Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with web browser redirect virus also several ads appear everwhere


  • This topic is locked This topic is locked
40 replies to this topic

#1 scriba_golfer

scriba_golfer

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 27 June 2012 - 07:44 PM

I experience redirects several times from web browser searches and blieve I may even encounter them when clicking on links on a webpage. Additionally I have ads appearing on every webpage I go to that have "Adchoices" in one corner of the ad. For example they appear in the middle of a Facebook newsfeed. Tha is only on the computer with the problem. All other computers do not experience it. It was noticeable after installing the software Format Factory.

I was unable to obtain anything through the GMER run. It did open but I did not have the option to check all the appropiate boxes.

Thank you for your efforts thus far.

Here is the DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Choate at 20:10:52 on 2012-06-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4471 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vVX3000.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: VideoFileDownload: {f74e10bb-a169-4399-b121-183935962f67} - C:\Program Files (x86)\OApps\bho_project.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Update] rundll32.exe "C:\Users\Choate\AppData\Roaming\Dell\Dell\",
uRun: [HP] rundll32.exe "C:\Users\Choate\AppData\Local\InContext Solutions\HP\mvxxuqeqa.dll",CreateInstance
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [OfJBmXXIQE.exe] C:\ProgramData\OfJBmXXIQE.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [HP] rundll32.exe "C:\Users\Choate\AppData\Local\InContext Solutions\HP\mvxxuqeqa.dll",CreateInstance
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{006F8882-6904-43A7-B01C-BA5859DD5783} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: VideoFileDownload: {F74E10BB-A169-4399-B121-183935962F67} - C:\Program Files (x86)\OApps\bho_project.dll
BHO-X64: BHO_PROJECT - No File
BHO-X64: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB-X64: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [OfJBmXXIQE.exe] C:\ProgramData\OfJBmXXIQE.exe
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Choate\AppData\Roaming\Mozilla\Firefox\Profiles\dvihj8if.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Choate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Choate\AppData\Roaming\Mozilla\Firefox\Profiles\dvihj8if.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-30 689472]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-27 21:48:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE87B8E5-35E7-4DEB-96A9-0DC3AB8D116D}\offreg.dll
2012-06-27 21:34:06 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-26 22:14:31 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE87B8E5-35E7-4DEB-96A9-0DC3AB8D116D}\mpengine.dll
2012-06-26 20:32:32 -------- d-----w- C:\Users\Choate\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 20:32:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-26 20:32:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-23 13:09:30 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 13:09:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 13:08:49 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 13:08:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 19:14:34 -------- d-----w- C:\Program Files (x86)\FreeTime
2012-06-20 19:12:01 -------- d-----w- C:\Program Files (x86)\Conduit
2012-06-20 19:11:58 -------- d-----w- C:\Users\Choate\AppData\Local\Conduit
2012-06-20 19:11:55 -------- d-----w- C:\Program Files (x86)\OApps
2012-06-14 10:44:49 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCE49A81-3B4B-443F-A562-59A5D9734166}\gapaengine.dll
2012-06-14 10:42:00 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 10:42:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 10:42:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-06-27 21:33:49 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-23 17:13:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 17:13:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-09 14:15:04 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-04-07 19:52:34 747542 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:11:27.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 27 June 2012 - 11:37 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 01 July 2012 - 12:02 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 July 2012 - 03:44 PM

Sorry been busy and haven't been on the computer. Also I didn't recevie e-mails that here was a response, which puzzles me. I thought I had it set up that I would.

Not sure why but it seems that redirecting isn't taking place now. I do however still have a lot of ads appearing.

Should I still pursue your recommendations?

#5 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 July 2012 - 03:47 PM

Additionally we get web browser errors anytime we attempt to open a .pdf file. It tries 2 or 3 times and then blows away the web browser.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 02 July 2012 - 10:17 PM

yes continue and lets see what we get


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 03 July 2012 - 03:54 PM

From Security Check:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.3)
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

#8 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 03 July 2012 - 04:18 PM

  • Ran Combofix.
  • Got a window that said MacAfee Virus software was still running but I uninstalled that ages ago. So I clicked it through to proceed.
  • When Combofix completed it rebooted computer on it's own.
  • Then a window appeared which said -
    C:\Windows\system32\GfxUI.exe A Device attached to system is not functioning.

Combofix log:

ComboFix 12-07-02.01 - Choate 07/03/2012 17:00:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4291 [GMT -4:00]
Running from: c:\users\Choate\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Choate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 21:03 . 2012-07-03 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 13:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{405EBEE8-7991-41B8-9992-7D24D093CCE7}\mpengine.dll
2012-06-28 15:47 . 2012-06-28 15:47 -------- d-----w- c:\users\Choate\AppData\Local\Macromedia
2012-06-27 21:34 . 2012-06-27 21:33 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-26 20:32 . 2012-06-26 20:32 -------- d-----w- c:\users\Choate\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 20:32 . 2012-06-26 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-26 20:32 . 2012-06-26 20:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-23 13:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 13:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 13:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 13:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 13:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 13:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 13:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 13:08 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 13:08 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 19:17 . 2012-06-20 19:17 -------- d-----w- c:\users\Choate\AppData\Roaming\dvdcss
2012-06-20 19:14 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\FreeTime
2012-06-20 19:12 . 2012-06-20 19:12 -------- d-----w- c:\program files (x86)\Conduit
2012-06-20 19:11 . 2012-06-21 20:10 -------- d-----w- c:\users\Choate\AppData\Local\Conduit
2012-06-20 19:11 . 2012-06-20 19:11 -------- d-----w- c:\program files (x86)\OApps
2012-06-14 10:44 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCE49A81-3B4B-443F-A562-59A5D9734166}\gapaengine.dll
2012-06-14 10:42 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 10:42 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 10:42 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 21:33 . 2010-11-30 13:13 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-23 17:13 . 2012-04-03 21:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 17:13 . 2011-05-17 09:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 04:04 . 2012-04-09 22:32 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-09 14:15 . 2012-04-09 14:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-04-07 19:52 . 2012-04-07 19:52 747542 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F74E10BB-A169-4399-B121-183935962F67}]
2012-05-14 18:14 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-08-20 566232]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-5-14 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2012-5-14 1178984]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 bartwygu;bartwygu;c:\windows\system32\drivers\bartwygu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:13]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 21:38]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 21:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Choate\AppData\Roaming\Mozilla\Firefox\Profiles\dvihj8if.default\
FF - prefs.js: browser.startup.homepage - www.google.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-OfJBmXXIQE.exe - c:\programdata\OfJBmXXIQE.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCE665DD-F6DD-4808-968E-EAEC971F70EF} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{CCE665DD-F6DD-4808-968E-EAEC971F70EF}"=hex:51,66,7a,6c,4c,1d,38,12,b3,66,f5,
c8,ef,b8,66,0d,e9,98,a9,ac,92,41,34,fb
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{F74E10BB-A169-4399-B121-183935962F67}"=hex:51,66,7a,6c,4c,1d,38,12,d5,13,5d,
f3,5b,ef,f7,06,ce,37,5b,79,30,c8,6b,73
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,e7,62,a2,a5,4f,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-07-03 17:11:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 21:11
.
Pre-Run: 636,039,041,024 bytes free
Post-Run: 637,789,409,280 bytes free
.
- - End Of File - - DFFF4286147CAA226E9DD8A534DBBCE7



