Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili/Google redirect infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 ajones

ajones

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 27 April 2012 - 10:28 AM

I have run into trouble with the Happili Redirect virus. It has infected my computer with pop ups as well as redirecting my searches on google.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by ajones at 9:46:31 on 2012-04-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3036.1170 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rpcnet.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Users\ajones\AppData\Local\MSoft\VerCheck\VerCheck.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\ajones\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BITJ9S2\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.marc2.org/Intranet
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [Google Update] "c:\users\ajones\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ooVoo] RUNDLL32.EXE c:\users\ajones\appdata\local\oovoo\rzhnodgp.dll,CreateTzanShell
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [wilper] rundll32.exe "c:\users\ajones\appdata\local\temp\wilper.dll",LoadFile
uRun: [VerCheck] "c:\users\ajones\appdata\local\msoft\vercheck\VerCheck.exe"
uRun: [exapin] rundll32.exe "c:\users\ajones\appdata\local\temp\exapin.dll",GetAPIVersionEx
uRun: [Akowexa] c:\users\ajones\appdata\roaming\ovebc\orol.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.200.10 172.16.8.3
TCP: Interfaces\{3A88B944-1EA8-4FE5-8159-B41774400A86} : DhcpNameServer = 64.89.70.2 64.89.74.2
TCP: Interfaces\{3A88B944-1EA8-4FE5-8159-B41774400A86}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{3A88B944-1EA8-4FE5-8159-B41774400A86}\242575765756374737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3A88B944-1EA8-4FE5-8159-B41774400A86}\74275656E694D607163647A5F6E65623 : DhcpNameServer = 64.89.70.2 64.89.74.2
TCP: Interfaces\{3A88B944-1EA8-4FE5-8159-B41774400A86}\7554F5C4F46554F514E414C4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A88B944-1EA8-4FE5-8159-B41774400A86}\A4F6E656376416D696C697 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{3A88B944-1EA8-4FE5-8159-B41774400A86}\A4F6E656376416D696C697D27657563747 : DhcpNameServer = 76.85.229.110 76.85.229.111 192.168.33.1
TCP: Interfaces\{D38D21B3-DB82-4ABE-B6F5-8AD17182D721} : DhcpNameServer = 172.16.8.3 172.16.8.10
TCP: Interfaces\{D6A154F1-C19A-42B1-AD90-9407CD03607A} : DhcpNameServer = 192.168.200.10 172.16.8.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ajones\appdata\roaming\mozilla\firefox\profiles\mt5rovfx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.marc2.org/Intranet|http://www.marc.org/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\users\ajones\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-29 654408]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-10-24 1851224]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-11-29 228408]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-7-25 17296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-6 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-29 22344]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-11-29 4231680]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-11-29 49152]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-11 136176]
S2 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2009-7-13 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-23 1153368]
S2 vet-rec;Icam4usb;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 webrootadminconsole;FsRamDsk;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2010-11-29 49152]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-9 52224]
.
=============== Created Last 30 ================
.
2012-04-26 20:27:06 -------- d-----w- c:\users\ajones\appdata\roaming\Ovebc
2012-04-26 20:27:06 -------- d-----w- c:\users\ajones\appdata\roaming\Okgoe
2012-04-26 20:27:06 -------- d-----w- c:\users\ajones\appdata\roaming\Ixem
2012-04-23 22:04:31 -------- d-----w- c:\users\ajones\appdata\roaming\Malwarebytes
2012-04-23 21:09:17 57344 ----a-w- c:\windows\system32\FastUv32.dll
2012-04-23 20:59:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-23 20:58:45 -------- d-----w- c:\users\ajones\appdata\local\{1A5D5EDA-8D87-11E1-826D-B8AC6F996F26}
2012-04-23 20:58:45 -------- d-----w- c:\users\ajones\appdata\local\{1A5D276B-8D87-11E1-826D-B8AC6F996F26}
2012-04-23 20:58:19 -------- d-----w- c:\users\ajones\appdata\local\MSoft
2012-04-23 15:45:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-23 15:45:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-19 16:25:25 -------- d-----w- c:\users\ajones\appdata\local\ooVoo
2012-04-09 15:36:25 -------- d-----w- c:\users\ajones\appdata\roaming\Splashtop Remote Client
2012-04-09 15:30:00 -------- d-----w- c:\programdata\Splashtop
2012-04-09 15:29:33 -------- d-----w- c:\program files\Splashtop
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-30 16:27:57 -------- d-----w- c:\users\ajones\appdata\local\{0F9E2902-4A0B-4941-8FE3-6EC24F0054A6}
2012-03-30 14:03:07 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-27 14:26:20 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-04-27 14:26:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-04-24 22:30:29 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-20 22:50:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 16:09:48 69552 ----a-w- c:\windows\system32\CmpTrWmi.dll
.
============= FINISH: 9:55:05.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:42 AM

Posted 27 April 2012 - 02:33 PM

Hello ajones,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy


2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is our machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:42 AM

Posted 29 April 2012 - 02:22 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 ajones

ajones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 April 2012 - 10:51 AM

Hello, thanks for your help. It appears we are doing better. I am attaching the log from combofix and tdsskiller. There are no more redirects and there don't appear to be any pop ups. Sorry for the slow reply, I was away from my computer all weekend. Thanks again and here is the tdss log.

