Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Sponsored Flyin Ads & Link Hyjacking


  • This topic is locked This topic is locked
17 replies to this topic

#1 MyDarnComputer

MyDarnComputer

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 20 April 2012 - 01:08 PM

Hello,

I'm so frustrated with this link hyjacking that I'm finally taking a stand and attempting to get it fixed with some much needed help. Every 20-30 link clicks I'm forwarded to unwanted sites and then have to hit the back button and re-click on the originally desired link for a second time. I'm unable to find anything to uninstall within the Programs in the Control panel.

Next, I'm now getting unwanted popup or more accurately flyin ads in my lower right hand side of the screen advertising various auto and skincare products. I don't get why people 1) make software that does this and 2) do they really think this kind of marketing is successful?
The unwanted flyin ad (see png attachment for example) seems to appear when I'm using tungle.me and surveymonkey.com for example and seem to be search oriented, ie. "shopping for a vehicle" and "find local restaurants"

Thank you in advance for any and all help you may be able to offer me. I'm so appreciative to the good work the bleepingcomputer computer does to offset the malicious programmers out there.

Scott


DDS.txt log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by kleist at 13:39:17 on 2012-04-20
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.6040.1976 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe
C:\Users\Scott Kleist\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Users\Scott Kleist\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Windows\splwow64.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Mendeley Desktop\MendeleyDesktop.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\Explorer.EXE
C:\Users\Scott Kleist\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott Kleist\Documents\Performance Programs\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe
C:\Users\Scott Kleist\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = https://agents.nationwide.com/dana-na/auth/url_1/welcome.cgi
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
uRun: [Google Update] "C:\Users\Scott Kleist\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify] "C:\Users\Scott Kleist\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\SCOTTK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Scott Kleist\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\SCOTTK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\SCOTTK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NWepo.lnk - C:\Program Files (x86)\Network Associates\NWePO.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAGEAC~1.LNK - C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe
uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 209.244.0.3 209.244.0.4
TCP: Interfaces\{588848B5-0C05-448C-BB7E-117A8F7B5A84} : DhcpNameServer = 209.244.0.3 209.244.0.4
TCP: Interfaces\{588848B5-0C05-448C-BB7E-117A8F7B5A84}\56D656277656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{588848B5-0C05-448C-BB7E-117A8F7B5A84}\7756374756C6C613335323 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{588848B5-0C05-448C-BB7E-117A8F7B5A84}\C696E6B6379737 : DhcpNameServer = 207.230.75.34 207.230.75.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun-x64: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
Hosts: 184.95.41.155 www.statcounter.com.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scott Kleist\AppData\Roaming\Mozilla\Firefox\Profiles\0t51t19m.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Users\Scott Kleist\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Scott Kleist\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Scott Kleist\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]
R3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]
R3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2009-11-20 23536]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
.
=============== Created Last 30 ================
.
2012-04-16 15:07:54 47080 -c--a-w- C:\Windows\System32\HIPIS0e011b5.dll
2012-04-16 15:07:54 40328 -c--a-w- C:\Windows\SysWow64\HIPIS0e011b5.dll
2012-04-12 07:06:31 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:06:30 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:06:29 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 07:01:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:01:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:01:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:01:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:01:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:01:58 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:01:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 14:09:22 8741536 -c--a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 13:57:16 418464 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 05:53:56 182160 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 -c--a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 21:32:17 -------- dc----w- C:\Users\Scott Kleist\AppData\Roaming\Titanium
2012-03-30 21:31:29 -------- dc----w- C:\Program Files (x86)\Nozbe
.
==================== Find3M ====================
.
2012-04-20 17:22:24 952 -csha-w- C:\ProgramData\KGyGaAvL.sys
2012-04-15 14:10:25 70304 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 07:07:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-12 07:07:54 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-12 07:07:54 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-04-12 07:07:53 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-03-14 20:37:38 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 20:37:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 20:37:34 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 20:37:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 20:37:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 20:37:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 20:34:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 20:34:14 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 20:34:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 20:34:14 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 20:34:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 15:01:50 52736 -c--a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 -c--a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 16:09:44 1070352 -c--a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 13:41:12.30 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 20 April 2012 - 03:01 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MyDarnComputer

MyDarnComputer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 22 April 2012 - 10:09 AM

Thanks for the guidelines but I thought I did follow the ones that were posted http://www.bleepingcomputer.com/forums/topic34773.html

Specifically, "In the white message area, as shown above, write a detailed description of your problem and then press the enter key. Now copy and paste the contents of the DDS.txt log that you saved to your desktop. You can do this by going to your Desktop and double-clicking on the file named DDS.txt to open it. After the Notepad window is opened, right-click in the notepad and select Select All. Then right click again and select Copy. Now go back to the Post and right click in the post area and select Paste to paste the contents of the DDS.txt report into the post. When done, you should now have a post consisting of the detailed description of your problem and the reports from DDS."

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 22 April 2012 - 10:26 AM

Hello


you did fine - I am asking you to run combofix for me now
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MyDarnComputer

MyDarnComputer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 22 April 2012 - 02:21 PM

Oh okay gotcha. Now I can't disable my McAfee stuff for some reason as it's the enterprise solution that Nationwide installs as I'm an associate agent. I looked up the how-to and the directions don't coincide with what I see. :( please advise

thanks
scott

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 22 April 2012 - 03:32 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 25 April 2012 - 12:02 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 MyDarnComputer

MyDarnComputer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 25 April 2012 - 03:13 PM

Thanks for the follow up!
I'll run the combofix tonight. Been super busy but again, thanks for following up!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 25 April 2012 - 09:31 PM

no problem and hope to see you soon


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 MyDarnComputer

MyDarnComputer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 27 April 2012 - 08:47 AM

Hi Gringo!

So I need to preface this with the fact that I still had to run the Combofix.exe while the McAfee Virus Scan and one other McAfee service was still running EVEN IN SAFE MODE. So hopefully the results are still valid. I ended up having to Run MSCONFIG and selecting the reboot option in there to safe mode as the F8 method wasn't successful. Keeping my fingers crossed!!!!