After I posted this I have reactivated my Security software - Microsoft Security Essentials.

Edited by scriba_golfer, 03 July 2012 - 04:19 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 03 July 2012 - 10:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 July 2012 - 01:54 PM

TDSKiller report:

14:52:31.0292 1320 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
14:52:31.0698 1320 ============================================================
14:52:31.0698 1320 Current date / time: 2012/07/04 14:52:31.0698
14:52:31.0698 1320 SystemInfo:
14:52:31.0698 1320
14:52:31.0698 1320 OS Version: 6.1.7601 ServicePack: 1.0
14:52:31.0698 1320 Product type: Workstation
14:52:31.0698 1320 ComputerName: CHOATEMAINPC
14:52:31.0698 1320 UserName: Choate
14:52:31.0698 1320 Windows directory: C:\Windows
14:52:31.0698 1320 System windows directory: C:\Windows
14:52:31.0698 1320 Running under WOW64
14:52:31.0698 1320 Processor architecture: Intel x64
14:52:31.0698 1320 Number of processors: 4
14:52:31.0714 1320 Page size: 0x1000
14:52:31.0714 1320 Boot type: Normal boot
14:52:31.0714 1320 ============================================================
14:52:32.0665 1320 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:52:32.0712 1320 ============================================================
14:52:32.0712 1320 \Device\Harddisk0\DR0:
14:52:32.0712 1320 MBR partitions:
14:52:32.0712 1320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x16E3000
14:52:32.0712 1320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16F7000, BlocksNum 0x55E4E800
14:52:32.0712 1320 ============================================================
14:52:32.0743 1320 C: <-> \Device\Harddisk0\DR0\Partition1
14:52:32.0743 1320 ============================================================
14:52:32.0743 1320 Initialize success
14:52:32.0743 1320 ============================================================
14:52:38.0297 5096 ============================================================
14:52:38.0297 5096 Scan started
14:52:38.0297 5096 Mode: Manual;
14:52:38.0297 5096 ============================================================
14:52:38.0531 5096 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:52:38.0531 5096 !SASCORE - ok
14:52:38.0640 5096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:52:38.0640 5096 1394ohci - ok
14:52:38.0656 5096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:52:38.0671 5096 ACPI - ok
14:52:38.0671 5096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:52:38.0671 5096 AcpiPmi - ok
14:52:38.0749 5096 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:52:38.0749 5096 AdobeARMservice - ok
14:52:38.0827 5096 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:38.0827 5096 AdobeFlashPlayerUpdateSvc - ok
14:52:38.0858 5096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:52:38.0874 5096 adp94xx - ok
14:52:38.0905 5096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:52:38.0905 5096 adpahci - ok
14:52:38.0921 5096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:52:38.0921 5096 adpu320 - ok
14:52:38.0936 5096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:52:38.0936 5096 AeLookupSvc - ok
14:52:38.0968 5096 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:52:38.0983 5096 AFD - ok
14:52:39.0030 5096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:52:39.0030 5096 agp440 - ok
14:52:39.0046 5096 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:52:39.0046 5096 ALG - ok
14:52:39.0061 5096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:52:39.0077 5096 aliide - ok
14:52:39.0077 5096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:52:39.0077 5096 amdide - ok
14:52:39.0108 5096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:52:39.0108 5096 AmdK8 - ok
14:52:39.0108 5096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:52:39.0108 5096 AmdPPM - ok
14:52:39.0139 5096 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:52:39.0139 5096 amdsata - ok
14:52:39.0155 5096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:52:39.0155 5096 amdsbs - ok
14:52:39.0170 5096 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:52:39.0170 5096 amdxata - ok
14:52:39.0202 5096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:52:39.0202 5096 AppID - ok
14:52:39.0217 5096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:52:39.0217 5096 AppIDSvc - ok
14:52:39.0248 5096 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:52:39.0248 5096 Appinfo - ok
14:52:39.0358 5096 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:52:39.0358 5096 Apple Mobile Device - ok
14:52:39.0373 5096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:52:39.0373 5096 arc - ok
14:52:39.0389 5096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:52:39.0389 5096 arcsas - ok
14:52:39.0404 5096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:39.0404 5096 AsyncMac - ok
14:52:39.0420 5096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:52:39.0420 5096 atapi - ok
14:52:39.0467 5096 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:52:39.0482 5096 AudioEndpointBuilder - ok
14:52:39.0482 5096 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:52:39.0482 5096 AudioSrv - ok
14:52:39.0514 5096 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:52:39.0514 5096 AxInstSV - ok
14:52:39.0529 5096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:52:39.0545 5096 b06bdrv - ok
14:52:39.0576 5096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:52:39.0592 5096 b57nd60a - ok
14:52:39.0592 5096 bartwygu - ok
14:52:39.0607 5096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:52:39.0623 5096 BDESVC - ok
14:52:39.0623 5096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:52:39.0623 5096 Beep - ok
14:52:39.0685 5096 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:52:39.0685 5096 BFE - ok
14:52:39.0732 5096 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:52:39.0748 5096 BITS - ok
14:52:39.0779 5096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:52:39.0779 5096 blbdrive - ok
14:52:39.0857 5096 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:52:39.0857 5096 Bonjour Service - ok
14:52:39.0904 5096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:52:39.0904 5096 bowser - ok
14:52:39.0904 5096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:52:39.0904 5096 BrFiltLo - ok
14:52:39.0919 5096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:52:39.0919 5096 BrFiltUp - ok
14:52:39.0935 5096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:52:39.0935 5096 BridgeMP - ok
14:52:39.0982 5096 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:52:39.0982 5096 Browser - ok
14:52:39.0997 5096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:52:40.0013 5096 Brserid - ok
14:52:40.0013 5096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:40.0013 5096 BrSerWdm - ok
14:52:40.0028 5096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:40.0028 5096 BrUsbMdm - ok
14:52:40.0028 5096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:40.0028 5096 BrUsbSer - ok
14:52:40.0028 5096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:52:40.0028 5096 BTHMODEM - ok
14:52:40.0060 5096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:52:40.0060 5096 bthserv - ok
14:52:40.0060 5096 catchme - ok
14:52:40.0075 5096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:52:40.0075 5096 cdfs - ok
14:52:40.0122 5096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:52:40.0122 5096 cdrom - ok
