Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer redirects


  • This topic is locked This topic is locked
24 replies to this topic

#1 Jiminey

Jiminey

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 09:14 AM

Hi, my name is Jim and I have a computer problem.

I do a search in Google (using IE....Firefox seems to be working fine) and almost every link redirects to somewhere other than what the search results indicate it will go. Not every time,but most of the time. I've tried a few things (AVAST, Malwarebytes, etc) but nothing is finding it. Please help.

I read "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help", but when I started GMER I did not get the option to select all of the checkboxes that the guide indicated that I would. Most of them are grayed out.

The computer is running Windows 7 and the IE version is 8...but you could probably tell those things from the logs.
I run AVAST at all times and I'm surprised that it did not catch this problem.
Windows update is turned on and set to update automatically.
My son recently installed

I'll wait for further instructions before attempting to do anything else.

Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 May 2012 - 12:35 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jiminey

Jiminey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 07:20 PM

Thanks Gringo. I appreciate your help.

Log files included below.


Security Check
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastUI.exe
AVAST Software Avast AvastSvc.exe
``````````End of Log````````````



DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jim at 19:15:11 on 2012-05-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6249 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Cameron\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -update activex
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Jim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1293307705233
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B1FCAC28-6CCD-4376-A8D6-6ABBC1A37615} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-23 44768]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-20 13336]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-20 689472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-15 257696]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-16 14:42:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93658B5F-B559-49F1-B131-529BCFB24EC5}\offreg.dll
2012-05-16 02:09:37 -------- d-----w- C:\Users\Jim\AppData\Roaming\Malwarebytes
2012-05-16 02:09:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-16 02:09:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-16 02:09:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-15 20:20:07 -------- d-----w- C:\Users\Jim\AppData\Local\Google
2012-05-15 20:10:28 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 20:10:28 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 18:36:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-15 16:06:34 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-15 13:50:14 -------- d-----w- C:\Users\Jim\AppData\Local\{430B9351-9A8C-49CF-92FA-344377EFBF8E}
2012-05-15 13:50:04 -------- d-----w- C:\Users\Jim\AppData\Local\{1EBB5664-F274-4486-A468-96CA4B49F476}
2012-05-15 12:28:02 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-15 12:27:59 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93658B5F-B559-49F1-B131-529BCFB24EC5}\mpengine.dll
2012-05-14 19:08:11 -------- d-----w- C:\Users\Jim\AppData\Local\{744AEE8A-A301-4BED-B7AD-1D0B340DC637}
2012-05-14 14:36:10 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-05-11 00:01:12 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 00:01:11 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 00:01:10 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-11 00:01:10 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-11 00:01:10 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-11 00:01:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-11 00:01:09 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-11 00:01:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-11 00:01:09 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-11 00:01:08 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-11 00:00:30 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 00:00:27 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 00:00:13 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 00:00:11 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 00:00:11 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 00:00:08 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 00:00:03 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 00:00:02 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:00:01 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:00:01 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 00:00:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-04 00:01:29 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
.
==================== Find3M ====================
.
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:15:24.93 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2010 10:31:43 AM
System Uptime: 5/15/2012 11:10:48 PM (20 hours ago)
.
Motherboard: Dell Inc. | | 0G3HR7
Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz | CPU 1 | 2934/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 745.956 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP255: 5/14/2012 11:53:59 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP256: 5/15/2012 3:00:26 AM - Windows Update
RP257: 5/15/2012 6:27:08 AM - Windows Update
RP258: 5/15/2012 9:10:57 AM - Windows Update
RP259: 5/15/2012 9:05:27 PM - Removed Skype Toolbars
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Media Player
Adobe Reader 9.1.2
ATI Catalyst Control Center
avast! Free Antivirus
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Diablo III
DirectXInstallService
Driver Whiz
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
EMC 10 Content
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
HP Officejet Pro 8500 A910 Help
HP Update
I.R.I.S. OCR
Intel® Control Center
Intel® Rapid Storage Technology
Internet Explorer
Java Auto Updater
Java™ 6 Update 30
League of Legends
Malwarebytes Anti-Malware version 1.61.0.1400
Marketsplash Shortcuts
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Mumble 1.2.3
Pando Media Booster
PDF Settings CS5
Portal
Realtek High Definition Audio Driver
RIFT
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skins
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Steam
THX TruStudio PC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World of Warcraft
World of Warcraft Beta
.
==== Event Viewer Messages From Past Week ========
.
5/15/2012 9:13:24 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
5/15/2012 7:49:34 AM, Error: Microsoft-Windows-GroupPolicy [1096] - The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
5/15/2012 7:49:33 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/15/2012 3:00:21 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{B1FCAC28-6CCD-4376-A8D6-6ABBC1A37615} because another computer on the network has the same name. The server could not start.
5/15/2012 2:26:12 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
5/15/2012 2:26:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
5/15/2012 2:25:54 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
5/15/2012 11:56:31 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
5/15/2012 11:50:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
5/15/2012 1:33:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
5/15/2012 1:33:51 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/14/2012 4:41:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Cameron8100\Cameron SID (S-1-5-21-1215270549-4258520890-2264502437-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/14/2012 2:59:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
5/14/2012 2:57:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2012 2:53:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fsssvc with arguments "" in order to run the server: {9A027D9F-AE6D-4116-AE94-BAB878D7EE47}
5/14/2012 2:52:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/14/2012 2:49:37 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2012 2:49:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/14/2012 2:49:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/14/2012 2:49:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/14/2012 2:49:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/14/2012 2:49:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi avipbb avkmgr discache RxFilter spldr Wanarpv6
5/14/2012 2:46:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
5/14/2012 11:54:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
5/11/2012 8:46:51 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/11/2012 7:31:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache MpFilter RxFilter spldr Wanarpv6
5/11/2012 7:15:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
5/11/2012 7:09:43 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/11/2012 7:09:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/11/2012 7:09:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache mfehidk mfenlfk MpFilter NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf
5/11/2012 7:09:14 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 7:09:13 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 11:29:41 AM, Error: Microsoft Antimalware [2001] -
5/11/2012 11:22:22 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/11/2012 10:05:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/11/2012 10:05:42 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 May 2012 - 08:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jiminey

Jiminey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 08:48 PM

Gringo,

Far worse problem. ComboFix went through about 50 stages (or so) deleted a file named install.exe from the root directory of C:, and deleted 3 folders, one from each of the temp file folder under each user profile on the computer.

