Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect got me


  • This topic is locked This topic is locked
9 replies to this topic

#1 sus69

sus69

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 15 April 2012 - 11:24 AM

Is it possible this came from a PDF file I opened in email yesterday?

Here's the DDS log. I also attached the attach.txt file and the DDS.txt file.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by user at 2:45:43 on 2012-04-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.1410 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\TypeItIn\TypeItIn.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = https://tedra2.ldiscovery.com/RDWeb/Pages/en-US/default.aspx
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
dRun: [Update] rundll32.exe "C:\Users\user\AppData\Roaming\Adobe\Adobe\sgpeue.dll",DllRegisterServer
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TypeItIn.lnk - C:\Program Files (x86)\TypeItIn\TypeItIn.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\TypeItIn.lnk - C:\Program Files (x86)\TypeItIn\TypeItIn.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
Trusted Zone: hsno.com\review
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {18350088-453C-4407-87ED-361E70FD3285} - hxxps://relativity.advanceddiscovery.com/Relativity/ActiveX/webclientmanager.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{52A71BFD-6DA8-4FD1-BAA0-3AB5ED7E7551} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{52A71BFD-6DA8-4FD1-BAA0-3AB5ED7E7551}\1497562734963736F6D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{52A71BFD-6DA8-4FD1-BAA0-3AB5ED7E7551}\4656661657C647 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{52A71BFD-6DA8-4FD1-BAA0-3AB5ED7E7551}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{63A28390-41BA-4DA2-A80A-1D30590249A0} : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{D2CF08CB-BF84-4EC9-855F-474F8A866760}\D4165727F6 : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: AutorunsDisabled - No File
BHO-X64: 0x1 - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gbn74foq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-6 284696]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
S3 B-Service;B-Service;C:\Users\user\AppData\Roaming\Mikogo\B-Service.exe [2010-12-8 185640]
S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-11-5 86016]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-15 05:51:13 -------- d-----w- C:\Users\user\AppData\Local\adaware
2012-04-15 05:01:51 -------- d-----w- C:\ComboFix
2012-04-15 04:47:26 -------- d-----w- C:\Program Files\HitmanPro
2012-04-15 04:46:40 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-15 04:38:43 -------- d-----w- C:\Program Files (x86)\FixRedirectVirus
2012-04-15 03:09:19 -------- d-----w- C:\ProgramData\Sophos
2012-04-15 03:09:05 -------- d-----w- C:\Program Files (x86)\Sophos
2012-04-15 02:47:22 1681360 ----a-w- C:\Windows\PCTBDRes.dll
2012-04-15 02:46:02 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-15 02:43:58 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-15 02:43:45 -------- d-----w- C:\ProgramData\PC Tools
2012-04-15 02:43:44 -------- d-----w- C:\Users\user\AppData\Roaming\TestApp
2012-04-15 01:04:14 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2012-04-15 01:04:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-15 01:04:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 19:54:32 -------- d-----w- C:\Butler Hill
2012-04-14 19:24:33 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-14 19:24:33 45904 ----a-w- C:\Windows\System32\sbbd.exe
2012-04-14 19:24:28 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-14 19:24:27 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-14 19:24:12 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-14 19:24:11 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-14 19:24:10 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-14 19:23:51 -------- d-----w- C:\Users\user\AppData\Local\adawarebp
2012-04-14 19:23:51 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-14 19:23:50 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-04-14 19:23:48 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-04-14 19:23:20 -------- d-----w- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
2012-04-11 21:21:51 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 21:21:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 21:21:51 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 21:21:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 21:21:51 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 21:21:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 21:21:51 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-18 03:20:36 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 03:20:36 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-03-23 13:34:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 18:10:05 60304 ----a-w- C:\Users\user\g2mdlhlpx.exe
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-01-18 13:18:13 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-01-18 13:18:13 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
.
============= FINISH: 2:46:41.30 ===============

Attached Files

  • Attached File  DDS.txt   19.12KB   0 downloads
  • Attached File  DDS.txt   19.12KB   0 downloads


BC AdBot (Login to Remove)

 


#2 sus69

sus69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 15 April 2012 - 11:26 AM

Sorry, I didn't attach the Attach.txt in my other message

Attached Files



#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:03 AM

Posted 15 April 2012 - 03:09 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#4 sus69

sus69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 15 April 2012 - 03:18 PM