14:52:40.0138 5096 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:40.0138 5096 CertPropSvc - ok
14:52:40.0138 5096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:52:40.0138 5096 circlass - ok
14:52:40.0169 5096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:52:40.0169 5096 CLFS - ok
14:52:40.0216 5096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:40.0216 5096 clr_optimization_v2.0.50727_32 - ok
14:52:40.0247 5096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:52:40.0262 5096 clr_optimization_v2.0.50727_64 - ok
14:52:40.0294 5096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:40.0294 5096 clr_optimization_v4.0.30319_32 - ok
14:52:40.0325 5096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:52:40.0325 5096 clr_optimization_v4.0.30319_64 - ok
14:52:40.0325 5096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:52:40.0340 5096 CmBatt - ok
14:52:40.0356 5096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:52:40.0356 5096 cmdide - ok
14:52:40.0403 5096 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:52:40.0403 5096 CNG - ok
14:52:40.0418 5096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:52:40.0434 5096 Compbatt - ok
14:52:40.0450 5096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:52:40.0450 5096 CompositeBus - ok
14:52:40.0465 5096 COMSysApp - ok
14:52:40.0465 5096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:52:40.0465 5096 crcdisk - ok
14:52:40.0512 5096 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:52:40.0512 5096 CryptSvc - ok
14:52:40.0559 5096 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
14:52:40.0559 5096 ctxusbm - ok
14:52:40.0606 5096 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:40.0606 5096 DcomLaunch - ok
14:52:40.0637 5096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:52:40.0637 5096 defragsvc - ok
14:52:40.0668 5096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:52:40.0668 5096 DfsC - ok
14:52:40.0699 5096 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:52:40.0699 5096 Dhcp - ok
14:52:40.0715 5096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:52:40.0715 5096 discache - ok
14:52:40.0746 5096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:52:40.0746 5096 Disk - ok
14:52:40.0777 5096 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:52:40.0777 5096 Dnscache - ok
14:52:40.0871 5096 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:52:40.0871 5096 DockLoginService - ok
14:52:40.0902 5096 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:52:40.0902 5096 dot3svc - ok
14:52:40.0949 5096 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:52:40.0949 5096 Dot4 - ok
14:52:40.0980 5096 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
14:52:40.0980 5096 Dot4Print - ok
14:52:40.0980 5096 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:52:40.0996 5096 dot4usb - ok
14:52:41.0011 5096 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:52:41.0011 5096 DPS - ok
14:52:41.0027 5096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:52:41.0027 5096 drmkaud - ok
14:52:41.0089 5096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:52:41.0089 5096 DXGKrnl - ok
14:52:41.0120 5096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:52:41.0120 5096 EapHost - ok
14:52:41.0214 5096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:52:41.0261 5096 ebdrv - ok
14:52:41.0323 5096 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:52:41.0323 5096 EFS - ok
14:52:41.0370 5096 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:52:41.0386 5096 ehRecvr - ok
14:52:41.0417 5096 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:52:41.0417 5096 ehSched - ok
14:52:41.0557 5096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:52:41.0573 5096 elxstor - ok
14:52:41.0604 5096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:52:41.0604 5096 ErrDev - ok
14:52:41.0635 5096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:52:41.0635 5096 EventSystem - ok
14:52:41.0651 5096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:52:41.0651 5096 exfat - ok
14:52:41.0666 5096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:52:41.0666 5096 fastfat - ok
14:52:41.0744 5096 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:52:41.0744 5096 Fax - ok
14:52:41.0760 5096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:52:41.0760 5096 fdc - ok
14:52:41.0760 5096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:52:41.0760 5096 fdPHost - ok
14:52:41.0776 5096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:52:41.0776 5096 FDResPub - ok
14:52:41.0791 5096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:52:41.0791 5096 FileInfo - ok
14:52:41.0807 5096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:52:41.0807 5096 Filetrace - ok
14:52:41.0807 5096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:52:41.0807 5096 flpydisk - ok
14:52:41.0838 5096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:52:41.0838 5096 FltMgr - ok
14:52:41.0900 5096 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:52:41.0932 5096 FontCache - ok
14:52:41.0978 5096 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:52:41.0978 5096 FontCache3.0.0.0 - ok
14:52:42.0010 5096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:52:42.0010 5096 FsDepends - ok
14:52:42.0041 5096 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:52:42.0041 5096 Fs_Rec - ok
14:52:42.0056 5096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:52:42.0072 5096 fvevol - ok
14:52:42.0072 5096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:52:42.0072 5096 gagp30kx - ok
14:52:42.0181 5096 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:52:42.0197 5096 GamesAppService - ok
14:52:42.0212 5096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:52:42.0212 5096 GEARAspiWDM - ok
14:52:42.0259 5096 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
14:52:42.0259 5096 GoToAssist - ok
14:52:42.0306 5096 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:52:42.0322 5096 gpsvc - ok
14:52:42.0368 5096 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:52:42.0368 5096 gupdate - ok
14:52:42.0384 5096 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:52:42.0384 5096 gupdatem - ok
14:52:42.0400 5096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:52:42.0400 5096 hcw85cir - ok
14:52:42.0446 5096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:52:42.0446 5096 HDAudBus - ok
14:52:42.0462 5096 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:52:42.0478 5096 HECIx64 - ok
14:52:42.0478 5096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:52:42.0478 5096 HidBatt - ok
14:52:42.0493 5096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:52:42.0493 5096 HidBth - ok
14:52:42.0493 5096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:52:42.0493 5096 HidIr - ok
14:52:42.0509 5096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:52:42.0524 5096 hidserv - ok
14:52:42.0556 5096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:52:42.0556 5096 HidUsb - ok
14:52:42.0571 5096 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:52:42.0587 5096 hkmsvc - ok
14:52:42.0602 5096 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:52:42.0602 5096 HomeGroupListener - ok
14:52:42.0649 5096 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:52:42.0649 5096 HomeGroupProvider - ok
14:52:43.0242 5096 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:52:43.0242 5096 hpqcxs08 - ok