09:57:12.0439 2940 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
09:57:12.0829 2940 ============================================================
09:57:12.0829 2940 Current date / time: 2012/04/30 09:57:12.0829
09:57:12.0829 2940 SystemInfo:
09:57:12.0829 2940
09:57:12.0829 2940 OS Version: 6.1.7601 ServicePack: 1.0
09:57:12.0829 2940 Product type: Workstation
09:57:12.0829 2940 ComputerName: COMPUTER441
09:57:12.0829 2940 UserName: ajones
09:57:12.0829 2940 Windows directory: C:\Windows
09:57:12.0829 2940 System windows directory: C:\Windows
09:57:12.0829 2940 Processor architecture: Intel x86
09:57:12.0829 2940 Number of processors: 2
09:57:12.0829 2940 Page size: 0x1000
09:57:12.0829 2940 Boot type: Normal boot
09:57:12.0829 2940 ============================================================
09:57:13.0439 2940 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:57:13.0449 2940 ============================================================
09:57:13.0449 2940 \Device\Harddisk0\DR0:
09:57:13.0449 2940 MBR partitions:
09:57:13.0449 2940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:57:13.0449 2940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
09:57:13.0449 2940 ============================================================
09:57:13.0489 2940 C: <-> \Device\Harddisk0\DR0\Partition1
09:57:13.0489 2940 ============================================================
09:57:13.0489 2940 Initialize success
09:57:13.0489 2940 ============================================================
09:57:17.0866 5256 ============================================================
09:57:17.0866 5256 Scan started
09:57:17.0866 5256 Mode: Manual;
09:57:17.0866 5256 ============================================================
09:57:19.0496 5256 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:57:19.0496 5256 1394ohci - ok
09:57:19.0526 5256 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:57:19.0526 5256 Accelerometer - ok
09:57:19.0608 5256 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:57:19.0618 5256 ACPI - ok
09:57:19.0648 5256 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:57:19.0648 5256 AcpiPmi - ok
09:57:19.0740 5256 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
09:57:19.0750 5256 ADIHdAudAddService - ok
09:57:19.0880 5256 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:57:19.0880 5256 AdobeARMservice - ok
09:57:20.0010 5256 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:57:20.0020 5256 AdobeFlashPlayerUpdateSvc - ok
09:57:20.0150 5256 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:57:20.0160 5256 adp94xx - ok
09:57:20.0260 5256 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:57:20.0270 5256 adpahci - ok
09:57:20.0722 5256 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:57:20.0732 5256 adpu320 - ok
09:57:20.0762 5256 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE
09:57:20.0772 5256 AEADIFilters - ok
09:57:20.0812 5256 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:57:20.0812 5256 AeLookupSvc - ok
09:57:20.0872 5256 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
09:57:20.0882 5256 AFD - ok
09:57:20.0962 5256 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
09:57:20.0962 5256 AgereModemAudio - ok
09:57:21.0052 5256 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
09:57:21.0072 5256 AgereSoftModem - ok
09:57:21.0119 5256 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:57:21.0120 5256 agp440 - ok
09:57:21.0184 5256 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:57:21.0184 5256 aic78xx - ok
09:57:21.0234 5256 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:57:21.0244 5256 ALG - ok
09:57:21.0274 5256 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:57:21.0274 5256 aliide - ok
09:57:21.0334 5256 AMD External Events Utility (a236cee2bf90381e981ebb870429fa9b) C:\Windows\system32\atiesrxx.exe
09:57:21.0344 5256 AMD External Events Utility - ok
09:57:21.0354 5256 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:57:21.0354 5256 amdagp - ok
09:57:21.0394 5256 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:57:21.0394 5256 amdide - ok
09:57:21.0424 5256 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:57:21.0424 5256 AmdK8 - ok
09:57:21.0444 5256 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:57:21.0444 5256 AmdPPM - ok
09:57:21.0484 5256 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
09:57:21.0484 5256 amdsata - ok
09:57:21.0504 5256 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:57:21.0504 5256 amdsbs - ok
09:57:21.0524 5256 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
09:57:21.0524 5256 amdxata - ok
09:57:21.0564 5256 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:57:21.0574 5256 AppID - ok
09:57:21.0594 5256 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:57:21.0594 5256 AppIDSvc - ok
09:57:21.0644 5256 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:57:21.0644 5256 Appinfo - ok
09:57:21.0674 5256 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:57:21.0674 5256 AppMgmt - ok
09:57:21.0714 5256 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:57:21.0714 5256 arc - ok
09:57:21.0734 5256 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:57:21.0734 5256 arcsas - ok
09:57:21.0754 5256 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:57:21.0754 5256 AsyncMac - ok
09:57:21.0824 5256 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:57:21.0834 5256 atapi - ok
09:57:22.0214 5256 atikmdag (a4252328d2b1520571102992ef0b0e5c) C:\Windows\system32\DRIVERS\atikmdag.sys
09:57:22.0347 5256 atikmdag - ok
09:57:22.0486 5256 atimtag - ok
09:57:22.0576 5256 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
09:57:22.0596 5256 ATSwpWDF - ok
09:57:22.0666 5256 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:57:22.0666 5256 AudioEndpointBuilder - ok
09:57:22.0676 5256 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:57:22.0676 5256 Audiosrv - ok
09:57:22.0716 5256 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:57:22.0726 5256 AxInstSV - ok
09:57:22.0786 5256 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:57:22.0806 5256 b06bdrv - ok
09:57:22.0846 5256 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:57:22.0846 5256 b57nd60x - ok
09:57:22.0876 5256 bcftdi - ok
09:57:22.0906 5256 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:57:22.0916 5256 BDESVC - ok
09:57:22.0936 5256 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:57:22.0936 5256 Beep - ok
09:57:22.0986 5256 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
09:57:23.0006 5256 BITS - ok
09:57:23.0016 5256 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:57:23.0016 5256 blbdrive - ok
09:57:23.0036 5256 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
09:57:23.0036 5256 bowser - ok
09:57:23.0056 5256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:57:23.0056 5256 BrFiltLo - ok
09:57:23.0066 5256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:57:23.0066 5256 BrFiltUp - ok
09:57:23.0106 5256 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:57:23.0106 5256 Browser - ok
09:57:23.0126 5256 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:57:23.0148 5256 Brserid - ok
09:57:23.0178 5256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:57:23.0178 5256 BrSerWdm - ok
09:57:23.0198 5256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:57:23.0198 5256 BrUsbMdm - ok
09:57:23.0208 5256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:57:23.0208 5256 BrUsbSer - ok
