Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Re-direct


  • This topic is locked This topic is locked
17 replies to this topic

#1 dokimqueen

dokimqueen

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 28 April 2012 - 05:56 PM

Hello,

Sometime ago, I realized that my Google searches were being redirected to random and rather annoying sites like Happili and Gimme Answers. More recently, certain words in the webpages I frequent are blue; and when my mouse hovers over them, a small window appears with an ad from "Text Enhance." Malwarebytes and some of the other scans my relatives have ran don't seem to detect anything, and the problem seems to be getting progressively worse as I haven't had time to post a new topic here yet. I'd highly appreciate any possible help with my problem, thank you!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by kim at 20:24:04 on 2012-04-24
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1226 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\kim\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [D-Link D-Link DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe
mRun: [WZCSLDR2] c:\program files\d-link\dwa-125 reva\WZCSLDR2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\kim\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\kim\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{33A94A52-2490-4D23-A760-C90485C42F3F} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kim\appdata\roaming\mozilla\firefox\profiles\ek9vhfq9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2011-4-24 12800]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-16 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-16 337880]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-3-15 101112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-16 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-16 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-16 44768]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\d-link\dwa-125 reva\ANIWConnService.exe [2011-4-24 40960]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-8-24 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-16 106104]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2011-4-24 807936]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\d-link\dwa-125 reva\ANIWZCSdS.exe [2011-4-24 126976]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
.
=============== Created Last 30 ================
.
2012-04-21 20:32:52 -------- d-----w- c:\program files\uTorrent
2012-04-21 20:32:28 -------- d-----w- c:\users\kim\appdata\roaming\uTorrent
2012-04-21 19:30:45 -------- d-----w- c:\program files\BitTorrent
2012-04-21 19:15:58 -------- d-----w- c:\program files\SweetIM
2012-04-21 19:15:44 -------- d-----w- c:\programdata\Premium
2012-04-21 19:14:06 -------- d-----w- c:\programdata\TheBflix
2012-04-21 19:12:15 -------- d-----w- c:\programdata\InstallMate
2012-04-14 21:50:44 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-04-14 21:50:44 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-29 07:40:59 -------- d-----w- c:\users\kim\appdata\local\NPE
2012-03-29 07:40:59 -------- d-----w- c:\programdata\Norton
.
==================== Find3M ====================
.
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:30:30.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 28 April 2012 - 11:27 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dokimqueen

dokimqueen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 29 April 2012 - 02:48 AM

Hello again!

Thank you for the prompt reply and help! (:
I've decided to keep the Avast anti-virus, and the requested logs are posted below. After running Combofix, my searches continue to redirect to the same websites.


Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 10.3.181.26 Flash Player out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````


Combofix log:

ComboFix 12-04-28.01 - kim 04/29/2012 0:34.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1895 [GMT -7:00]
Running from: c:\users\kim\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bhoclass.dll
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\ekdjfcdinekpfcedakhpngcnaamhiihn.crx
c:\programdata\TheBflix\settings.ini
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch\bookmarks.json
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch\clients.json
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch\forms.json
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch\history.json
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch\passwords.json
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch\prefs.json
c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\weave\toFetch\tabs.json
c:\windows\system32\bdaplgin.ax
c:\windows\system32\cero.rs
c:\windows\system32\csrr.rs
c:\windows\system32\esrb.rs
c:\windows\system32\g711codc.ax
c:\windows\system32\grb.rs
c:\windows\system32\iac25_32.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\ivfsrc.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\kstvtune.ax
c:\windows\system32\Kswdmcap.ax
c:\windows\system32\ksxbar.ax
c:\windows\system32\Mpeg2Data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\MSDvbNP.ax
c:\windows\system32\MSNP.ax
c:\windows\system32\oflc.rs
c:\windows\system32\pegi-fi.rs
c:\windows\system32\pegi-pt.rs
c:\windows\system32\pegi.rs
c:\windows\system32\pegibbfc.rs
c:\windows\system32\psisrndr.ax
c:\windows\system32\usk.rs
c:\windows\system32\VBICodec.ax
c:\windows\system32\vbisurf.ax
c:\windows\system32\vidcap.ax
c:\windows\system32\WEB.rs
c:\windows\system32\WSTPager.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 07:40 . 2012-04-29 07:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-29 07:40 . 2012-04-29 07:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 07:19 . 2012-04-29 07:19 -------- d-----w- c:\users\kim\AppData\Local\CrashDumps
2012-04-21 20:32 . 2012-04-21 20:32 -------- d-----w- c:\program files\uTorrent
2012-04-21 20:32 . 2012-04-29 07:40 -------- d-----w- c:\users\kim\AppData\Roaming\uTorrent
2012-04-21 19:30 . 2012-04-21 19:30 -------- d-----w- c:\program files\BitTorrent
2012-04-21 19:15 . 2012-04-22 06:18 -------- d-----w- c:\program files\SweetIM
2012-04-21 19:15 . 2012-04-21 19:15 -------- d-----w- c:\programdata\Premium
2012-04-21 19:12 . 2012-04-21 19:15 -------- d-----w- c:\programdata\InstallMate
2012-04-14 21:50 . 2012-04-14 21:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-04-14 21:50 . 2012-04-14 21:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 00:39 . 2012-03-15 00:39 157184 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA59.tmp
2012-03-06 23:15 . 2012-03-17 06:21 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-03-17 06:21 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2012-03-17 06:23 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-03-17 06:23 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-17 06:23 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-03-17 06:23 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-03-17 06:23 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-03-17 06:23 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-25 11:04 . 2012-02-25 11:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-25 11:04 . 2012-02-25 11:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-25 11:04 . 2012-02-25 11:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-25 11:04 . 2012-02-25 11:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-25 11:04 . 2012-02-25 11:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-25 11:04 . 2012-02-25 11:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-25 11:04 . 2012-02-25 11:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-25 11:04 . 2012-02-25 11:04 367104 ----a-w- c:\windows\system32\html.iec
2012-02-25 11:04 . 2012-02-25 11:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-25 11:04 . 2012-02-25 11:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 11:04 . 2012-02-25 11:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-25 11:04 . 2012-02-25 11:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-25 11:04 . 2012-02-25 11:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-25 11:04 . 2012-02-25 11:04 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-25 11:04 . 2012-02-25 11:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-25 11:04 . 2012-02-25 11:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-25 11:04 . 2012-02-25 11:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-25 11:04 . 2012-02-25 11:04 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-25 11:04 . 2012-02-25 11:04 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-25 11:04 . 2012-02-25 11:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-25 11:04 . 2012-02-25 11:04 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 05:44 . 2012-03-13 23:42 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 23:42 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 23:42 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-13 23:44 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 23:44 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 23:44 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 23:44 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 23:44 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-13 23:44 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-04-14 21:50 . 2011-04-24 18:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-04-21 879984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-20 995328]
"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-20 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\kim\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
2;2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-24 1343400]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-07 12800]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 101112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [2009-07-08 40960]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-09-15 807936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 07:26]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 07:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ek9vhfq9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-29 00:42:04
ComboFix-quarantined-files.txt 2012-04-29 07:42
ComboFix2.txt 2012-03-17 00:05
ComboFix3.txt 2012-03-16 07:11
.
Pre-Run: 16,491,384,832 bytes free
Post-Run: 16,134,328,320 bytes free
.
- - End Of File - - C362B29BD1913D975F21006F2D5AE870

