 FDResPub - ok
12:24:43.0188 7348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:24:43.0188 7348 FileInfo - ok
12:24:43.0219 7348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:24:43.0219 7348 Filetrace - ok
12:24:43.0250 7348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:24:43.0266 7348 flpydisk - ok
12:24:43.0313 7348 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:24:43.0313 7348 FltMgr - ok
12:24:43.0375 7348 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
12:24:43.0437 7348 FontCache - ok
12:24:43.0578 7348 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:24:43.0593 7348 FontCache3.0.0.0 - ok
12:24:43.0656 7348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:24:43.0671 7348 FsDepends - ok
12:24:43.0687 7348 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:24:43.0687 7348 Fs_Rec - ok
12:24:43.0734 7348 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:24:43.0749 7348 fvevol - ok
12:24:43.0812 7348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:24:43.0827 7348 gagp30kx - ok
12:24:43.0999 7348 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
12:24:44.0061 7348 GameConsoleService - ok
12:24:44.0108 7348 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:24:44.0108 7348 GEARAspiWDM - ok
12:24:44.0155 7348 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:24:44.0171 7348 GoToAssist - ok
12:24:44.0217 7348 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
12:24:44.0295 7348 gpsvc - ok
12:24:44.0498 7348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:24:44.0498 7348 gupdate - ok
12:24:44.0545 7348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:24:44.0545 7348 gupdatem - ok
12:24:44.0592 7348 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:24:44.0623 7348 gusvc - ok
12:24:44.0795 7348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:24:44.0810 7348 hcw85cir - ok
12:24:44.0873 7348 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:24:44.0873 7348 HDAudBus - ok
12:24:44.0951 7348 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:24:44.0951 7348 HECIx64 - ok
12:24:44.0982 7348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:24:44.0982 7348 HidBatt - ok
12:24:45.0013 7348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:24:45.0013 7348 HidBth - ok
12:24:45.0044 7348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:24:45.0044 7348 HidIr - ok
12:24:45.0091 7348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:24:45.0107 7348 hidserv - ok
12:24:45.0153 7348 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:24:45.0169 7348 HidUsb - ok
12:24:45.0200 7348 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
12:24:45.0216 7348 hkmsvc - ok
12:24:45.0247 7348 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
12:24:45.0278 7348 HomeGroupListener - ok
12:24:45.0325 7348 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
12:24:45.0341 7348 HomeGroupProvider - ok
12:24:45.0419 7348 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:24:45.0434 7348 HpSAMD - ok
12:24:45.0543 7348 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:24:45.0590 7348 HTTP - ok
12:24:45.0606 7348 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:24:45.0606 7348 hwpolicy - ok
12:24:45.0684 7348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:24:45.0684 7348 i8042prt - ok
12:24:45.0840 7348 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:24:45.0855 7348 iaStorV - ok
12:24:45.0965 7348 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:24:45.0980 7348 IDriverT - ok
12:24:46.0230 7348 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:24:46.0339 7348 idsvc - ok
12:24:47.0400 7348 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:24:47.0618 7348 igfx - ok
12:24:47.0899 7348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:24:47.0899 7348 iirsp - ok
12:24:48.0102 7348 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
12:24:48.0149 7348 IKEEXT - ok
12:24:48.0258 7348 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
12:24:48.0258 7348 Impcd - ok
12:24:48.0367 7348 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
12:24:48.0367 7348 InstallFilterService - ok
12:24:48.0601 7348 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:24:48.0601 7348 IntcDAud - ok
12:24:48.0663 7348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:24:48.0679 7348 intelide - ok
12:24:48.0804 7348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:24:48.0804 7348 intelppm - ok
12:24:48.0835 7348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:24:48.0851 7348 IPBusEnum - ok
12:24:48.0929 7348 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:24:48.0944 7348 IpFilterDriver - ok
12:24:49.0100 7348 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
12:24:49.0116 7348 iphlpsvc - ok
12:24:49.0178 7348 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:24:49.0194 7348 IPMIDRV - ok
12:24:49.0225 7348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:24:49.0241 7348 IPNAT - ok
12:24:49.0428 7348 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
12:24:49.0459 7348 iPod Service - ok
