Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE & Firefox Redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 rburgquist

rburgquist

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 25 July 2012 - 06:56 PM

Over the past couple of weeks Firefox (14.0.1) has been taking a long time to open. Probably close to a full minute after clicking to open it. I have also noticed that Yahoo search results are being redirected to different pages. I tried Internet Explorer (8.0) and it opens up right away, but some search results are also getting redirected. I regularly use McAfee version 11.0 and the scans aren't finding anything.

I previously had an redirect problem with just Firefox, however; it ended Performance Cache 1.0 which I just had to disable.

Any help would be appreciated.

Thanks,
Ryan

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 25 July 2012 - 09:47 PM

Hello rburgquist
Are you on a router? Are other machines on it,if so are they redirecting?

Lets do a few things and see if we get this.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



se download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on [color=blue]Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 26 July 2012 - 06:06 PM

I am on a wireless router, but I haven't been able to check another computer yet. TDSSKiller didn't find anything, but Malwarebytes did find and remove a few things. It had me reboot my computer afterwards. I have tested Firefox a bit and haven't been redirected since running Malwarebytes. Firefox is still taking a long time to open up, but my main concern was the redirect. Here are the results from the three programs:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Ryan (administrator) on 26-07-2012 at 06:15:40
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled mldversion=version2


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ryan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 68-A3-C4-58-6A-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::19bf:b92a:750e:929d%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 25, 2012 5:50:08 PM
Lease Expires . . . . . . . . . . : Friday, July 27, 2012 6:09:17 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 325624772
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-16-98-EC-B8-70-F4-04-2C-47
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : B8-70-F4-04-2C-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:388e:113e:b30a:fb83(Preferred)
Link-local IPv6 Address . . . . . : fe80::388e:113e:b30a:fb83%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{74B483DB-68E8-48FA-B9DB-44BEF211CF6C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4009:801::1007
74.125.225.65
74.125.225.66
74.125.225.67
74.125.225.68
74.125.225.69
74.125.225.70
74.125.225.71
74.125.225.72
74.125.225.73
74.125.225.78
74.125.225.64


Pinging google.com [74.125.225.66] with 32 bytes of data:
Reply from 74.125.225.66: bytes=32 time=231ms TTL=53
Reply from 74.125.225.66: bytes=32 time=6ms TTL=53

Ping statistics for 74.125.225.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 231ms, Average = 118ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=294ms TTL=48
Reply from 98.139.183.24: bytes=32 time=148ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 148ms, Maximum = 294ms, Average = 221ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...68 a3 c4 58 6a 40 ......Atheros AR9285 Wireless Network Adapter
10...b8 70 f4 04 2c 47 ......Atheros AR8152 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 281
192.168.1.67 255.255.255.255 On-link 192.168.1.67 281
192.168.1.255 255.255.255.255 On-link 192.168.1.67 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:388e:113e:b30a:fb83/128
On-link
12 281 fe80::/64 On-link
14 306 fe80::/64 On-link
12 281 fe80::19bf:b92a:750e:929d/128
On-link
14 306 fe80::388e:113e:b30a:fb83/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/21/2012 08:49:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 10.5.0.142, time stamp: 0x4e9243f2
Faulting module name: drrisiiv.dll, version: 3.0.1.0, time stamp: 0x3c167207
Exception code: 0xc000041d
Fault offset: 0x00021970
Faulting process id: 0x524
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (07/21/2012 08:48:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 10.5.0.142, time stamp: 0x4e9243f2
Faulting module name: drrisiiv.dll, version: 3.0.1.0, time stamp: 0x3c167207
Exception code: 0xc0000005
Fault offset: 0x00021970
Faulting process id: 0x524
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (07/21/2012 08:17:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/19/2012 10:20:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 10.5.0.142, time stamp: 0x4e9243f2
Faulting module name: drrisiiv.dll, version: 3.0.1.0, time stamp: 0x3c167207
Exception code: 0xc000041d
Fault offset: 0x00021970
Faulting process id: 0x10ac
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (07/19/2012 10:20:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 10.5.0.142, time stamp: 0x4e9243f2
Faulting module name: drrisiiv.dll, version: 3.0.1.0, time stamp: 0x3c167207
Exception code: 0xc0000005
Fault offset: 0x00021970
Faulting process id: 0x91c
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (07/19/2012 10:09:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 10.5.0.142, time stamp: 0x4e9243f2
Faulting module name: drrisiiv.dll, version: 3.0.1.0, time stamp: 0x3c167207
Exception code: 0xc0000005
Fault offset: 0x00021970
Faulting process id: 0x10ac
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (07/19/2012 06:13:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31083838