ComboFix 12-04-22.01 - kleist 04/27/2012 9:27.1.2 - x64 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.6040.5388 [GMT -4:00]
Running from: c:\users\Scott Kleist\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 13:30 . 2012-04-27 13:30 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-04-25 15:50 . 2012-04-25 15:50 -------- dc----w- c:\program files\iPod
2012-04-25 15:50 . 2012-04-25 15:51 -------- dc----w- c:\program files\iTunes
2012-04-25 15:50 . 2012-04-25 15:51 -------- dc----w- c:\program files (x86)\iTunes
2012-04-12 07:06 . 2012-04-12 07:06 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:06 . 2012-04-12 07:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:06 . 2012-04-12 07:06 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:01 . 2012-04-12 07:02 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:01 . 2012-04-12 07:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:01 . 2012-04-12 07:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:01 . 2012-04-12 07:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 07:01 . 2012-04-12 07:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:01 . 2012-04-12 07:02 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:01 . 2012-04-12 07:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 14:09 . 2012-04-15 14:10 8741536 -c--a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 13:57 . 2012-04-15 14:10 418464 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 -c--a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 21:32 . 2012-03-30 21:32 -------- dc----w- c:\users\Scott Kleist\AppData\Roaming\Titanium
2012-03-30 21:31 . 2012-03-30 21:31 -------- dc----w- c:\program files (x86)\Nozbe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 13:16 . 2011-09-05 15:43 952 -csha-w- c:\programdata\KGyGaAvL.sys
2012-04-15 14:10 . 2011-06-10 13:26 70304 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 20:37 . 2012-03-14 13:46 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 20:37 . 2012-03-14 13:44 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 20:37 . 2012-03-14 13:44 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 20:37 . 2012-03-14 13:44 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 20:37 . 2012-03-14 13:46 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 20:37 . 2012-03-14 13:46 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 20:34 . 2012-03-14 13:44 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 20:34 . 2012-03-14 13:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 20:34 . 2012-03-14 13:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 20:34 . 2012-03-14 13:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 20:34 . 2012-03-14 13:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 -c--a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 -c--a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 -c--a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2012-04-16 166624]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-18 107000]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-09-09 884512]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-26 124224]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Scott Kleist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NWepo.lnk - c:\program files (x86)\Network Associates\NWePO.exe [2012-1-11 40960]
Sage ACT! Outlook Sync.lnk - c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-8-19 91136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictWelcomeCenter"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [x]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-01-26 39840]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 428384]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [x]
R3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [x]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [x]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [x]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2009-11-20 23536]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 61913952]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:10]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1150288413-4022830428-2097345192-1001Core.job
- c:\users\Scott Kleist\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 00:29]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1150288413-4022830428-2097345192-1001UA.job
- c:\users\Scott Kleist\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 00:29]
.
2012-04-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:39]
.
2012-04-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Scott Kleist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-05 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-05 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-05 408600]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://agents.nationwide.com/dana-na/auth/url_1/welcome.cgi
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
TCP: DhcpNameServer = 207.230.75.34 207.230.75.50
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
FF - ProfilePath - c:\users\Scott Kleist\AppData\Roaming\Mozilla\Firefox\Profiles\0t51t19m.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{184E4FA0-DE8C26D4-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-27 09:38:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 13:38
.
Pre-Run: 3,400,884,224 bytes free
Post-Run: 6,161,498,112 bytes free
.
- - End Of File - - E6ADA01976A9695797BC85A21290461F

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 27 April 2012 - 12:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 MyDarnComputer

MyDarnComputer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 27 April 2012 - 02:47 PM