Thank you for your response. asked me to reboot. Here's the log

16:12:07.0605 4020 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:12:08.0042 4020 ============================================================
16:12:08.0042 4020 Current date / time: 2012/04/15 16:12:08.0042
16:12:08.0042 4020 SystemInfo:
16:12:08.0042 4020
16:12:08.0042 4020 OS Version: 6.1.7601 ServicePack: 1.0
16:12:08.0042 4020 Product type: Workstation
16:12:08.0042 4020 ComputerName: USER-23ERDSW
16:12:08.0042 4020 UserName: user
16:12:08.0042 4020 Windows directory: C:\Windows
16:12:08.0042 4020 System windows directory: C:\Windows
16:12:08.0042 4020 Running under WOW64
16:12:08.0042 4020 Processor architecture: Intel x64
16:12:08.0042 4020 Number of processors: 2
16:12:08.0042 4020 Page size: 0x1000
16:12:08.0042 4020 Boot type: Normal boot
16:12:08.0042 4020 ============================================================
16:12:09.0087 4020 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:12:09.0118 4020 Drive \Device\Harddisk1\DR1 - Size: 0x3BC00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:12:09.0118 4020 \Device\Harddisk0\DR0:
16:12:09.0118 4020 MBR used
16:12:09.0118 4020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:12:09.0118 4020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
16:12:09.0118 4020 \Device\Harddisk1\DR1:
16:12:09.0118 4020 MBR used
16:12:09.0118 4020 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DDFE0
16:12:09.0149 4020 Initialize success
16:12:09.0149 4020 ============================================================
16:13:05.0715 2484 ============================================================
16:13:05.0715 2484 Scan started
16:13:05.0715 2484 Mode: Manual; SigCheck; TDLFS;
16:13:05.0715 2484 ============================================================
16:13:06.0901 2484 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:13:06.0963 2484 1394ohci - ok
16:13:06.0994 2484 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:13:07.0010 2484 ACPI - ok
16:13:07.0057 2484 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:13:07.0135 2484 AcpiPmi - ok
16:13:07.0291 2484 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
16:13:07.0322 2484 Ad-Aware Service - ok
16:13:07.0400 2484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:13:07.0431 2484 adp94xx - ok
16:13:07.0447 2484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:13:07.0478 2484 adpahci - ok
16:13:07.0493 2484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:13:07.0509 2484 adpu320 - ok
16:13:07.0571 2484 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys
16:13:07.0634 2484 AE1000 - ok
16:13:07.0665 2484 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:13:07.0805 2484 AeLookupSvc - ok
16:13:07.0899 2484 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:13:07.0930 2484 AFD - ok
16:13:07.0993 2484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:13:08.0008 2484 agp440 - ok
16:13:08.0039 2484 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:13:08.0086 2484 ALG - ok
16:13:08.0117 2484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:13:08.0133 2484 aliide - ok
16:13:08.0180 2484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:13:08.0180 2484 amdide - ok
16:13:08.0242 2484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:13:08.0273 2484 AmdK8 - ok
16:13:08.0305 2484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:13:08.0320 2484 AmdPPM - ok
16:13:08.0383 2484 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:13:08.0398 2484 amdsata - ok
16:13:08.0445 2484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:13:08.0461 2484 amdsbs - ok
16:13:08.0492 2484 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:13:08.0507 2484 amdxata - ok
16:13:08.0570 2484 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:13:08.0726 2484 AppID - ok
16:13:08.0773 2484 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:13:08.0851 2484 AppIDSvc - ok
16:13:08.0882 2484 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:13:08.0944 2484 Appinfo - ok
16:13:09.0022 2484 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:13:09.0022 2484 arc - ok
16:13:09.0053 2484 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:13:09.0069 2484 arcsas - ok
16:13:09.0116 2484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:09.0163 2484 AsyncMac - ok
16:13:09.0194 2484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:13:09.0209 2484 atapi - ok
16:13:09.0272 2484 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:09.0350 2484 AudioEndpointBuilder - ok
16:13:09.0350 2484 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:09.0397 2484 AudioSrv - ok
16:13:09.0615 2484 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:13:09.0740 2484 AVGIDSAgent - ok
16:13:09.0880 2484 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:13:09.0958 2484 AVGIDSDriver - ok
16:13:09.0989 2484 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:13:09.0989 2484 AVGIDSEH - ok
16:13:10.0021 2484 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:13:10.0036 2484 AVGIDSFilter - ok
16:13:10.0114 2484 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
16:13:10.0130 2484 Avgldx64 - ok
16:13:10.0192 2484 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:13:10.0192 2484 Avgmfx64 - ok
16:13:10.0255 2484 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:13:10.0255 2484 Avgrkx64 - ok
16:13:10.0286 2484 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
16:13:10.0301 2484 Avgtdia - ok
16:13:10.0535 2484 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:13:10.0535 2484 avgwd - ok
16:13:10.0598 2484 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:13:10.0676 2484 AxInstSV - ok
16:13:10.0816 2484 B-Service (c3edb060c0427607eb9344ec861585ff) C:\Users\user\AppData\Roaming\Mikogo\B-Service.exe
16:13:10.0832 2484 B-Service - ok
16:13:10.0972 2484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:13:11.0019 2484 b06bdrv - ok
16:13:11.0066 2484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:11.0113 2484 b57nd60a - ok
16:13:11.0222 2484 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:13:11.0269 2484 BCM43XX - ok
16:13:11.0331 2484 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:13:11.0362 2484 BDESVC - ok
16:13:11.0409 2484 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:13:11.0456 2484 Beep - ok
16:13:11.0534 2484 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:13:11.0612 2484 BFE - ok
16:13:11.0659 2484 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:13:11.0737 2484 BITS - ok
16:13:11.0799 2484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:13:11.0846 2484 blbdrive - ok
16:13:11.0893 2484 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:13:11.0924 2484 bowser - ok
16:13:11.0971 2484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:13:11.0986 2484 BrFiltLo - ok
16:13:12.0017 2484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:13:12.0033 2484 BrFiltUp - ok
16:13:12.0080 2484 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:13:12.0142 2484 Browser - ok
16:13:12.0173 2484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:13:12.0220 2484 Brserid - ok
16:13:12.0251 2484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:12.0283 2484 BrSerWdm - ok
16:13:12.0329 2484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:12.0361 2484 BrUsbMdm - ok
16:13:12.0392 2484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:12.0423 2484 BrUsbSer - ok