Error: (07/19/2012 06:13:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31083838

Error: (07/19/2012 06:13:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/18/2012 09:35:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16551


System errors:
=============
Error: (07/25/2012 05:52:46 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/24/2012 08:41:02 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/20/2012 10:39:55 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/20/2012 06:13:08 AM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/19/2012 09:48:39 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/18/2012 06:54:40 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/18/2012 06:50:39 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:45:46 AM on ?7/?18/?2012 was unexpected.

Error: (07/17/2012 07:31:21 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/17/2012 07:01:16 AM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (07/16/2012 07:15:52 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.5.0.7220)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.26)
ATI Catalyst Install Manager (Version: 3.0.786.0)
Best Buy pc app (Version: 3.1.1.0)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
Bonjour (Version: 3.0.0.10)
BookSmartŪ 3.0.4 3.0.4
calibre (Version: 0.8.44)
Catalyst Control Center Graphics Previews Common (Version: 2010.0719.1349.22889)
Catalyst Control Center InstallProxy (Version: 2010.0719.1349.22889)
Catalyst Control Center Localization All (Version: 2010.0719.1349.22889)
ccc-core-static (Version: 2010.0719.1349.22889)
ccc-utility64 (Version: 2010.0719.1349.22889)
CCC Help Chinese Standard (Version: 2010.0719.1348.22889)
CCC Help Chinese Traditional (Version: 2010.0719.1348.22889)
CCC Help Czech (Version: 2010.0719.1348.22889)
CCC Help Danish (Version: 2010.0719.1348.22889)
CCC Help Dutch (Version: 2010.0719.1348.22889)
CCC Help English (Version: 2010.0719.1348.22889)
CCC Help Finnish (Version: 2010.0719.1348.22889)
CCC Help French (Version: 2010.0719.1348.22889)
CCC Help German (Version: 2010.0719.1348.22889)
CCC Help Greek (Version: 2010.0719.1348.22889)
CCC Help Hungarian (Version: 2010.0719.1348.22889)
CCC Help Italian (Version: 2010.0719.1348.22889)
CCC Help Japanese (Version: 2010.0719.1348.22889)
CCC Help Korean (Version: 2010.0719.1348.22889)
CCC Help Norwegian (Version: 2010.0719.1348.22889)
CCC Help Polish (Version: 2010.0719.1348.22889)
CCC Help Portuguese (Version: 2010.0719.1348.22889)
CCC Help Russian (Version: 2010.0719.1348.22889)
CCC Help Spanish (Version: 2010.0719.1348.22889)
CCC Help Swedish (Version: 2010.0719.1348.22889)
CCC Help Thai (Version: 2010.0719.1348.22889)
CCC Help Turkish (Version: 2010.0719.1348.22889)
CyberLink YouCam (Version: 3.0.2626)
D3DX10 (Version: 15.4.2368.0902)
DraftDominator Version 12.0e
Energy Management (Version: 5.4.1.9)
FitLive 1.2.00
Google SketchUp 8 (Version: 3.0.11752)
HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 31 (Version: 6.0.310)
KBPD 2 Student (Version: 1.2)
KBPD 2.0 Word Add-In (Version: 1.3.0)
KeyChamp 2.0 (Version: 2.03.00)
Lenovo DirectShare (Version: 1.0.1.38)
Lenovo EasyCamera (Version: 6.96.2018.21)
Lenovo Games Console (Version: 0.38.389.2)
Lenovo OneKey Recovery (Version: 7.0.1230)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Lenovo_Wireless_Driver (Version: 1.02.01)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SecurityCenter (Version: 11.0.678)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 140.0.215.000)
Onekey Theater (Version: 2.0.1.7)
Power2Go (Version: 5.6.0.4809d4)
PowerXpressHybrid (Version: 1.00.0000)
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.6184)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30116)
Remote Control USB Driver (Version: 2.3.2.317)
Respondus LockDown Browser (Version: 1.02.0001)
Scan (Version: 140.0.80.000)
Synaptics Pointing Device Driver (Version: 15.0.2.0)
Toolbox (Version: 140.0.428.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2810.9 MB
Available physical RAM: 1546.6 MB
Total Pagefile: 5619.99 MB
Available Pagefile: 3934.75 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.33 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:254.14 GB) (Free:184.59 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.09 GB) NTFS