TDSSKiller

14:38:35.0272 7252 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
14:38:35.0609 7252 ============================================================
14:38:35.0609 7252 Current date / time: 2012/04/27 14:38:35.0609
14:38:35.0609 7252 SystemInfo:
14:38:35.0609 7252
14:38:35.0609 7252 OS Version: 6.1.7601 ServicePack: 1.0
14:38:35.0609 7252 Product type: Workstation
14:38:35.0609 7252 ComputerName: GBKLEISTR400
14:38:35.0609 7252 UserName: kleist
14:38:35.0609 7252 Windows directory: C:\Windows
14:38:35.0609 7252 System windows directory: C:\Windows
14:38:35.0609 7252 Running under WOW64
14:38:35.0609 7252 Processor architecture: Intel x64
14:38:35.0609 7252 Number of processors: 2
14:38:35.0609 7252 Page size: 0x1000
14:38:35.0609 7252 Boot type: Normal boot
14:38:35.0609 7252 ============================================================
14:38:36.0231 7252 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:38:36.0242 7252 ============================================================
14:38:36.0242 7252 \Device\Harddisk0\DR0:
14:38:36.0242 7252 MBR partitions:
14:38:36.0242 7252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2134800, BlocksNum 0x108E4800
14:38:36.0242 7252 ============================================================
14:38:36.0282 7252 C: <-> \Device\Harddisk0\DR0\Partition0
14:38:36.0282 7252 ============================================================
14:38:36.0282 7252 Initialize success
14:38:36.0282 7252 ============================================================
14:38:39.0783 3244 ============================================================
14:38:39.0783 3244 Scan started
14:38:39.0783 3244 Mode: Manual;
14:38:39.0783 3244 ============================================================
14:38:40.0656 3244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:38:40.0656 3244 1394ohci - ok
14:38:40.0719 3244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:38:40.0719 3244 ACPI - ok
14:38:40.0750 3244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:38:40.0781 3244 AcpiPmi - ok
14:38:40.0890 3244 ACT! Scheduler (630d2c9d36dad22829c95c55d36ba5cc) C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
14:38:40.0937 3244 ACT! Scheduler - ok
14:38:41.0015 3244 ADMonitor (80e30df0a2a56c4bec2578bc72b9a5aa) C:\Windows\system32\ADMonitor.exe
14:38:41.0062 3244 ADMonitor - ok
14:38:41.0156 3244 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:38:41.0202 3244 AdobeARMservice - ok
14:38:41.0405 3244 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:38:41.0405 3244 AdobeFlashPlayerUpdateSvc - ok
14:38:41.0468 3244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:38:41.0499 3244 adp94xx - ok
14:38:41.0577 3244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:38:41.0608 3244 adpahci - ok
14:38:41.0639 3244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:38:41.0655 3244 adpu320 - ok
14:38:41.0702 3244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:38:41.0702 3244 AeLookupSvc - ok
14:38:41.0811 3244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:38:41.0811 3244 AFD - ok
14:38:41.0858 3244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:38:41.0858 3244 agp440 - ok
14:38:41.0889 3244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:38:41.0889 3244 ALG - ok
14:38:41.0920 3244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:38:41.0920 3244 aliide - ok
14:38:41.0936 3244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:38:41.0936 3244 amdide - ok
14:38:41.0967 3244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:38:41.0982 3244 AmdK8 - ok
14:38:41.0982 3244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:38:41.0998 3244 AmdPPM - ok
14:38:42.0045 3244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:38:42.0092 3244 amdsata - ok
14:38:42.0154 3244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:38:42.0170 3244 amdsbs - ok
14:38:42.0232 3244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:38:42.0294 3244 amdxata - ok
14:38:42.0357 3244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:38:42.0419 3244 AppID - ok
14:38:42.0482 3244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:38:42.0482 3244 AppIDSvc - ok
14:38:42.0513 3244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:38:42.0513 3244 Appinfo - ok
14:38:42.0716 3244 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:38:42.0762 3244 Apple Mobile Device - ok
14:38:42.0840 3244 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:38:42.0856 3244 AppMgmt - ok
14:38:42.0918 3244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:38:42.0918 3244 arc - ok
14:38:42.0950 3244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:38:42.0950 3244 arcsas - ok
14:38:42.0981 3244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:42.0996 3244 AsyncMac - ok
14:38:43.0012 3244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:38:43.0012 3244 atapi - ok
14:38:43.0246 3244 ATService (de3b729ebabae75252698e275c7f4834) C:\Windows\system32\AtService.exe
14:38:43.0371 3244 ATService - ok
14:38:43.0542 3244 ATSwpWDF (a7732a975be468784cce9feb5fbf0190) C:\Windows\system32\Drivers\ATSwpWDF.sys
14:38:43.0620 3244 ATSwpWDF - ok
14:38:43.0745 3244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:38:43.0792 3244 AudioEndpointBuilder - ok
14:38:43.0792 3244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:38:43.0808 3244 AudioSrv - ok
14:38:43.0870 3244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:38:43.0901 3244 AxInstSV - ok
14:38:43.0995 3244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:38:44.0010 3244 b06bdrv - ok
14:38:44.0088 3244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:38:44.0151 3244 b57nd60a - ok
14:38:44.0229 3244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:38:44.0244 3244 BDESVC - ok
14:38:44.0244 3244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:38:44.0260 3244 Beep - ok
14:38:44.0354 3244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:38:44.0400 3244 BFE - ok
14:38:44.0494 3244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:38:44.0510 3244 BITS - ok
14:38:44.0572 3244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:38:44.0572 3244 blbdrive - ok
14:38:44.0697 3244 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:38:44.0744 3244 Bonjour Service - ok
14:38:44.0806 3244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:38:44.0900 3244 bowser - ok
14:38:44.0947 3244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:38:44.0947 3244 BrFiltLo - ok
14:38:44.0962 3244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:38:44.0978 3244 BrFiltUp - ok
14:38:45.0040 3244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:38:45.0041 3244 BridgeMP - ok
14:38:45.0088 3244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:38:45.0135 3244 Browser - ok
14:38:45.0213 3244 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
14:38:45.0228 3244 BrSerIb - ok
14:38:45.0291 3244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:38:45.0306 3244 Brserid - ok
14:38:45.0353 3244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:38:45.0353 3244 BrSerWdm - ok
14:38:45.0369 3244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:38:45.0369 3244 BrUsbMdm - ok
14:38:45.0384 3244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:38:45.0400 3244 BrUsbSer - ok
14:38:45.0431 3244 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
14:38:45.0431 3244 BrUsbSIb - ok
14:38:45.0494 3244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:38:45.0494 3244 BthEnum - ok
14:38:45.0525 3244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:38:45.0540 3244 BTHMODEM - ok
14:38:45.0572 3244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:38:45.0572 3244 BthPan - ok
14:38:45.0681 3244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:38:45.0743 3244 BTHPORT - ok
14:38:45.0806 3244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:38:45.0806 3244 bthserv - ok
14:38:45.0821 3244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:38:45.0868 3244 BTHUSB - ok
14:38:45.0884 3244 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
14:38:45.0915 3244 btusbflt - ok
14:38:45.0993 3244 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
14:38:46.0024 3244 btwaudio - ok
14:38:46.0086 3244 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
14:38:46.0133 3244 btwavdt - ok
14:38:46.0367 3244 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
14:38:46.0414 3244 btwdins - ok
14:38:46.0430 3244 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:38:46.0476 3244 btwl2cap - ok
14:38:46.0476 3244 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
14:38:46.0539 3244 btwrchid - ok
14:38:46.0632 3244 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
14:38:46.0679 3244 CAXHWAZL - ok
14:38:46.0742 3244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:38:46.0742 3244 cdfs - ok
14:38:46.0788 3244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:38:46.0835 3244 cdrom - ok
14:38:46.0882 3244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:38:46.0913 3244 CertPropSvc - ok
14:38:46.0944 3244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:38:46.0944 3244 circlass - ok
14:38:47.0007 3244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:38:47.0007 3244 CLFS - ok
14:38:47.0100 3244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:38:47.0100 3244 clr_optimization_v2.0.50727_32 - ok
14:38:47.0178 3244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:38:47.0194 3244 clr_optimization_v2.0.50727_64 - ok
14:38:47.0272 3244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:38:47.0303 3244 clr_optimization_v4.0.30319_32 - ok
14:38:47.0334 3244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:38:47.0334 3244 clr_optimization_v4.0.30319_64 - ok
14:38:47.0381 3244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:38:47.0381 3244 CmBatt - ok
14:38:47.0397 3244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:38:47.0397 3244 cmdide - ok
14:38:47.0506 3244 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:38:47.0568 3244 CNG - ok
14:38:47.0678 3244 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
14:38:47.0740 3244 CnxtHdAudService - ok
14:38:47.0771 3244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:38:47.0771 3244 Compbatt - ok
14:38:47.0802 3244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:38:47.0849 3244 CompositeBus - ok
14:38:47.0865 3244 COMSysApp - ok
14:38:47.0880 3244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:38:47.0880 3244 crcdisk - ok
14:38:47.0912 3244 Crypkey License - ok
14:38:47.0958 3244 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:38:48.0005 3244 CryptSvc - ok
14:38:48.0068 3244 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:38:48.0146 3244 CSC - ok