14:52:43.0289 5096 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:52:43.0289 5096 hpqddsvc - ok
14:52:43.0320 5096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:52:43.0320 5096 HpSAMD - ok
14:52:43.0367 5096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:52:43.0382 5096 HTTP - ok
14:52:43.0429 5096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:52:43.0429 5096 hwpolicy - ok
14:52:43.0460 5096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:52:43.0460 5096 i8042prt - ok
14:52:43.0492 5096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:52:43.0492 5096 iaStorV - ok
14:52:43.0554 5096 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:52:43.0570 5096 idsvc - ok
14:52:43.0850 5096 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:52:44.0022 5096 igfx - ok
14:52:44.0100 5096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:52:44.0100 5096 iirsp - ok
14:52:44.0147 5096 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:52:44.0147 5096 IKEEXT - ok
14:52:44.0194 5096 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:52:44.0194 5096 Impcd - ok
14:52:44.0272 5096 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
14:52:44.0287 5096 IntcAzAudAddService - ok
14:52:44.0350 5096 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:52:44.0365 5096 IntcDAud - ok
14:52:44.0396 5096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:52:44.0396 5096 intelide - ok
14:52:44.0412 5096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:52:44.0412 5096 intelppm - ok
14:52:44.0459 5096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:52:44.0459 5096 IPBusEnum - ok
14:52:44.0490 5096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:44.0490 5096 IpFilterDriver - ok
14:52:44.0537 5096 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:52:44.0552 5096 iphlpsvc - ok
14:52:44.0568 5096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:52:44.0568 5096 IPMIDRV - ok
14:52:44.0584 5096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:52:44.0584 5096 IPNAT - ok
14:52:44.0677 5096 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
14:52:44.0677 5096 iPod Service - ok
14:52:44.0693 5096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:52:44.0693 5096 IRENUM - ok
14:52:44.0708 5096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:52:44.0708 5096 isapnp - ok
14:52:44.0740 5096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:52:44.0740 5096 iScsiPrt - ok
14:52:44.0771 5096 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:52:44.0771 5096 k57nd60a - ok
14:52:44.0786 5096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:52:44.0786 5096 kbdclass - ok
14:52:44.0802 5096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:52:44.0802 5096 kbdhid - ok
14:52:44.0833 5096 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:44.0833 5096 KeyIso - ok
14:52:44.0849 5096 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:52:44.0849 5096 KSecDD - ok
14:52:44.0880 5096 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:52:44.0880 5096 KSecPkg - ok
14:52:44.0896 5096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:52:44.0896 5096 ksthunk - ok
14:52:44.0927 5096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:52:44.0927 5096 KtmRm - ok
14:52:44.0974 5096 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:52:44.0974 5096 LanmanServer - ok
14:52:45.0005 5096 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:52:45.0005 5096 LanmanWorkstation - ok
14:52:45.0020 5096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:52:45.0020 5096 lltdio - ok
14:52:45.0036 5096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:52:45.0036 5096 lltdsvc - ok
14:52:45.0052 5096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:52:45.0052 5096 lmhosts - ok
14:52:45.0083 5096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:52:45.0083 5096 LSI_FC - ok
14:52:45.0083 5096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:52:45.0098 5096 LSI_SAS - ok
14:52:45.0098 5096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:52:45.0098 5096 LSI_SAS2 - ok
14:52:45.0098 5096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:52:45.0098 5096 LSI_SCSI - ok
14:52:45.0130 5096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:52:45.0130 5096 luafv - ok
14:52:45.0161 5096 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:52:45.0161 5096 Mcx2Svc - ok
14:52:45.0161 5096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:52:45.0161 5096 megasas - ok
14:52:45.0192 5096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:52:45.0192 5096 MegaSR - ok
14:52:45.0208 5096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:45.0208 5096 MMCSS - ok
14:52:45.0208 5096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:52:45.0208 5096 Modem - ok
14:52:45.0223 5096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:52:45.0223 5096 monitor - ok
14:52:45.0254 5096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:52:45.0254 5096 mouclass - ok
14:52:45.0254 5096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:52:45.0254 5096 mouhid - ok
14:52:45.0301 5096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:52:45.0301 5096 mountmgr - ok
14:52:45.0332 5096 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:52:45.0348 5096 MpFilter - ok
14:52:45.0364 5096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:52:45.0379 5096 mpio - ok
14:52:45.0395 5096 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:52:45.0395 5096 MpNWMon - ok
14:52:45.0426 5096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:52:45.0426 5096 mpsdrv - ok
14:52:45.0488 5096 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:52:45.0504 5096 MpsSvc - ok
14:52:45.0535 5096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:52:45.0535 5096 MRxDAV - ok
14:52:45.0566 5096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:45.0566 5096 mrxsmb - ok
14:52:45.0598 5096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:45.0598 5096 mrxsmb10 - ok
14:52:45.0613 5096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:45.0613 5096 mrxsmb20 - ok
14:52:45.0629 5096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:52:45.0629 5096 msahci - ok
14:52:45.0691 5096 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
14:52:45.0707 5096 MSCamSvc - ok
14:52:45.0722 5096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:52:45.0722 5096 msdsm - ok
14:52:45.0754 5096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:52:45.0754 5096 MSDTC - ok
14:52:45.0769 5096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:52:45.0769 5096 Msfs - ok
14:52:45.0785 5096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:52:45.0785 5096 mshidkmdf - ok
14:52:45.0800 5096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:52:45.0800 5096 msisadrv - ok
14:52:45.0832 5096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:52:45.0832 5096 MSiSCSI - ok
14:52:45.0832 5096 msiserver - ok
14:52:45.0863 5096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:52:45.0863 5096 MSKSSRV - ok
14:52:45.0910 5096 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:52:45.0910 5096 MsMpSvc - ok
14:52:45.0941 5096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:45.0941 5096 MSPCLOCK - ok
14:52:45.0941 5096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:52:45.0941 5096 MSPQM - ok
14:52:45.0988 5096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:52:45.0988 5096 MsRPC - ok
14:52:46.0003 5096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:52:46.0003 5096 mssmbios - ok