It then restarted the computer, but when the desktop appeared the ComboFix box started rapidly flashing across the screen in a diagonal pattern. From that point on the machine seemed to be too busy (memory? CPU? ??) that I could not get other response from it. Had to power it down and reboot. But when I did that it came right back to the same condition with the ComboFix box flashing again.

So I powered down again and started up in Safe Mode with Networking. I'm on now, but I'm a little concerned about what to do next. I can't find a log file produced by ComboFix.

Help.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 May 2012 - 09:00 PM

did you run combofix from an admin account?

start the computer with the admin account and see if combofix completes.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jiminey

Jiminey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 09:26 PM

No, I was not logged on as an admin user. Didn't think about that.
When I did login as an admin user ComboFix appears to have completed. Whew!

The log is below.

You're last question from the post before was "How is the computer doing now?" It seems to be working well at this point. Internet Explorer has not redirected even once since ComboFix completed. But I noticed something called SideBySide in one of the log files and when I looked it up it appears to be an issue. However, I'm waitng for your directions before doing anything else.

ComboFix 12-05-16.02 - Jim 05/16/2012 20:21:14.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6197 [GMT -6:00]
Running from: c:\users\Cameron\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Cameron\AppData\Local\._Revolution_
c:\users\Jim\AppData\Local\._Revolution_
c:\users\Kathy\AppData\Local\._Revolution_
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-16 02:09 . 2012-05-16 02:09 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes
2012-05-16 02:09 . 2012-05-16 02:09 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 02:09 . 2012-05-16 02:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-16 02:09 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-16 01:49 . 2012-05-16 01:49 -------- d-----w- c:\users\Cameron\AppData\Local\Mozilla
2012-05-16 01:49 . 2012-05-16 01:49 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-16 00:54 . 2012-05-16 00:54 -------- d-----w- c:\users\Cameron\AppData\Local\Google
2012-05-15 20:20 . 2012-05-16 03:03 -------- d-----w- c:\users\Jim\AppData\Local\Google
2012-05-15 20:10 . 2012-05-15 20:20 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 20:10 . 2012-05-15 20:20 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-15 18:36 . 2012-05-15 18:36 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-15 18:05 . 2012-05-17 02:26 -------- d-----w- c:\program files\Google
2012-05-15 18:05 . 2012-05-15 19:31 -------- d-----w- c:\users\Kathy\AppData\Local\Google
2012-05-15 18:05 . 2012-05-17 02:26 -------- d-----w- c:\program files (x86)\Google
2012-05-15 18:05 . 2012-05-15 18:05 -------- d-----w- c:\windows\system32\Macromed
2012-05-15 16:06 . 2012-05-15 17:24 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 15:11 . 2012-05-15 15:11 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 15:11 . 2012-05-15 15:11 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 12:27 . 2012-04-18 09:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93658B5F-B559-49F1-B131-529BCFB24EC5}\mpengine.dll
2012-05-15 04:16 . 2012-05-15 04:16 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-05-14 14:36 . 2012-01-12 15:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-11 13:22 . 2012-05-11 13:22 -------- d-----w- c:\users\Cameron\AppData\Local\{9107476E-4E29-492D-862C-5A43B6652B32}
2012-05-11 00:01 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 00:01 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 00:01 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 00:01 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 00:01 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-11 00:01 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-11 00:01 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 00:01 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 00:01 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-11 00:01 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-11 00:00 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 00:00 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 00:00 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 00:00 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 00:00 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 00:00 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 00:00 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 00:00 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:00 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 00:00 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:00 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-04 00:01 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-06-19 21:57 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-06-19 21:57 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-05-20 03:25 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-06-19 21:57 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-06-19 21:57 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-23 12:36 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-06-19 21:57 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-06-19 21:57 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-06-19 21:57 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 06:54 . 2012-04-12 09:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 09:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 09:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 09:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 09:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 09:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 09:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:35 . 2012-04-11 13:03 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:33 . 2012-04-11 13:03 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 05:40 . 2012-04-11 13:03 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 05:38 . 2012-04-11 13:03 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-28 05:17 . 2012-04-11 13:03 482816 ----a-w- c:\windows\system32\html.iec
2012-02-28 04:35 . 2012-04-11 13:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 04:31 . 2012-04-11 13:03 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-02-28 03:57 . 2012-04-11 13:03 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 16:18 . 2011-12-31 17:28 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 136176]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 257696]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 20:20]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 18:05]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 18:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-05-16 21:09:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 03:09
.
Pre-Run: 800,823,750,656 bytes free
Post-Run: 805,301,456,896 bytes free
.
- - End Of File - - 2192D5E5DF6D0A10984D64A6F7CD4C72

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 May 2012 - 09:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jiminey

Jiminey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 09:55 PM

Gringo,

As requested. And by the way, IE is back to redirecting. The problem seems to be intermittent. I've switched back to Firefox in order to get to BleepingComputer and interact with you as it is (so far) unaffected.