========================= Users: ========================================

User accounts for \\RYAN-PC

Administrator Guest Ryan


**** End of log ****

#4 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 26 July 2012 - 06:08 PM

06:26:06.0109 7728 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
06:26:07.0219 7728 ============================================================
06:26:07.0219 7728 Current date / time: 2012/07/26 06:26:07.0219
06:26:07.0219 7728 SystemInfo:
06:26:07.0219 7728
06:26:07.0219 7728 OS Version: 6.1.7601 ServicePack: 1.0
06:26:07.0219 7728 Product type: Workstation
06:26:07.0219 7728 ComputerName: RYAN-PC
06:26:07.0219 7728 UserName: Ryan
06:26:07.0219 7728 Windows directory: C:\windows
06:26:07.0219 7728 System windows directory: C:\windows
06:26:07.0219 7728 Running under WOW64
06:26:07.0219 7728 Processor architecture: Intel x64
06:26:07.0219 7728 Number of processors: 2
06:26:07.0219 7728 Page size: 0x1000
06:26:07.0219 7728 Boot type: Normal boot
06:26:07.0219 7728 ============================================================
06:26:09.0666 7728 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:26:09.0666 7728 ============================================================
06:26:09.0666 7728 \Device\Harddisk0\DR0:
06:26:09.0666 7728 MBR partitions:
06:26:09.0666 7728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
06:26:09.0666 7728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
06:26:09.0697 7728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
06:26:09.0697 7728 ============================================================
06:26:09.0838 7728 C: <-> \Device\Harddisk0\DR0\Partition1
06:26:09.0916 7728 D: <-> \Device\Harddisk0\DR0\Partition2
06:26:09.0994 7728 ============================================================
06:26:09.0994 7728 Initialize success
06:26:09.0994 7728 ============================================================
06:26:26.0514 7888 ============================================================
06:26:26.0514 7888 Scan started
06:26:26.0514 7888 Mode: Manual;
06:26:26.0514 7888 ============================================================
06:26:27.0996 7888 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
06:26:28.0199 7888 1394ohci - ok
06:26:28.0261 7888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
06:26:28.0324 7888 ACPI - ok
06:26:28.0355 7888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
06:26:28.0402 7888 AcpiPmi - ok
06:26:28.0522 7888 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
06:26:28.0609 7888 ACPIVPC - ok
06:26:28.0817 7888 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:26:28.0880 7888 AdobeARMservice - ok
06:26:28.0973 7888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
06:26:28.0989 7888 adp94xx - ok
06:26:29.0036 7888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
06:26:29.0051 7888 adpahci - ok
06:26:29.0082 7888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
06:26:29.0082 7888 adpu320 - ok
06:26:29.0114 7888 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
06:26:29.0129 7888 AeLookupSvc - ok
06:26:29.0207 7888 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
06:26:29.0270 7888 AFD - ok
06:26:29.0316 7888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
06:26:29.0332 7888 agp440 - ok
06:26:29.0379 7888 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
06:26:29.0394 7888 ALG - ok
06:26:29.0441 7888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
06:26:29.0457 7888 aliide - ok
06:26:29.0519 7888 AMD External Events Utility (5d39a8a3c5f1af5a8c91ce0658314664) C:\windows\system32\atiesrxx.exe
06:26:29.0613 7888 AMD External Events Utility - ok
06:26:29.0675 7888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
06:26:29.0675 7888 amdide - ok
06:26:29.0722 7888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
06:26:29.0722 7888 AmdK8 - ok
06:26:30.0112 7888 amdkmdag (59a119e7ae39a95755bb1c0e889c7fad) C:\windows\system32\DRIVERS\atikmdag.sys
06:26:30.0549 7888 amdkmdag - ok
06:26:30.0736 7888 amdkmdap (dc746fe518c2e63db4c8954772fa4f71) C:\windows\system32\DRIVERS\atikmpag.sys
06:26:30.0845 7888 amdkmdap - ok