16:13:12.0439 2484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:13:12.0470 2484 BTHMODEM - ok
16:13:12.0548 2484 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:13:12.0595 2484 bthserv - ok
16:13:12.0626 2484 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:13:12.0688 2484 cdfs - ok
16:13:12.0751 2484 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:13:12.0797 2484 cdrom - ok
16:13:12.0860 2484 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:13:12.0922 2484 CertPropSvc - ok
16:13:12.0985 2484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:13:13.0031 2484 circlass - ok
16:13:13.0078 2484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:13:13.0094 2484 CLFS - ok
16:13:13.0172 2484 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:13.0187 2484 clr_optimization_v2.0.50727_32 - ok
16:13:13.0250 2484 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:13:13.0265 2484 clr_optimization_v2.0.50727_64 - ok
16:13:13.0359 2484 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:13.0375 2484 clr_optimization_v4.0.30319_32 - ok
16:13:13.0437 2484 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:13:13.0453 2484 clr_optimization_v4.0.30319_64 - ok
16:13:13.0546 2484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:13.0577 2484 CmBatt - ok
16:13:13.0624 2484 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:13:13.0640 2484 cmdide - ok
16:13:13.0687 2484 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:13:13.0749 2484 CNG - ok
16:13:13.0780 2484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:13:13.0796 2484 Compbatt - ok
16:13:13.0843 2484 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:13:13.0889 2484 CompositeBus - ok
16:13:13.0921 2484 COMSysApp - ok
16:13:13.0952 2484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:13:13.0967 2484 crcdisk - ok
16:13:14.0014 2484 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:13:14.0077 2484 CryptSvc - ok
16:13:14.0139 2484 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:13:14.0217 2484 DcomLaunch - ok
16:13:14.0279 2484 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:13:14.0342 2484 defragsvc - ok
16:13:14.0451 2484 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:13:14.0513 2484 DfsC - ok
16:13:14.0560 2484 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:13:14.0623 2484 Dhcp - ok
16:13:14.0654 2484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:13:14.0701 2484 discache - ok
16:13:14.0747 2484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:13:14.0763 2484 Disk - ok
16:13:14.0810 2484 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
16:13:14.0825 2484 DNE - ok
16:13:14.0857 2484 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:13:14.0903 2484 Dnscache - ok
16:13:14.0950 2484 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:13:14.0997 2484 dot3svc - ok
16:13:15.0044 2484 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:13:15.0091 2484 DPS - ok
16:13:15.0200 2484 DragonSvc (b123656688d67df3a08fe5912203f71b) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
16:13:15.0215 2484 DragonSvc - ok
16:13:15.0278 2484 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:13:15.0309 2484 drmkaud - ok
16:13:15.0356 2484 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:13:15.0403 2484 DXGKrnl - ok
16:13:15.0449 2484 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:13:15.0512 2484 EapHost - ok
16:13:15.0668 2484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:13:15.0777 2484 ebdrv - ok
16:13:15.0824 2484 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:13:15.0855 2484 EFS - ok
16:13:15.0933 2484 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:13:15.0995 2484 ehRecvr - ok
16:13:16.0027 2484 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:13:16.0058 2484 ehSched - ok
16:13:16.0167 2484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:13:16.0198 2484 elxstor - ok
16:13:16.0229 2484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:13:16.0245 2484 ErrDev - ok
16:13:16.0307 2484 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:13:16.0385 2484 EventSystem - ok
16:13:16.0432 2484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:13:16.0479 2484 exfat - ok
16:13:16.0510 2484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:13:16.0557 2484 fastfat - ok
16:13:16.0619 2484 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:13:16.0682 2484 Fax - ok
16:13:16.0697 2484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:13:16.0729 2484 fdc - ok
16:13:16.0775 2484 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:13:16.0822 2484 fdPHost - ok
16:13:16.0853 2484 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:13:16.0916 2484 FDResPub - ok
16:13:16.0931 2484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:13:16.0947 2484 FileInfo - ok
16:13:16.0978 2484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:13:17.0041 2484 Filetrace - ok
16:13:17.0056 2484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:17.0072 2484 flpydisk - ok
16:13:17.0134 2484 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:13:17.0150 2484 FltMgr - ok
16:13:17.0212 2484 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:13:17.0290 2484 FontCache - ok
16:13:17.0415 2484 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:13:17.0431 2484 FontCache3.0.0.0 - ok
16:13:17.0477 2484 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:13:17.0477 2484 FsDepends - ok
16:13:17.0509 2484 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:13:17.0524 2484 Fs_Rec - ok
16:13:17.0587 2484 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:13:17.0602 2484 fvevol - ok
16:13:17.0649 2484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:13:17.0665 2484 gagp30kx - ok
16:13:17.0711 2484 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:13:17.0758 2484 gpsvc - ok
16:13:17.0821 2484 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
16:13:17.0836 2484 grmnusb - ok
16:13:17.0867 2484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:13:17.0899 2484 hcw85cir - ok
16:13:17.0961 2484 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:13:17.0977 2484 HdAudAddService - ok
16:13:18.0023 2484 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:13:18.0055 2484 HDAudBus - ok
16:13:18.0086 2484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:13:18.0117 2484 HidBatt - ok
16:13:18.0148 2484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:13:18.0179 2484 HidBth - ok
16:13:18.0211 2484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:13:18.0226 2484 HidIr - ok
16:13:18.0257 2484 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:13:18.0320 2484 hidserv - ok
16:13:18.0382 2484 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:13:18.0398 2484 HidUsb - ok
16:13:18.0429 2484 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:13:18.0491 2484 hkmsvc - ok
16:13:18.0554 2484 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:13:18.0601 2484 HomeGroupListener - ok
16:13:18.0632 2484 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:13:18.0679 2484 HomeGroupProvider - ok
16:13:18.0741 2484 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:13:18.0757 2484 HpSAMD - ok
16:13:18.0819 2484 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:13:18.0897 2484 HTTP - ok
16:13:18.0928 2484 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:13:18.0944 2484 hwpolicy - ok
16:13:18.0991 2484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:13:19.0006 2484 i8042prt - ok