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 29 April 2012 - 05:30 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dokimqueen

dokimqueen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 29 April 2012 - 02:45 PM

Salutations,

I have since then run both; logs are posted below. Thanks for your time. (:


tdsskiller log:

12:29:19.0757 2564 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
12:29:20.0722 2564 ============================================================
12:29:20.0722 2564 Current date / time: 2012/04/29 12:29:20.0721
12:29:20.0722 2564 SystemInfo:
12:29:20.0722 2564
12:29:20.0722 2564 OS Version: 6.1.7600 ServicePack: 0.0
12:29:20.0722 2564 Product type: Workstation
12:29:20.0722 2564 ComputerName: KIM-PC
12:29:20.0722 2564 UserName: kim
12:29:20.0722 2564 Windows directory: C:\Windows
12:29:20.0722 2564 System windows directory: C:\Windows
12:29:20.0722 2564 Processor architecture: Intel x86
12:29:20.0722 2564 Number of processors: 2
12:29:20.0722 2564 Page size: 0x1000
12:29:20.0722 2564 Boot type: Normal boot
12:29:20.0722 2564 ============================================================
12:29:22.0221 2564 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:29:22.0223 2564 ============================================================
12:29:22.0223 2564 \Device\Harddisk0\DR0:
12:29:22.0223 2564 MBR partitions:
12:29:22.0224 2564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
12:29:22.0224 2564 ============================================================
12:29:22.0240 2564 C: <-> \Device\Harddisk0\DR0\Partition0
12:29:22.0240 2564 ============================================================
12:29:22.0240 2564 Initialize success
12:29:22.0240 2564 ============================================================
12:29:25.0906 3604 ============================================================
12:29:25.0906 3604 Scan started
12:29:25.0906 3604 Mode: Manual;
12:29:25.0906 3604 ============================================================
12:29:28.0243 3604 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
12:29:28.0244 3604 1394ohci - ok
12:29:28.0273 3604 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
12:29:28.0275 3604 ACPI - ok
12:29:28.0291 3604 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
12:29:28.0292 3604 AcpiPmi - ok
12:29:28.0334 3604 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:29:28.0337 3604 adp94xx - ok
12:29:28.0362 3604 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:29:28.0365 3604 adpahci - ok
12:29:28.0381 3604 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:29:28.0382 3604 adpu320 - ok
12:29:28.0413 3604 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:29:28.0414 3604 AeLookupSvc - ok
12:29:28.0460 3604 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
12:29:28.0462 3604 AFD - ok
12:29:28.0468 3604 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
12:29:28.0470 3604 agp440 - ok
12:29:28.0489 3604 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:29:28.0490 3604 aic78xx - ok
12:29:28.0513 3604 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:29:28.0514 3604 ALG - ok
12:29:28.0524 3604 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
12:29:28.0525 3604 aliide - ok
12:29:28.0541 3604 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
12:29:28.0542 3604 amdagp - ok
12:29:28.0546 3604 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
12:29:28.0547 3604 amdide - ok
12:29:28.0564 3604 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:29:28.0565 3604 AmdK8 - ok
12:29:28.0595 3604 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:29:28.0596 3604 AmdPPM - ok
12:29:28.0657 3604 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
12:29:28.0659 3604 amdsata - ok
12:29:28.0682 3604 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:29:28.0683 3604 amdsbs - ok
12:29:28.0695 3604 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
12:29:28.0696 3604 amdxata - ok
12:29:28.0752 3604 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) C:\Windows\system32\DRIVERS\anodlwf.sys
12:29:28.0846 3604 anodlwf - ok
12:29:29.0056 3604 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
12:29:29.0057 3604 AppID - ok
12:29:29.0117 3604 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:29:29.0118 3604 AppIDSvc - ok
12:29:29.0165 3604 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
12:29:29.0165 3604 Appinfo - ok
12:29:29.0739 3604 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:29:29.0740 3604 Apple Mobile Device - ok
12:29:29.0925 3604 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:29:29.0926 3604 AppMgmt - ok
12:29:30.0116 3604 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:29:30.0117 3604 arc - ok
12:29:30.0147 3604 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:29:30.0148 3604 arcsas - ok
12:29:30.0198 3604 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
12:29:30.0198 3604 aswFsBlk - ok
12:29:30.0260 3604 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
12:29:30.0261 3604 aswMonFlt - ok
12:29:30.0303 3604 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
12:29:30.0304 3604 aswRdr - ok
12:29:30.0376 3604 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
12:29:30.0380 3604 aswSnx - ok
12:29:30.0436 3604 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
12:29:30.0438 3604 aswSP - ok
12:29:30.0461 3604 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
12:29:30.0462 3604 aswTdi - ok
12:29:30.0477 3604 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:30.0477 3604 AsyncMac - ok
12:29:30.0486 3604 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
12:29:30.0486 3604 atapi - ok
12:29:30.0532 3604 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:29:30.0535 3604 AudioEndpointBuilder - ok
12:29:30.0542 3604 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:29:30.0545 3604 Audiosrv - ok
12:29:30.0634 3604 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:29:30.0635 3604 avast! Antivirus - ok
12:29:30.0661 3604 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
12:29:30.0663 3604 AxInstSV - ok
12:29:30.0712 3604 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:29:30.0715 3604 b06bdrv - ok
12:29:30.0751 3604 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:29:30.0753 3604 b57nd60x - ok
12:29:30.0775 3604 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:29:30.0776 3604 BDESVC - ok
12:29:30.0808 3604 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:29:30.0809 3604 Beep - ok
12:29:30.0854 3604 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
12:29:30.0857 3604 BFE - ok
12:29:30.0900 3604 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
12:29:30.0908 3604 BITS - ok
12:29:30.0920 3604 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:30.0921 3604 blbdrive - ok
12:29:31.0045 3604 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
12:29:31.0047 3604 Bonjour Service - ok
12:29:31.0073 3604 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
12:29:31.0074 3604 bowser - ok
12:29:31.0083 3604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:29:31.0084 3604 BrFiltLo - ok
12:29:31.0099 3604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:29:31.0099 3604 BrFiltUp - ok
12:29:31.0115 3604 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:29:31.0116 3604 BridgeMP - ok
12:29:31.0130 3604 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
12:29:31.0132 3604 Browser - ok
12:29:31.0154 3604 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:29:31.0156 3604 Brserid - ok
12:29:31.0174 3604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:31.0175 3604 BrSerWdm - ok
12:29:31.0184 3604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:31.0185 3604 BrUsbMdm - ok
12:29:31.0195 3604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:31.0196 3604 BrUsbSer - ok
12:29:31.0208 3604 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:29:31.0209 3604 BTHMODEM - ok
12:29:31.0231 3604 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:29:31.0231 3604 bthserv - ok
12:29:31.0298 3604 catchme - ok
12:29:31.0336 3604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:31.0337 3604 cdfs - ok
12:29:31.0372 3604 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
12:29:31.0374 3604 cdrom - ok
12:29:31.0402 3604 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:29:31.0403 3604 CertPropSvc - ok
12:29:31.0417 3604 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:29:31.0418 3604 circlass - ok
12:29:31.0633 3604 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:29:31.0635 3604 CLFS - ok
12:29:31.0702 3604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:31.0703 3604 clr_optimization_v2.0.50727_32 - ok
12:29:31.0810 3604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:29:31.0811 3604 clr_optimization_v4.0.30319_32 - ok
12:29:31.0824 3604 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:31.0825 3604 CmBatt - ok
12:29:31.0834 3604 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
12:29:31.0835 3604 cmdide - ok