21:41:19.0992 0220 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
21:41:20.0444 0220 ============================================================
21:41:20.0444 0220 Current date / time: 2012/05/16 21:41:20.0444
21:41:20.0444 0220 SystemInfo:
21:41:20.0444 0220
21:41:20.0444 0220 OS Version: 6.1.7600 ServicePack: 0.0
21:41:20.0444 0220 Product type: Workstation
21:41:20.0444 0220 ComputerName: CAMERON8100
21:41:20.0444 0220 UserName: Jim
21:41:20.0444 0220 Windows directory: C:\Windows
21:41:20.0444 0220 System windows directory: C:\Windows
21:41:20.0444 0220 Running under WOW64
21:41:20.0444 0220 Processor architecture: Intel x64
21:41:20.0444 0220 Number of processors: 8
21:41:20.0444 0220 Page size: 0x1000
21:41:20.0444 0220 Boot type: Normal boot
21:41:20.0444 0220 ============================================================
21:41:20.0741 0220 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:41:20.0772 0220 Drive \Device\Harddisk5\DR5 - Size: 0x7740FE00 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:41:20.0772 0220 ============================================================
21:41:20.0772 0220 \Device\Harddisk0\DR0:
21:41:20.0772 0220 MBR partitions:
21:41:20.0772 0220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
21:41:20.0772 0220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E73000
21:41:20.0772 0220 \Device\Harddisk5\DR5:
21:41:20.0772 0220 MBR partitions:
21:41:20.0772 0220 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
21:41:20.0772 0220 ============================================================
21:41:20.0819 0220 C: <-> \Device\Harddisk0\DR0\Partition1
21:41:20.0819 0220 ============================================================
21:41:20.0819 0220 Initialize success
21:41:20.0819 0220 ============================================================
21:41:25.0187 6092 ============================================================
21:41:25.0187 6092 Scan started
21:41:25.0187 6092 Mode: Manual;
21:41:25.0187 6092 ============================================================
21:41:25.0545 6092 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
21:41:25.0545 6092 1394ohci - ok
21:41:25.0592 6092 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:41:25.0592 6092 ACPI - ok
21:41:25.0608 6092 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:41:25.0608 6092 AcpiPmi - ok
21:41:25.0701 6092 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:41:25.0701 6092 AdobeFlashPlayerUpdateSvc - ok
21:41:25.0748 6092 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:41:25.0748 6092 adp94xx - ok
21:41:25.0779 6092 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:41:25.0779 6092 adpahci - ok
21:41:25.0795 6092 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:41:25.0811 6092 adpu320 - ok
21:41:25.0826 6092 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:41:25.0826 6092 AeLookupSvc - ok
21:41:25.0873 6092 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:41:25.0873 6092 AFD - ok
21:41:25.0904 6092 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:41:25.0904 6092 agp440 - ok
21:41:25.0920 6092 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:41:25.0920 6092 ALG - ok
21:41:25.0935 6092 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:41:25.0951 6092 aliide - ok
21:41:25.0998 6092 AMD External Events Utility (8f6c0ff277dbfe5ebed24e3543da7bfa) C:\Windows\system32\atiesrxx.exe
21:41:25.0998 6092 AMD External Events Utility - ok
21:41:26.0013 6092 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:41:26.0013 6092 amdide - ok
21:41:26.0029 6092 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:41:26.0029 6092 AmdK8 - ok
21:41:26.0232 6092 amdkmdag (9673319070166e26660eba4edf316fa2) C:\Windows\system32\DRIVERS\atipmdag.sys
21:41:26.0326 6092 amdkmdag - ok
21:41:26.0419 6092 amdkmdap (430d06d63952848e64cbbf23b5c1479e) C:\Windows\system32\DRIVERS\atikmpag.sys
21:41:26.0419 6092 amdkmdap - ok
21:41:26.0450 6092 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:41:26.0450 6092 AmdPPM - ok
21:41:26.0482 6092 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:41:26.0482 6092 amdsata - ok
21:41:26.0497 6092 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:41:26.0513 6092 amdsbs - ok
21:41:26.0513 6092 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:41:26.0513 6092 amdxata - ok
21:41:26.0544 6092 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:41:26.0544 6092 AppID - ok
21:41:26.0560 6092 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:41:26.0560 6092 AppIDSvc - ok
21:41:26.0575 6092 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:41:26.0575 6092 Appinfo - ok
21:41:26.0622 6092 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:41:26.0622 6092 arc - ok
21:41:26.0622 6092 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:41:26.0638 6092 arcsas - ok
21:41:26.0653 6092 aspnet_state - ok
21:41:26.0684 6092 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
21:41:26.0684 6092 aswFsBlk - ok
21:41:26.0716 6092 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
21:41:26.0716 6092 aswMonFlt - ok
21:41:26.0747 6092 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
21:41:26.0747 6092 aswRdr - ok
21:41:26.0794 6092 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
21:41:26.0809 6092 aswSnx - ok
21:41:26.0840 6092 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
21:41:26.0840 6092 aswSP - ok
21:41:26.0856 6092 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
21:41:26.0856 6092 aswTdi - ok
21:41:26.0872 6092 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:26.0872 6092 AsyncMac - ok
21:41:26.0918 6092 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:41:26.0918 6092 atapi - ok
21:41:26.0996 6092 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
21:41:27.0028 6092 athr - ok
21:41:27.0121 6092 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
21:41:27.0121 6092 AtiHdmiService - ok
21:41:27.0184 6092 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:41:27.0184 6092 AudioEndpointBuilder - ok
21:41:27.0199 6092 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:41:27.0199 6092 AudioSrv - ok
21:41:27.0277 6092 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:41:27.0277 6092 avast! Antivirus - ok
21:41:27.0293 6092 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:41:27.0293 6092 AxInstSV - ok
21:41:27.0324 6092 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:41:27.0340 6092 b06bdrv - ok
21:41:27.0371 6092 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:41:27.0386 6092 b57nd60a - ok
21:41:27.0402 6092 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:41:27.0402 6092 BDESVC - ok
21:41:27.0402 6092 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:41:27.0418 6092 Beep - ok
21:41:27.0464 6092 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:41:27.0464 6092 BFE - ok
21:41:27.0511 6092 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:41:27.0511 6092 BITS - ok
21:41:27.0542 6092 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:41:27.0542 6092 blbdrive - ok
21:41:27.0574 6092 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:41:27.0574 6092 bowser - ok
21:41:27.0589 6092 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:41:27.0589 6092 BrFiltLo - ok
21:41:27.0589 6092 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:41:27.0605 6092 BrFiltUp - ok
21:41:27.0636 6092 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:41:27.0636 6092 BridgeMP - ok
21:41:27.0652 6092 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:41:27.0652 6092 Browser - ok
21:41:27.0667 6092 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:41:27.0683 6092 Brserid - ok
21:41:27.0698 6092 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:27.0698 6092 BrSerWdm - ok
21:41:27.0714 6092 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:27.0714 6092 BrUsbMdm - ok
21:41:27.0730 6092 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:27.0730 6092 BrUsbSer - ok