12:24:49.0631 7348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:24:49.0646 7348 IRENUM - ok
12:24:49.0709 7348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:24:49.0724 7348 isapnp - ok
12:24:49.0771 7348 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:24:49.0787 7348 iScsiPrt - ok
12:24:49.0818 7348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:24:49.0833 7348 kbdclass - ok
12:24:49.0896 7348 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:24:49.0911 7348 kbdhid - ok
12:24:49.0958 7348 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:24:49.0958 7348 KeyIso - ok
12:24:50.0052 7348 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:24:50.0052 7348 KSecDD - ok
12:24:50.0083 7348 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:24:50.0083 7348 KSecPkg - ok
12:24:50.0130 7348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:24:50.0130 7348 ksthunk - ok
12:24:50.0223 7348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:24:50.0270 7348 KtmRm - ok
12:24:50.0379 7348 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
12:24:50.0395 7348 LanmanServer - ok
12:24:50.0457 7348 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
12:24:50.0473 7348 LanmanWorkstation - ok
12:24:50.0879 7348 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:24:50.0910 7348 LiveUpdate - ok
12:24:51.0144 7348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:24:51.0159 7348 lltdio - ok
12:24:51.0222 7348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:24:51.0237 7348 lltdsvc - ok
12:24:51.0269 7348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:24:51.0284 7348 lmhosts - ok
12:24:51.0393 7348 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:24:51.0425 7348 LMS - ok
12:24:51.0659 7348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:24:51.0674 7348 LSI_FC - ok
12:24:51.0737 7348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:24:51.0752 7348 LSI_SAS - ok
12:24:51.0783 7348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:24:51.0799 7348 LSI_SAS2 - ok
12:24:51.0830 7348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:24:51.0846 7348 LSI_SCSI - ok
12:24:51.0939 7348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:24:51.0939 7348 luafv - ok
12:24:52.0017 7348 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
12:24:52.0033 7348 Mcx2Svc - ok
12:24:52.0064 7348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:24:52.0080 7348 megasas - ok
12:24:52.0127 7348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:24:52.0158 7348 MegaSR - ok
12:24:52.0283 7348 Microsoft SharePoint Workspace Audit Service - ok
12:24:52.0361 7348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:24:52.0376 7348 MMCSS - ok
12:24:52.0423 7348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:24:52.0439 7348 Modem - ok
12:24:52.0501 7348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:24:52.0501 7348 monitor - ok
12:24:52.0563 7348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:24:52.0563 7348 mouclass - ok
12:24:52.0595 7348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:24:52.0595 7348 mouhid - ok
12:24:52.0626 7348 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:24:52.0626 7348 mountmgr - ok
12:24:52.0688 7348 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:24:52.0704 7348 mpio - ok
12:24:52.0766 7348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:24:52.0766 7348 mpsdrv - ok
12:24:52.0953 7348 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
12:24:53.0000 7348 MpsSvc - ok
12:24:53.0031 7348 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:24:53.0047 7348 MRxDAV - ok
12:24:53.0109 7348 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:24:53.0125 7348 mrxsmb - ok
12:24:53.0156 7348 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:24:53.0172 7348 mrxsmb10 - ok
12:24:53.0203 7348 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:24:53.0203 7348 mrxsmb20 - ok
12:24:53.0250 7348 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
12:24:53.0250 7348 msahci - ok
12:24:53.0328 7348 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:24:53.0359 7348 msdsm - ok
12:24:53.0421 7348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:24:53.0437 7348 MSDTC - ok
12:24:53.0484 7348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:24:53.0484 7348 Msfs - ok
12:24:53.0531 7348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:24:53.0531 7348 mshidkmdf - ok
12:24:53.0593 7348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:24:53.0593 7348 msisadrv - ok
12:24:53.0702 7348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:24:53.0718 7348 MSiSCSI - ok
12:24:53.0733 7348 msiserver - ok
12:24:53.0811 7348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:24:53.0827 7348 MSKSSRV - ok
12:24:53.0874 7348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:24:53.0889 7348 MSPCLOCK - ok
12:24:53.0921 7348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:24:53.0921 7348 MSPQM - ok
12:24:54.0045 7348 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:24:54.0077 7348 MsRPC - ok
12:24:54.0092 7348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:24:54.0108 7348 mssmbios - ok