09:57:23.0258 5256 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
09:57:23.0258 5256 BthEnum - ok
09:57:23.0278 5256 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:57:23.0278 5256 BTHMODEM - ok
09:57:23.0308 5256 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
09:57:23.0308 5256 BthPan - ok
09:57:23.0378 5256 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\system32\Drivers\BTHport.sys
09:57:23.0388 5256 BTHPORT - ok
09:57:23.0428 5256 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:57:23.0438 5256 bthserv - ok
09:57:23.0478 5256 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\system32\Drivers\BTHUSB.sys
09:57:23.0478 5256 BTHUSB - ok
09:57:23.0578 5256 ccEvtMgr (bda4e1060947fb60585e6cec32b18353) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:57:23.0588 5256 ccEvtMgr - ok
09:57:23.0608 5256 ccSetMgr (bda4e1060947fb60585e6cec32b18353) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:57:23.0608 5256 ccSetMgr - ok
09:57:23.0648 5256 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:57:23.0648 5256 cdfs - ok
09:57:23.0708 5256 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
09:57:23.0708 5256 cdrom - ok
09:57:23.0718 5256 cebdaldr - ok
09:57:23.0758 5256 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:57:23.0758 5256 CertPropSvc - ok
09:57:23.0798 5256 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:57:23.0798 5256 circlass - ok
09:57:23.0848 5256 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:57:23.0858 5256 CLFS - ok
09:57:23.0938 5256 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:57:23.0981 5256 clr_optimization_v2.0.50727_32 - ok
09:57:24.0000 5256 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:57:24.0001 5256 CmBatt - ok
09:57:24.0050 5256 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:57:24.0050 5256 cmdide - ok
09:57:24.0080 5256 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:57:24.0090 5256 CNG - ok
09:57:24.0200 5256 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:57:24.0210 5256 Com4QLBEx - ok
09:57:24.0240 5256 COMMONFX.DLL - ok
09:57:24.0270 5256 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:57:24.0270 5256 Compbatt - ok
09:57:24.0330 5256 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:57:24.0330 5256 CompositeBus - ok
09:57:24.0350 5256 COMSysApp - ok
09:57:24.0380 5256 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:57:24.0380 5256 crcdisk - ok
09:57:24.0440 5256 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:57:24.0440 5256 CryptSvc - ok
09:57:24.0510 5256 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:57:24.0520 5256 CSC - ok
09:57:24.0570 5256 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:57:24.0570 5256 CscService - ok
09:57:24.0580 5256 curtainssyssvc - ok
09:57:24.0649 5256 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:57:24.0649 5256 DcomLaunch - ok
09:57:24.0689 5256 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:57:24.0719 5256 defragsvc - ok
09:57:24.0739 5256 delldmi - ok
09:57:24.0799 5256 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:57:24.0809 5256 DfsC - ok
09:57:24.0879 5256 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:57:24.0879 5256 Dhcp - ok
09:57:24.0909 5256 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:57:24.0919 5256 discache - ok
09:57:24.0949 5256 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:57:24.0949 5256 Disk - ok
09:57:24.0969 5256 dlcf_device - ok
09:57:24.0979 5256 dmload - ok
09:57:25.0039 5256 Dnscache (2fe30d71919c51131405797620e0a714) C:\Windows\System32\dnsrslvr.dll
09:57:25.0039 5256 Dnscache - ok
09:57:25.0079 5256 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:57:25.0099 5256 dot3svc - ok
09:57:25.0139 5256 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:57:25.0139 5256 DPS - ok
09:57:25.0179 5256 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:57:25.0179 5256 drmkaud - ok
09:57:25.0239 5256 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:57:25.0259 5256 DXGKrnl - ok
09:57:25.0299 5256 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
09:57:25.0319 5256 e1yexpress - ok
09:57:25.0339 5256 eamon - ok
09:57:25.0379 5256 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:57:25.0379 5256 EapHost - ok
09:57:25.0419 5256 easytether (5d67e5f2ca692f7dba2568182b394541) C:\Windows\system32\DRIVERS\easytthr.sys
09:57:25.0419 5256 easytether - ok
09:57:25.0639 5256 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:57:25.0709 5256 ebdrv - ok
09:57:25.0836 5256 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:57:25.0863 5256 eeCtrl - ok
09:57:25.0953 5256 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
09:57:25.0953 5256 EFS - ok
09:57:26.0023 5256 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:57:26.0093 5256 ehRecvr - ok
09:57:26.0113 5256 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:57:26.0133 5256 ehSched - ok
09:57:26.0254 5256 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:57:26.0255 5256 elxstor - ok
09:57:26.0265 5256 EMCFILT - ok
09:57:26.0465 5256 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:57:26.0465 5256 EraserUtilRebootDrv - ok
09:57:26.0675 5256 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:57:26.0675 5256 ErrDev - ok
09:57:26.0775 5256 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:57:26.0805 5256 EventSystem - ok
09:57:26.0835 5256 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:57:26.0835 5256 exfat - ok
09:57:26.0865 5256 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:57:26.0885 5256 fastfat - ok
09:57:26.0925 5256 FastUserSwitchingCompatibility (eaf04cdac550e9ecea0d4274c02b6d85) C:\Windows\system32\FastUv32.dll
09:57:26.0925 5256 FastUserSwitchingCompatibility - ok
09:57:27.0065 5256 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:57:27.0075 5256 Fax - ok
09:57:27.0115 5256 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:57:27.0115 5256 fdc - ok
09:57:27.0155 5256 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:57:27.0155 5256 fdPHost - ok
09:57:27.0165 5256 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:57:27.0165 5256 FDResPub - ok
09:57:27.0185 5256 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:57:27.0185 5256 FileInfo - ok
09:57:27.0275 5256 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:57:27.0275 5256 Filetrace - ok
09:57:27.0305 5256 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:57:27.0305 5256 flpydisk - ok
09:57:27.0375 5256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:57:27.0375 5256 FltMgr - ok
09:57:27.0655 5256 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
09:57:27.0695 5256 FontCache - ok
09:57:27.0775 5256 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:57:27.0785 5256 FontCache3.0.0.0 - ok
09:57:27.0825 5256 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:57:27.0825 5256 FsDepends - ok
09:57:27.0845 5256 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:57:27.0845 5256 Fs_Rec - ok
09:57:27.0905 5256 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:57:27.0925 5256 fvevol - ok
09:57:27.0955 5256 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:57:27.0965 5256 gagp30kx - ok
09:57:27.0975 5256 gdihook5 - ok
09:57:28.0035 5256 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:57:28.0045 5256 gpsvc - ok
09:57:28.0165 5256 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:57:28.0165 5256 gupdate - ok