12:29:31.0894 3604 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
12:29:31.0896 3604 CNG - ok
12:29:31.0901 3604 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:29:31.0902 3604 Compbatt - ok
12:29:31.0927 3604 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:29:31.0928 3604 CompositeBus - ok
12:29:31.0939 3604 COMSysApp - ok
12:29:31.0952 3604 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:29:31.0953 3604 crcdisk - ok
12:29:31.0985 3604 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
12:29:31.0986 3604 CryptSvc - ok
12:29:32.0019 3604 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
12:29:32.0021 3604 CSC - ok
12:29:32.0058 3604 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
12:29:32.0062 3604 CscService - ok
12:29:32.0101 3604 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:29:32.0107 3604 DcomLaunch - ok
12:29:32.0141 3604 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:29:32.0144 3604 defragsvc - ok
12:29:32.0187 3604 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
12:29:32.0188 3604 DfsC - ok
12:29:32.0222 3604 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
12:29:32.0224 3604 Dhcp - ok
12:29:32.0241 3604 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:29:32.0242 3604 discache - ok
12:29:32.0260 3604 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:29:32.0261 3604 Disk - ok
12:29:32.0291 3604 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
12:29:32.0294 3604 Dnscache - ok
12:29:32.0325 3604 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
12:29:32.0328 3604 dot3svc - ok
12:29:32.0343 3604 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
12:29:32.0345 3604 DPS - ok
12:29:32.0375 3604 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:29:32.0376 3604 drmkaud - ok
12:29:32.0432 3604 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:32.0437 3604 DXGKrnl - ok
12:29:32.0507 3604 D_Link_DWA-125 (f195fbc375342bd25c936982245a8fb0) C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
12:29:32.0508 3604 D_Link_DWA-125 - ok
12:29:32.0526 3604 D_Link_DWA-125_WPS (4db0907d750e0810309f8d8fa36625a6) C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
12:29:32.0527 3604 D_Link_DWA-125_WPS - ok
12:29:32.0556 3604 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:29:32.0558 3604 EapHost - ok
12:29:32.0730 3604 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:29:32.0750 3604 ebdrv - ok
12:29:32.0888 3604 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
12:29:32.0891 3604 EFS - ok
12:29:32.0953 3604 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
12:29:32.0957 3604 ehRecvr - ok
12:29:33.0015 3604 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:29:33.0017 3604 ehSched - ok
12:29:33.0087 3604 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:29:33.0090 3604 elxstor - ok
12:29:33.0104 3604 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
12:29:33.0104 3604 ErrDev - ok
12:29:33.0155 3604 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:29:33.0158 3604 EventSystem - ok
12:29:33.0176 3604 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:29:33.0178 3604 exfat - ok
12:29:33.0191 3604 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:29:33.0193 3604 fastfat - ok
12:29:33.0233 3604 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
12:29:33.0238 3604 Fax - ok
12:29:33.0255 3604 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:29:33.0256 3604 fdc - ok
12:29:33.0269 3604 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:29:33.0271 3604 fdPHost - ok
12:29:33.0280 3604 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:29:33.0282 3604 FDResPub - ok
12:29:33.0297 3604 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:29:33.0298 3604 FileInfo - ok
12:29:33.0298 3604 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:29:33.0298 3604 Filetrace - ok
12:29:33.0298 3604 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:33.0298 3604 flpydisk - ok
12:29:33.0345 3604 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:29:33.0345 3604 FltMgr - ok
12:29:33.0436 3604 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
12:29:33.0442 3604 FontCache - ok
12:29:33.0509 3604 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:29:33.0510 3604 FontCache3.0.0.0 - ok
12:29:33.0525 3604 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:29:33.0526 3604 FsDepends - ok
12:29:33.0543 3604 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:33.0544 3604 Fs_Rec - ok
12:29:33.0584 3604 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:33.0586 3604 fvevol - ok
12:29:33.0612 3604 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:29:33.0613 3604 gagp30kx - ok
12:29:33.0668 3604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:29:33.0669 3604 GEARAspiWDM - ok
12:29:33.0722 3604 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
12:29:33.0727 3604 gpsvc - ok
12:29:33.0840 3604 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:29:33.0842 3604 gupdate - ok
12:29:33.0846 3604 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:29:33.0847 3604 gupdatem - ok
12:29:33.0854 3604 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:29:33.0855 3604 hcw85cir - ok
12:29:33.0900 3604 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
12:29:33.0902 3604 HdAudAddService - ok
12:29:33.0924 3604 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:29:33.0925 3604 HDAudBus - ok
12:29:33.0940 3604 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:29:33.0941 3604 HidBatt - ok
12:29:33.0953 3604 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:29:33.0954 3604 HidBth - ok
12:29:33.0968 3604 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:29:33.0969 3604 HidIr - ok
12:29:33.0977 3604 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:29:33.0979 3604 hidserv - ok
12:29:33.0990 3604 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:33.0991 3604 HidUsb - ok
12:29:34.0021 3604 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
12:29:34.0024 3604 hkmsvc - ok
12:29:34.0045 3604 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
12:29:34.0049 3604 HomeGroupListener - ok
12:29:34.0077 3604 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
12:29:34.0081 3604 HomeGroupProvider - ok
12:29:34.0096 3604 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:29:34.0098 3604 HpSAMD - ok
12:29:34.0141 3604 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
12:29:34.0145 3604 HTTP - ok
12:29:34.0159 3604 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
12:29:34.0160 3604 hwpolicy - ok
12:29:34.0183 3604 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
12:29:34.0185 3604 i8042prt - ok
12:29:34.0251 3604 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
12:29:34.0254 3604 iaStorV - ok
12:29:34.0358 3604 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:29:34.0368 3604 idsvc - ok
12:29:34.0389 3604 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:29:34.0390 3604 iirsp - ok
12:29:34.0449 3604 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
12:29:34.0455 3604 IKEEXT - ok
12:29:34.0471 3604 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
12:29:34.0472 3604 intelide - ok
12:29:34.0494 3604 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:29:34.0495 3604 intelppm - ok
12:29:34.0511 3604 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:29:34.0514 3604 IPBusEnum - ok
12:29:34.0528 3604 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:34.0530 3604 IpFilterDriver - ok
12:29:34.0560 3604 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
12:29:34.0565 3604 iphlpsvc - ok
12:29:34.0747 3604 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:29:34.0757 3604 IPMIDRV - ok
12:29:34.0789 3604 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:29:34.0790 3604 IPNAT - ok
12:29:35.0073 3604 iPod Service (ca9d4b998bff311a539604ed87318fa0) C:\Program Files\iPod\bin\iPodService.exe
12:29:35.0078 3604 iPod Service - ok
12:29:35.0101 3604 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:29:35.0102 3604 IRENUM - ok
12:29:35.0126 3604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
12:29:35.0127 3604 isapnp - ok
12:29:35.0149 3604 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
12:29:35.0151 3604 iScsiPrt - ok
12:29:35.0172 3604 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:35.0173 3604 kbdclass - ok
12:29:35.0198 3604 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:35.0199 3604 kbdhid - ok
12:29:35.0247 3604 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:29:35.0249 3604 KeyIso - ok
12:29:35.0299 3604 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
12:29:35.0300 3604 KSecDD - ok
12:29:35.0316 3604 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:35.0318 3604 KSecPkg - ok
12:29:35.0357 3604 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:29:35.0362 3604 KtmRm - ok
12:29:35.0396 3604 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
12:29:35.0396 3604 LanmanServer - ok
12:29:35.0432 3604 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