12:24:54.0139 7348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:24:54.0139 7348 MSTEE - ok
12:24:54.0186 7348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:24:54.0186 7348 MTConfig - ok
12:24:54.0248 7348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:24:54.0248 7348 Mup - ok
12:24:54.0342 7348 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:24:54.0373 7348 MyWiFiDHCPDNS - ok
12:24:54.0529 7348 NACAgent (386213897579fa296a56db1dfcb09650) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
12:24:54.0560 7348 NACAgent - ok
12:24:54.0841 7348 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
12:24:54.0903 7348 napagent - ok
12:24:55.0075 7348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:24:55.0106 7348 NativeWifiP - ok
12:24:55.0325 7348 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120331.009\ENG64.SYS
12:24:55.0325 7348 NAVENG - ok
12:24:55.0403 7348 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120331.009\EX64.SYS
12:24:55.0449 7348 NAVEX15 - ok
12:24:55.0871 7348 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:24:55.0917 7348 NDIS - ok
12:24:56.0307 7348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:24:56.0323 7348 NdisCap - ok
12:24:56.0604 7348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:24:56.0604 7348 NdisTapi - ok
12:24:56.0666 7348 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:24:56.0666 7348 Ndisuio - ok
12:24:56.0729 7348 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:24:56.0729 7348 NdisWan - ok
12:24:56.0822 7348 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:24:56.0822 7348 NDProxy - ok
12:24:56.0885 7348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:24:56.0885 7348 NetBIOS - ok
12:24:56.0916 7348 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:24:56.0916 7348 NetBT - ok
12:24:56.0963 7348 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:24:56.0963 7348 Netlogon - ok
12:24:57.0009 7348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:24:57.0041 7348 Netman - ok
12:24:57.0072 7348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:24:57.0087 7348 netprofm - ok
12:24:57.0165 7348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:24:57.0181 7348 NetTcpPortSharing - ok
12:24:57.0680 7348 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:24:57.0867 7348 NETw5s64 - ok
12:24:58.0195 7348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:24:58.0211 7348 nfrd960 - ok
12:24:58.0289 7348 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
12:24:58.0304 7348 NlaSvc - ok
12:24:58.0367 7348 NMRKUSBA (609ca5b2f696fdfb120d461eeea6a0fb) C:\Windows\system32\drivers\nmrkusba.sys
12:24:58.0382 7348 NMRKUSBA - ok
12:24:58.0460 7348 NMRKUSBU (21ab0b65f33f29f08e48da96a6598207) C:\Windows\system32\Drivers\nmrkusbu.sys
12:24:58.0491 7348 NMRKUSBU - ok
12:24:58.0554 7348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:24:58.0554 7348 Npfs - ok
12:24:58.0585 7348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:24:58.0601 7348 nsi - ok
12:24:58.0632 7348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:24:58.0632 7348 nsiproxy - ok
12:24:58.0788 7348 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:24:58.0850 7348 Ntfs - ok
12:24:58.0881 7348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:24:58.0881 7348 Null - ok
12:24:58.0975 7348 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:24:58.0991 7348 nvraid - ok
12:24:59.0006 7348 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:24:59.0037 7348 nvstor - ok
12:24:59.0053 7348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:24:59.0069 7348 nv_agp - ok
12:24:59.0100 7348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:24:59.0115 7348 ohci1394 - ok
12:24:59.0271 7348 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:24:59.0365 7348 ose - ok
12:24:59.0677 7348 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:24:59.0880 7348 osppsvc - ok
12:25:00.0020 7348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:25:00.0051 7348 p2pimsvc - ok
12:25:00.0083 7348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:25:00.0161 7348 p2psvc - ok
12:25:00.0239 7348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:25:00.0254 7348 Parport - ok
12:25:00.0270 7348 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:25:00.0270 7348 partmgr - ok
12:25:00.0301 7348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:25:00.0317 7348 PcaSvc - ok
12:25:00.0363 7348 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:25:00.0363 7348 pci - ok
12:25:00.0395 7348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:25:00.0410 7348 pciide - ok
12:25:00.0426 7348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:25:00.0457 7348 pcmcia - ok
12:25:00.0473 7348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:25:00.0488 7348 pcw - ok
12:25:00.0519 7348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:25:00.0535 7348 PEAUTH - ok
12:25:00.0675 7348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:25:00.0691 7348 PerfHost - ok
12:25:00.0785 7348 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
12:25:00.0878 7348 pla - ok