14:52:46.0019 5096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:52:46.0019 5096 MSTEE - ok
14:52:46.0019 5096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:52:46.0019 5096 MTConfig - ok
14:52:46.0034 5096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:52:46.0050 5096 Mup - ok
14:52:46.0081 5096 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:52:46.0097 5096 napagent - ok
14:52:46.0112 5096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:52:46.0112 5096 NativeWifiP - ok
14:52:46.0159 5096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:52:46.0175 5096 NDIS - ok
14:52:46.0190 5096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:46.0190 5096 NdisCap - ok
14:52:46.0206 5096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:46.0206 5096 NdisTapi - ok
14:52:46.0237 5096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:46.0253 5096 Ndisuio - ok
14:52:46.0268 5096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:46.0268 5096 NdisWan - ok
14:52:46.0315 5096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:52:46.0315 5096 NDProxy - ok
14:52:46.0362 5096 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
14:52:46.0362 5096 Net Driver HPZ12 - ok
14:52:46.0378 5096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:52:46.0378 5096 NetBIOS - ok
14:52:46.0393 5096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:52:46.0393 5096 NetBT - ok
14:52:46.0409 5096 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:46.0409 5096 Netlogon - ok
14:52:46.0440 5096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:52:46.0456 5096 Netman - ok
14:52:46.0471 5096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:52:46.0487 5096 netprofm - ok
14:52:46.0518 5096 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:46.0518 5096 NetTcpPortSharing - ok
14:52:46.0596 5096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:52:46.0596 5096 nfrd960 - ok
14:52:46.0627 5096 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:52:46.0627 5096 NisDrv - ok
14:52:46.0690 5096 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
14:52:46.0690 5096 NisSrv - ok
14:52:46.0721 5096 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:52:46.0721 5096 NlaSvc - ok
14:52:46.0736 5096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:52:46.0736 5096 Npfs - ok
14:52:46.0752 5096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:52:46.0752 5096 nsi - ok
14:52:46.0752 5096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:52:46.0752 5096 nsiproxy - ok
14:52:46.0830 5096 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:52:46.0877 5096 Ntfs - ok
14:52:46.0939 5096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:52:46.0939 5096 Null - ok
14:52:46.0970 5096 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:52:46.0986 5096 nvraid - ok
14:52:47.0002 5096 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:52:47.0002 5096 nvstor - ok
14:52:47.0017 5096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:52:47.0017 5096 nv_agp - ok
14:52:47.0111 5096 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:52:47.0111 5096 odserv - ok
14:52:47.0126 5096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:52:47.0126 5096 ohci1394 - ok
14:52:47.0158 5096 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:52:47.0158 5096 ose - ok
14:52:47.0204 5096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:47.0204 5096 p2pimsvc - ok
14:52:47.0236 5096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:52:47.0251 5096 p2psvc - ok
14:52:47.0267 5096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:52:47.0267 5096 Parport - ok
14:52:47.0298 5096 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:52:47.0298 5096 partmgr - ok
14:52:47.0314 5096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:52:47.0329 5096 PcaSvc - ok
14:52:47.0345 5096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:52:47.0345 5096 pci - ok
14:52:47.0376 5096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:52:47.0376 5096 pciide - ok
14:52:47.0392 5096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:52:47.0392 5096 pcmcia - ok
14:52:47.0423 5096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:52:47.0423 5096 pcw - ok
14:52:47.0454 5096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:52:47.0454 5096 PEAUTH - ok
14:52:47.0516 5096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:52:47.0516 5096 PerfHost - ok
14:52:47.0579 5096 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:52:47.0594 5096 pla - ok
14:52:47.0641 5096 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:52:47.0657 5096 PlugPlay - ok
14:52:47.0704 5096 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
14:52:47.0704 5096 Pml Driver HPZ12 - ok
14:52:47.0719 5096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:52:47.0719 5096 PNRPAutoReg - ok
14:52:47.0750 5096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:47.0750 5096 PNRPsvc - ok
14:52:47.0782 5096 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:52:47.0782 5096 PolicyAgent - ok
14:52:47.0797 5096 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:52:47.0813 5096 Power - ok
14:52:47.0860 5096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:47.0860 5096 PptpMiniport - ok
14:52:47.0875 5096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:52:47.0875 5096 Processor - ok
14:52:47.0906 5096 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:52:47.0906 5096 ProfSvc - ok
14:52:47.0938 5096 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:47.0938 5096 ProtectedStorage - ok
14:52:47.0984 5096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:52:47.0984 5096 Psched - ok
14:52:48.0016 5096 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:52:48.0016 5096 PxHlpa64 - ok
14:52:48.0140 5096 QBCFMonitorService (27e26a7dbc17860630ce5065019c348f) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:52:48.0156 5096 QBCFMonitorService - ok
14:52:48.0187 5096 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:52:48.0187 5096 QBFCService - ok
14:52:48.0281 5096 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
14:52:48.0343 5096 QBVSS - ok
14:52:48.0437 5096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:52:48.0468 5096 ql2300 - ok
14:52:48.0499 5096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:52:48.0515 5096 ql40xx - ok
14:52:48.0546 5096 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:52:48.0546 5096 QWAVE - ok
14:52:48.0562 5096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:52:48.0577 5096 QWAVEdrv - ok
14:52:48.0577 5096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:48.0577 5096 RasAcd - ok
14:52:48.0593 5096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:48.0593 5096 RasAgileVpn - ok
14:52:48.0608 5096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:52:48.0608 5096 RasAuto - ok
14:52:48.0671 5096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:48.0671 5096 Rasl2tp - ok
14:52:48.0702 5096 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:52:48.0718 5096 RasMan - ok
14:52:48.0733 5096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:48.0733 5096 RasPppoe - ok
14:52:48.0749 5096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:52:48.0749 5096 RasSstp - ok
14:52:48.0796 5096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:48.0796 5096 rdbss - ok
14:52:48.0796 5096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:52:48.0796 5096 rdpbus - ok