12:29:35.0438 3604 LanmanWorkstation - ok
12:29:35.0464 3604 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:35.0465 3604 lltdio - ok
12:29:35.0494 3604 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:29:35.0498 3604 lltdsvc - ok
12:29:35.0514 3604 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:29:35.0517 3604 lmhosts - ok
12:29:35.0547 3604 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:29:35.0548 3604 LSI_FC - ok
12:29:35.0563 3604 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:29:35.0565 3604 LSI_SAS - ok
12:29:35.0576 3604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:29:35.0577 3604 LSI_SAS2 - ok
12:29:35.0591 3604 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:29:35.0592 3604 LSI_SCSI - ok
12:29:35.0609 3604 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:29:35.0610 3604 luafv - ok
12:29:35.0643 3604 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
12:29:35.0646 3604 Mcx2Svc - ok
12:29:35.0660 3604 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:29:35.0661 3604 megasas - ok
12:29:35.0686 3604 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:29:35.0688 3604 MegaSR - ok
12:29:35.0787 3604 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:29:35.0788 3604 Microsoft Office Groove Audit Service - ok
12:29:35.0815 3604 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:29:35.0818 3604 MMCSS - ok
12:29:35.0830 3604 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:29:35.0831 3604 Modem - ok
12:29:35.0848 3604 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:29:35.0849 3604 monitor - ok
12:29:35.0869 3604 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:35.0870 3604 mouclass - ok
12:29:35.0890 3604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:35.0891 3604 mouhid - ok
12:29:35.0903 3604 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
12:29:35.0904 3604 mountmgr - ok
12:29:35.0923 3604 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
12:29:35.0925 3604 mpio - ok
12:29:35.0944 3604 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:29:35.0945 3604 mpsdrv - ok
12:29:35.0976 3604 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
12:29:35.0982 3604 MpsSvc - ok
12:29:36.0003 3604 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
12:29:36.0005 3604 MRxDAV - ok
12:29:36.0038 3604 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:36.0040 3604 mrxsmb - ok
12:29:36.0098 3604 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:36.0100 3604 mrxsmb10 - ok
12:29:36.0113 3604 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:36.0114 3604 mrxsmb20 - ok
12:29:36.0125 3604 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
12:29:36.0126 3604 msahci - ok
12:29:36.0146 3604 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
12:29:36.0148 3604 msdsm - ok
12:29:36.0169 3604 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:29:36.0172 3604 MSDTC - ok
12:29:36.0194 3604 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:29:36.0195 3604 Msfs - ok
12:29:36.0206 3604 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:36.0206 3604 mshidkmdf - ok
12:29:36.0212 3604 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
12:29:36.0213 3604 msisadrv - ok
12:29:36.0243 3604 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:29:36.0246 3604 MSiSCSI - ok
12:29:36.0250 3604 msiserver - ok
12:29:36.0274 3604 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:36.0275 3604 MSKSSRV - ok
12:29:36.0300 3604 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:36.0301 3604 MSPCLOCK - ok
12:29:36.0305 3604 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:29:36.0306 3604 MSPQM - ok
12:29:36.0329 3604 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:29:36.0330 3604 MsRPC - ok
12:29:36.0345 3604 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:29:36.0346 3604 mssmbios - ok
12:29:36.0356 3604 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:29:36.0357 3604 MSTEE - ok
12:29:36.0370 3604 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:29:36.0371 3604 MTConfig - ok
12:29:36.0385 3604 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:29:36.0386 3604 Mup - ok
12:29:36.0415 3604 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
12:29:36.0425 3604 napagent - ok
12:29:36.0477 3604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:36.0479 3604 NativeWifiP - ok
12:29:36.0550 3604 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
12:29:36.0555 3604 NDIS - ok
12:29:36.0572 3604 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:36.0573 3604 NdisCap - ok
12:29:36.0591 3604 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:36.0592 3604 NdisTapi - ok
12:29:36.0623 3604 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:36.0624 3604 Ndisuio - ok
12:29:36.0647 3604 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:36.0648 3604 NdisWan - ok
12:29:36.0659 3604 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
12:29:36.0660 3604 NDProxy - ok
12:29:36.0675 3604 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:29:36.0675 3604 NetBIOS - ok
12:29:36.0697 3604 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
12:29:36.0698 3604 NetBT - ok
12:29:36.0747 3604 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:29:36.0749 3604 Netlogon - ok
12:29:36.0807 3604 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:29:36.0812 3604 Netman - ok
12:29:36.0847 3604 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:29:36.0853 3604 netprofm - ok
12:29:36.0914 3604 netr28u (954e3565a7d6951af3da5b0f649e42fb) C:\Windows\system32\DRIVERS\Dnetr28u.sys
12:29:36.0920 3604 netr28u - ok
12:29:36.0992 3604 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:29:36.0993 3604 NetTcpPortSharing - ok
12:29:37.0028 3604 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:29:37.0029 3604 nfrd960 - ok
12:29:37.0050 3604 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
12:29:37.0055 3604 NlaSvc - ok
12:29:37.0233 3604 NMIndexingService (dbb5f7b1a4f109cd7a1abd3ac7a10d39) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:29:37.0236 3604 NMIndexingService - ok
12:29:37.0254 3604 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:29:37.0255 3604 Npfs - ok
12:29:37.0269 3604 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:29:37.0273 3604 nsi - ok
12:29:37.0282 3604 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:29:37.0284 3604 nsiproxy - ok
12:29:37.0389 3604 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
12:29:37.0397 3604 Ntfs - ok
12:29:37.0421 3604 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:29:37.0422 3604 Null - ok
12:29:37.0855 3604 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:29:37.0915 3604 nvlddmkm - ok
12:29:38.0075 3604 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
12:29:38.0075 3604 nvraid - ok
12:29:38.0125 3604 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
12:29:38.0135 3604 nvstor - ok
12:29:38.0165 3604 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
12:29:38.0165 3604 nv_agp - ok
12:29:38.0265 3604 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:29:38.0275 3604 odserv - ok
12:29:38.0295 3604 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
12:29:38.0305 3604 ohci1394 - ok
12:29:38.0345 3604 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:29:38.0345 3604 ose - ok
12:29:38.0405 3604 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:29:38.0415 3604 p2pimsvc - ok
12:29:38.0445 3604 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:29:38.0445 3604 p2psvc - ok
12:29:38.0465 3604 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:29:38.0465 3604 Parport - ok
12:29:38.0485 3604 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
12:29:38.0485 3604 partmgr - ok
12:29:38.0495 3604 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:29:38.0495 3604 Parvdm - ok
12:29:38.0517 3604 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:29:38.0521 3604 PcaSvc - ok
12:29:38.0537 3604 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
12:29:38.0538 3604 pci - ok
12:29:38.0547 3604 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
12:29:38.0548 3604 pciide - ok
12:29:38.0568 3604 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:38.0570 3604 pcmcia - ok
12:29:38.0585 3604 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:29:38.0586 3604 pcw - ok
12:29:38.0630 3604 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:29:38.0634 3604 PEAUTH - ok
12:29:38.0700 3604 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:29:38.0708 3604 PeerDistSvc - ok
12:29:38.0810 3604 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
12:29:38.0821 3604 pla - ok
12:29:38.0971 3604 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
12:29:38.0982 3604 PlugPlay - ok
12:29:39.0069 3604 Pml Driver HPZ12 (379f7a0ec9fbe07629fd3f244d3e3e44) C:\Windows\system32\HPZipm12.dll
12:29:39.0073 3604 Pml Driver HPZ12 - ok
12:29:39.0090 3604 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:29:39.0097 3604 PNRPAutoReg - ok