14:38:48.0224 3244 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:38:48.0239 3244 CscService - ok
14:38:48.0317 3244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:38:48.0317 3244 DcomLaunch - ok
14:38:48.0395 3244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:38:48.0411 3244 defragsvc - ok
14:38:48.0473 3244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:38:48.0520 3244 DfsC - ok
14:38:48.0582 3244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:38:48.0645 3244 Dhcp - ok
14:38:48.0660 3244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:38:48.0660 3244 discache - ok
14:38:48.0707 3244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:38:48.0723 3244 Disk - ok
14:38:48.0738 3244 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:38:48.0770 3244 dmvsc - ok
14:38:48.0801 3244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:38:48.0848 3244 Dnscache - ok
14:38:48.0879 3244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:38:48.0926 3244 dot3svc - ok
14:38:48.0972 3244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:38:48.0972 3244 DPS - ok
14:38:49.0004 3244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:38:49.0019 3244 drmkaud - ok
14:38:49.0082 3244 dtsvc (0caed3bab3e086a8b93b39952cf90576) C:\Windows\system32\DTS.exe
14:38:49.0144 3244 dtsvc - ok
14:38:49.0238 3244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:38:49.0316 3244 DXGKrnl - ok
14:38:49.0347 3244 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:38:49.0347 3244 E1G60 - ok
14:38:49.0425 3244 e1yexpress (d608110adb132e683360fca0f6b2bb53) C:\Windows\system32\DRIVERS\e1y60x64.sys
14:38:49.0472 3244 e1yexpress - ok
14:38:49.0518 3244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:38:49.0518 3244 EapHost - ok
14:38:49.0628 3244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:38:49.0706 3244 ebdrv - ok
14:38:49.0752 3244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:38:49.0768 3244 EFS - ok
14:38:49.0877 3244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:38:49.0955 3244 ehRecvr - ok
14:38:49.0986 3244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:38:50.0018 3244 ehSched - ok
14:38:50.0096 3244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:38:50.0111 3244 elxstor - ok
14:38:50.0392 3244 enterceptAgent (c3d8c7e58d6194286a6d3985cabf19e7) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
14:38:50.0470 3244 enterceptAgent - ok
14:38:50.0579 3244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:38:50.0579 3244 ErrDev - ok
14:38:50.0657 3244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:38:50.0657 3244 EventSystem - ok
14:38:50.0907 3244 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:38:50.0954 3244 EvtEng - ok
14:38:51.0141 3244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:38:51.0156 3244 exfat - ok
14:38:51.0188 3244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:38:51.0203 3244 fastfat - ok
14:38:51.0297 3244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:38:51.0359 3244 Fax - ok
14:38:51.0375 3244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:38:51.0390 3244 fdc - ok
14:38:51.0422 3244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:38:51.0437 3244 fdPHost - ok
14:38:51.0437 3244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:38:51.0453 3244 FDResPub - ok
14:38:51.0468 3244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:38:51.0468 3244 FileInfo - ok
14:38:51.0484 3244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:38:51.0500 3244 Filetrace - ok
14:38:51.0593 3244 Firehk (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys
14:38:51.0656 3244 Firehk - ok
14:38:51.0656 3244 FirehkMP (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys
14:38:51.0656 3244 FirehkMP - ok
14:38:51.0718 3244 firelm01 (91c7c2c38d51a1ab25f909189a2c2db9) C:\Windows\system32\drivers\firelm01.sys
14:38:51.0765 3244 firelm01 - ok
14:38:51.0796 3244 FirePM (7a5af3ee86bbb96a5b2c96facbfe124f) C:\Windows\system32\Drivers\FirePM.sys
14:38:51.0858 3244 FirePM - ok
14:38:51.0921 3244 FireTDI (9d0071cb93c9cebfb927f443c75e3251) C:\Windows\system32\Drivers\FireTDI.sys
14:38:51.0968 3244 FireTDI - ok
14:38:51.0999 3244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:38:52.0014 3244 flpydisk - ok
14:38:52.0046 3244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:38:52.0108 3244 FltMgr - ok
14:38:52.0233 3244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:38:52.0248 3244 FontCache - ok
14:38:52.0326 3244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:38:52.0358 3244 FontCache3.0.0.0 - ok
14:38:52.0404 3244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:38:52.0420 3244 FsDepends - ok
14:38:52.0467 3244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:38:52.0514 3244 Fs_Rec - ok
14:38:52.0576 3244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:38:52.0576 3244 fvevol - ok
14:38:52.0607 3244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:38:52.0607 3244 gagp30kx - ok
14:38:52.0685 3244 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:38:52.0748 3244 GEARAspiWDM - ok
14:38:52.0872 3244 GoToAssist (409e81656712cef82d9bc4d527bb3a81) C:\Program Files (x86)\Citrix\GoToAssist\705\g2aservice.exe
14:38:52.0919 3244 GoToAssist - ok
14:38:53.0044 3244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:38:53.0091 3244 gpsvc - ok
14:38:53.0138 3244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:38:53.0138 3244 hcw85cir - ok
14:38:53.0200 3244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:38:53.0247 3244 HdAudAddService - ok
14:38:53.0294 3244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:38:53.0294 3244 HDAudBus - ok
14:38:53.0325 3244 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
14:38:53.0387 3244 HECIx64 - ok
14:38:53.0403 3244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:38:53.0403 3244 HidBatt - ok
14:38:53.0418 3244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:38:53.0434 3244 HidBth - ok
14:38:53.0450 3244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:38:53.0450 3244 HidIr - ok
14:38:53.0481 3244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:38:53.0481 3244 hidserv - ok
14:38:53.0528 3244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:38:53.0590 3244 HidUsb - ok
14:38:53.0684 3244 HIPK (a5fa050ff3a5f3630c2598d32e339def) C:\Windows\system32\drivers\HIPK.sys
14:38:53.0730 3244 HIPK - ok
14:38:53.0746 3244 HIPPSK (e8eb147dc272dba6f0eba31d17e752c6) C:\Windows\system32\drivers\HIPPSK.sys
14:38:53.0808 3244 HIPPSK - ok
14:38:53.0840 3244 HIPQK (1f95e665632a39ac57e1c605e49c5816) C:\Windows\system32\drivers\HIPQK.sys
14:38:53.0871 3244 HIPQK - ok
14:38:54.0105 3244 hips (44cd99a1b57827ed9e98851b0baee851) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
14:38:54.0152 3244 hips - ok
14:38:54.0198 3244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:38:54.0230 3244 hkmsvc - ok
14:38:54.0261 3244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:38:54.0323 3244 HomeGroupListener - ok
14:38:54.0386 3244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:38:54.0386 3244 HomeGroupProvider - ok
14:38:54.0432 3244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:38:54.0495 3244 HpSAMD - ok
14:38:54.0635 3244 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
14:38:54.0698 3244 HsfXAudioService - ok
14:38:54.0822 3244 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
14:38:54.0916 3244 HSF_DPV - ok
14:38:55.0010 3244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:38:55.0010 3244 HTTP - ok
14:38:55.0041 3244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:38:55.0041 3244 hwpolicy - ok
14:38:55.0072 3244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:38:55.0072 3244 i8042prt - ok
14:38:55.0150 3244 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
14:38:55.0150 3244 iaStor - ok
14:38:55.0244 3244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:38:55.0290 3244 iaStorV - ok
14:38:55.0322 3244 IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:38:55.0368 3244 IBMPMDRV - ok
14:38:55.0400 3244 IBMPMSVC (6daedf692b52b7c238c7199419318d16) C:\Windows\system32\ibmpmsvc.exe
14:38:55.0462 3244 IBMPMSVC - ok
14:38:55.0634 3244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:38:55.0696 3244 idsvc - ok
14:38:56.0008 3244 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:38:56.0133 3244 igfx - ok
14:38:56.0273 3244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:38:56.0273 3244 iirsp - ok
14:38:56.0382 3244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:38:56.0429 3244 IKEEXT - ok
14:38:56.0460 3244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:38:56.0476 3244 intelide - ok
14:38:56.0492 3244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:38:56.0507 3244 intelppm - ok
14:38:56.0538 3244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:38:56.0538 3244 IPBusEnum - ok
14:38:56.0570 3244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:56.0616 3244 IpFilterDriver - ok
14:38:56.0694 3244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:38:56.0741 3244 iphlpsvc - ok
14:38:56.0772 3244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:38:56.0819 3244 IPMIDRV - ok
14:38:56.0850 3244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:38:56.0866 3244 IPNAT - ok
14:38:57.0006 3244 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:38:57.0084 3244 iPod Service - ok
14:38:57.0131 3244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:38:57.0131 3244 IRENUM - ok
14:38:57.0162 3244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:38:57.0162 3244 isapnp - ok
14:38:57.0194 3244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:38:57.0272 3244 iScsiPrt - ok
14:38:57.0318 3244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:57.0318 3244 kbdclass - ok
14:38:57.0350 3244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:38:57.0428 3244 kbdhid - ok
14:38:57.0521 3244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:38:57.0521 3244 KeyIso - ok
14:38:57.0584 3244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:38:57.0615 3244 KSecDD - ok
14:38:57.0646 3244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:38:57.0755 3244 KSecPkg - ok
14:38:57.0786 3244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:38:57.0786 3244 ksthunk - ok
14:38:57.0849 3244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:38:57.0864 3244 KtmRm - ok
14:38:57.0927 3244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:38:57.0958 3244 LanmanServer - ok
14:38:58.0005 3244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:38:58.0067 3244 LanmanWorkstation - ok
14:38:58.0208 3244 LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:38:58.0270 3244 LENOVO.MICMUTE - ok
14:38:58.0332 3244 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
14:38:58.0364 3244 lenovo.smi - ok