14:52:48.0811 5096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:48.0811 5096 RDPCDD - ok
14:52:48.0827 5096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:52:48.0827 5096 RDPENCDD - ok
14:52:48.0842 5096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:52:48.0842 5096 RDPREFMP - ok
14:52:48.0874 5096 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:52:48.0874 5096 RDPWD - ok
14:52:48.0905 5096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:52:48.0905 5096 rdyboost - ok
14:52:48.0936 5096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:52:48.0936 5096 RemoteAccess - ok
14:52:48.0952 5096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:52:48.0952 5096 RemoteRegistry - ok
14:52:48.0967 5096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:52:48.0967 5096 RpcEptMapper - ok
14:52:48.0983 5096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:52:48.0983 5096 RpcLocator - ok
14:52:49.0045 5096 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:49.0045 5096 RpcSs - ok
14:52:49.0061 5096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:52:49.0061 5096 rspndr - ok
14:52:49.0092 5096 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:49.0092 5096 SamSs - ok
14:52:49.0154 5096 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:52:49.0154 5096 SASDIFSV - ok
14:52:49.0170 5096 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:52:49.0170 5096 SASKUTIL - ok
14:52:49.0217 5096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:52:49.0217 5096 sbp2port - ok
14:52:49.0232 5096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:52:49.0248 5096 SCardSvr - ok
14:52:49.0264 5096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:52:49.0264 5096 scfilter - ok
14:52:49.0310 5096 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:52:49.0326 5096 Schedule - ok
14:52:49.0357 5096 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:49.0357 5096 SCPolicySvc - ok
14:52:49.0388 5096 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:52:49.0388 5096 SDRSVC - ok
14:52:49.0466 5096 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:52:49.0466 5096 SeaPort - ok
14:52:49.0498 5096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:52:49.0498 5096 secdrv - ok
14:52:49.0513 5096 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:52:49.0513 5096 seclogon - ok
14:52:49.0529 5096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:52:49.0529 5096 SENS - ok
14:52:49.0560 5096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:52:49.0560 5096 SensrSvc - ok
14:52:49.0560 5096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:52:49.0560 5096 Serenum - ok
14:52:49.0591 5096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:52:49.0591 5096 Serial - ok
14:52:49.0622 5096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:52:49.0622 5096 sermouse - ok
14:52:49.0669 5096 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:52:49.0669 5096 SessionEnv - ok
14:52:49.0700 5096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:52:49.0700 5096 sffdisk - ok
14:52:49.0700 5096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:52:49.0700 5096 sffp_mmc - ok
14:52:49.0716 5096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:52:49.0716 5096 sffp_sd - ok
14:52:49.0732 5096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:52:49.0732 5096 sfloppy - ok
14:52:49.0778 5096 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:52:49.0778 5096 SftService - ok
14:52:49.0841 5096 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:52:49.0841 5096 SharedAccess - ok
14:52:49.0872 5096 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:52:49.0872 5096 ShellHWDetection - ok
14:52:49.0903 5096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:52:49.0903 5096 SiSRaid2 - ok
14:52:49.0903 5096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:52:49.0903 5096 SiSRaid4 - ok
14:52:49.0919 5096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:52:49.0919 5096 Smb - ok
14:52:49.0950 5096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:52:49.0950 5096 SNMPTRAP - ok
14:52:49.0966 5096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:52:49.0966 5096 spldr - ok
14:52:49.0997 5096 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:52:50.0012 5096 Spooler - ok
14:52:50.0122 5096 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:52:50.0137 5096 sppsvc - ok
14:52:50.0184 5096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:52:50.0184 5096 sppuinotify - ok
14:52:50.0231 5096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:52:50.0231 5096 srv - ok
14:52:50.0262 5096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:52:50.0262 5096 srv2 - ok
14:52:50.0309 5096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:50.0309 5096 srvnet - ok
14:52:50.0340 5096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:52:50.0340 5096 SSDPSRV - ok
14:52:50.0371 5096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:52:50.0371 5096 SstpSvc - ok
14:52:50.0387 5096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:52:50.0387 5096 stexstor - ok
14:52:50.0434 5096 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:52:50.0449 5096 stisvc - ok
14:52:50.0480 5096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:52:50.0480 5096 swenum - ok
14:52:50.0512 5096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:52:50.0527 5096 swprv - ok
14:52:50.0605 5096 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:52:50.0636 5096 SysMain - ok
14:52:50.0699 5096 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:52:50.0699 5096 TabletInputService - ok
14:52:50.0730 5096 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:52:50.0746 5096 TapiSrv - ok
14:52:50.0761 5096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:52:50.0761 5096 TBS - ok
14:52:50.0855 5096 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:52:50.0902 5096 Tcpip - ok
14:52:51.0011 5096 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:51.0011 5096 TCPIP6 - ok
14:52:51.0058 5096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:52:51.0058 5096 tcpipreg - ok
14:52:51.0089 5096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:52:51.0089 5096 TDPIPE - ok
14:52:51.0120 5096 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:52:51.0120 5096 TDTCP - ok
14:52:51.0136 5096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:52:51.0136 5096 tdx - ok
14:52:51.0167 5096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:52:51.0167 5096 TermDD - ok
14:52:51.0198 5096 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:52:51.0214 5096 TermService - ok
14:52:51.0229 5096 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:52:51.0229 5096 Themes - ok
14:52:51.0260 5096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:51.0260 5096 THREADORDER - ok
14:52:51.0276 5096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:52:51.0276 5096 TrkWks - ok
14:52:51.0338 5096 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:52:51.0338 5096 TrustedInstaller - ok
14:52:51.0354 5096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:51.0354 5096 tssecsrv - ok
14:52:51.0385 5096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:52:51.0385 5096 TsUsbFlt - ok
14:52:51.0416 5096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:51.0416 5096 tunnel - ok
14:52:51.0432 5096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:52:51.0432 5096 uagp35 - ok
14:52:51.0463 5096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:52:51.0463 5096 udfs - ok