12:29:39.0151 3604 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:29:39.0161 3604 PNRPsvc - ok
12:29:39.0206 3604 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
12:29:39.0213 3604 PolicyAgent - ok
12:29:39.0247 3604 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
12:29:39.0252 3604 Power - ok
12:29:39.0300 3604 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:39.0301 3604 PptpMiniport - ok
12:29:39.0326 3604 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:29:39.0328 3604 Processor - ok
12:29:39.0363 3604 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
12:29:39.0368 3604 ProfSvc - ok
12:29:39.0415 3604 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:29:39.0418 3604 ProtectedStorage - ok
12:29:39.0456 3604 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:29:39.0459 3604 Psched - ok
12:29:39.0551 3604 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:29:39.0566 3604 ql2300 - ok
12:29:39.0664 3604 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:29:39.0665 3604 ql40xx - ok
12:29:39.0698 3604 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:29:39.0703 3604 QWAVE - ok
12:29:39.0718 3604 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:29:39.0719 3604 QWAVEdrv - ok
12:29:39.0725 3604 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:39.0726 3604 RasAcd - ok
12:29:39.0761 3604 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:39.0761 3604 RasAgileVpn - ok
12:29:39.0778 3604 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:29:39.0782 3604 RasAuto - ok
12:29:39.0792 3604 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:39.0793 3604 Rasl2tp - ok
12:29:39.0830 3604 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
12:29:39.0835 3604 RasMan - ok
12:29:39.0863 3604 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:39.0864 3604 RasPppoe - ok
12:29:39.0887 3604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:39.0888 3604 RasSstp - ok
12:29:39.0906 3604 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:39.0908 3604 rdbss - ok
12:29:39.0923 3604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:29:39.0924 3604 rdpbus - ok
12:29:39.0939 3604 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:39.0940 3604 RDPCDD - ok
12:29:39.0973 3604 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
12:29:39.0974 3604 RDPDR - ok
12:29:39.0996 3604 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:29:39.0997 3604 RDPENCDD - ok
12:29:40.0059 3604 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:29:40.0060 3604 RDPREFMP - ok
12:29:40.0160 3604 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
12:29:40.0162 3604 RDPWD - ok
12:29:40.0191 3604 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
12:29:40.0193 3604 rdyboost - ok
12:29:40.0218 3604 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:29:40.0221 3604 RemoteAccess - ok
12:29:40.0247 3604 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:29:40.0251 3604 RemoteRegistry - ok
12:29:40.0271 3604 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:29:40.0274 3604 RpcEptMapper - ok
12:29:40.0292 3604 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:29:40.0294 3604 RpcLocator - ok
12:29:40.0321 3604 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:29:40.0326 3604 RpcSs - ok
12:29:40.0346 3604 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:40.0347 3604 rspndr - ok
12:29:40.0398 3604 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
12:29:40.0399 3604 RTL8167 - ok
12:29:40.0424 3604 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
12:29:40.0425 3604 s3cap - ok
12:29:40.0475 3604 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:29:40.0478 3604 SamSs - ok
12:29:40.0508 3604 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
12:29:40.0509 3604 sbp2port - ok
12:29:40.0574 3604 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
12:29:40.0575 3604 SBRE - ok
12:29:40.0589 3604 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:29:40.0594 3604 SCardSvr - ok
12:29:40.0667 3604 SCDEmu (9feb2026a460916d1a1198b460632630) C:\Windows\system32\drivers\SCDEmu.sys
12:29:40.0669 3604 SCDEmu - ok
12:29:40.0676 3604 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
12:29:40.0677 3604 scfilter - ok
12:29:40.0727 3604 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
12:29:40.0735 3604 Schedule - ok
12:29:40.0788 3604 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:29:40.0789 3604 SCPolicySvc - ok
12:29:40.0832 3604 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
12:29:40.0836 3604 SDRSVC - ok
12:29:40.0873 3604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:29:40.0874 3604 secdrv - ok
12:29:40.0882 3604 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:29:40.0886 3604 seclogon - ok
12:29:40.0909 3604 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:29:40.0913 3604 SENS - ok
12:29:40.0928 3604 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:29:40.0932 3604 SensrSvc - ok
12:29:40.0956 3604 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:29:40.0957 3604 Serenum - ok
12:29:40.0964 3604 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:29:40.0966 3604 Serial - ok
12:29:40.0986 3604 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:29:40.0987 3604 sermouse - ok
12:29:41.0012 3604 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
12:29:41.0016 3604 SessionEnv - ok
12:29:41.0021 3604 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
12:29:41.0022 3604 sffdisk - ok
12:29:41.0027 3604 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:29:41.0028 3604 sffp_mmc - ok
12:29:41.0042 3604 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:29:41.0043 3604 sffp_sd - ok
12:29:41.0048 3604 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:29:41.0049 3604 sfloppy - ok
12:29:41.0088 3604 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:29:41.0092 3604 SharedAccess - ok
12:29:41.0126 3604 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
12:29:41.0132 3604 ShellHWDetection - ok
12:29:41.0160 3604 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
12:29:41.0161 3604 sisagp - ok
12:29:41.0183 3604 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:29:41.0184 3604 SiSRaid2 - ok
12:29:41.0198 3604 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:29:41.0199 3604 SiSRaid4 - ok
12:29:41.0224 3604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:29:41.0225 3604 Smb - ok
12:29:41.0261 3604 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:29:41.0265 3604 SNMPTRAP - ok
12:29:41.0277 3604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:29:41.0278 3604 spldr - ok
12:29:41.0310 3604 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
12:29:41.0316 3604 Spooler - ok
12:29:41.0551 3604 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
12:29:41.0571 3604 sppsvc - ok
12:29:41.0671 3604 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
12:29:41.0681 3604 sppuinotify - ok
12:29:41.0731 3604 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
12:29:41.0731 3604 srv - ok
12:29:41.0811 3604 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
12:29:41.0821 3604 srv2 - ok
12:29:41.0901 3604 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:41.0901 3604 srvnet - ok
12:29:41.0921 3604 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:29:41.0921 3604 SSDPSRV - ok
12:29:41.0991 3604 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:29:42.0001 3604 SstpSvc - ok
12:29:42.0021 3604 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:29:42.0031 3604 stexstor - ok
12:29:42.0071 3604 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
12:29:42.0071 3604 StiSvc - ok
12:29:42.0141 3604 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:29:42.0141 3604 storflt - ok
12:29:42.0161 3604 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
12:29:42.0171 3604 StorSvc - ok
12:29:42.0191 3604 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
12:29:42.0201 3604 storvsc - ok
12:29:42.0211 3604 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:29:42.0211 3604 swenum - ok
12:29:42.0251 3604 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:29:42.0261 3604 swprv - ok
12:29:42.0331 3604 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
12:29:42.0341 3604 SysMain - ok
12:29:42.0351 3604 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
12:29:42.0351 3604 TabletInputService - ok
12:29:42.0371 3604 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
12:29:42.0381 3604 TapiSrv - ok
12:29:42.0391 3604 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:29:42.0401 3604 TBS - ok
12:29:42.0521 3604 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
12:29:42.0531 3604 Tcpip - ok
12:29:42.0551 3604 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:42.0561 3604 TCPIP6 - ok
12:29:42.0581 3604 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
12:29:42.0581 3604 tcpipreg - ok
12:29:42.0591 3604 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
12:29:42.0591 3604 TDPIPE - ok
12:29:42.0658 3604 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