12:25:00.0941 7348 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
12:25:00.0972 7348 PlugPlay - ok
12:25:01.0019 7348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:25:01.0034 7348 PNRPAutoReg - ok
12:25:01.0065 7348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:25:01.0065 7348 PNRPsvc - ok
12:25:01.0112 7348 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
12:25:01.0143 7348 PolicyAgent - ok
12:25:01.0190 7348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:25:01.0206 7348 Power - ok
12:25:01.0284 7348 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:25:01.0299 7348 PptpMiniport - ok
12:25:01.0315 7348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:25:01.0331 7348 Processor - ok
12:25:01.0393 7348 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
12:25:01.0409 7348 ProfSvc - ok
12:25:01.0455 7348 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:25:01.0455 7348 ProtectedStorage - ok
12:25:01.0487 7348 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:25:01.0487 7348 Psched - ok
12:25:01.0580 7348 PuranDefrag (4a304ed3e7f247fc8ae2d8e4ecce389d) C:\Windows\system32\PuranDefragS.exe
12:25:01.0611 7348 PuranDefrag - ok
12:25:01.0674 7348 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:25:01.0674 7348 PxHlpa64 - ok
12:25:01.0752 7348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:25:01.0814 7348 ql2300 - ok
12:25:01.0845 7348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:25:01.0861 7348 ql40xx - ok
12:25:01.0892 7348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:25:01.0908 7348 QWAVE - ok
12:25:01.0939 7348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:25:01.0955 7348 QWAVEdrv - ok
12:25:01.0970 7348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:25:01.0986 7348 RasAcd - ok
12:25:02.0048 7348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:25:02.0048 7348 RasAgileVpn - ok
12:25:02.0064 7348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:25:02.0079 7348 RasAuto - ok
12:25:02.0111 7348 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:25:02.0111 7348 Rasl2tp - ok
12:25:02.0142 7348 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
12:25:02.0157 7348 RasMan - ok
12:25:02.0189 7348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:25:02.0189 7348 RasPppoe - ok
12:25:02.0251 7348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:25:02.0251 7348 RasSstp - ok
12:25:02.0282 7348 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:25:02.0282 7348 rdbss - ok
12:25:02.0313 7348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:25:02.0329 7348 rdpbus - ok
12:25:02.0345 7348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:25:02.0345 7348 RDPCDD - ok
12:25:02.0407 7348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:25:02.0407 7348 RDPENCDD - ok
12:25:02.0423 7348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:25:02.0438 7348 RDPREFMP - ok
12:25:02.0469 7348 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:25:02.0501 7348 RDPWD - ok
12:25:02.0532 7348 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:25:02.0532 7348 rdyboost - ok
12:25:02.0625 7348 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:25:02.0657 7348 RegSrvc - ok
12:25:02.0688 7348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:25:02.0703 7348 RemoteAccess - ok
12:25:02.0750 7348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:25:02.0766 7348 RemoteRegistry - ok
12:25:02.0797 7348 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
12:25:02.0813 7348 rimmptsk - ok
12:25:02.0875 7348 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
12:25:02.0875 7348 rimspci - ok
12:25:02.0906 7348 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
12:25:02.0906 7348 rimsptsk - ok
12:25:02.0937 7348 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
12:25:02.0937 7348 risdpcie - ok
12:25:02.0984 7348 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
12:25:03.0000 7348 rismxdp - ok
12:25:03.0015 7348 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
12:25:03.0015 7348 rixdpcie - ok
12:25:03.0078 7348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:25:03.0093 7348 RpcEptMapper - ok
12:25:03.0140 7348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:25:03.0140 7348 RpcLocator - ok
12:25:03.0203 7348 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:25:03.0203 7348 RpcSs - ok
12:25:03.0249 7348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:25:03.0249 7348 rspndr - ok
12:25:03.0327 7348 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:25:03.0327 7348 RTL8167 - ok
12:25:03.0374 7348 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:25:03.0374 7348 SamSs - ok
12:25:03.0405 7348 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:25:03.0421 7348 sbp2port - ok
12:25:03.0452 7348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:25:03.0468 7348 SCardSvr - ok
12:25:03.0483 7348 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:25:03.0499 7348 scfilter - ok
12:25:03.0561 7348 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
12:25:03.0608 7348 Schedule - ok