16:13:19.0053 2484 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:13:19.0069 2484 iaStorV - ok
16:13:19.0209 2484 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:13:19.0240 2484 idsvc - ok
16:13:19.0505 2484 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:13:19.0833 2484 igfx - ok
16:13:19.0880 2484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:13:19.0895 2484 iirsp - ok
16:13:19.0942 2484 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:13:20.0020 2484 IKEEXT - ok
16:13:20.0051 2484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:13:20.0067 2484 intelide - ok
16:13:20.0114 2484 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:13:20.0129 2484 intelppm - ok
16:13:20.0176 2484 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:13:20.0223 2484 IPBusEnum - ok
16:13:20.0254 2484 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:20.0301 2484 IpFilterDriver - ok
16:13:20.0348 2484 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:13:20.0426 2484 iphlpsvc - ok
16:13:20.0473 2484 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:13:20.0488 2484 IPMIDRV - ok
16:13:20.0519 2484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:13:20.0566 2484 IPNAT - ok
16:13:20.0613 2484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:13:20.0644 2484 IRENUM - ok
16:13:20.0675 2484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:13:20.0691 2484 isapnp - ok
16:13:20.0722 2484 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:13:20.0753 2484 iScsiPrt - ok
16:13:20.0785 2484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:13:20.0800 2484 kbdclass - ok
16:13:20.0847 2484 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:13:20.0878 2484 kbdhid - ok
16:13:20.0909 2484 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:20.0925 2484 KeyIso - ok
16:13:20.0941 2484 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:13:20.0956 2484 KSecDD - ok
16:13:20.0972 2484 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:13:20.0987 2484 KSecPkg - ok
16:13:21.0019 2484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:13:21.0081 2484 ksthunk - ok
16:13:21.0112 2484 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:13:21.0175 2484 KtmRm - ok
16:13:21.0237 2484 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:13:21.0284 2484 LanmanServer - ok
16:13:21.0331 2484 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:13:21.0377 2484 LanmanWorkstation - ok
16:13:21.0471 2484 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:13:21.0502 2484 lltdio - ok
16:13:21.0549 2484 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:13:21.0611 2484 lltdsvc - ok
16:13:21.0627 2484 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:13:21.0674 2484 lmhosts - ok
16:13:21.0705 2484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:13:21.0705 2484 LSI_FC - ok
16:13:21.0736 2484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:13:21.0752 2484 LSI_SAS - ok
16:13:21.0783 2484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:13:21.0783 2484 LSI_SAS2 - ok
16:13:21.0814 2484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:13:21.0830 2484 LSI_SCSI - ok
16:13:21.0877 2484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:13:21.0923 2484 luafv - ok
16:13:21.0955 2484 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:13:21.0970 2484 Mcx2Svc - ok
16:13:22.0048 2484 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:13:22.0064 2484 MDM - ok
16:13:22.0079 2484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:13:22.0095 2484 megasas - ok
16:13:22.0126 2484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:13:22.0157 2484 MegaSR - ok
16:13:22.0204 2484 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:13:22.0267 2484 MMCSS - ok
16:13:22.0282 2484 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:13:22.0345 2484 Modem - ok
16:13:22.0391 2484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:13:22.0423 2484 monitor - ok
16:13:22.0469 2484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:13:22.0485 2484 mouclass - ok
16:13:22.0516 2484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:13:22.0547 2484 mouhid - ok
16:13:22.0579 2484 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:13:22.0594 2484 mountmgr - ok
16:13:22.0625 2484 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:13:22.0641 2484 mpio - ok
16:13:22.0672 2484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:13:22.0703 2484 mpsdrv - ok
16:13:22.0750 2484 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:13:22.0828 2484 MpsSvc - ok
16:13:22.0859 2484 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:13:22.0906 2484 MRxDAV - ok
16:13:22.0953 2484 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:23.0000 2484 mrxsmb - ok
16:13:23.0031 2484 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:23.0062 2484 mrxsmb10 - ok
16:13:23.0093 2484 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:23.0109 2484 mrxsmb20 - ok
16:13:23.0140 2484 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:13:23.0156 2484 msahci - ok
16:13:23.0203 2484 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:13:23.0218 2484 msdsm - ok
16:13:23.0249 2484 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:13:23.0281 2484 MSDTC - ok
16:13:23.0343 2484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:13:23.0374 2484 Msfs - ok
16:13:23.0421 2484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:13:23.0468 2484 mshidkmdf - ok
16:13:23.0499 2484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:13:23.0515 2484 msisadrv - ok
16:13:23.0546 2484 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:13:23.0577 2484 MSiSCSI - ok
16:13:23.0593 2484 msiserver - ok
16:13:23.0624 2484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:13:23.0686 2484 MSKSSRV - ok
16:13:23.0717 2484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:23.0764 2484 MSPCLOCK - ok
16:13:23.0795 2484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:13:23.0842 2484 MSPQM - ok
16:13:23.0889 2484 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:13:23.0905 2484 MsRPC - ok
16:13:23.0936 2484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:13:23.0951 2484 mssmbios - ok
16:13:23.0983 2484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:13:24.0029 2484 MSTEE - ok
16:13:24.0061 2484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:13:24.0076 2484 MTConfig - ok
16:13:24.0123 2484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:13:24.0123 2484 Mup - ok
16:13:24.0170 2484 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:13:24.0248 2484 napagent - ok
16:13:24.0295 2484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:13:24.0341 2484 NativeWifiP - ok
16:13:24.0388 2484 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:13:24.0435 2484 NDIS - ok
16:13:24.0482 2484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:24.0513 2484 NdisCap - ok
16:13:24.0560 2484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:24.0591 2484 NdisTapi - ok
16:13:24.0669 2484 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:24.0716 2484 Ndisuio - ok
16:13:24.0747 2484 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:24.0809 2484 NdisWan - ok
16:13:24.0841 2484 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:13:24.0887 2484 NDProxy - ok
16:13:24.0919 2484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:13:24.0981 2484 NetBIOS - ok