21:41:27.0745 6092 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:41:27.0745 6092 BTHMODEM - ok
21:41:27.0776 6092 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:41:27.0776 6092 bthserv - ok
21:41:27.0776 6092 catchme - ok
21:41:27.0808 6092 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:41:27.0808 6092 cdfs - ok
21:41:27.0839 6092 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:41:27.0839 6092 cdrom - ok
21:41:27.0854 6092 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:41:27.0854 6092 CertPropSvc - ok
21:41:27.0870 6092 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:41:27.0870 6092 circlass - ok
21:41:27.0901 6092 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:41:27.0901 6092 CLFS - ok
21:41:27.0964 6092 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:41:27.0964 6092 clr_optimization_v2.0.50727_32 - ok
21:41:27.0979 6092 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:41:27.0979 6092 clr_optimization_v2.0.50727_64 - ok
21:41:28.0057 6092 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:41:28.0057 6092 clr_optimization_v4.0.30319_32 - ok
21:41:28.0088 6092 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:41:28.0088 6092 clr_optimization_v4.0.30319_64 - ok
21:41:28.0104 6092 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:28.0104 6092 CmBatt - ok
21:41:28.0104 6092 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:41:28.0120 6092 cmdide - ok
21:41:28.0166 6092 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:41:28.0166 6092 CNG - ok
21:41:28.0198 6092 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:41:28.0198 6092 Compbatt - ok
21:41:28.0213 6092 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:41:28.0229 6092 CompositeBus - ok
21:41:28.0229 6092 COMSysApp - ok
21:41:28.0244 6092 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:41:28.0260 6092 crcdisk - ok
21:41:28.0276 6092 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:41:28.0276 6092 CryptSvc - ok
21:41:28.0307 6092 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:41:28.0322 6092 DcomLaunch - ok
21:41:28.0354 6092 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:41:28.0354 6092 defragsvc - ok
21:41:28.0385 6092 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:41:28.0385 6092 DfsC - ok
21:41:28.0400 6092 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:41:28.0416 6092 Dhcp - ok
21:41:28.0432 6092 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:41:28.0432 6092 discache - ok
21:41:28.0447 6092 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:41:28.0447 6092 Disk - ok
21:41:28.0478 6092 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:41:28.0478 6092 Dnscache - ok
21:41:28.0541 6092 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:41:28.0541 6092 DockLoginService - ok
21:41:28.0572 6092 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:41:28.0572 6092 dot3svc - ok
21:41:28.0588 6092 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:41:28.0603 6092 DPS - ok
21:41:28.0634 6092 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:41:28.0634 6092 drmkaud - ok
21:41:28.0697 6092 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:41:28.0697 6092 DXGKrnl - ok
21:41:28.0744 6092 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:41:28.0744 6092 EapHost - ok
21:41:28.0853 6092 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:41:28.0900 6092 ebdrv - ok
21:41:28.0993 6092 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:41:28.0993 6092 EFS - ok
21:41:29.0056 6092 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:41:29.0071 6092 ehRecvr - ok
21:41:29.0087 6092 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:41:29.0087 6092 ehSched - ok
21:41:29.0134 6092 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:41:29.0149 6092 elxstor - ok
21:41:29.0165 6092 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:41:29.0165 6092 ErrDev - ok
21:41:29.0212 6092 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:41:29.0227 6092 EventSystem - ok
21:41:29.0258 6092 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:41:29.0258 6092 exfat - ok
21:41:29.0274 6092 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:41:29.0274 6092 fastfat - ok
21:41:29.0321 6092 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:41:29.0336 6092 Fax - ok
21:41:29.0352 6092 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:41:29.0352 6092 fdc - ok
21:41:29.0368 6092 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:41:29.0368 6092 fdPHost - ok
21:41:29.0383 6092 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:41:29.0383 6092 FDResPub - ok
21:41:29.0399 6092 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:41:29.0399 6092 FileInfo - ok
21:41:29.0399 6092 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:41:29.0414 6092 Filetrace - ok
21:41:29.0492 6092 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:41:29.0508 6092 FLEXnet Licensing Service - ok
21:41:29.0539 6092 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:41:29.0539 6092 flpydisk - ok
21:41:29.0555 6092 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:41:29.0555 6092 FltMgr - ok
21:41:29.0633 6092 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:41:29.0633 6092 FontCache - ok
21:41:29.0695 6092 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:41:29.0695 6092 FontCache3.0.0.0 - ok
21:41:29.0742 6092 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:41:29.0742 6092 FsDepends - ok
21:41:29.0804 6092 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:41:29.0804 6092 fssfltr - ok
21:41:29.0929 6092 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:41:29.0945 6092 fsssvc - ok
21:41:30.0038 6092 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:41:30.0038 6092 Fs_Rec - ok
21:41:30.0070 6092 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:41:30.0070 6092 fvevol - ok
21:41:30.0085 6092 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:41:30.0085 6092 gagp30kx - ok
21:41:30.0116 6092 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:41:30.0116 6092 GoToAssist - ok
21:41:30.0163 6092 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:41:30.0179 6092 gpsvc - ok
21:41:30.0241 6092 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:30.0257 6092 gupdate - ok
21:41:30.0257 6092 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:30.0257 6092 gupdatem - ok
21:41:30.0272 6092 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:41:30.0272 6092 hcw85cir - ok
21:41:30.0288 6092 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:41:30.0304 6092 HDAudBus - ok
21:41:30.0335 6092 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:41:30.0335 6092 HECIx64 - ok
21:41:30.0350 6092 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:41:30.0366 6092 HidBatt - ok
21:41:30.0382 6092 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:41:30.0382 6092 HidBth - ok
21:41:30.0397 6092 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:41:30.0397 6092 HidIr - ok
21:41:30.0413 6092 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:41:30.0413 6092 hidserv - ok
21:41:30.0428 6092 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:41:30.0428 6092 HidUsb - ok
21:41:30.0444 6092 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:41:30.0444 6092 hkmsvc - ok
21:41:30.0460 6092 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:41:30.0460 6092 HomeGroupListener - ok
21:41:30.0475 6092 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:41:30.0491 6092 HomeGroupProvider - ok
21:41:30.0506 6092 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:41:30.0506 6092 HpSAMD - ok
21:41:30.0538 6092 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:41:30.0553 6092 HTTP - ok
21:41:30.0584 6092 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:41:30.0584 6092 hwpolicy - ok
21:41:30.0616 6092 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:41:30.0616 6092 i8042prt - ok
21:41:30.0647 6092 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
21:41:30.0647 6092 iaStor - ok