12:25:03.0655 7348 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:25:03.0655 7348 SCPolicySvc - ok
12:25:03.0717 7348 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
12:25:03.0733 7348 SDRSVC - ok
12:25:03.0858 7348 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:25:03.0889 7348 SeaPort - ok
12:25:03.0967 7348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:25:03.0967 7348 secdrv - ok
12:25:03.0983 7348 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
12:25:03.0998 7348 seclogon - ok
12:25:04.0029 7348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:25:04.0029 7348 SENS - ok
12:25:04.0076 7348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:25:04.0092 7348 SensrSvc - ok
12:25:04.0123 7348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:25:04.0139 7348 Serenum - ok
12:25:04.0154 7348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:25:04.0170 7348 Serial - ok
12:25:04.0185 7348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:25:04.0201 7348 sermouse - ok
12:25:04.0248 7348 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
12:25:04.0295 7348 SessionEnv - ok
12:25:04.0326 7348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:25:04.0341 7348 sffdisk - ok
12:25:04.0357 7348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:25:04.0373 7348 sffp_mmc - ok
12:25:04.0388 7348 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:25:04.0404 7348 sffp_sd - ok
12:25:04.0435 7348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:25:04.0451 7348 sfloppy - ok
12:25:04.0529 7348 SftService (cf53dcce55e500f51089774e851e7363) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:25:04.0575 7348 SftService - ok
12:25:04.0653 7348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:25:04.0669 7348 SharedAccess - ok
12:25:04.0716 7348 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
12:25:04.0716 7348 ShellHWDetection - ok
12:25:04.0809 7348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:25:04.0825 7348 SiSRaid2 - ok
12:25:04.0841 7348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:25:04.0856 7348 SiSRaid4 - ok
12:25:04.0903 7348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:25:04.0919 7348 Smb - ok
12:25:05.0106 7348 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
12:25:05.0215 7348 SmcService - ok
12:25:05.0262 7348 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
12:25:05.0293 7348 SNAC - ok
12:25:05.0465 7348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:25:05.0465 7348 SNMPTRAP - ok
12:25:05.0527 7348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:25:05.0527 7348 spldr - ok
12:25:05.0574 7348 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
12:25:05.0589 7348 Spooler - ok
12:25:05.0699 7348 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
12:25:06.0135 7348 sppsvc - ok
12:25:06.0198 7348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:25:06.0213 7348 sppuinotify - ok
12:25:06.0323 7348 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:25:06.0354 7348 sprtsvc_DellSupportCenter - ok
12:25:06.0541 7348 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
12:25:06.0603 7348 SRTSP - ok
12:25:06.0666 7348 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
12:25:06.0697 7348 SRTSPL - ok
12:25:06.0759 7348 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
12:25:06.0775 7348 SRTSPX - ok
12:25:06.0884 7348 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:25:06.0884 7348 srv - ok
12:25:06.0931 7348 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:25:06.0931 7348 srv2 - ok
12:25:06.0978 7348 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:25:06.0993 7348 srvnet - ok
12:25:07.0087 7348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:25:07.0103 7348 SSDPSRV - ok
12:25:07.0134 7348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:25:07.0149 7348 SstpSvc - ok
12:25:07.0305 7348 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
12:25:07.0321 7348 STacSV - ok
12:25:07.0383 7348 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
12:25:07.0383 7348 stdflt - ok
12:25:07.0430 7348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:25:07.0430 7348 stexstor - ok
12:25:07.0508 7348 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
12:25:07.0524 7348 STHDA - ok
12:25:07.0649 7348 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
12:25:07.0680 7348 stisvc - ok
12:25:07.0711 7348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:25:07.0711 7348 swenum - ok
12:25:07.0789 7348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:25:07.0836 7348 swprv - ok
12:25:08.0226 7348 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:25:08.0257 7348 Symantec AntiVirus - ok
12:25:08.0429 7348 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:25:08.0460 7348 SymEvent - ok
12:25:08.0522 7348 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
12:25:08.0522 7348 SynTP - ok
12:25:08.0600 7348 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
12:25:08.0694 7348 SysMain - ok
12:25:08.0741 7348 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
12:25:08.0756 7348 TabletInputService - ok
12:25:08.0787 7348 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