16:13:25.0012 2484 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:13:25.0075 2484 NetBT - ok
16:13:25.0121 2484 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:25.0121 2484 Netlogon - ok
16:13:25.0184 2484 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:13:25.0246 2484 Netman - ok
16:13:25.0277 2484 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:13:25.0340 2484 netprofm - ok
16:13:25.0465 2484 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:13:25.0480 2484 NetTcpPortSharing - ok
16:13:25.0543 2484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:13:25.0558 2484 nfrd960 - ok
16:13:25.0621 2484 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:13:25.0683 2484 NlaSvc - ok
16:13:25.0699 2484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:13:25.0745 2484 Npfs - ok
16:13:25.0761 2484 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:13:25.0808 2484 nsi - ok
16:13:25.0823 2484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:13:25.0870 2484 nsiproxy - ok
16:13:25.0948 2484 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:13:26.0026 2484 Ntfs - ok
16:13:26.0057 2484 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:13:26.0104 2484 Null - ok
16:13:26.0135 2484 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:13:26.0151 2484 nvraid - ok
16:13:26.0182 2484 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:13:26.0198 2484 nvstor - ok
16:13:26.0245 2484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:13:26.0260 2484 nv_agp - ok
16:13:26.0291 2484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:13:26.0323 2484 ohci1394 - ok
16:13:26.0401 2484 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:13:26.0416 2484 ose - ok
16:13:26.0479 2484 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:13:26.0510 2484 p2pimsvc - ok
16:13:26.0557 2484 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:13:26.0572 2484 p2psvc - ok
16:13:26.0635 2484 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:13:26.0650 2484 Parport - ok
16:13:26.0681 2484 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:13:26.0697 2484 partmgr - ok
16:13:26.0728 2484 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:13:26.0759 2484 PcaSvc - ok
16:13:26.0806 2484 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:13:26.0822 2484 pci - ok
16:13:26.0837 2484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:13:26.0853 2484 pciide - ok
16:13:26.0869 2484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:13:26.0884 2484 pcmcia - ok
16:13:27.0009 2484 PCPitstop Scheduling (4cac3af00e29ce00ea32282e0dd55799) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
16:13:27.0025 2484 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - warning
16:13:27.0025 2484 PCPitstop Scheduling - detected UnsignedFile.Multi.Generic (1)
16:13:27.0056 2484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:13:27.0071 2484 pcw - ok
16:13:27.0103 2484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:13:27.0181 2484 PEAUTH - ok
16:13:27.0243 2484 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:13:27.0274 2484 PerfHost - ok
16:13:27.0368 2484 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:13:27.0446 2484 pla - ok
16:13:27.0493 2484 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:13:27.0539 2484 PlugPlay - ok
16:13:27.0571 2484 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:13:27.0586 2484 PNRPAutoReg - ok
16:13:27.0617 2484 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:13:27.0633 2484 PNRPsvc - ok
16:13:27.0664 2484 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:13:27.0727 2484 PolicyAgent - ok
16:13:27.0773 2484 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:13:27.0836 2484 Power - ok
16:13:27.0898 2484 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:13:27.0945 2484 PptpMiniport - ok
16:13:27.0992 2484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:13:28.0023 2484 Processor - ok
16:13:28.0070 2484 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:13:28.0117 2484 ProfSvc - ok
16:13:28.0148 2484 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:28.0163 2484 ProtectedStorage - ok
16:13:28.0210 2484 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:13:28.0241 2484 Psched - ok
16:13:28.0304 2484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:13:28.0366 2484 ql2300 - ok
16:13:28.0382 2484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:13:28.0397 2484 ql40xx - ok
16:13:28.0444 2484 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:13:28.0460 2484 QWAVE - ok
16:13:28.0475 2484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:13:28.0522 2484 QWAVEdrv - ok
16:13:28.0553 2484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:13:28.0585 2484 RasAcd - ok
16:13:28.0631 2484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:28.0663 2484 RasAgileVpn - ok
16:13:28.0678 2484 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:13:28.0741 2484 RasAuto - ok
16:13:28.0787 2484 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:28.0834 2484 Rasl2tp - ok
16:13:28.0865 2484 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:13:28.0912 2484 RasMan - ok
16:13:28.0928 2484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:28.0990 2484 RasPppoe - ok
16:13:29.0021 2484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:13:29.0068 2484 RasSstp - ok
16:13:29.0115 2484 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:13:29.0162 2484 rdbss - ok
16:13:29.0193 2484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:13:29.0240 2484 rdpbus - ok
16:13:29.0271 2484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:29.0318 2484 RDPCDD - ok
16:13:29.0365 2484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:13:29.0427 2484 RDPENCDD - ok
16:13:29.0443 2484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:13:29.0489 2484 RDPREFMP - ok
16:13:29.0521 2484 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:13:29.0567 2484 RDPWD - ok
16:13:29.0630 2484 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:13:29.0645 2484 rdyboost - ok
16:13:29.0677 2484 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:13:29.0723 2484 RemoteAccess - ok
16:13:29.0755 2484 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:13:29.0817 2484 RemoteRegistry - ok
16:13:29.0848 2484 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:13:29.0911 2484 RpcEptMapper - ok
16:13:29.0957 2484 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:13:29.0989 2484 RpcLocator - ok
16:13:30.0035 2484 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:13:30.0067 2484 RpcSs - ok
16:13:30.0129 2484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:13:30.0191 2484 rspndr - ok
16:13:30.0223 2484 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:30.0254 2484 SamSs - ok
16:13:30.0394 2484 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
16:13:30.0503 2484 SBAMSvc - ok
16:13:30.0550 2484 sbapifs (db7f9394b2f2d446df14d46c61b0e94b) C:\Windows\system32\DRIVERS\sbapifs.sys
16:13:30.0550 2484 sbapifs - ok
16:13:30.0628 2484 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
16:13:30.0644 2484 SbFw - ok
16:13:30.0675 2484 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
16:13:30.0691 2484 SBFWIMCL - ok
16:13:30.0706 2484 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
16:13:30.0722 2484 SBFWIMCLMP - ok
16:13:30.0753 2484 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
16:13:30.0769 2484 sbhips - ok