14:38:58.0426 3244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:38:58.0426 3244 lltdio - ok
14:38:58.0488 3244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:38:58.0504 3244 lltdsvc - ok
14:38:58.0520 3244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:38:58.0520 3244 lmhosts - ok
14:38:58.0566 3244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:38:58.0566 3244 LSI_FC - ok
14:38:58.0598 3244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:38:58.0613 3244 LSI_SAS - ok
14:38:58.0629 3244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:38:58.0629 3244 LSI_SAS2 - ok
14:38:58.0660 3244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:38:58.0676 3244 LSI_SCSI - ok
14:38:58.0707 3244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:38:58.0707 3244 luafv - ok
14:38:58.0894 3244 McAfee SiteAdvisor Enterprise Service (20f77f14fe972aa028454047632b2ac8) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
14:38:58.0894 3244 McAfee SiteAdvisor Enterprise Service - ok
14:38:59.0019 3244 McAfeeEngineService (5d992ca633358dd0e7a16d88829da087) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
14:38:59.0066 3244 McAfeeEngineService - ok
14:38:59.0112 3244 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
14:38:59.0159 3244 McAfeeFramework - ok
14:38:59.0222 3244 McShield (40e2dab104501594c8f93fa7bdfd3596) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
14:38:59.0284 3244 McShield - ok
14:38:59.0346 3244 McTaskManager (3077feefa81b025390092f7fbf2b51c5) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
14:38:59.0346 3244 McTaskManager - ok
14:38:59.0393 3244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:38:59.0440 3244 Mcx2Svc - ok
14:38:59.0487 3244 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:38:59.0549 3244 mdmxsdk - ok
14:38:59.0580 3244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:38:59.0596 3244 megasas - ok
14:38:59.0627 3244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:38:59.0643 3244 MegaSR - ok
14:38:59.0674 3244 mfeapfk (07795c10658fa4350d222c7ef9077798) C:\Windows\system32\drivers\mfeapfk.sys
14:38:59.0721 3244 mfeapfk - ok
14:38:59.0783 3244 mfeavfk (3825f334915733b85eed24f0640fadae) C:\Windows\system32\drivers\mfeavfk.sys
14:38:59.0830 3244 mfeavfk - ok
14:38:59.0924 3244 mfehidk (6fe6964a4b4797eb6ef253e0de8d64e4) C:\Windows\system32\drivers\mfehidk.sys
14:39:00.0017 3244 mfehidk - ok
14:39:00.0048 3244 mferkdet (5f21288266b9b51a61272b192365e87c) C:\Windows\system32\drivers\mferkdet.sys
14:39:00.0095 3244 mferkdet - ok
14:39:00.0126 3244 mfetdik (b6170fad509317a963be6d4c2e104d2f) C:\Windows\system32\drivers\mfetdik.sys
14:39:00.0173 3244 mfetdik - ok
14:39:00.0236 3244 mfevtp (edee0ad70a1461ab45bd62a07751a34b) C:\Windows\system32\mfevtps.exe
14:39:00.0282 3244 mfevtp - ok
14:39:00.0360 3244 Microsoft SharePoint Workspace Audit Service - ok
14:39:00.0423 3244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:39:00.0423 3244 MMCSS - ok
14:39:00.0454 3244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:39:00.0454 3244 Modem - ok
14:39:00.0501 3244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:39:00.0501 3244 monitor - ok
14:39:00.0532 3244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:39:00.0532 3244 mouclass - ok
14:39:00.0594 3244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:39:00.0594 3244 mouhid - ok
14:39:00.0626 3244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:39:00.0626 3244 mountmgr - ok
14:39:00.0657 3244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:39:00.0750 3244 mpio - ok
14:39:00.0782 3244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:39:00.0797 3244 mpsdrv - ok
14:39:00.0906 3244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:39:00.0953 3244 MpsSvc - ok
14:39:00.0984 3244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:39:01.0031 3244 MRxDAV - ok
14:39:01.0094 3244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:39:01.0156 3244 mrxsmb - ok
14:39:01.0218 3244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:39:01.0265 3244 mrxsmb10 - ok
14:39:01.0296 3244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:39:01.0359 3244 mrxsmb20 - ok
14:39:01.0406 3244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:39:01.0452 3244 msahci - ok
14:39:01.0468 3244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:39:01.0515 3244 msdsm - ok
14:39:01.0562 3244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:39:01.0577 3244 MSDTC - ok
14:39:01.0608 3244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:39:01.0624 3244 Msfs - ok
14:39:01.0655 3244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:39:01.0655 3244 mshidkmdf - ok
14:39:01.0671 3244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:39:01.0671 3244 msisadrv - ok
14:39:01.0718 3244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:39:01.0733 3244 MSiSCSI - ok
14:39:01.0733 3244 msiserver - ok
14:39:01.0764 3244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:39:01.0764 3244 MSKSSRV - ok
14:39:01.0796 3244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:39:01.0796 3244 MSPCLOCK - ok
14:39:01.0827 3244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:39:01.0827 3244 MSPQM - ok
14:39:01.0874 3244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:39:01.0920 3244 MsRPC - ok
14:39:01.0936 3244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:39:01.0936 3244 mssmbios - ok
14:39:02.0154 3244 MSSQL$ACT7 - ok
14:39:02.0310 3244 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:39:02.0357 3244 MSSQLServerADHelper100 - ok
14:39:02.0404 3244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:39:02.0404 3244 MSTEE - ok
14:39:02.0420 3244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:39:02.0435 3244 MTConfig - ok
14:39:02.0451 3244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:39:02.0451 3244 Mup - ok
14:39:02.0529 3244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:39:02.0529 3244 napagent - ok
14:39:02.0591 3244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:39:02.0607 3244 NativeWifiP - ok
14:39:02.0700 3244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:39:02.0700 3244 NDIS - ok
14:39:02.0732 3244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:39:02.0732 3244 NdisCap - ok
14:39:02.0763 3244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:39:02.0763 3244 NdisTapi - ok
14:39:02.0778 3244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:39:02.0825 3244 Ndisuio - ok
14:39:02.0841 3244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:39:02.0888 3244 NdisWan - ok
14:39:02.0903 3244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:39:02.0950 3244 NDProxy - ok
14:39:02.0997 3244 NEOFLTR_650_15991 (85e3df39b5c7f5249efd120907c0e2d2) C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS
14:39:03.0012 3244 NEOFLTR_650_15991 - ok
14:39:03.0059 3244 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll
14:39:03.0106 3244 Net Driver HPZ12 - ok
14:39:03.0137 3244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:39:03.0137 3244 NetBIOS - ok
14:39:03.0168 3244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:39:03.0184 3244 NetBT - ok
14:39:03.0246 3244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:03.0246 3244 Netlogon - ok
14:39:03.0324 3244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:39:03.0340 3244 Netman - ok
14:39:03.0371 3244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:39:03.0387 3244 netprofm - ok
14:39:03.0480 3244 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:39:03.0480 3244 NetTcpPortSharing - ok
14:39:03.0855 3244 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:39:04.0026 3244 NETw5s64 - ok
14:39:04.0463 3244 netw5v64 (bc9a55a6deef3f9a328e3cb2b31aafd3) C:\Windows\system32\DRIVERS\netw5v64.sys
14:39:04.0682 3244 netw5v64 - ok
14:39:04.0869 3244 NetworkX (2263727032e9b19231a706046b8c82d3) C:\Windows\system32\ckldrv.sys
14:39:04.0931 3244 NetworkX - ok
14:39:04.0994 3244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:39:05.0009 3244 nfrd960 - ok
14:39:05.0072 3244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:39:05.0118 3244 NlaSvc - ok
14:39:05.0134 3244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:39:05.0150 3244 Npfs - ok
14:39:05.0165 3244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:39:05.0165 3244 nsi - ok
14:39:05.0181 3244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:39:05.0181 3244 nsiproxy - ok
14:39:05.0368 3244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:39:05.0430 3244 Ntfs - ok
14:39:05.0540 3244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:39:05.0555 3244 Null - ok
14:39:05.0602 3244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:39:05.0664 3244 nvraid - ok
14:39:05.0727 3244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:39:05.0789 3244 nvstor - ok
14:39:05.0805 3244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:39:05.0820 3244 nv_agp - ok
14:39:05.0836 3244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:39:05.0852 3244 ohci1394 - ok
14:39:05.0961 3244 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:39:06.0008 3244 ose - ok
14:39:06.0413 3244 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:39:06.0444 3244 osppsvc - ok
14:39:06.0600 3244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:39:06.0616 3244 p2pimsvc - ok
14:39:06.0710 3244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:39:06.0756 3244 p2psvc - ok
14:39:06.0850 3244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:39:06.0866 3244 Parport - ok
14:39:06.0881 3244 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:39:06.0959 3244 partmgr - ok
14:39:07.0006 3244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:39:07.0022 3244 PcaSvc - ok
14:39:07.0209 3244 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms
14:39:07.0490 3244 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - ok
14:39:07.0552 3244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:39:07.0599 3244 pci - ok
14:39:07.0646 3244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:39:07.0646 3244 pciide - ok
14:39:07.0677 3244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:39:07.0692 3244 pcmcia - ok
14:39:07.0739 3244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:39:07.0739 3244 pcw - ok
14:39:07.0802 3244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:39:07.0848 3244 PEAUTH - ok
14:39:08.0020 3244 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:39:08.0067 3244 PeerDistSvc - ok
14:39:08.0176 3244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:39:08.0176 3244 PerfHost - ok
14:39:08.0316 3244 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
14:39:08.0410 3244 Pharos Systems ComTaskMaster - ok
14:39:08.0660 3244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:39:08.0769 3244 pla - ok