12:25:08.0803 7348 TapiSrv - ok
12:25:08.0850 7348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:25:08.0865 7348 TBS - ok
12:25:09.0115 7348 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:25:09.0177 7348 Tcpip - ok
12:25:09.0630 7348 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:25:09.0645 7348 TCPIP6 - ok
12:25:09.0755 7348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:25:09.0770 7348 tcpipreg - ok
12:25:09.0801 7348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:25:09.0817 7348 TDPIPE - ok
12:25:09.0864 7348 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:25:09.0864 7348 TDTCP - ok
12:25:09.0926 7348 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:25:09.0926 7348 tdx - ok
12:25:10.0004 7348 Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys
12:25:10.0004 7348 Teefer2 - ok
12:25:10.0035 7348 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:25:10.0035 7348 TermDD - ok
12:25:10.0098 7348 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
12:25:10.0145 7348 TermService - ok
12:25:10.0160 7348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:25:10.0191 7348 Themes - ok
12:25:10.0238 7348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:25:10.0238 7348 THREADORDER - ok
12:25:10.0316 7348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:25:10.0332 7348 TrkWks - ok
12:25:10.0379 7348 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
12:25:10.0379 7348 TrustedInstaller - ok
12:25:10.0441 7348 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:25:10.0488 7348 tssecsrv - ok
12:25:10.0550 7348 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:25:10.0550 7348 tunnel - ok
12:25:10.0581 7348 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
12:25:10.0581 7348 TurboB - ok
12:25:10.0691 7348 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:25:10.0737 7348 TurboBoost - ok
12:25:10.0784 7348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:25:10.0800 7348 uagp35 - ok
12:25:10.0847 7348 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
12:25:10.0862 7348 udfs - ok
12:25:10.0925 7348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:25:10.0940 7348 UI0Detect - ok
12:25:10.0956 7348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:25:10.0971 7348 uliagpkx - ok
12:25:10.0987 7348 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:25:11.0003 7348 umbus - ok
12:25:11.0018 7348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:25:11.0034 7348 UmPass - ok
12:25:11.0486 7348 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:25:11.0564 7348 UNS - ok
12:25:11.0705 7348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:25:11.0720 7348 upnphost - ok
12:25:11.0814 7348 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:25:11.0829 7348 USBAAPL64 - ok
12:25:11.0892 7348 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
12:25:11.0907 7348 usbaudio - ok
12:25:11.0954 7348 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
12:25:11.0954 7348 usbccgp - ok
12:25:12.0017 7348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:25:12.0032 7348 usbcir - ok
12:25:12.0079 7348 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
12:25:12.0079 7348 usbehci - ok
12:25:12.0141 7348 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
12:25:12.0141 7348 usbhub - ok
12:25:12.0219 7348 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
12:25:12.0235 7348 usbohci - ok
12:25:12.0297 7348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:25:12.0313 7348 usbprint - ok
12:25:12.0360 7348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:25:12.0360 7348 usbscan - ok
12:25:12.0407 7348 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:25:12.0422 7348 USBSTOR - ok
12:25:12.0453 7348 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
12:25:12.0469 7348 usbuhci - ok
12:25:12.0547 7348 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
12:25:12.0547 7348 usbvideo - ok
12:25:12.0594 7348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:25:12.0609 7348 UxSms - ok
12:25:12.0656 7348 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:25:12.0656 7348 VaultSvc - ok
12:25:12.0750 7348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:25:12.0750 7348 vdrvroot - ok
12:25:12.0843 7348 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
12:25:12.0875 7348 vds - ok
12:25:12.0937 7348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:25:12.0953 7348 vga - ok
12:25:12.0999 7348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:25:12.0999 7348 VgaSave - ok
12:25:13.0046 7348 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:25:13.0077 7348 vhdmp - ok
12:25:13.0187 7348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:25:13.0202 7348 viaide - ok
12:25:13.0265 7348 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:25:13.0265 7348 volmgr - ok
12:25:13.0311 7348 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:25:13.0327 7348 volmgrx - ok
12:25:13.0374 7348 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:25:13.0374 7348 volsnap - ok
12:25:13.0436 7348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:25:13.0467 7348 vsmraid - ok