09:57:28.0185 5256 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:57:28.0195 5256 gupdatem - ok
09:57:28.0225 5256 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys
09:57:28.0225 5256 HBtnKey - ok
09:57:28.0245 5256 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:57:28.0245 5256 hcw85cir - ok
09:57:28.0325 5256 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:57:28.0325 5256 HdAudAddService - ok
09:57:28.0365 5256 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:57:28.0365 5256 HDAudBus - ok
09:57:28.0395 5256 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:57:28.0395 5256 HidBatt - ok
09:57:28.0405 5256 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:57:28.0415 5256 HidBth - ok
09:57:28.0435 5256 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:57:28.0435 5256 HidIr - ok
09:57:28.0465 5256 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
09:57:28.0465 5256 hidserv - ok
09:57:28.0525 5256 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:57:28.0535 5256 HidUsb - ok
09:57:28.0575 5256 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:57:28.0585 5256 hkmsvc - ok
09:57:28.0635 5256 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:57:28.0646 5256 HomeGroupListener - ok
09:57:28.0697 5256 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:57:28.0707 5256 HomeGroupProvider - ok
09:57:28.0727 5256 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:57:28.0727 5256 hpdskflt - ok
09:57:28.0767 5256 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:57:28.0767 5256 HpqKbFiltr - ok
09:57:28.0857 5256 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:57:28.0867 5256 hpqwmiex - ok
09:57:28.0907 5256 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:57:28.0907 5256 HpSAMD - ok
09:57:28.0947 5256 hpsrv (00dc55481fad2841284ed09e7d69cd11) C:\Windows\system32\Hpservice.exe
09:57:28.0947 5256 hpsrv - ok
09:57:29.0017 5256 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:57:29.0037 5256 HTTP - ok
09:57:29.0047 5256 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:57:29.0047 5256 hwpolicy - ok
09:57:29.0077 5256 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:57:29.0077 5256 i8042prt - ok
09:57:29.0167 5256 IAANTMON (f54b3db096abd6e9bbbd052fd3878a48) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:57:29.0177 5256 IAANTMON - ok
09:57:29.0187 5256 iap - ok
09:57:29.0247 5256 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
09:57:29.0247 5256 iaStor - ok
09:57:29.0307 5256 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
09:57:29.0317 5256 iaStorV - ok
09:57:29.0567 5256 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:57:29.0867 5256 idsvc - ok
09:57:29.0917 5256 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:57:29.0917 5256 iirsp - ok
09:57:29.0997 5256 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:57:30.0007 5256 IKEEXT - ok
09:57:30.0037 5256 inorpc - ok
09:57:30.0077 5256 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:57:30.0077 5256 intelide - ok
09:57:30.0127 5256 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:57:30.0127 5256 intelppm - ok
09:57:30.0167 5256 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:57:30.0187 5256 IPBusEnum - ok
09:57:30.0197 5256 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:57:30.0197 5256 IpFilterDriver - ok
09:57:30.0227 5256 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:57:30.0227 5256 IPMIDRV - ok
09:57:30.0247 5256 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:57:30.0247 5256 IPNAT - ok
09:57:30.0277 5256 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:57:30.0277 5256 IRENUM - ok
09:57:30.0287 5256 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:57:30.0287 5256 isapnp - ok
09:57:30.0307 5256 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:57:30.0317 5256 iScsiPrt - ok
09:57:30.0347 5256 iwebmsg - ok
09:57:30.0367 5256 ixiaendpoint - ok
09:57:30.0387 5256 JiaoCap - ok
09:57:30.0427 5256 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:57:30.0427 5256 kbdclass - ok
09:57:30.0477 5256 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
09:57:30.0477 5256 kbdhid - ok
09:57:30.0507 5256 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:57:30.0507 5256 KeyIso - ok
09:57:30.0527 5256 kpf4 - ok
09:57:30.0557 5256 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
09:57:30.0557 5256 KSecDD - ok
09:57:30.0587 5256 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
09:57:30.0607 5256 KSecPkg - ok
09:57:30.0657 5256 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:57:30.0687 5256 KtmRm - ok
09:57:30.0737 5256 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
09:57:30.0737 5256 LanmanServer - ok
09:57:30.0767 5256 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:57:30.0777 5256 LanmanWorkstation - ok
09:57:31.0057 5256 LiveUpdate (9e25ffba1ee26abfe7b9319f8ef3f771) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:57:31.0097 5256 LiveUpdate - ok
09:57:31.0417 5256 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:57:31.0417 5256 lltdio - ok
09:57:31.0447 5256 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:57:31.0467 5256 lltdsvc - ok
09:57:31.0497 5256 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:57:31.0507 5256 lmhosts - ok
09:57:31.0527 5256 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:57:31.0527 5256 LSI_FC - ok
09:57:31.0557 5256 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:57:31.0557 5256 LSI_SAS - ok
09:57:31.0567 5256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:57:31.0577 5256 LSI_SAS2 - ok
09:57:31.0587 5256 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:57:31.0597 5256 LSI_SCSI - ok
09:57:31.0607 5256 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:57:31.0617 5256 luafv - ok
09:57:31.0687 5256 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
09:57:31.0687 5256 MBAMProtector - ok
09:57:31.0847 5256 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:57:31.0877 5256 MBAMService - ok
09:57:31.0897 5256 mcontrol - ok
09:57:31.0937 5256 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:57:31.0947 5256 Mcx2Svc - ok
09:57:31.0977 5256 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:57:31.0977 5256 megasas - ok
09:57:32.0027 5256 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:57:32.0027 5256 MegaSR - ok
09:57:32.0127 5256 Microsoft SharePoint Workspace Audit Service - ok
09:57:32.0167 5256 mlkkbdntdriver - ok
09:57:32.0197 5256 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:57:32.0197 5256 MMCSS - ok
09:57:32.0217 5256 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:57:32.0217 5256 Modem - ok
09:57:32.0247 5256 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:57:32.0247 5256 monitor - ok
09:57:32.0277 5256 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:57:32.0277 5256 mouclass - ok
09:57:32.0317 5256 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:57:32.0317 5256 mouhid - ok
09:57:32.0367 5256 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:57:32.0367 5256 mountmgr - ok
09:57:32.0407 5256 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:57:32.0407 5256 mpio - ok
09:57:32.0437 5256 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:57:32.0437 5256 mpsdrv - ok
09:57:32.0477 5256 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:57:32.0477 5256 MRxDAV - ok
09:57:32.0507 5256 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:57:32.0517 5256 mrxsmb - ok