14:39:08.0894 3244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:39:08.0987 3244 PlugPlay - ok
14:39:09.0034 3244 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll
14:39:09.0065 3244 Pml Driver HPZ12 - ok
14:39:09.0081 3244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:39:09.0081 3244 PNRPAutoReg - ok
14:39:09.0128 3244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:39:09.0128 3244 PNRPsvc - ok
14:39:09.0206 3244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:39:09.0252 3244 PolicyAgent - ok
14:39:09.0284 3244 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
14:39:09.0315 3244 Power - ok
14:39:09.0440 3244 Power Manager DBC Service (f2aff20c22c2d8574a2da25441836a53) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
14:39:09.0533 3244 Power Manager DBC Service - ok
14:39:09.0596 3244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:39:09.0642 3244 PptpMiniport - ok
14:39:09.0674 3244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:39:09.0674 3244 Processor - ok
14:39:09.0720 3244 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:39:09.0783 3244 ProfSvc - ok
14:39:09.0830 3244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:09.0830 3244 ProtectedStorage - ok
14:39:09.0876 3244 psadd (c2c5f5d150605fd14fa2abde88db2020) C:\Windows\system32\DRIVERS\psadd.sys
14:39:09.0923 3244 psadd - ok
14:39:10.0017 3244 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:39:10.0079 3244 PSI_SVC_2 - ok
14:39:10.0204 3244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:39:10.0266 3244 ql2300 - ok
14:39:10.0329 3244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:39:10.0329 3244 ql40xx - ok
14:39:10.0391 3244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:39:10.0391 3244 QWAVE - ok
14:39:10.0454 3244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:39:10.0454 3244 QWAVEdrv - ok
14:39:10.0485 3244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:39:10.0485 3244 RasAcd - ok
14:39:10.0532 3244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:39:10.0532 3244 RasAgileVpn - ok
14:39:10.0547 3244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:39:10.0563 3244 RasAuto - ok
14:39:10.0610 3244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:39:10.0672 3244 Rasl2tp - ok
14:39:10.0719 3244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:39:10.0766 3244 RasMan - ok
14:39:10.0797 3244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:39:10.0797 3244 RasPppoe - ok
14:39:10.0844 3244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:39:10.0844 3244 RasSstp - ok
14:39:10.0890 3244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:39:10.0937 3244 rdbss - ok
14:39:10.0953 3244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:39:10.0953 3244 rdpbus - ok
14:39:10.0968 3244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:39:10.0968 3244 RDPCDD - ok
14:39:11.0000 3244 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:39:11.0062 3244 RDPDR - ok
14:39:11.0093 3244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:39:11.0093 3244 RDPENCDD - ok
14:39:11.0109 3244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:39:11.0109 3244 RDPREFMP - ok
14:39:11.0171 3244 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:39:11.0234 3244 RdpVideoMiniport - ok
14:39:11.0296 3244 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:39:11.0358 3244 RDPWD - ok
14:39:11.0421 3244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:39:11.0468 3244 rdyboost - ok
14:39:11.0686 3244 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:39:11.0733 3244 RegSrvc - ok
14:39:11.0764 3244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:39:11.0764 3244 RemoteAccess - ok
14:39:11.0811 3244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:39:11.0826 3244 RemoteRegistry - ok
14:39:11.0889 3244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:39:11.0904 3244 RFCOMM - ok
14:39:11.0951 3244 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys
14:39:11.0982 3244 rimmptsk - ok
14:39:12.0060 3244 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys
14:39:12.0092 3244 rimsptsk - ok
14:39:12.0154 3244 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys
14:39:12.0201 3244 rismxdp - ok
14:39:12.0216 3244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:39:12.0216 3244 RpcEptMapper - ok
14:39:12.0248 3244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:39:12.0248 3244 RpcLocator - ok
14:39:12.0310 3244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:39:12.0310 3244 RpcSs - ok
14:39:12.0388 3244 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
14:39:12.0497 3244 RsFx0150 - ok
14:39:12.0575 3244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:39:12.0575 3244 rspndr - ok
14:39:12.0606 3244 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:39:12.0653 3244 s3cap - ok
14:39:12.0684 3244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:12.0684 3244 SamSs - ok
14:39:12.0716 3244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:39:12.0762 3244 sbp2port - ok
14:39:12.0825 3244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:39:12.0825 3244 SCardSvr - ok
14:39:12.0887 3244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:39:12.0934 3244 scfilter - ok
14:39:13.0074 3244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:39:13.0137 3244 Schedule - ok
14:39:13.0168 3244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:39:13.0199 3244 SCPolicySvc - ok
14:39:13.0230 3244 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
14:39:13.0293 3244 sdbus - ok
14:39:13.0324 3244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:39:13.0324 3244 SDRSVC - ok
14:39:13.0355 3244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:39:13.0371 3244 secdrv - ok
14:39:13.0371 3244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:39:13.0449 3244 seclogon - ok
14:39:13.0464 3244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:39:13.0464 3244 SENS - ok
14:39:13.0480 3244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:39:13.0496 3244 SensrSvc - ok
14:39:13.0527 3244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:39:13.0542 3244 Serenum - ok
14:39:13.0574 3244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:39:13.0589 3244 Serial - ok
14:39:13.0605 3244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:39:13.0605 3244 sermouse - ok
14:39:13.0636 3244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:39:13.0698 3244 SessionEnv - ok
14:39:13.0714 3244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:39:13.0714 3244 sffdisk - ok
14:39:13.0730 3244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:39:13.0745 3244 sffp_mmc - ok
14:39:13.0761 3244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:39:13.0808 3244 sffp_sd - ok
14:39:13.0839 3244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:39:13.0854 3244 sfloppy - ok
14:39:13.0917 3244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:39:13.0979 3244 SharedAccess - ok
14:39:14.0010 3244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:39:14.0057 3244 ShellHWDetection - ok
14:39:14.0135 3244 Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
14:39:14.0182 3244 Shockprf - ok
14:39:14.0198 3244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:39:14.0198 3244 SiSRaid2 - ok
14:39:14.0229 3244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:39:14.0229 3244 SiSRaid4 - ok
14:39:14.0354 3244 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:39:16.0803 3244 SkypeUpdate - ok
14:39:16.0834 3244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:39:16.0834 3244 Smb - ok
14:39:16.0896 3244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:39:16.0912 3244 SNMPTRAP - ok
14:39:16.0928 3244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:39:16.0928 3244 spldr - ok
14:39:16.0974 3244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:39:17.0021 3244 Spooler - ok
14:39:17.0333 3244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:39:17.0349 3244 sppsvc - ok
14:39:17.0458 3244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:39:17.0458 3244 sppuinotify - ok
14:39:17.0645 3244 SQLAgent$ACT7 (bea7fea5bb31eb58d78971f821ae6844) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
14:39:17.0692 3244 SQLAgent$ACT7 - ok
14:39:17.0832 3244 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:39:17.0895 3244 SQLBrowser - ok
14:39:17.0988 3244 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:39:18.0035 3244 SQLWriter - ok
14:39:18.0129 3244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:39:18.0191 3244 srv - ok
14:39:18.0238 3244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:39:18.0269 3244 srv2 - ok
14:39:18.0347 3244 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:39:18.0378 3244 SrvHsfHDA - ok
14:39:18.0503 3244 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:39:18.0566 3244 SrvHsfV92 - ok
14:39:18.0644 3244 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:39:18.0690 3244 SrvHsfWinac - ok
14:39:18.0722 3244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:39:18.0800 3244 srvnet - ok
14:39:18.0862 3244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:39:18.0878 3244 SSDPSRV - ok
14:39:18.0909 3244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:39:18.0909 3244 SstpSvc - ok
14:39:18.0940 3244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:39:18.0940 3244 stexstor - ok
14:39:19.0034 3244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:39:19.0096 3244 stisvc - ok
14:39:19.0127 3244 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:39:19.0190 3244 storflt - ok
14:39:19.0221 3244 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:39:19.0221 3244 StorSvc - ok
14:39:19.0236 3244 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:39:19.0283 3244 storvsc - ok
14:39:19.0424 3244 SUService (cbbd685f75aff6be0171026fb7fe7a66) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
14:39:19.0424 3244 SUService - ok
14:39:19.0439 3244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:39:19.0439 3244 swenum - ok
14:39:19.0502 3244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:39:19.0517 3244 swprv - ok
14:39:19.0564 3244 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
14:39:19.0595 3244 Synth3dVsc - ok
14:39:19.0673 3244 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
14:39:19.0720 3244 SynTP - ok
14:39:19.0860 3244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:39:19.0892 3244 SysMain - ok
14:39:20.0001 3244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:39:20.0032 3244 TabletInputService - ok
14:39:20.0063 3244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:39:20.0110 3244 TapiSrv - ok
14:39:20.0126 3244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:39:20.0141 3244 TBS - ok