21:41:30.0709 6092 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:41:30.0709 6092 IAStorDataMgrSvc - ok
21:41:30.0756 6092 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:41:30.0756 6092 iaStorV - ok
21:41:30.0850 6092 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:41:30.0865 6092 idsvc - ok
21:41:30.0912 6092 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:41:30.0912 6092 iirsp - ok
21:41:30.0959 6092 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:41:30.0959 6092 IKEEXT - ok
21:41:31.0006 6092 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
21:41:31.0006 6092 Impcd - ok
21:41:31.0099 6092 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
21:41:31.0115 6092 IntcAzAudAddService - ok
21:41:31.0193 6092 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:41:31.0193 6092 IntcDAud - ok
21:41:31.0208 6092 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:41:31.0208 6092 intelide - ok
21:41:31.0224 6092 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:41:31.0224 6092 intelppm - ok
21:41:31.0240 6092 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:41:31.0240 6092 IPBusEnum - ok
21:41:31.0255 6092 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:41:31.0255 6092 IpFilterDriver - ok
21:41:31.0302 6092 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:41:31.0302 6092 iphlpsvc - ok
21:41:31.0349 6092 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:41:31.0349 6092 IPMIDRV - ok
21:41:31.0364 6092 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:41:31.0364 6092 IPNAT - ok
21:41:31.0380 6092 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:41:31.0380 6092 IRENUM - ok
21:41:31.0396 6092 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:41:31.0396 6092 isapnp - ok
21:41:31.0411 6092 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:41:31.0427 6092 iScsiPrt - ok
21:41:31.0458 6092 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:41:31.0458 6092 k57nd60a - ok
21:41:31.0474 6092 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:41:31.0474 6092 kbdclass - ok
21:41:31.0489 6092 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:41:31.0489 6092 kbdhid - ok
21:41:31.0520 6092 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:41:31.0536 6092 KeyIso - ok
21:41:31.0552 6092 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:41:31.0552 6092 KSecDD - ok
21:41:31.0567 6092 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:41:31.0567 6092 KSecPkg - ok
21:41:31.0583 6092 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:41:31.0583 6092 ksthunk - ok
21:41:31.0630 6092 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:41:31.0630 6092 KtmRm - ok
21:41:31.0676 6092 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:41:31.0692 6092 LanmanServer - ok
21:41:31.0708 6092 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:41:31.0723 6092 LanmanWorkstation - ok
21:41:31.0739 6092 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:41:31.0739 6092 lltdio - ok
21:41:31.0786 6092 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:41:31.0786 6092 lltdsvc - ok
21:41:31.0801 6092 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:41:31.0801 6092 lmhosts - ok
21:41:31.0832 6092 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:41:31.0832 6092 LSI_FC - ok
21:41:31.0848 6092 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:41:31.0864 6092 LSI_SAS - ok
21:41:31.0879 6092 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:41:31.0879 6092 LSI_SAS2 - ok
21:41:31.0895 6092 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:41:31.0895 6092 LSI_SCSI - ok
21:41:31.0926 6092 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:41:31.0926 6092 luafv - ok
21:41:31.0942 6092 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:41:31.0957 6092 Mcx2Svc - ok
21:41:31.0973 6092 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:41:31.0973 6092 megasas - ok
21:41:31.0988 6092 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:41:31.0988 6092 MegaSR - ok
21:41:32.0004 6092 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:41:32.0020 6092 MMCSS - ok
21:41:32.0035 6092 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:41:32.0035 6092 Modem - ok
21:41:32.0051 6092 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:41:32.0051 6092 monitor - ok
21:41:32.0066 6092 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:41:32.0066 6092 mouclass - ok
21:41:32.0066 6092 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:41:32.0066 6092 mouhid - ok
21:41:32.0082 6092 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:41:32.0082 6092 mountmgr - ok
21:41:32.0144 6092 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:41:32.0144 6092 MozillaMaintenance - ok
21:41:32.0176 6092 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:41:32.0176 6092 mpio - ok
21:41:32.0176 6092 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:41:32.0176 6092 mpsdrv - ok
21:41:32.0222 6092 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:41:32.0238 6092 MpsSvc - ok
21:41:32.0254 6092 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:41:32.0254 6092 MRxDAV - ok
21:41:32.0300 6092 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:41:32.0300 6092 mrxsmb - ok
21:41:32.0347 6092 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:41:32.0347 6092 mrxsmb10 - ok
21:41:32.0394 6092 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:41:32.0394 6092 mrxsmb20 - ok
21:41:32.0410 6092 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
21:41:32.0410 6092 msahci - ok
21:41:32.0441 6092 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:41:32.0441 6092 msdsm - ok
21:41:32.0456 6092 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:41:32.0472 6092 MSDTC - ok
21:41:32.0488 6092 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:41:32.0488 6092 Msfs - ok
21:41:32.0503 6092 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:41:32.0503 6092 mshidkmdf - ok
21:41:32.0503 6092 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:41:32.0503 6092 msisadrv - ok
21:41:32.0534 6092 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:41:32.0534 6092 MSiSCSI - ok
21:41:32.0550 6092 msiserver - ok
21:41:32.0566 6092 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:41:32.0566 6092 MSKSSRV - ok
21:41:32.0566 6092 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:41:32.0566 6092 MSPCLOCK - ok
21:41:32.0581 6092 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:41:32.0581 6092 MSPQM - ok
21:41:32.0597 6092 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:41:32.0612 6092 MsRPC - ok
21:41:32.0628 6092 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:41:32.0628 6092 mssmbios - ok
21:41:32.0644 6092 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:41:32.0644 6092 MSTEE - ok
21:41:32.0659 6092 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:41:32.0659 6092 MTConfig - ok
21:41:32.0675 6092 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:41:32.0675 6092 Mup - ok
21:41:32.0706 6092 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:41:32.0722 6092 napagent - ok
21:41:32.0753 6092 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:41:32.0753 6092 NativeWifiP - ok
21:41:32.0800 6092 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:41:32.0815 6092 NDIS - ok
21:41:32.0831 6092 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:41:32.0831 6092 NdisCap - ok
21:41:32.0846 6092 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:41:32.0862 6092 NdisTapi - ok
21:41:32.0862 6092 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:41:32.0862 6092 Ndisuio - ok
21:41:32.0893 6092 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:41:32.0893 6092 NdisWan - ok
21:41:32.0909 6092 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:41:32.0909 6092 NDProxy - ok
21:41:32.0924 6092 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:41:32.0924 6092 NetBIOS - ok
21:41:32.0940 6092 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:41:32.0940 6092 NetBT - ok