09:57:32.0557 5256 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:57:32.0567 5256 mrxsmb10 - ok
09:57:32.0617 5256 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:57:32.0637 5256 mrxsmb20 - ok
09:57:32.0677 5256 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:57:32.0677 5256 msahci - ok
09:57:32.0707 5256 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:57:32.0707 5256 msdsm - ok
09:57:32.0747 5256 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:57:32.0787 5256 MSDTC - ok
09:57:32.0817 5256 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:57:32.0817 5256 Msfs - ok
09:57:32.0827 5256 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:57:32.0827 5256 mshidkmdf - ok
09:57:32.0857 5256 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:57:32.0857 5256 msisadrv - ok
09:57:32.0897 5256 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:57:32.0907 5256 MSiSCSI - ok
09:57:32.0907 5256 msiserver - ok
09:57:32.0947 5256 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:57:32.0947 5256 MSKSSRV - ok
09:57:32.0967 5256 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:57:32.0967 5256 MSPCLOCK - ok
09:57:32.0977 5256 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:57:32.0987 5256 MSPQM - ok
09:57:33.0007 5256 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:57:33.0007 5256 MsRPC - ok
09:57:33.0047 5256 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:57:33.0047 5256 mssmbios - ok
09:57:33.0077 5256 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:57:33.0077 5256 MSTEE - ok
09:57:33.0107 5256 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:57:33.0107 5256 MTConfig - ok
09:57:33.0597 5256 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:57:33.0597 5256 Mup - ok
09:57:33.0657 5256 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:57:33.0667 5256 napagent - ok
09:57:33.0707 5256 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:57:33.0717 5256 NativeWifiP - ok
09:57:33.0857 5256 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120429.009\NAVENG.SYS
09:57:33.0857 5256 NAVENG - ok
09:57:34.0017 5256 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120429.009\NAVEX15.SYS
09:57:34.0077 5256 NAVEX15 - ok
09:57:34.0257 5256 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:57:34.0287 5256 NDIS - ok
09:57:34.0337 5256 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:57:34.0337 5256 NdisCap - ok
09:57:34.0357 5256 Ndismeetro - ok
09:57:34.0387 5256 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:57:34.0387 5256 NdisTapi - ok
09:57:34.0417 5256 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:57:34.0417 5256 Ndisuio - ok
09:57:34.0457 5256 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:57:34.0467 5256 NdisWan - ok
09:57:34.0507 5256 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:57:34.0507 5256 NDProxy - ok
09:57:34.0517 5256 NEC Usb3 - ok
09:57:34.0547 5256 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:57:34.0547 5256 NetBIOS - ok
09:57:34.0587 5256 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:57:34.0597 5256 NetBT - ok
09:57:34.0626 5256 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:57:34.0636 5256 Netlogon - ok
09:57:34.0676 5256 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:57:34.0676 5256 Netman - ok
09:57:34.0706 5256 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:57:34.0706 5256 netprofm - ok
09:57:34.0776 5256 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:57:34.0786 5256 NetTcpPortSharing - ok
09:57:35.0206 5256 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
09:57:35.0666 5256 NETw5s32 - ok
09:57:36.0036 5256 netw5v32 (af1ae2e42b03395560b1cde03230205c) C:\Windows\system32\DRIVERS\netw5v32.sys
09:57:36.0126 5256 netw5v32 - ok
09:57:36.0246 5256 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:57:36.0246 5256 nfrd960 - ok
09:57:36.0286 5256 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:57:36.0286 5256 NlaSvc - ok
09:57:36.0296 5256 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:57:36.0296 5256 Npfs - ok
09:57:36.0316 5256 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:57:36.0326 5256 nsi - ok
09:57:36.0336 5256 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:57:36.0336 5256 nsiproxy - ok
09:57:36.0346 5256 nsm1serd - ok
09:57:36.0416 5256 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
09:57:36.0476 5256 Ntfs - ok
09:57:36.0491 5256 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:57:36.0492 5256 Null - ok
09:57:36.0558 5256 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
09:57:36.0558 5256 nvraid - ok
09:57:36.0578 5256 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
09:57:36.0578 5256 nvstor - ok
09:57:36.0598 5256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:57:36.0598 5256 nv_agp - ok
09:57:36.0608 5256 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:57:36.0608 5256 ohci1394 - ok
09:57:36.0638 5256 oracleorahomehttpserver - ok
09:57:36.0718 5256 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:57:36.0749 5256 ose - ok
09:57:37.0090 5256 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:57:37.0210 5256 osppsvc - ok
09:57:37.0310 5256 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:57:37.0320 5256 p2pimsvc - ok
09:57:37.0350 5256 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:57:37.0360 5256 p2psvc - ok
09:57:37.0400 5256 PAR1284 - ok
09:57:37.0470 5256 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:57:37.0480 5256 Parport - ok
09:57:37.0530 5256 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:57:37.0530 5256 partmgr - ok
09:57:37.0550 5256 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:57:37.0550 5256 Parvdm - ok
09:57:37.0570 5256 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:57:37.0580 5256 PcaSvc - ok
09:57:37.0630 5256 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:57:37.0630 5256 pci - ok
09:57:37.0650 5256 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:57:37.0650 5256 pciide - ok
09:57:37.0680 5256 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:57:37.0700 5256 pcmcia - ok
09:57:37.0710 5256 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:57:37.0720 5256 pcw - ok
09:57:37.0760 5256 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:57:37.0770 5256 PEAUTH - ok
09:57:37.0850 5256 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:57:37.0860 5256 PeerDistSvc - ok
09:57:37.0880 5256 pilogsrv - ok
09:57:37.0990 5256 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:57:38.0030 5256 pla - ok
09:57:38.0160 5256 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
09:57:38.0160 5256 PlugPlay - ok
09:57:38.0190 5256 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:57:38.0190 5256 PNRPAutoReg - ok
09:57:38.0210 5256 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:57:38.0220 5256 PNRPsvc - ok
09:57:38.0240 5256 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:57:38.0260 5256 PolicyAgent - ok
09:57:38.0310 5256 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:57:38.0320 5256 Power - ok
09:57:38.0320 5256 ppmoucls - ok
09:57:38.0380 5256 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:57:38.0380 5256 PptpMiniport - ok
09:57:38.0400 5256 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:57:38.0400 5256 Processor - ok
09:57:38.0450 5256 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:57:38.0460 5256 ProfSvc - ok