16:13:30.0800 2484 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:13:30.0815 2484 sbp2port - ok
16:13:30.0862 2484 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\Windows\system32\drivers\SBREdrv.sys
16:13:30.0862 2484 SBRE - ok
16:13:30.0909 2484 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
16:13:30.0925 2484 SbTis - ok
16:13:30.0956 2484 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:13:31.0003 2484 SCardSvr - ok
16:13:31.0049 2484 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:13:31.0096 2484 scfilter - ok
16:13:31.0159 2484 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:13:31.0252 2484 Schedule - ok
16:13:31.0283 2484 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:13:31.0330 2484 SCPolicySvc - ok
16:13:31.0361 2484 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:13:31.0408 2484 SDRSVC - ok
16:13:31.0471 2484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:13:31.0517 2484 secdrv - ok
16:13:31.0533 2484 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:13:31.0580 2484 seclogon - ok
16:13:31.0627 2484 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:13:31.0673 2484 SENS - ok
16:13:31.0705 2484 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:13:31.0736 2484 SensrSvc - ok
16:13:31.0751 2484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:13:31.0783 2484 Serenum - ok
16:13:31.0829 2484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:13:31.0845 2484 Serial - ok
16:13:31.0892 2484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:13:31.0923 2484 sermouse - ok
16:13:31.0970 2484 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:13:32.0032 2484 SessionEnv - ok
16:13:32.0063 2484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:13:32.0110 2484 sffdisk - ok
16:13:32.0126 2484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:13:32.0157 2484 sffp_mmc - ok
16:13:32.0173 2484 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:13:32.0219 2484 sffp_sd - ok
16:13:32.0251 2484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:13:32.0282 2484 sfloppy - ok
16:13:32.0313 2484 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:13:32.0375 2484 SharedAccess - ok
16:13:32.0422 2484 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:13:32.0485 2484 ShellHWDetection - ok
16:13:32.0531 2484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:13:32.0531 2484 SiSRaid2 - ok
16:13:32.0563 2484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:13:32.0578 2484 SiSRaid4 - ok
16:13:32.0609 2484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:13:32.0656 2484 Smb - ok
16:13:32.0719 2484 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:13:32.0750 2484 SNMPTRAP - ok
16:13:32.0781 2484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:13:32.0797 2484 spldr - ok
16:13:32.0843 2484 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:13:32.0890 2484 Spooler - ok
16:13:33.0015 2484 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:13:33.0171 2484 sppsvc - ok
16:13:33.0187 2484 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:13:33.0233 2484 sppuinotify - ok
16:13:33.0265 2484 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:13:33.0311 2484 srv - ok
16:13:33.0358 2484 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:13:33.0405 2484 srv2 - ok
16:13:33.0436 2484 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:13:33.0467 2484 srvnet - ok
16:13:33.0499 2484 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:13:33.0561 2484 SSDPSRV - ok
16:13:33.0592 2484 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:13:33.0623 2484 SstpSvc - ok
16:13:33.0670 2484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:13:33.0686 2484 stexstor - ok
16:13:33.0748 2484 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:13:33.0795 2484 stisvc - ok
16:13:33.0857 2484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:13:33.0873 2484 swenum - ok
16:13:33.0982 2484 SWGVCSvc (ba41a448446fdf839a32e27a8dcb7c9d) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
16:13:33.0998 2484 SWGVCSvc - ok
16:13:34.0060 2484 SWIPsec (1e036f98e6c780dd7669f516e8be0cea) C:\Windows\system32\Drivers\SWIPsec.sys
16:13:34.0076 2484 SWIPsec - ok
16:13:34.0107 2484 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:13:34.0169 2484 swprv - ok
16:13:34.0216 2484 SWVNIC (dcf11e08a8524b19ec47515c22be492e) C:\Windows\system32\DRIVERS\swvnic.sys
16:13:34.0216 2484 SWVNIC - ok
16:13:34.0310 2484 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:13:34.0388 2484 SysMain - ok
16:13:34.0435 2484 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:13:34.0466 2484 TabletInputService - ok
16:13:34.0513 2484 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:13:34.0575 2484 TapiSrv - ok
16:13:34.0606 2484 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:13:34.0637 2484 TBS - ok
16:13:34.0747 2484 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:13:34.0825 2484 Tcpip - ok
16:13:34.0903 2484 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:13:34.0934 2484 TCPIP6 - ok
16:13:34.0981 2484 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:13:35.0027 2484 tcpipreg - ok
16:13:35.0074 2484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:13:35.0121 2484 TDPIPE - ok
16:13:35.0152 2484 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:13:35.0183 2484 TDTCP - ok
16:13:35.0230 2484 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:13:35.0261 2484 tdx - ok
16:13:35.0308 2484 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:13:35.0324 2484 TermDD - ok
16:13:35.0371 2484 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:13:35.0449 2484 TermService - ok
16:13:35.0495 2484 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:13:35.0527 2484 Themes - ok
16:13:35.0558 2484 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:13:35.0589 2484 THREADORDER - ok
16:13:35.0620 2484 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:13:35.0667 2484 TrkWks - ok
16:13:35.0745 2484 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:13:35.0792 2484 TrustedInstaller - ok
16:13:35.0854 2484 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:35.0901 2484 tssecsrv - ok
16:13:35.0979 2484 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:13:35.0995 2484 TsUsbFlt - ok
16:13:36.0041 2484 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:13:36.0104 2484 tunnel - ok
16:13:36.0135 2484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:13:36.0151 2484 uagp35 - ok
16:13:36.0197 2484 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:13:36.0229 2484 udfs - ok
16:13:36.0275 2484 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:13:36.0291 2484 UI0Detect - ok
16:13:36.0353 2484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:13:36.0353 2484 uliagpkx - ok
16:13:36.0416 2484 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:13:36.0447 2484 umbus - ok
16:13:36.0478 2484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:13:36.0509 2484 UmPass - ok
16:13:36.0541 2484 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:13:36.0603 2484 upnphost - ok
16:13:36.0650 2484 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:13:36.0681 2484 usbaudio - ok
16:13:36.0712 2484 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:36.0743 2484 usbccgp - ok
16:13:36.0790 2484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:13:36.0806 2484 usbcir - ok
16:13:36.0837 2484 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:13:36.0868 2484 usbehci - ok