21:41:32.0971 6092 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:41:32.0971 6092 Netlogon - ok
21:41:33.0018 6092 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:41:33.0018 6092 Netman - ok
21:41:33.0065 6092 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:41:33.0080 6092 netprofm - ok
21:41:33.0143 6092 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:41:33.0143 6092 NetTcpPortSharing - ok
21:41:33.0158 6092 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:41:33.0158 6092 nfrd960 - ok
21:41:33.0205 6092 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:41:33.0205 6092 NlaSvc - ok
21:41:33.0361 6092 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
21:41:33.0377 6092 NOBU - ok
21:41:33.0424 6092 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:41:33.0424 6092 Npfs - ok
21:41:33.0439 6092 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:41:33.0439 6092 nsi - ok
21:41:33.0455 6092 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:41:33.0455 6092 nsiproxy - ok
21:41:33.0533 6092 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:41:33.0548 6092 Ntfs - ok
21:41:33.0611 6092 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:41:33.0611 6092 Null - ok
21:41:33.0658 6092 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:41:33.0658 6092 nvraid - ok
21:41:33.0689 6092 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:41:33.0704 6092 nvstor - ok
21:41:33.0720 6092 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:41:33.0736 6092 nv_agp - ok
21:41:33.0845 6092 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:41:33.0845 6092 odserv - ok
21:41:33.0876 6092 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:41:33.0876 6092 ohci1394 - ok
21:41:33.0892 6092 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:41:33.0892 6092 ose - ok
21:41:33.0923 6092 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:41:33.0923 6092 p2pimsvc - ok
21:41:33.0954 6092 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:41:33.0970 6092 p2psvc - ok
21:41:33.0985 6092 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:41:33.0985 6092 Parport - ok
21:41:34.0032 6092 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:41:34.0032 6092 partmgr - ok
21:41:34.0048 6092 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:41:34.0048 6092 PcaSvc - ok
21:41:34.0079 6092 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:41:34.0079 6092 pci - ok
21:41:34.0110 6092 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:41:34.0110 6092 pciide - ok
21:41:34.0126 6092 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:41:34.0141 6092 pcmcia - ok
21:41:34.0157 6092 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:41:34.0157 6092 pcw - ok
21:41:34.0188 6092 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:41:34.0204 6092 PEAUTH - ok
21:41:34.0266 6092 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:41:34.0266 6092 PerfHost - ok
21:41:34.0360 6092 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:41:34.0375 6092 pla - ok
21:41:34.0438 6092 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:41:34.0438 6092 PlugPlay - ok
21:41:34.0469 6092 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:41:34.0469 6092 PNRPAutoReg - ok
21:41:34.0484 6092 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:41:34.0500 6092 PNRPsvc - ok
21:41:34.0547 6092 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:41:34.0562 6092 PolicyAgent - ok
21:41:34.0578 6092 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:41:34.0578 6092 Power - ok
21:41:34.0594 6092 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:41:34.0594 6092 PptpMiniport - ok
21:41:34.0609 6092 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:41:34.0609 6092 Processor - ok
21:41:34.0640 6092 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:41:34.0640 6092 ProfSvc - ok
21:41:34.0672 6092 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:41:34.0672 6092 ProtectedStorage - ok
21:41:34.0703 6092 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:41:34.0703 6092 Psched - ok
21:41:34.0734 6092 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:41:34.0734 6092 PxHlpa64 - ok
21:41:34.0828 6092 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:41:34.0859 6092 ql2300 - ok
21:41:34.0921 6092 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:41:34.0921 6092 ql40xx - ok
21:41:34.0952 6092 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:41:34.0952 6092 QWAVE - ok
21:41:34.0968 6092 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:41:34.0968 6092 QWAVEdrv - ok
21:41:34.0984 6092 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:41:34.0984 6092 RasAcd - ok
21:41:35.0015 6092 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:41:35.0015 6092 RasAgileVpn - ok
21:41:35.0030 6092 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:41:35.0030 6092 RasAuto - ok
21:41:35.0046 6092 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:41:35.0062 6092 Rasl2tp - ok
21:41:35.0093 6092 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:41:35.0093 6092 RasMan - ok
21:41:35.0108 6092 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:41:35.0124 6092 RasPppoe - ok
21:41:35.0124 6092 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:41:35.0140 6092 RasSstp - ok
21:41:35.0140 6092 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:41:35.0155 6092 rdbss - ok
21:41:35.0155 6092 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:41:35.0155 6092 rdpbus - ok
21:41:35.0171 6092 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:41:35.0171 6092 RDPCDD - ok
21:41:35.0186 6092 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:41:35.0186 6092 RDPENCDD - ok
21:41:35.0186 6092 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:41:35.0186 6092 RDPREFMP - ok
21:41:35.0218 6092 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
21:41:35.0233 6092 RDPWD - ok
21:41:35.0249 6092 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:41:35.0249 6092 rdyboost - ok
21:41:35.0264 6092 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:41:35.0280 6092 RemoteAccess - ok
21:41:35.0280 6092 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:41:35.0296 6092 RemoteRegistry - ok
21:41:35.0420 6092 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:41:35.0467 6092 RoxMediaDB10 - ok
21:41:35.0483 6092 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:41:35.0483 6092 RpcEptMapper - ok
21:41:35.0498 6092 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:41:35.0498 6092 RpcLocator - ok
21:41:35.0530 6092 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:41:35.0545 6092 RpcSs - ok
21:41:35.0576 6092 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:41:35.0576 6092 rspndr - ok
21:41:35.0576 6092 RxFilter - ok
21:41:35.0592 6092 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:41:35.0608 6092 SamSs - ok
21:41:35.0623 6092 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:41:35.0623 6092 sbp2port - ok
21:41:35.0639 6092 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
21:41:35.0639 6092 SBRE - ok
21:41:35.0670 6092 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:41:35.0686 6092 SCardSvr - ok
21:41:35.0701 6092 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:41:35.0701 6092 scfilter - ok
21:41:35.0764 6092 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:41:35.0779 6092 Schedule - ok
21:41:35.0826 6092 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:41:35.0826 6092 SCPolicySvc - ok
21:41:35.0826 6092 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:41:35.0842 6092 SDRSVC - ok
21:41:35.0857 6092 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:41:35.0857 6092 secdrv - ok
21:41:35.0873 6092 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:41:35.0873 6092 seclogon - ok
21:41:35.0888 6092 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:41:35.0888 6092 SENS - ok
21:41:35.0904 6092 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:41:35.0920 6092 SensrSvc - ok