12:29:42.0659 3604 TDTCP - ok
12:29:42.0854 3604 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
12:29:42.0855 3604 tdx - ok
12:29:42.0860 3604 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
12:29:42.0862 3604 TermDD - ok
12:29:42.0895 3604 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
12:29:42.0902 3604 TermService - ok
12:29:42.0916 3604 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:29:42.0920 3604 Themes - ok
12:29:42.0938 3604 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:29:42.0941 3604 THREADORDER - ok
12:29:42.0963 3604 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:29:42.0968 3604 TrkWks - ok
12:29:43.0011 3604 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
12:29:43.0013 3604 TrustedInstaller - ok
12:29:43.0031 3604 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:43.0032 3604 tssecsrv - ok
12:29:43.0048 3604 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:43.0050 3604 tunnel - ok
12:29:43.0070 3604 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:29:43.0071 3604 uagp35 - ok
12:29:43.0098 3604 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
12:29:43.0100 3604 udfs - ok
12:29:43.0119 3604 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:29:43.0123 3604 UI0Detect - ok
12:29:43.0141 3604 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:29:43.0142 3604 uliagpkx - ok
12:29:43.0166 3604 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
12:29:43.0167 3604 umbus - ok
12:29:43.0179 3604 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:29:43.0180 3604 UmPass - ok
12:29:43.0205 3604 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
12:29:43.0210 3604 UmRdpService - ok
12:29:43.0236 3604 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:29:43.0241 3604 upnphost - ok
12:29:43.0300 3604 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
12:29:43.0301 3604 USBAAPL - ok
12:29:43.0356 3604 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:43.0357 3604 usbccgp - ok
12:29:43.0369 3604 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:29:43.0370 3604 usbcir - ok
12:29:43.0420 3604 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:43.0421 3604 usbehci - ok
12:29:43.0487 3604 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:43.0489 3604 usbhub - ok
12:29:43.0540 3604 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
12:29:43.0541 3604 usbohci - ok
12:29:43.0556 3604 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:43.0557 3604 usbprint - ok
12:29:43.0604 3604 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:43.0605 3604 USBSTOR - ok
12:29:43.0645 3604 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:43.0645 3604 usbuhci - ok
12:29:43.0683 3604 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:29:43.0687 3604 UxSms - ok
12:29:43.0734 3604 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:29:43.0736 3604 VaultSvc - ok
12:29:43.0758 3604 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:29:43.0759 3604 vdrvroot - ok
12:29:43.0793 3604 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
12:29:43.0799 3604 vds - ok
12:29:43.0822 3604 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:43.0823 3604 vga - ok
12:29:43.0831 3604 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:29:43.0832 3604 VgaSave - ok
12:29:43.0849 3604 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
12:29:43.0851 3604 vhdmp - ok
12:29:43.0878 3604 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
12:29:43.0879 3604 viaagp - ok
12:29:43.0891 3604 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:29:43.0892 3604 ViaC7 - ok
12:29:43.0902 3604 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
12:29:43.0903 3604 viaide - ok
12:29:43.0930 3604 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
12:29:43.0931 3604 vmbus - ok
12:29:43.0943 3604 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:29:43.0944 3604 VMBusHID - ok
12:29:43.0956 3604 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
12:29:43.0957 3604 volmgr - ok
12:29:43.0986 3604 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:29:43.0988 3604 volmgrx - ok
12:29:44.0006 3604 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
12:29:44.0008 3604 volsnap - ok
12:29:44.0032 3604 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:29:44.0033 3604 vsmraid - ok
12:29:44.0107 3604 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
12:29:44.0117 3604 VSS - ok
12:29:44.0133 3604 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:29:44.0134 3604 vwifibus - ok
12:29:44.0158 3604 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:29:44.0159 3604 vwififlt - ok
12:29:44.0185 3604 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:29:44.0191 3604 W32Time - ok
12:29:44.0204 3604 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:29:44.0205 3604 WacomPen - ok
12:29:44.0228 3604 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:44.0230 3604 WANARP - ok
12:29:44.0233 3604 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:44.0234 3604 Wanarpv6 - ok
12:29:44.0344 3604 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:29:44.0352 3604 WatAdminSvc - ok
12:29:44.0439 3604 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
12:29:44.0449 3604 wbengine - ok
12:29:44.0471 3604 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:29:44.0476 3604 WbioSrvc - ok
12:29:44.0537 3604 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
12:29:44.0543 3604 wcncsvc - ok
12:29:44.0559 3604 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:29:44.0564 3604 WcsPlugInService - ok
12:29:44.0609 3604 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:29:44.0610 3604 Wd - ok
12:29:44.0638 3604 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:29:44.0641 3604 Wdf01000 - ok
12:29:44.0650 3604 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:29:44.0650 3604 WdiServiceHost - ok
12:29:44.0650 3604 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:29:44.0665 3604 WdiSystemHost - ok
12:29:44.0698 3604 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
12:29:44.0704 3604 WebClient - ok
12:29:44.0722 3604 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:29:44.0728 3604 Wecsvc - ok
12:29:44.0744 3604 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:29:44.0749 3604 wercplsupport - ok
12:29:44.0775 3604 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:29:44.0780 3604 WerSvc - ok
12:29:44.0804 3604 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:29:44.0805 3604 WfpLwf - ok
12:29:44.0817 3604 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:29:44.0818 3604 WIMMount - ok
12:29:44.0903 3604 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:29:44.0907 3604 WinDefend - ok
12:29:44.0913 3604 WinHttpAutoProxySvc - ok
12:29:44.0967 3604 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:29:44.0969 3604 Winmgmt - ok
12:29:45.0044 3604 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
12:29:45.0055 3604 WinRM - ok
12:29:45.0177 3604 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
12:29:45.0178 3604 WinUsb - ok
12:29:45.0231 3604 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:29:45.0240 3604 Wlansvc - ok
12:29:45.0260 3604 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:29:45.0261 3604 WmiAcpi - ok
12:29:45.0320 3604 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:29:45.0321 3604 wmiApSrv - ok
12:29:45.0444 3604 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:29:45.0451 3604 WMPNetworkSvc - ok
12:29:45.0461 3604 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:29:45.0466 3604 WPCSvc - ok
12:29:45.0481 3604 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
12:29:45.0488 3604 WPDBusEnum - ok
12:29:45.0519 3604 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:45.0520 3604 ws2ifsl - ok
12:29:45.0553 3604 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
12:29:45.0558 3604 wscsvc - ok
12:29:45.0562 3604 WSearch - ok
12:29:45.0670 3604 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
12:29:45.0681 3604 wuauserv - ok
12:29:45.0771 3604 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:29:45.0773 3604 WudfPf - ok
12:29:45.0804 3604 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:45.0806 3604 WUDFRd - ok
12:29:45.0825 3604 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
12:29:45.0831 3604 wudfsvc - ok
12:29:45.0852 3604 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:29:45.0858 3604 WwanSvc - ok
12:29:45.0893 3604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:29:45.0916 3604 \Device\Harddisk0\DR0 - ok
12:29:45.0920 3604 Boot (0x1200) (410279e9ad64ca6360a83356f2a00bb8) \Device\Harddisk0\DR0\Partition0
12:29:45.0921 3604 \Device\Harddisk0\DR0\Partition0 - ok
12:29:45.0922 3604 ============================================================
12:29:45.0922 3604 Scan finished
12:29:45.0922 3604 ============================================================
12:29:45.0935 3032 Detected object count: 0
12:29:45.0935 3032 Actual detected object count: 0