16:13:36.0915 2484 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:13:36.0946 2484 usbhub - ok
16:13:36.0977 2484 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:13:37.0009 2484 usbohci - ok
16:13:37.0055 2484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:13:37.0102 2484 usbprint - ok
16:13:37.0149 2484 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:13:37.0180 2484 usbscan - ok
16:13:37.0211 2484 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:37.0227 2484 USBSTOR - ok
16:13:37.0258 2484 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:13:37.0289 2484 usbuhci - ok
16:13:37.0321 2484 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:13:37.0352 2484 usbvideo - ok
16:13:37.0383 2484 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:13:37.0445 2484 UxSms - ok
16:13:37.0477 2484 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:37.0492 2484 VaultSvc - ok
16:13:37.0523 2484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:13:37.0539 2484 vdrvroot - ok
16:13:37.0601 2484 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:13:37.0648 2484 vds - ok
16:13:37.0695 2484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:37.0711 2484 vga - ok
16:13:37.0726 2484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:13:37.0773 2484 VgaSave - ok
16:13:37.0820 2484 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:13:37.0851 2484 vhdmp - ok
16:13:37.0867 2484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:13:37.0882 2484 viaide - ok
16:13:37.0898 2484 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:13:37.0913 2484 volmgr - ok
16:13:37.0976 2484 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:13:37.0991 2484 volmgrx - ok
16:13:38.0007 2484 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:13:38.0023 2484 volsnap - ok
16:13:38.0069 2484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:13:38.0085 2484 vsmraid - ok
16:13:38.0163 2484 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:13:38.0272 2484 VSS - ok
16:13:38.0288 2484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:13:38.0303 2484 vwifibus - ok
16:13:38.0319 2484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:13:38.0350 2484 vwififlt - ok
16:13:38.0381 2484 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:13:38.0428 2484 W32Time - ok
16:13:38.0444 2484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:13:38.0459 2484 WacomPen - ok
16:13:38.0491 2484 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:38.0553 2484 WANARP - ok
16:13:38.0553 2484 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:38.0584 2484 Wanarpv6 - ok
16:13:38.0678 2484 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:13:38.0740 2484 WatAdminSvc - ok
16:13:38.0803 2484 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:13:38.0896 2484 wbengine - ok
16:13:38.0943 2484 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:13:38.0974 2484 WbioSrvc - ok
16:13:39.0021 2484 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:13:39.0052 2484 wcncsvc - ok
16:13:39.0083 2484 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:13:39.0115 2484 WcsPlugInService - ok
16:13:39.0177 2484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:13:39.0177 2484 Wd - ok
16:13:39.0224 2484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:13:39.0255 2484 Wdf01000 - ok
16:13:39.0286 2484 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:13:39.0364 2484 WdiServiceHost - ok
16:13:39.0364 2484 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:13:39.0395 2484 WdiSystemHost - ok
16:13:39.0442 2484 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:13:39.0473 2484 WebClient - ok
16:13:39.0505 2484 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:13:39.0567 2484 Wecsvc - ok
16:13:39.0598 2484 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:13:39.0661 2484 wercplsupport - ok
16:13:39.0692 2484 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:13:39.0754 2484 WerSvc - ok
16:13:39.0801 2484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:39.0832 2484 WfpLwf - ok
16:13:39.0863 2484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:13:39.0879 2484 WIMMount - ok
16:13:39.0926 2484 WinDefend - ok
16:13:39.0941 2484 WinHttpAutoProxySvc - ok
16:13:40.0004 2484 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:13:40.0035 2484 Winmgmt - ok
16:13:40.0113 2484 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:13:40.0238 2484 WinRM - ok
16:13:40.0347 2484 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUsb.sys
16:13:40.0378 2484 WinUsb - ok
16:13:40.0425 2484 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:13:40.0487 2484 Wlansvc - ok
16:13:40.0628 2484 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:13:40.0721 2484 wlidsvc - ok
16:13:40.0768 2484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:13:40.0815 2484 WmiAcpi - ok
16:13:40.0877 2484 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:13:40.0909 2484 wmiApSrv - ok
16:13:40.0955 2484 WMPNetworkSvc - ok
16:13:40.0987 2484 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:13:41.0018 2484 WPCSvc - ok
16:13:41.0065 2484 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:13:41.0080 2484 WPDBusEnum - ok
16:13:41.0111 2484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:13:41.0143 2484 ws2ifsl - ok
16:13:41.0174 2484 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:13:41.0205 2484 wscsvc - ok
16:13:41.0221 2484 WSearch - ok
16:13:41.0314 2484 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:13:41.0439 2484 wuauserv - ok
16:13:41.0486 2484 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:13:41.0533 2484 WudfPf - ok
16:13:41.0579 2484 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:41.0626 2484 WUDFRd - ok
16:13:41.0657 2484 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:13:41.0704 2484 wudfsvc - ok
16:13:41.0735 2484 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:13:41.0782 2484 WwanSvc - ok
16:13:41.0845 2484 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:13:41.0985 2484 \Device\Harddisk0\DR0 - ok
16:13:41.0985 2484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:13:44.0621 2484 \Device\Harddisk1\DR1 - ok
16:13:44.0637 2484 Boot (0x1200) (8492311ed2283b27ef68f27b85a62c34) \Device\Harddisk0\DR0\Partition0
16:13:44.0637 2484 \Device\Harddisk0\DR0\Partition0 - ok
16:13:44.0684 2484 Boot (0x1200) (7b7e759dea7f85c3e8ed68b63a45b7bf) \Device\Harddisk0\DR0\Partition1
16:13:44.0684 2484 \Device\Harddisk0\DR0\Partition1 - ok
16:13:44.0699 2484 Boot (0x1200) (6ff331b4e906c64e890c914b9d4ec875) \Device\Harddisk1\DR1\Partition0
16:13:44.0699 2484 \Device\Harddisk1\DR1\Partition0 - ok
16:13:44.0699 2484 ============================================================
16:13:44.0699 2484 Scan finished
16:13:44.0699 2484 ============================================================
16:13:44.0731 4396 Detected object count: 1
16:13:44.0731 4396 Actual detected object count: 1
16:14:06.0009 4396 C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe - copied to quarantine
16:14:06.0025 4396 HKLM\SYSTEM\ControlSet001\services\PCPitstop Scheduling - will be deleted on reboot
16:14:06.0056 4396 HKLM\SYSTEM\ControlSet002\services\PCPitstop Scheduling - will be deleted on reboot
16:14:06.0196 4396 C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe - will be deleted on reboot
16:14:06.0196 4396 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - User select action: Delete
16:14:10.0986 3592 Deinitialize success