14:52:51.0479 5096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:52:51.0479 5096 UI0Detect - ok
14:52:51.0510 5096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:52:51.0526 5096 uliagpkx - ok
14:52:51.0541 5096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:52:51.0541 5096 umbus - ok
14:52:51.0557 5096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:52:51.0557 5096 UmPass - ok
14:52:51.0572 5096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:52:51.0572 5096 upnphost - ok
14:52:51.0604 5096 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:52:51.0604 5096 usbaudio - ok
14:52:51.0619 5096 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:51.0619 5096 usbccgp - ok
14:52:51.0650 5096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:52:51.0650 5096 usbcir - ok
14:52:51.0666 5096 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:52:51.0666 5096 usbehci - ok
14:52:51.0697 5096 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:51.0697 5096 usbhub - ok
14:52:51.0713 5096 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:52:51.0713 5096 usbohci - ok
14:52:51.0728 5096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:52:51.0728 5096 usbprint - ok
14:52:51.0760 5096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:52:51.0760 5096 usbscan - ok
14:52:51.0775 5096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:51.0775 5096 USBSTOR - ok
14:52:51.0791 5096 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:52:51.0791 5096 usbuhci - ok
14:52:51.0806 5096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:52:51.0806 5096 UxSms - ok
14:52:51.0853 5096 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:51.0853 5096 VaultSvc - ok
14:52:51.0869 5096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:52:51.0869 5096 vdrvroot - ok
14:52:51.0916 5096 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:52:51.0931 5096 vds - ok
14:52:51.0931 5096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:51.0931 5096 vga - ok
14:52:51.0947 5096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:52:51.0947 5096 VgaSave - ok
14:52:51.0962 5096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:52:51.0978 5096 vhdmp - ok
14:52:51.0994 5096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:52:51.0994 5096 viaide - ok
14:52:52.0009 5096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:52:52.0009 5096 volmgr - ok
14:52:52.0040 5096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:52:52.0056 5096 volmgrx - ok
14:52:52.0072 5096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:52:52.0072 5096 volsnap - ok
14:52:52.0087 5096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:52:52.0087 5096 vsmraid - ok
14:52:52.0165 5096 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:52:52.0212 5096 VSS - ok
14:52:52.0274 5096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:52:52.0274 5096 vwifibus - ok
14:52:52.0368 5096 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
14:52:52.0384 5096 VX3000 - ok
14:52:52.0462 5096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:52:52.0477 5096 W32Time - ok
14:52:52.0493 5096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:52:52.0493 5096 WacomPen - ok
14:52:52.0540 5096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:52.0540 5096 WANARP - ok
14:52:52.0540 5096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:52.0540 5096 Wanarpv6 - ok
14:52:52.0633 5096 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:52.0649 5096 WatAdminSvc - ok
14:52:52.0696 5096 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:52:52.0711 5096 wbengine - ok
14:52:52.0758 5096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:52:52.0774 5096 WbioSrvc - ok
14:52:52.0805 5096 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:52:52.0805 5096 wcncsvc - ok
14:52:52.0820 5096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:52:52.0820 5096 WcsPlugInService - ok
14:52:52.0836 5096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:52:52.0836 5096 Wd - ok
14:52:52.0867 5096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:52:52.0883 5096 Wdf01000 - ok
14:52:52.0883 5096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:52.0898 5096 WdiServiceHost - ok
14:52:52.0898 5096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:52.0898 5096 WdiSystemHost - ok
14:52:52.0930 5096 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:52:52.0945 5096 WebClient - ok
14:52:52.0961 5096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:52:52.0961 5096 Wecsvc - ok
14:52:52.0976 5096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:52:52.0976 5096 wercplsupport - ok
14:52:53.0023 5096 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:52:53.0023 5096 WerSvc - ok
14:52:53.0039 5096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:53.0039 5096 WfpLwf - ok
14:52:53.0101 5096 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:52:53.0101 5096 WimFltr - ok
14:52:53.0117 5096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:52:53.0117 5096 WIMMount - ok
14:52:53.0148 5096 WinDefend - ok
14:52:53.0164 5096 WinHttpAutoProxySvc - ok
14:52:53.0210 5096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:52:53.0226 5096 Winmgmt - ok
14:52:53.0304 5096 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:52:53.0351 5096 WinRM - ok
14:52:53.0429 5096 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:52:53.0429 5096 WinUsb - ok
14:52:53.0476 5096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:52:53.0491 5096 Wlansvc - ok
14:52:53.0491 5096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:52:53.0491 5096 WmiAcpi - ok
14:52:53.0522 5096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:53.0522 5096 wmiApSrv - ok
14:52:53.0538 5096 WMPNetworkSvc - ok
14:52:53.0554 5096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:52:53.0554 5096 WPCSvc - ok
14:52:53.0585 5096 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:52:53.0585 5096 WPDBusEnum - ok
14:52:53.0616 5096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:53.0616 5096 ws2ifsl - ok
14:52:53.0663 5096 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:52:53.0663 5096 wscsvc - ok
14:52:53.0678 5096 WSearch - ok
14:52:53.0772 5096 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:52:53.0834 5096 wuauserv - ok
14:52:53.0912 5096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:52:53.0912 5096 WudfPf - ok
14:52:53.0944 5096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:53.0944 5096 WUDFRd - ok
14:52:53.0959 5096 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:52:53.0959 5096 wudfsvc - ok
14:52:53.0975 5096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:52:53.0990 5096 WwanSvc - ok
14:52:54.0006 5096 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
14:52:54.0396 5096 \Device\Harddisk0\DR0 - ok
14:52:54.0396 5096 Boot (0x1200) (a0fef1f91b6cb298107f827107b44b08) \Device\Harddisk0\DR0\Partition0
14:52:54.0396 5096 \Device\Harddisk0\DR0\Partition0 - ok
14:52:54.0412 5096 Boot (0x1200) (d6b4331288d4144a3ccc9c186018a48e) \Device\Harddisk0\DR0\Partition1
14:52:54.0412 5096 \Device\Harddisk0\DR0\Partition1 - ok
14:52:54.0412 5096 ============================================================
14:52:54.0412 5096 Scan finished
14:52:54.0412 5096 ============================================================
14:52:54.0412 4892 Detected object count: 0
14:52:54.0412 4892 Actual detected object count: 0