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 12:34:19
-----------------------------
12:34:19.843 OS Version: Windows 6.1.7600
12:34:19.843 Number of processors: 2 586 0x1706
12:34:19.844 ComputerName: KIM-PC UserName: kim
12:34:20.408 Initialize success
12:34:20.471 AVAST engine defs: 12042900
12:34:33.466 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:34:33.468 Disk 0 Vendor: WDC_WD800AAJS-00PSA0 05.06H05 Size: 76318MB BusType: 3
12:34:33.480 Disk 0 MBR read successfully
12:34:33.483 Disk 0 MBR scan
12:34:33.486 Disk 0 Windows 7 default MBR code
12:34:33.489 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
12:34:33.495 Disk 0 scanning sectors +156280320
12:34:33.547 Disk 0 scanning C:\Windows\system32\drivers
12:34:39.536 Service scanning
12:35:00.817 Modules scanning
12:35:07.396 Disk 0 trace - called modules:
12:35:07.416 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
12:35:07.420 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d92030]
12:35:07.753 3 CLASSPNP.SYS[8afab59e] -> nt!IofCallDriver -> [0x858c5918]
12:35:07.759 5 ACPI.sys[8aa123b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fc4610]
12:35:08.339 AVAST engine scan C:\Windows
12:35:18.878 AVAST engine scan C:\Windows\system32
12:36:57.064 AVAST engine scan C:\Windows\system32\drivers
12:37:04.393 AVAST engine scan C:\Users\kim
12:41:40.285 Disk 0 MBR has been saved successfully to "C:\Users\kim\Desktop\MBR.dat"
12:41:40.293 The log file has been saved successfully to "C:\Users\kim\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 29 April 2012 - 02:55 PM