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:03 AM

Posted 15 April 2012 - 04:41 PM

Was the default action to delete, or did you select this option yourself?

So long, and thanks for all the fish.

 

 


#6 sus69

sus69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 15 April 2012 - 04:42 PM

The default action was skip, but I selected delete

#7 sus69

sus69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 15 April 2012 - 06:59 PM

My laptop just re-booted itself :(

I feel betrayed and no longer trust this thing. I don't even surf p*rn. Buying new machine in the morning.

If I reformat will machine be suitable to pass down or should I trash?

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:03 AM

Posted 16 April 2012 - 02:32 PM

Good evening. :)

If you are able to reformat and reinstall then you have the ability to rewind your PC back to the time when you first bought it and there isn't any real need to purchase a new one, unless you aren't happy with it for other reasons. If that is the route that you wish to go down then I would get the PC back up and running before breaking out the plastic as you may change your mind about it once it has the new feel of a fresh install without all the detritus that will have built up over the last year of so.

So long, and thanks for all the fish.

 

 


#9 sus69

sus69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 16 April 2012 - 06:47 PM

My daughter needs a new one so I bought myself a new laptop and I'm going to reformat the bad one and hand it down.

I'm so paranoid now. I'm reading to find out how I can prevent this from happening again. I thought everything was secure already.

Thank you for your help :)

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:03 AM

Posted 17 April 2012 - 02:17 PM

Good evening. :)

Works for me - as this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users