#11 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 July 2012 - 02:05 PM

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 14:55:22
-----------------------------
14:55:22.429 OS Version: Windows x64 6.1.7601 Service Pack 1
14:55:22.429 Number of processors: 4 586 0x2505
14:55:22.429 ComputerName: CHOATEMAINPC UserName: Choate
14:55:26.657 Initialize success
14:56:29.359 AVAST engine defs: 12070400
14:56:47.174 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:56:47.174 Disk 0 Vendor: ST3750528AS CC46 Size: 715404MB BusType: 3
14:56:47.190 Disk 0 MBR read successfully
14:56:47.190 Disk 0 MBR scan
14:56:47.205 Disk 0 Windows VISTA default MBR code
14:56:47.205 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:56:47.236 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11718 MB offset 81920
14:56:47.283 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703645 MB offset 24080384
14:56:47.346 Disk 0 scanning C:\Windows\system32\drivers
14:56:59.701 Service scanning
14:57:20.886 Modules scanning
14:57:20.886 Disk 0 trace - called modules:
14:57:20.917 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:57:20.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006478060]
14:57:21.244 3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa80061f6520]
14:57:21.244 5 ACPI.sys[fffff88000f117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061f8060]
14:57:22.945 AVAST engine scan C:\Windows
14:57:27.360 AVAST engine scan C:\Windows\system32
15:00:55.058 AVAST engine scan C:\Windows\system32\drivers
15:01:08.022 AVAST engine scan C:\Users\Choate
15:03:20.435 Disk 0 MBR has been saved successfully to "C:\Users\Choate\Desktop\MBR.dat"
15:03:20.451 The log file has been saved successfully to "C:\Users\Choate\Desktop\aswMBR.txt"

#12 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 July 2012 - 02:08 PM

I may have copied aswMBR log too soon. I am running again and will copy it in on my next post.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 04 July 2012 - 02:21 PM

OK I will wait for the next report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 July 2012 - 02:26 PM

It finished this time.

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 14:55:22
-----------------------------
14:55:22.429 OS Version: Windows x64 6.1.7601 Service Pack 1
14:55:22.429 Number of processors: 4 586 0x2505
14:55:22.429 ComputerName: CHOATEMAINPC UserName: Choate
14:55:26.657 Initialize success
14:56:29.359 AVAST engine defs: 12070400
14:56:47.174 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:56:47.174 Disk 0 Vendor: ST3750528AS CC46 Size: 715404MB BusType: 3
14:56:47.190 Disk 0 MBR read successfully
14:56:47.190 Disk 0 MBR scan
14:56:47.205 Disk 0 Windows VISTA default MBR code
14:56:47.205 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:56:47.236 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11718 MB offset 81920
14:56:47.283 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703645 MB offset 24080384
14:56:47.346 Disk 0 scanning C:\Windows\system32\drivers
14:56:59.701 Service scanning
14:57:20.886 Modules scanning
14:57:20.886 Disk 0 trace - called modules:
14:57:20.917 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:57:20.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006478060]
14:57:21.244 3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa80061f6520]
14:57:21.244 5 ACPI.sys[fffff88000f117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061f8060]
14:57:22.945 AVAST engine scan C:\Windows
14:57:27.360 AVAST engine scan C:\Windows\system32
15:00:55.058 AVAST engine scan C:\Windows\system32\drivers
15:01:08.022 AVAST engine scan C:\Users\Choate
15:03:20.435 Disk 0 MBR has been saved successfully to "C:\Users\Choate\Desktop\MBR.dat"
15:03:20.451 The log file has been saved successfully to "C:\Users\Choate\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 15:07:25
-----------------------------
15:07:25.480 OS Version: Windows x64 6.1.7601 Service Pack 1
15:07:25.480 Number of processors: 4 586 0x2505
15:07:25.480 ComputerName: CHOATEMAINPC UserName: Choate
15:07:26.806 Initialize success
15:07:30.738 AVAST engine defs: 12070400
15:07:37.352 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:07:37.352 Disk 0 Vendor: ST3750528AS CC46 Size: 715404MB BusType: 3
15:07:37.383 Disk 0 MBR read successfully
15:07:37.383 Disk 0 MBR scan
15:07:37.383 Disk 0 Windows VISTA default MBR code
15:07:37.383 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:07:37.414 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11718 MB offset 81920
15:07:37.446 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703645 MB offset 24080384
15:07:37.508 Disk 0 scanning C:\Windows\system32\drivers
15:07:50.066 Service scanning
15:08:11.293 Modules scanning
15:08:11.293 Disk 0 trace - called modules:
15:08:11.324 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:08:11.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006478060]
15:08:11.652 3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa80061f6520]
15:08:11.652 5 ACPI.sys[fffff88000f117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061f8060]
15:08:13.914 AVAST engine scan C:\Windows
15:08:18.064 AVAST engine scan C:\Windows\system32
15:12:04.431 AVAST engine scan C:\Windows\system32\drivers
15:12:17.769 AVAST engine scan C:\Users\Choate
15:23:16.324 AVAST engine scan C:\ProgramData
15:25:05.136 Scan finished successfully
15:25:19.504 Disk 0 MBR has been saved successfully to "C:\Users\Choate\Desktop\MBR.dat"
15:25:19.519 The log file has been saved successfully to "C:\Users\Choate\Desktop\aswMBR.txt"

#15 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 July 2012 - 02:33 PM

Redirecting has seemed to gone away but there is still a problem with Ads (AdChoices) and when we are in Explorer and click on a website to view an Adobe file (.pdf) we get "Internet Explorer has stopped working - Windows checking for a solution". Then the window appears "Internet Explorer has stopped working - A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available"

This happens 3 straight times and then nothing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users