09:57:38.0490 5256 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:57:38.0490 5256 ProtectedStorage - ok
09:57:38.0530 5256 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:57:38.0540 5256 Psched - ok
09:57:38.0580 5256 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
09:57:38.0590 5256 PxHelp20 - ok
09:57:38.0680 5256 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:57:38.0720 5256 ql2300 - ok
09:57:38.0840 5256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:57:38.0850 5256 ql40xx - ok
09:57:38.0870 5256 QPSched - ok
09:57:38.0920 5256 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:57:38.0920 5256 QWAVE - ok
09:57:38.0940 5256 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:57:38.0940 5256 QWAVEdrv - ok
09:57:38.0950 5256 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:57:38.0950 5256 RasAcd - ok
09:57:38.0990 5256 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:57:38.0990 5256 RasAgileVpn - ok
09:57:39.0000 5256 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:57:39.0000 5256 RasAuto - ok
09:57:39.0020 5256 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:57:39.0020 5256 Rasl2tp - ok
09:57:39.0070 5256 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:57:39.0100 5256 RasMan - ok
09:57:39.0140 5256 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:57:39.0150 5256 RasPppoe - ok
09:57:39.0180 5256 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:57:39.0180 5256 RasSstp - ok
09:57:39.0180 5256 Rawwan - ok
09:57:39.0230 5256 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:57:39.0240 5256 rdbss - ok
09:57:39.0260 5256 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:57:39.0260 5256 rdpbus - ok
09:57:39.0270 5256 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:57:39.0270 5256 RDPCDD - ok
09:57:39.0310 5256 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:57:39.0330 5256 RDPDR - ok
09:57:39.0370 5256 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:57:39.0370 5256 RDPENCDD - ok
09:57:39.0390 5256 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:57:39.0390 5256 RDPREFMP - ok
09:57:39.0440 5256 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
09:57:39.0450 5256 RDPWD - ok
09:57:39.0520 5256 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:57:39.0530 5256 rdyboost - ok
09:57:39.0580 5256 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:57:39.0590 5256 RemoteAccess - ok
09:57:39.0620 5256 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:57:39.0640 5256 RemoteRegistry - ok
09:57:39.0640 5256 revudfservice - ok
09:57:39.0690 5256 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
09:57:39.0690 5256 RFCOMM - ok
09:57:39.0740 5256 RICOH SmartCard Reader (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
09:57:39.0740 5256 RICOH SmartCard Reader - ok
09:57:39.0760 5256 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:57:39.0760 5256 rimmptsk - ok
09:57:39.0760 5256 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
09:57:39.0770 5256 rismc32 - ok
09:57:39.0990 5256 RoxMediaDB10 (85f9924fb26d924c4a10dc620ae2c350) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
09:57:40.0020 5256 RoxMediaDB10 - ok
09:57:40.0060 5256 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:57:40.0060 5256 RpcEptMapper - ok
09:57:40.0080 5256 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:57:40.0090 5256 RpcLocator - ok
09:57:40.0140 5256 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\system32\rpcnet.exe
09:57:40.0150 5256 rpcnet - ok
09:57:40.0210 5256 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:57:40.0220 5256 RpcSs - ok
09:57:40.0302 5256 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:57:40.0312 5256 rspndr - ok
09:57:40.0322 5256 RTLE8023xp - ok
09:57:40.0362 5256 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:57:40.0362 5256 s3cap - ok
09:57:40.0372 5256 S7oppilx - ok
09:57:40.0402 5256 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:57:40.0402 5256 SamSs - ok
09:57:40.0432 5256 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:57:40.0432 5256 sbp2port - ok
09:57:40.0602 5256 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
09:57:40.0632 5256 SBSDWSCService - ok
09:57:40.0672 5256 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:57:40.0682 5256 SCardSvr - ok
09:57:40.0732 5256 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:57:40.0742 5256 scfilter - ok
09:57:40.0802 5256 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:57:40.0822 5256 Schedule - ok
09:57:40.0852 5256 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:57:40.0852 5256 SCPolicySvc - ok
09:57:40.0902 5256 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
09:57:40.0912 5256 sdbus - ok
09:57:40.0912 5256 sdcplh - ok
09:57:40.0942 5256 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:57:40.0982 5256 SDRSVC - ok
09:57:40.0992 5256 se26nd5 - ok
09:57:41.0022 5256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:57:41.0022 5256 secdrv - ok
09:57:41.0052 5256 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:57:41.0052 5256 seclogon - ok
09:57:41.0072 5256 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
09:57:41.0082 5256 SENS - ok
09:57:41.0112 5256 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:57:41.0112 5256 SensrSvc - ok
09:57:41.0122 5256 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:57:41.0122 5256 Serenum - ok
09:57:41.0142 5256 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:57:41.0152 5256 Serial - ok
09:57:41.0172 5256 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:57:41.0182 5256 sermouse - ok
09:57:41.0222 5256 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:57:41.0232 5256 SessionEnv - ok
09:57:41.0262 5256 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:57:41.0262 5256 sffdisk - ok
09:57:41.0282 5256 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:57:41.0282 5256 sffp_mmc - ok
09:57:41.0282 5256 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:57:41.0282 5256 sffp_sd - ok
09:57:41.0292 5256 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:57:41.0292 5256 sfloppy - ok
09:57:41.0342 5256 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:57:41.0362 5256 SharedAccess - ok
09:57:41.0422 5256 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:57:41.0422 5256 ShellHWDetection - ok
09:57:41.0442 5256 Si3132 - ok
09:57:41.0472 5256 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:57:41.0472 5256 sisagp - ok
09:57:41.0502 5256 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:57:41.0502 5256 SiSRaid2 - ok
09:57:41.0512 5256 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:57:41.0512 5256 SiSRaid4 - ok
09:57:41.0522 5256 slabser - ok
09:57:41.0542 5256 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:57:41.0552 5256 Smb - ok
09:57:41.0782 5256 SmcService (16176075021462d37edabb98dea753d0) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
09:57:41.0832 5256 SmcService - ok
09:57:41.0882 5256 SNAC (1c48f2df2cf97504169e63c37a2818b2) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
09:57:41.0942 5256 SNAC - ok
09:57:42.0062 5256 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:57:42.0072 5256 SNMPTRAP - ok
09:57:42.0282 5256 SNP2UVC (44edd50d218ef1cf76fbf9b9fc58f79d) C:\Windows\system32\DRIVERS\snp2uvc.sys
09:57:42.0322 5256 SNP2UVC - ok
09:57:42.0452 5256 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:57:42.0472 5256 SPBBCDrv - ok