14:39:20.0360 3244 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:39:20.0453 3244 Tcpip - ok
14:39:20.0672 3244 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:39:20.0687 3244 TCPIP6 - ok
14:39:20.0781 3244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:39:20.0812 3244 tcpipreg - ok
14:39:20.0843 3244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:39:20.0843 3244 TDPIPE - ok
14:39:20.0890 3244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:39:20.0937 3244 TDTCP - ok
14:39:20.0984 3244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:39:21.0015 3244 tdx - ok
14:39:21.0405 3244 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:39:21.0483 3244 TeamViewer7 - ok
14:39:21.0608 3244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:39:21.0639 3244 TermDD - ok
14:39:21.0670 3244 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
14:39:21.0717 3244 terminpt - ok
14:39:21.0810 3244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:39:21.0888 3244 TermService - ok
14:39:21.0904 3244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:39:21.0904 3244 Themes - ok
14:39:21.0951 3244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:39:21.0951 3244 THREADORDER - ok
14:39:21.0998 3244 TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys
14:39:22.0044 3244 TPDIGIMN - ok
14:39:22.0076 3244 TPHDEXLGSVC (dd96de244cb186207149bc897e67217a) C:\Windows\system32\TPHDEXLG64.exe
14:39:22.0138 3244 TPHDEXLGSVC - ok
14:39:22.0232 3244 TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:39:22.0278 3244 TPHKSVC - ok
14:39:22.0310 3244 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
14:39:22.0325 3244 TPM - ok
14:39:22.0388 3244 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
14:39:22.0434 3244 TPPWRIF - ok
14:39:22.0497 3244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:39:22.0528 3244 TrkWks - ok
14:39:22.0590 3244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:39:22.0590 3244 TrustedInstaller - ok
14:39:22.0622 3244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:39:22.0668 3244 tssecsrv - ok
14:39:22.0684 3244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:39:22.0731 3244 TsUsbFlt - ok
14:39:22.0746 3244 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:39:22.0793 3244 TsUsbGD - ok
14:39:22.0809 3244 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
14:39:22.0840 3244 tsusbhub - ok
14:39:22.0902 3244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:39:22.0949 3244 tunnel - ok
14:39:22.0980 3244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:39:22.0980 3244 uagp35 - ok
14:39:23.0027 3244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:39:23.0090 3244 udfs - ok
14:39:23.0136 3244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:39:23.0136 3244 UI0Detect - ok
14:39:23.0152 3244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:39:23.0152 3244 uliagpkx - ok
14:39:23.0183 3244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:39:23.0230 3244 umbus - ok
14:39:23.0261 3244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:39:23.0261 3244 UmPass - ok
14:39:23.0308 3244 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:39:23.0355 3244 UmRdpService - ok
14:39:23.0402 3244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:39:23.0433 3244 upnphost - ok
14:39:23.0495 3244 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:39:23.0526 3244 USBAAPL64 - ok
14:39:23.0604 3244 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:39:23.0636 3244 usbaudio - ok
14:39:23.0714 3244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:39:23.0776 3244 usbccgp - ok
14:39:23.0807 3244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:39:23.0823 3244 usbcir - ok
14:39:23.0885 3244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:39:23.0948 3244 usbehci - ok
14:39:24.0010 3244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:39:24.0057 3244 usbhub - ok
14:39:24.0104 3244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:39:24.0150 3244 usbohci - ok
14:39:24.0182 3244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:39:24.0182 3244 usbprint - ok
14:39:24.0228 3244 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:39:24.0228 3244 usbscan - ok
14:39:24.0291 3244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:39:24.0322 3244 USBSTOR - ok
14:39:24.0384 3244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:39:24.0431 3244 usbuhci - ok
14:39:24.0494 3244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:39:24.0572 3244 usbvideo - ok
14:39:24.0603 3244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:39:24.0603 3244 UxSms - ok
14:39:24.0665 3244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:24.0665 3244 VaultSvc - ok
14:39:24.0696 3244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:39:24.0696 3244 vdrvroot - ok
14:39:24.0759 3244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:39:24.0806 3244 vds - ok
14:39:24.0837 3244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:39:24.0837 3244 vga - ok
14:39:24.0852 3244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:39:24.0852 3244 VgaSave - ok
14:39:24.0884 3244 VGPU - ok
14:39:24.0915 3244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:39:24.0962 3244 vhdmp - ok
14:39:24.0993 3244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:39:24.0993 3244 viaide - ok
14:39:25.0024 3244 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:39:25.0086 3244 vmbus - ok
14:39:25.0102 3244 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:39:25.0133 3244 VMBusHID - ok
14:39:25.0164 3244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:39:25.0211 3244 volmgr - ok
14:39:25.0242 3244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:39:25.0258 3244 volmgrx - ok
14:39:25.0289 3244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:39:25.0352 3244 volsnap - ok
14:39:25.0398 3244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:39:25.0414 3244 vsmraid - ok
14:39:25.0570 3244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:39:25.0648 3244 VSS - ok
14:39:25.0757 3244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:39:25.0773 3244 vwifibus - ok
14:39:25.0788 3244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:39:25.0788 3244 vwififlt - ok
14:39:25.0820 3244 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:39:25.0820 3244 vwifimp - ok
14:39:25.0866 3244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:39:25.0898 3244 W32Time - ok
14:39:25.0913 3244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:39:25.0929 3244 WacomPen - ok
14:39:25.0960 3244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:39:25.0991 3244 WANARP - ok
14:39:26.0007 3244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:39:26.0007 3244 Wanarpv6 - ok
14:39:26.0147 3244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:39:26.0241 3244 WatAdminSvc - ok
14:39:26.0397 3244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:39:26.0506 3244 wbengine - ok
14:39:26.0646 3244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:39:26.0678 3244 WbioSrvc - ok
14:39:26.0709 3244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:39:26.0771 3244 wcncsvc - ok
14:39:26.0818 3244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:39:26.0818 3244 WcsPlugInService - ok
14:39:26.0865 3244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:39:26.0865 3244 Wd - ok
14:39:26.0943 3244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:39:26.0958 3244 Wdf01000 - ok
14:39:26.0990 3244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:39:27.0005 3244 WdiServiceHost - ok
14:39:27.0005 3244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:39:27.0005 3244 WdiSystemHost - ok
14:39:27.0036 3244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:39:27.0099 3244 WebClient - ok
14:39:27.0146 3244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:39:27.0161 3244 Wecsvc - ok
14:39:27.0177 3244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:39:27.0177 3244 wercplsupport - ok
14:39:27.0224 3244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:39:27.0224 3244 WerSvc - ok
14:39:27.0286 3244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:39:27.0286 3244 WfpLwf - ok
14:39:27.0317 3244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:39:27.0317 3244 WIMMount - ok
14:39:27.0411 3244 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
14:39:27.0458 3244 winachsf - ok
14:39:27.0504 3244 WinDefend - ok
14:39:27.0520 3244 WinHttpAutoProxySvc - ok
14:39:27.0582 3244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:39:27.0598 3244 Winmgmt - ok
14:39:27.0785 3244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:39:27.0848 3244 WinRM - ok
14:39:28.0035 3244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:39:28.0066 3244 WinUsb - ok
14:39:28.0175 3244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:39:28.0175 3244 Wlansvc - ok
14:39:28.0206 3244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:39:28.0206 3244 WmiAcpi - ok
14:39:28.0284 3244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:39:28.0300 3244 wmiApSrv - ok
14:39:28.0347 3244 WMPNetworkSvc - ok
14:39:28.0378 3244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:39:28.0378 3244 WPCSvc - ok
14:39:28.0394 3244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:39:28.0487 3244 WPDBusEnum - ok
14:39:28.0518 3244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:39:28.0518 3244 ws2ifsl - ok
14:39:28.0565 3244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:39:28.0565 3244 wscsvc - ok
14:39:28.0565 3244 WSearch - ok
14:39:28.0799 3244 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:39:28.0830 3244 wuauserv - ok
14:39:28.0971 3244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:39:29.0018 3244 WudfPf - ok
14:39:29.0049 3244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:39:29.0096 3244 WUDFRd - ok
14:39:29.0127 3244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:39:29.0158 3244 wudfsvc - ok
14:39:29.0189 3244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:39:29.0205 3244 WwanSvc - ok
14:39:29.0252 3244 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
14:39:29.0314 3244 XAudio - ok
14:39:29.0376 3244 MBR (0x1B8) (9d15ed5bce52a7559e49621c8fd657b4) \Device\Harddisk0\DR0
14:39:29.0408 3244 \Device\Harddisk0\DR0 - ok
14:39:29.0439 3244 Boot (0x1200) (6adfb1233ef661c823c8e7db6e2bf98c) \Device\Harddisk0\DR0\Partition0
14:39:29.0439 3244 \Device\Harddisk0\DR0\Partition0 - ok
14:39:29.0439 3244 ============================================================
14:39:29.0439 3244 Scan finished
14:39:29.0439 3244 ============================================================
14:39:29.0454 5492 Detected object count: 0
14:39:29.0454 5492 Actual detected object count: 0
14:39:42.0668 0644 Deinitialize success