Hello


Are you still getting redirected If you are I would like to know which browsers are doing it - check all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dokimqueen

dokimqueen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 29 April 2012 - 07:13 PM

Yes, I am sadly still getting redirected in both Chrome and Firefox but not IE (which is unfortunate because I never use IE).

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 30 April 2012 - 03:58 AM

Hello


I want you to uninstall both firefox and chrome If asked about user data or settings remove those also (you may backup your bookmarks only)


now reinstall both firefox and chrome and see if they are still redirecting


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 03 May 2012 - 12:17 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dokimqueen

dokimqueen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 04 May 2012 - 01:29 AM

Hello,

Sorry! I apologize for not being a little more prompt with my replies; just taking some time to catch up with everything. Anyway, I have reinstalled both Firefox and Google Chrome. For now, they seem to have stopped redirecting! I'm unsure if this state will last, however, because the redirecting has stopped before only to return. Please let me know and thank you for the help! (:

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 04 May 2012 - 02:16 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 06 May 2012 - 11:44 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 09 May 2012 - 11:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dokimqueen

dokimqueen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 11 May 2012 - 09:18 AM

I'm sorry, if possible, I would like to request for more time. It seems as if my computer problems have occurred during the most inopportune of times--during my finals! Thanks in advance for your understanding. (:

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:54 AM

Posted 11 May 2012 - 01:11 PM

No problem and I will check on you in a couple of days



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users