12:25:13.0655 7348 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
12:25:13.0733 7348 VSS - ok
12:25:13.0795 7348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:25:13.0795 7348 vwifibus - ok
12:25:13.0857 7348 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:25:13.0873 7348 vwififlt - ok
12:25:13.0889 7348 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:25:13.0889 7348 vwifimp - ok
12:25:13.0935 7348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:25:13.0951 7348 W32Time - ok
12:25:13.0982 7348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:25:14.0013 7348 WacomPen - ok
12:25:14.0060 7348 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:14.0076 7348 WANARP - ok
12:25:14.0076 7348 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:14.0091 7348 Wanarpv6 - ok
12:25:14.0154 7348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:25:14.0232 7348 WatAdminSvc - ok
12:25:14.0357 7348 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
12:25:14.0419 7348 wbengine - ok
12:25:14.0466 7348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:25:14.0481 7348 WbioSrvc - ok
12:25:14.0544 7348 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
12:25:14.0559 7348 wcncsvc - ok
12:25:14.0591 7348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:25:14.0606 7348 WcsPlugInService - ok
12:25:14.0669 7348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:25:14.0684 7348 Wd - ok
12:25:14.0715 7348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:25:14.0747 7348 Wdf01000 - ok
12:25:14.0762 7348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:25:14.0778 7348 WdiServiceHost - ok
12:25:14.0778 7348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:25:14.0793 7348 WdiSystemHost - ok
12:25:14.0825 7348 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
12:25:14.0840 7348 WebClient - ok
12:25:14.0887 7348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:25:14.0903 7348 Wecsvc - ok
12:25:14.0949 7348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:25:14.0965 7348 wercplsupport - ok
12:25:15.0074 7348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:25:15.0090 7348 WerSvc - ok
12:25:15.0137 7348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:25:15.0137 7348 WfpLwf - ok
12:25:15.0199 7348 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:25:15.0215 7348 WimFltr - ok
12:25:15.0230 7348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:25:15.0246 7348 WIMMount - ok
12:25:15.0261 7348 WinDefend - ok
12:25:15.0277 7348 WinHttpAutoProxySvc - ok
12:25:15.0402 7348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:25:15.0417 7348 Winmgmt - ok
12:25:15.0495 7348 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
12:25:15.0589 7348 WinRM - ok
12:25:15.0698 7348 winusb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.SYS
12:25:15.0714 7348 winusb - ok
12:25:15.0776 7348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:25:15.0807 7348 Wlansvc - ok
12:25:15.0839 7348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:25:15.0854 7348 WmiAcpi - ok
12:25:15.0948 7348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:25:16.0010 7348 wmiApSrv - ok
12:25:16.0073 7348 WMPNetworkSvc - ok
12:25:16.0135 7348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:25:16.0151 7348 WPCSvc - ok
12:25:16.0166 7348 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
12:25:16.0182 7348 WPDBusEnum - ok
12:25:16.0244 7348 WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys
12:25:16.0260 7348 WPS - ok
12:25:16.0307 7348 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
12:25:16.0338 7348 WpsHelper - ok
12:25:16.0385 7348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:25:16.0385 7348 ws2ifsl - ok
12:25:16.0447 7348 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
12:25:16.0463 7348 wscsvc - ok
12:25:16.0478 7348 WSearch - ok
12:25:16.0572 7348 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
12:25:16.0650 7348 wuauserv - ok
12:25:16.0697 7348 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
12:25:16.0697 7348 WudfPf - ok
12:25:16.0790 7348 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:25:16.0806 7348 WUDFRd - ok
12:25:16.0837 7348 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
12:25:16.0853 7348 wudfsvc - ok
12:25:16.0884 7348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:25:16.0899 7348 WwanSvc - ok
12:25:16.0962 7348 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:25:17.0055 7348 \Device\Harddisk0\DR0 - ok
12:25:17.0055 7348 Boot (0x1200) (b6b637b6121ce3e96930d1ac52232f58) \Device\Harddisk0\DR0\Partition0
12:25:17.0055 7348 \Device\Harddisk0\DR0\Partition0 - ok
12:25:17.0071 7348 Boot (0x1200) (e471480002a65896b6ff6dc8684391ef) \Device\Harddisk0\DR0\Partition1
12:25:17.0071 7348 \Device\Harddisk0\DR0\Partition1 - ok
12:25:17.0071 7348 ============================================================
12:25:17.0071 7348 Scan finished
12:25:17.0071 7348 ============================================================
12:25:17.0087 4216 Detected object count: 0
12:25:17.0087 4216 Actual detected object count: 0