21:41:35.0935 6092 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:41:35.0935 6092 Serenum - ok
21:41:35.0951 6092 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:41:35.0951 6092 Serial - ok
21:41:35.0966 6092 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:41:35.0982 6092 sermouse - ok
21:41:35.0998 6092 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:41:36.0013 6092 SessionEnv - ok
21:41:36.0029 6092 SessionLauncher - ok
21:41:36.0044 6092 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:41:36.0044 6092 sffdisk - ok
21:41:36.0060 6092 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:41:36.0076 6092 sffp_mmc - ok
21:41:36.0076 6092 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:41:36.0076 6092 sffp_sd - ok
21:41:36.0091 6092 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:41:36.0091 6092 sfloppy - ok
21:41:36.0169 6092 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:41:36.0169 6092 SftService - ok
21:41:36.0200 6092 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:41:36.0216 6092 SharedAccess - ok
21:41:36.0232 6092 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:41:36.0247 6092 ShellHWDetection - ok
21:41:36.0278 6092 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:41:36.0278 6092 SiSRaid2 - ok
21:41:36.0294 6092 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:41:36.0294 6092 SiSRaid4 - ok
21:41:36.0325 6092 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:41:36.0325 6092 Smb - ok
21:41:36.0341 6092 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:41:36.0356 6092 SNMPTRAP - ok
21:41:36.0372 6092 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:41:36.0372 6092 spldr - ok
21:41:36.0403 6092 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:41:36.0419 6092 Spooler - ok
21:41:36.0528 6092 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:41:36.0559 6092 sppsvc - ok
21:41:36.0606 6092 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:41:36.0606 6092 sppuinotify - ok
21:41:36.0653 6092 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:41:36.0668 6092 srv - ok
21:41:36.0700 6092 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:41:36.0700 6092 srv2 - ok
21:41:36.0746 6092 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:41:36.0746 6092 srvnet - ok
21:41:36.0762 6092 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:41:36.0762 6092 SSDPSRV - ok
21:41:36.0778 6092 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:41:36.0793 6092 SstpSvc - ok
21:41:36.0840 6092 Steam Client Service - ok
21:41:36.0871 6092 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:41:36.0871 6092 stexstor - ok
21:41:36.0902 6092 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:41:36.0902 6092 StillCam - ok
21:41:36.0934 6092 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:41:36.0949 6092 stisvc - ok
21:41:36.0980 6092 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:41:36.0980 6092 stllssvr - ok
21:41:36.0996 6092 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:41:36.0996 6092 swenum - ok
21:41:37.0074 6092 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:41:37.0074 6092 SwitchBoard - ok
21:41:37.0121 6092 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:41:37.0136 6092 swprv - ok
21:41:37.0199 6092 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:41:37.0230 6092 SysMain - ok
21:41:37.0277 6092 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:41:37.0292 6092 TabletInputService - ok
21:41:37.0308 6092 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:41:37.0308 6092 TapiSrv - ok
21:41:37.0324 6092 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:41:37.0324 6092 TBS - ok
21:41:37.0417 6092 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:41:37.0448 6092 Tcpip - ok
21:41:37.0589 6092 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:41:37.0604 6092 TCPIP6 - ok
21:41:37.0667 6092 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:41:37.0667 6092 tcpipreg - ok
21:41:37.0729 6092 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:41:37.0729 6092 TDPIPE - ok
21:41:37.0760 6092 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:41:37.0760 6092 TDTCP - ok
21:41:37.0776 6092 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:41:37.0776 6092 tdx - ok
21:41:37.0792 6092 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:41:37.0792 6092 TermDD - ok
21:41:37.0838 6092 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:41:37.0838 6092 TermService - ok
21:41:37.0854 6092 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:41:37.0870 6092 Themes - ok
21:41:37.0870 6092 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:41:37.0885 6092 THREADORDER - ok
21:41:37.0916 6092 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:41:37.0916 6092 TrkWks - ok
21:41:37.0963 6092 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:41:37.0963 6092 TrustedInstaller - ok
21:41:37.0979 6092 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:41:37.0994 6092 tssecsrv - ok
21:41:38.0010 6092 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:41:38.0026 6092 tunnel - ok
21:41:38.0041 6092 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:41:38.0041 6092 uagp35 - ok
21:41:38.0088 6092 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
21:41:38.0088 6092 udfs - ok
21:41:38.0104 6092 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:41:38.0119 6092 UI0Detect - ok
21:41:38.0150 6092 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:41:38.0150 6092 uliagpkx - ok
21:41:38.0166 6092 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:41:38.0166 6092 umbus - ok
21:41:38.0182 6092 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:41:38.0182 6092 UmPass - ok
21:41:38.0213 6092 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:41:38.0213 6092 upnphost - ok
21:41:38.0260 6092 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:41:38.0260 6092 usbaudio - ok
21:41:38.0291 6092 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
21:41:38.0291 6092 usbccgp - ok
21:41:38.0306 6092 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:41:38.0306 6092 usbcir - ok
21:41:38.0322 6092 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
21:41:38.0338 6092 usbehci - ok
21:41:38.0353 6092 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
21:41:38.0369 6092 usbhub - ok
21:41:38.0384 6092 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
21:41:38.0384 6092 usbohci - ok
21:41:38.0400 6092 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:41:38.0400 6092 usbprint - ok
21:41:38.0431 6092 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
21:41:38.0431 6092 USBSTOR - ok
21:41:38.0462 6092 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
21:41:38.0462 6092 usbuhci - ok
21:41:38.0494 6092 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:41:38.0494 6092 UxSms - ok
21:41:38.0525 6092 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:41:38.0525 6092 VaultSvc - ok
21:41:38.0556 6092 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:41:38.0556 6092 vdrvroot - ok
21:41:38.0603 6092 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:41:38.0603 6092 vds - ok
21:41:38.0618 6092 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:41:38.0618 6092 vga - ok
21:41:38.0634 6092 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:41:38.0634 6092 VgaSave - ok
21:41:38.0650 6092 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:41:38.0665 6092 vhdmp - ok
21:41:38.0681 6092 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:41:38.0681 6092 viaide - ok
21:41:38.0712 6092 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:41:38.0712 6092 volmgr - ok
21:41:38.0743 6092 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:41:38.0743 6092 volmgrx - ok
21:41:38.0759 6092 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:41:38.0759 6092 volsnap - ok
21:41:38.0790 6092 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:41:38.0790 6092 vsmraid - ok