09:57:42.0582 5256 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:57:42.0582 5256 spldr - ok
09:57:42.0642 5256 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:57:42.0652 5256 Spooler - ok
09:57:42.0912 5256 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:57:42.0982 5256 sppsvc - ok
09:57:43.0112 5256 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:57:43.0122 5256 sppuinotify - ok
09:57:43.0142 5256 sprtsvc_smartagent - ok
09:57:43.0152 5256 SRS_SSCFilter - ok
09:57:43.0222 5256 SRTSP (620bbcc5c4c4407447866793c36e1215) C:\Windows\system32\Drivers\SRTSP.SYS
09:57:43.0242 5256 SRTSP - ok
09:57:43.0272 5256 SRTSPL (995e15de499ca58445e39a2fba7d170e) C:\Windows\system32\Drivers\SRTSPL.SYS
09:57:43.0282 5256 SRTSPL - ok
09:57:43.0292 5256 SRTSPX (1b63f794f283b974a79084514df206a0) C:\Windows\system32\Drivers\SRTSPX.SYS
09:57:43.0292 5256 SRTSPX - ok
09:57:43.0332 5256 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
09:57:43.0342 5256 srv - ok
09:57:43.0402 5256 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
09:57:43.0412 5256 srv2 - ok
09:57:43.0452 5256 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
09:57:43.0462 5256 srvnet - ok
09:57:43.0492 5256 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:57:43.0512 5256 SSDPSRV - ok
09:57:43.0532 5256 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:57:43.0532 5256 SstpSvc - ok
09:57:43.0672 5256 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
09:57:43.0692 5256 SSUService - ok
09:57:43.0722 5256 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:57:43.0732 5256 stexstor - ok
09:57:43.0792 5256 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:57:43.0802 5256 StiSvc - ok
09:57:43.0862 5256 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:57:43.0872 5256 stllssvr - ok
09:57:43.0912 5256 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:57:43.0912 5256 storflt - ok
09:57:43.0932 5256 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
09:57:43.0932 5256 StorSvc - ok
09:57:43.0942 5256 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:57:43.0942 5256 storvsc - ok
09:57:43.0952 5256 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:57:43.0952 5256 swenum - ok
09:57:43.0982 5256 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:57:43.0992 5256 swprv - ok
09:57:44.0212 5256 Symantec AntiVirus (dc358448cd60f6739c58361a0a5fda0b) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
09:57:44.0232 5256 Symantec AntiVirus - ok
09:57:44.0362 5256 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:57:44.0382 5256 SymEvent - ok
09:57:44.0402 5256 symsnap - ok
09:57:44.0462 5256 SynTP (1de40024679cde0e573465253519730e) C:\Windows\system32\DRIVERS\SynTP.sys
09:57:44.0482 5256 SynTP - ok
09:57:44.0592 5256 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:57:44.0621 5256 SysMain - ok
09:57:44.0641 5256 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:57:44.0651 5256 TabletInputService - ok
09:57:44.0701 5256 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:57:44.0721 5256 TapiSrv - ok
09:57:44.0751 5256 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:57:44.0761 5256 TBS - ok
09:57:44.0781 5256 TClass2k - ok
09:57:44.0951 5256 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
09:57:44.0977 5256 Tcpip - ok
09:57:45.0023 5256 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
09:57:45.0033 5256 TCPIP6 - ok
09:57:45.0073 5256 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:57:45.0073 5256 tcpipreg - ok
09:57:45.0103 5256 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:57:45.0103 5256 TDPIPE - ok
09:57:45.0113 5256 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
09:57:45.0113 5256 TDTCP - ok
09:57:45.0153 5256 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:57:45.0153 5256 tdx - ok
09:57:45.0163 5256 Teefer3 - ok
09:57:45.0203 5256 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:57:45.0203 5256 TermDD - ok
09:57:45.0273 5256 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:57:45.0283 5256 TermService - ok
09:57:45.0283 5256 tfsnudf - ok
09:57:45.0301 5256 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:57:45.0304 5256 Themes - ok
09:57:45.0345 5256 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:57:45.0345 5256 THREADORDER - ok
09:57:45.0375 5256 TMMEmu - ok
09:57:45.0415 5256 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
09:57:45.0415 5256 TPM - ok
09:57:45.0415 5256 transactional - ok
09:57:45.0455 5256 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:57:45.0465 5256 TrkWks - ok
09:57:45.0525 5256 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:57:45.0525 5256 TrustedInstaller - ok
09:57:45.0575 5256 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:57:45.0575 5256 tssecsrv - ok
09:57:45.0595 5256 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:57:45.0605 5256 TsUsbFlt - ok
09:57:45.0645 5256 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:57:45.0655 5256 tunnel - ok
09:57:45.0685 5256 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:57:45.0685 5256 uagp35 - ok
09:57:45.0705 5256 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:57:45.0725 5256 udfs - ok
09:57:45.0755 5256 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:57:45.0755 5256 UI0Detect - ok
09:57:45.0785 5256 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:57:45.0785 5256 uliagpkx - ok
09:57:45.0815 5256 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:57:45.0815 5256 umbus - ok
09:57:45.0845 5256 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:57:45.0855 5256 UmPass - ok
09:57:45.0905 5256 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:57:45.0915 5256 UmRdpService - ok
09:57:45.0965 5256 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:57:45.0975 5256 upnphost - ok
09:57:46.0035 5256 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
09:57:46.0035 5256 usbccgp - ok
09:57:46.0065 5256 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:57:46.0065 5256 usbcir - ok
09:57:46.0095 5256 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
09:57:46.0095 5256 usbehci - ok
09:57:46.0135 5256 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
09:57:46.0155 5256 usbhub - ok
09:57:46.0185 5256 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:57:46.0185 5256 usbohci - ok
09:57:46.0205 5256 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:57:46.0205 5256 usbprint - ok
09:57:46.0245 5256 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:57:46.0245 5256 USBSTOR - ok
09:57:46.0265 5256 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
09:57:46.0265 5256 usbuhci - ok
09:57:46.0295 5256 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
09:57:46.0295 5256 usbvideo - ok
09:57:46.0325 5256 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:57:46.0325 5256 UxSms - ok
09:57:46.0355 5256 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:57:46.0355 5256 VaultSvc - ok
09:57:46.0365 5256 vcomm - ok
09:57:46.0425 5256 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:57:46.0425 5256 vdrvroot - ok
09:57:46.0475 5256 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:57:46.0485 5256 vds - ok
09:57:46.0485 5256 vet-rec - ok
09:57:46.0525 5256 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:57:46.0525 5256 vga - ok
09:57:46.0545 5256 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:57:46.0545 5256 VgaSave - ok
09:57:46.0556 5256 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:57:46.0556 5256 vhdmp - ok