aswMBR:


swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 12:28:23
-----------------------------
12:28:23.029 OS Version: Windows x64 6.1.7600
12:28:23.029 Number of processors: 4 586 0x2505
12:28:23.029 ComputerName: BIG_BOSS UserName: Eric
12:28:25.089 Initialize success
12:30:43.260 AVAST engine defs: 12040200
12:32:04.067 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:32:04.077 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11
12:32:04.087 Disk 0 MBR read successfully
12:32:04.097 Disk 0 MBR scan
12:32:04.097 Disk 0 Windows VISTA default MBR code
12:32:04.107 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:32:04.117 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 18000 MB offset 80325
12:32:04.147 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458899 MB offset 36944325
12:32:04.187 Disk 0 scanning C:\Windows\system32\drivers
12:32:20.639 Service scanning
12:32:58.839 Modules scanning
12:32:58.849 Disk 0 trace - called modules:
12:32:58.889 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:32:59.219 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006518060]
12:32:59.219 3 CLASSPNP.SYS[fffff880018ac43f] -> nt!IofCallDriver -> [0xfffffa8006391ce0]
12:32:59.229 5 stdflt.sys[fffff88001476a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061e0060]
12:33:01.389 AVAST engine scan C:\Windows
12:33:24.289 AVAST engine scan C:\Windows\system32
12:39:29.052 AVAST engine scan C:\Windows\system32\drivers
12:39:50.003 AVAST engine scan C:\Users\Eric
12:58:05.393 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
12:58:05.411 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 02 April 2012 - 12:16 PM

I would like to know which browsers this happens in or if it happens in all browsers and which browsers are you using?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pspoopy

pspoopy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 03 April 2012 - 11:14 AM

this happens in Internet explorer and Google Chrome those are the only two I use

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 04 April 2012 - 12:06 AM

Hello


I want you to uninstall chrom and if asked about user data or settings then remove that also


reinstall chrome and check for the redirects again



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 07 April 2012 - 03:10 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pspoopy

pspoopy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 08 April 2012 - 10:15 AM

im sorry i need more time ill keep you posted thankyou for being patient with me

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 08 April 2012 - 11:59 AM

OK no problem and I will check on you in a couple of days


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 11 April 2012 - 05:37 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 13 April 2012 - 11:53 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users