********************************************************************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 14:42:01
-----------------------------
14:42:01.135 OS Version: Windows x64 6.1.7601 Service Pack 1
14:42:01.135 Number of processors: 2 586 0x170A
14:42:01.136 ComputerName: GBKLEISTR400 UserName: kleist
14:42:01.958 Initialize success
14:48:53.378 AVAST engine defs: 12042701
14:50:29.982 The log file has been saved successfully to "C:\Users\Scott Kleist\Desktop\2012_0427_aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 14:42:01
-----------------------------
14:42:01.135 OS Version: Windows x64 6.1.7601 Service Pack 1
14:42:01.135 Number of processors: 2 586 0x170A
14:42:01.136 ComputerName: GBKLEISTR400 UserName: kleist
14:42:01.958 Initialize success
14:48:53.378 AVAST engine defs: 12042701
14:50:29.982 The log file has been saved successfully to "C:\Users\Scott Kleist\Desktop\2012_0427_aswMBR.txt"
14:52:09.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:52:09.717 Disk 0 Vendor: WDC_WD16 14.0 Size: 152627MB BusType: 3
14:52:09.748 Disk 0 MBR read successfully
14:52:09.748 Disk 0 MBR scan
14:52:09.763 Disk 0 unknown MBR code
14:52:09.795 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17000 MB offset 2048
14:52:09.841 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 135625 MB offset 34818048
14:52:09.873 Disk 0 scanning C:\Windows\system32\drivers
14:52:28.936 Service scanning
14:53:15.067 Modules scanning
14:53:15.067 Disk 0 trace - called modules:
14:53:15.114 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:53:15.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007151060]
14:53:15.130 3 CLASSPNP.SYS[fffff8800162c43f] -> nt!IofCallDriver -> [0xfffffa800620f8a0]
14:53:15.130 5 ACPI.sys[fffff88000f747a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006216050]
14:53:16.050 AVAST engine scan C:\Windows
14:53:26.455 AVAST engine scan C:\Windows\system32
15:01:24.128 AVAST engine scan C:\Windows\system32\drivers
15:01:47.248 AVAST engine scan C:\Users\Scott Kleist
15:44:05.664 AVAST engine scan C:\ProgramData
15:46:02.221 Scan finished successfully
15:46:31.440 Disk 0 MBR has been saved successfully to "C:\Users\Scott Kleist\Desktop\MBR.dat"
15:46:31.674 The log file has been saved successfully to "C:\Users\Scott Kleist\Desktop\2012_0427_aswMBR.txt"




********************************************************************

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 27 April 2012 - 03:04 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 MyDarnComputer

MyDarnComputer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 27 April 2012 - 05:44 PM

Gringo,

I did as you suggested with the .txt file and dragging onto the Combofix and two things happened. First, the error came back up about my McAfee Enterprise Virus Scan and one other service was running that for the life of me I cannot figure out how to turn off or disable. Maybe I should rerun in safemode? Although, when I ran the combofix last time in Safemode I still got the same error with those services running.

Next, see attached for a screen shot of the error that came next stating, "Windows cannot find 'NIRKMD'......"

Computer is running the same which i suspect has to do with the fact that the combofix wasn't able to run it's path I suppose...

Thanks for your continued support

scott

Attached Files



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 27 April 2012 - 08:51 PM

That error is not uncommon will it keep running afetr the error - try in safe mode again if needed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users