21:41:38.0852 6092 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:41:38.0884 6092 VSS - ok
21:41:38.0962 6092 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:41:38.0962 6092 vwifibus - ok
21:41:38.0977 6092 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:41:38.0993 6092 vwififlt - ok
21:41:39.0024 6092 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:41:39.0040 6092 W32Time - ok
21:41:39.0055 6092 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:41:39.0055 6092 WacomPen - ok
21:41:39.0086 6092 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:39.0086 6092 WANARP - ok
21:41:39.0086 6092 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:39.0086 6092 Wanarpv6 - ok
21:41:39.0180 6092 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:41:39.0227 6092 WatAdminSvc - ok
21:41:39.0289 6092 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:41:39.0336 6092 wbengine - ok
21:41:39.0414 6092 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:41:39.0414 6092 WbioSrvc - ok
21:41:39.0461 6092 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:41:39.0476 6092 wcncsvc - ok
21:41:39.0492 6092 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:41:39.0492 6092 WcsPlugInService - ok
21:41:39.0508 6092 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:41:39.0508 6092 Wd - ok
21:41:39.0539 6092 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:41:39.0554 6092 Wdf01000 - ok
21:41:39.0570 6092 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:41:39.0570 6092 WdiServiceHost - ok
21:41:39.0570 6092 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:41:39.0586 6092 WdiSystemHost - ok
21:41:39.0617 6092 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:41:39.0632 6092 WebClient - ok
21:41:39.0648 6092 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:41:39.0664 6092 Wecsvc - ok
21:41:39.0679 6092 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:41:39.0679 6092 wercplsupport - ok
21:41:39.0695 6092 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:41:39.0710 6092 WerSvc - ok
21:41:39.0726 6092 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:41:39.0726 6092 WfpLwf - ok
21:41:39.0757 6092 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:41:39.0757 6092 WimFltr - ok
21:41:39.0773 6092 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:41:39.0773 6092 WIMMount - ok
21:41:39.0804 6092 WinDefend - ok
21:41:39.0804 6092 WinHttpAutoProxySvc - ok
21:41:39.0851 6092 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:41:39.0851 6092 Winmgmt - ok
21:41:39.0944 6092 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:41:39.0960 6092 WinRM - ok
21:41:40.0038 6092 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:41:40.0054 6092 Wlansvc - ok
21:41:40.0100 6092 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:41:40.0100 6092 wlcrasvc - ok
21:41:40.0194 6092 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:41:40.0225 6092 wlidsvc - ok
21:41:40.0288 6092 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:41:40.0288 6092 WmiAcpi - ok
21:41:40.0334 6092 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:41:40.0334 6092 wmiApSrv - ok
21:41:40.0334 6092 WMPNetworkSvc - ok
21:41:40.0366 6092 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:41:40.0366 6092 WPCSvc - ok
21:41:40.0381 6092 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:41:40.0397 6092 WPDBusEnum - ok
21:41:40.0397 6092 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:41:40.0397 6092 ws2ifsl - ok
21:41:40.0444 6092 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:41:40.0444 6092 wscsvc - ok
21:41:40.0444 6092 WSearch - ok
21:41:40.0537 6092 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:41:40.0553 6092 wuauserv - ok
21:41:40.0631 6092 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
21:41:40.0631 6092 WudfPf - ok
21:41:40.0662 6092 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:41:40.0662 6092 WUDFRd - ok
21:41:40.0678 6092 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
21:41:40.0693 6092 wudfsvc - ok
21:41:40.0709 6092 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:41:40.0709 6092 WwanSvc - ok
21:41:40.0740 6092 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:41:40.0896 6092 \Device\Harddisk0\DR0 - ok
21:41:40.0896 6092 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk5\DR5
21:41:40.0896 6092 \Device\Harddisk5\DR5 - ok
21:41:40.0912 6092 Boot (0x1200) (a8068944aa0fdc45e49f7b1d598b3f98) \Device\Harddisk0\DR0\Partition0
21:41:40.0912 6092 \Device\Harddisk0\DR0\Partition0 - ok
21:41:40.0927 6092 Boot (0x1200) (1a7485f0c7a057979ad7696ecedcd739) \Device\Harddisk0\DR0\Partition1
21:41:40.0927 6092 \Device\Harddisk0\DR0\Partition1 - ok
21:41:40.0927 6092 Boot (0x1200) (6855f6d76baf73f089fc4122b428a97a) \Device\Harddisk5\DR5\Partition0
21:41:40.0927 6092 \Device\Harddisk5\DR5\Partition0 - ok
21:41:40.0927 6092 ============================================================
21:41:40.0927 6092 Scan finished
21:41:40.0927 6092 ============================================================
21:41:40.0943 5340 Detected object count: 0
21:41:40.0943 5340 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 21:47:14
-----------------------------
21:47:14.300 OS Version: Windows x64 6.1.7600
21:47:14.300 Number of processors: 8 586 0x1E05
21:47:14.300 ComputerName: CAMERON8100 UserName: Jim
21:47:18.730 Initialize success
21:47:18.777 AVAST engine defs: 12051601
21:48:25.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:25.171 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
21:48:25.171 Disk 0 MBR read successfully
21:48:25.171 Disk 0 MBR scan
21:48:25.186 Disk 0 Windows VISTA default MBR code
21:48:25.186 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:48:25.186 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
21:48:25.202 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941286 MB offset 25767936
21:48:25.249 Disk 0 scanning C:\Windows\system32\drivers
21:48:31.395 Service scanning
21:48:41.785 Modules scanning
21:48:41.785 Disk 0 trace - called modules:
21:48:41.832 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:48:42.346 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007eaf060]
21:48:42.346 3 CLASSPNP.SYS[fffff88001a5543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b11050]
21:48:45.232 AVAST engine scan C:\Windows
21:48:47.370 AVAST engine scan C:\Windows\system32
21:50:35.665 AVAST engine scan C:\Windows\system32\drivers
21:50:44.027 AVAST engine scan C:\Users\Jim
21:51:49.110 AVAST engine scan C:\ProgramData
21:53:11.260 Scan finished successfully
21:53:28.966 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
21:53:28.966 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 May 2012 - 10:09 PM

Is it only IE that is redirecting?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jiminey

Jiminey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 10:11 PM

So far, yes.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 May 2012 - 10:41 PM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Jiminey

Jiminey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 10:50 PM

Done. (BTW, I had tried this before and it didn't work....but......)

After following your most recent directions I was able to search for several different terms in Google and hit the links with no redirects.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 May 2012 - 11:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Jiminey

Jiminey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 May 2012 - 11:15 PM

I received an application error message box:

-----------------------------------------------------------
Application Error
-----------------------------------------------------------
Exception EAccessViolation in module ERUNT.3XE at 00003A62
Access violation at address 00403A62 in module 'ERUNT.3XE'.
Read of address 0069005C.
-----------------------------------------------------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users