09:57:46.0607 5256 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:57:46.0607 5256 viaagp - ok
09:57:46.0637 5256 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:57:46.0637 5256 ViaC7 - ok
09:57:46.0657 5256 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:57:46.0657 5256 viaide - ok
09:57:46.0687 5256 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:57:46.0697 5256 vmbus - ok
09:57:46.0727 5256 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:57:46.0727 5256 VMBusHID - ok
09:57:46.0747 5256 vmkbd - ok
09:57:46.0767 5256 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:57:46.0767 5256 volmgr - ok
09:57:46.0807 5256 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:57:46.0817 5256 volmgrx - ok
09:57:46.0867 5256 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:57:46.0877 5256 volsnap - ok
09:57:46.0917 5256 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:57:46.0917 5256 vsmraid - ok
09:57:47.0017 5256 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:57:47.0047 5256 VSS - ok
09:57:47.0057 5256 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:57:47.0057 5256 vwifibus - ok
09:57:47.0097 5256 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:57:47.0097 5256 vwififlt - ok
09:57:47.0137 5256 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:57:47.0137 5256 W32Time - ok
09:57:47.0157 5256 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:57:47.0157 5256 WacomPen - ok
09:57:47.0197 5256 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:57:47.0197 5256 WANARP - ok
09:57:47.0207 5256 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:57:47.0207 5256 Wanarpv6 - ok
09:57:47.0297 5256 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:57:47.0347 5256 wbengine - ok
09:57:47.0387 5256 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:57:47.0397 5256 WbioSrvc - ok
09:57:47.0447 5256 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:57:47.0447 5256 wcncsvc - ok
09:57:47.0467 5256 wcontrol - ok
09:57:47.0497 5256 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:57:47.0497 5256 WcsPlugInService - ok
09:57:47.0547 5256 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:57:47.0547 5256 Wd - ok
09:57:47.0597 5256 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:57:47.0607 5256 Wdf01000 - ok
09:57:47.0627 5256 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:57:47.0637 5256 WdiServiceHost - ok
09:57:47.0637 5256 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:57:47.0647 5256 WdiSystemHost - ok
09:57:47.0697 5256 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:57:47.0707 5256 WebClient - ok
09:57:47.0707 5256 webrootadminconsole - ok
09:57:47.0737 5256 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:57:47.0747 5256 Wecsvc - ok
09:57:47.0757 5256 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:57:47.0757 5256 wercplsupport - ok
09:57:47.0787 5256 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:57:47.0787 5256 WerSvc - ok
09:57:47.0827 5256 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:57:47.0827 5256 WfpLwf - ok
09:57:47.0837 5256 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:57:47.0837 5256 WIMMount - ok
09:57:47.0847 5256 WinHttpAutoProxySvc - ok
09:57:47.0927 5256 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:57:47.0937 5256 Winmgmt - ok
09:57:48.0087 5256 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:57:48.0097 5256 WinRM - ok
09:57:48.0197 5256 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:57:48.0197 5256 WinUsb - ok
09:57:48.0297 5256 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:57:48.0327 5256 Wlansvc - ok
09:57:48.0347 5256 WmaCDriverV32 - ok
09:57:48.0377 5256 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:57:48.0377 5256 WmiAcpi - ok
09:57:48.0427 5256 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:57:48.0427 5256 wmiApSrv - ok
09:57:48.0577 5256 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:57:48.0607 5256 WMPNetworkSvc - ok
09:57:48.0637 5256 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:57:48.0647 5256 WPCSvc - ok
09:57:48.0687 5256 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:57:48.0707 5256 WPDBusEnum - ok
09:57:48.0767 5256 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:57:48.0767 5256 ws2ifsl - ok
09:57:48.0777 5256 WSearch - ok
09:57:48.0977 5256 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:57:49.0027 5256 wuauserv - ok
09:57:49.0159 5256 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:57:49.0169 5256 WudfPf - ok
09:57:49.0209 5256 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:57:49.0209 5256 WUDFRd - ok
09:57:49.0229 5256 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:57:49.0229 5256 wudfsvc - ok
09:57:49.0269 5256 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:57:49.0279 5256 WwanSvc - ok
09:57:49.0299 5256 ZDPSp50 - ok
09:57:49.0329 5256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:57:49.0399 5256 \Device\Harddisk0\DR0 - ok
09:57:49.0409 5256 Boot (0x1200) (6c46aa80319cffbba2acbffb255480d6) \Device\Harddisk0\DR0\Partition0
09:57:49.0409 5256 \Device\Harddisk0\DR0\Partition0 - ok
09:57:49.0429 5256 Boot (0x1200) (86b60e1af373c951da3eb61bfe4cd322) \Device\Harddisk0\DR0\Partition1
09:57:49.0429 5256 \Device\Harddisk0\DR0\Partition1 - ok
09:57:49.0429 5256 ============================================================
09:57:49.0429 5256 Scan finished
09:57:49.0429 5256 ============================================================
09:57:49.0489 2140 Detected object count: 0
09:57:49.0489 2140 Actual detected object count: 0
09:57:58.0852 2796 Deinitialize success

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:42 AM

Posted 30 April 2012 - 12:08 PM

Hello,

Glad to hear things are better. Let's run a couple other scanners to make sure no leftovers.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:;
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 ajones

ajones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 April 2012 - 03:49 PM

Things are still running good now, nothing found with Malware Bytes. I attached the malware bytes log and the latest combofix log, I don't know where to get the ESET log from

Attached Files



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:42 AM

Posted 30 April 2012 - 04:33 PM

Hmm,

I gave you the wrong directions. Try this.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 ajones

ajones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 April 2012 - 06:16 PM

ESET is done and scanned, here is the log. It found 6 more files. thanks again.

Attached Files

  • Attached File  ESET.txt   885bytes   1 downloads


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:42 AM

Posted 30 April 2012 - 06:42 PM

Hello, ajones.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".


Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.










One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:42 AM

Posted 02 May 2012 - 09:42 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 ajones

ajones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 03 May 2012 - 03:47 PM

Thank you very much, I have uninstalled and cleaned my machine. Everything is working great at this point. I appreciate all of your help! Thanks for lending me your wisdom.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:42 AM

Posted 04 May 2012 - 07:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users