06:26:30.0908 7888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
06:26:30.0908 7888 AmdPPM - ok
06:26:30.0970 7888 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
06:26:31.0079 7888 amdsata - ok
06:26:31.0126 7888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
06:26:31.0142 7888 amdsbs - ok
06:26:31.0173 7888 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
06:26:31.0235 7888 amdxata - ok
06:26:31.0298 7888 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
06:26:31.0344 7888 AppID - ok
06:26:31.0376 7888 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
06:26:31.0376 7888 AppIDSvc - ok
06:26:31.0422 7888 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
06:26:31.0422 7888 Appinfo - ok
06:26:31.0516 7888 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:26:31.0610 7888 Apple Mobile Device - ok
06:26:31.0672 7888 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
06:26:31.0672 7888 arc - ok
06:26:31.0688 7888 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
06:26:31.0703 7888 arcsas - ok
06:26:31.0781 7888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
06:26:31.0781 7888 AsyncMac - ok
06:26:31.0844 7888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
06:26:31.0844 7888 atapi - ok
06:26:32.0031 7888 athr (cca705cdf038d5bc243203ce4416b345) C:\windows\system32\DRIVERS\athrx.sys
06:26:32.0156 7888 athr - ok
06:26:32.0327 7888 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\windows\system32\drivers\AtihdW76.sys
06:26:32.0405 7888 AtiHDAudioService - ok
06:26:32.0421 7888 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\windows\system32\DRIVERS\AtiPcie64.sys
06:26:32.0468 7888 AtiPcie - ok
06:26:32.0561 7888 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
06:26:32.0592 7888 AudioEndpointBuilder - ok
06:26:32.0592 7888 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
06:26:32.0608 7888 AudioSrv - ok
06:26:32.0686 7888 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
06:26:32.0780 7888 AxInstSV - ok
06:26:33.0029 7888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
06:26:33.0060 7888 b06bdrv - ok
06:26:33.0107 7888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
06:26:33.0138 7888 b57nd60a - ok
06:26:33.0185 7888 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
06:26:33.0201 7888 BDESVC - ok
06:26:33.0232 7888 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
06:26:33.0248 7888 Beep - ok
06:26:33.0341 7888 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
06:26:33.0404 7888 BFE - ok
06:26:33.0497 7888 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
06:26:33.0653 7888 BITS - ok
06:26:33.0747 7888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
06:26:33.0762 7888 blbdrive - ok
06:26:33.0918 7888 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:26:33.0918 7888 Bonjour Service - ok
06:26:33.0981 7888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
06:26:34.0059 7888 bowser - ok
06:26:34.0090 7888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
06:26:34.0090 7888 BrFiltLo - ok
06:26:34.0106 7888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
06:26:34.0106 7888 BrFiltUp - ok
06:26:34.0168 7888 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
06:26:34.0277 7888 Bridge0 - ok
06:26:34.0308 7888 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
06:26:34.0308 7888 Browser - ok
06:26:34.0371 7888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
06:26:34.0402 7888 Brserid - ok
06:26:34.0418 7888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
06:26:34.0418 7888 BrSerWdm - ok
06:26:34.0433 7888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
06:26:34.0433 7888 BrUsbMdm - ok
06:26:34.0449 7888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
06:26:34.0449 7888 BrUsbSer - ok
06:26:34.0496 7888 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
06:26:34.0496 7888 BthEnum - ok
06:26:34.0511 7888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
06:26:34.0511 7888 BTHMODEM - ok
06:26:34.0527 7888 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
06:26:34.0527 7888 BthPan - ok
06:26:34.0605 7888 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
06:26:34.0683 7888 BTHPORT - ok
06:26:34.0730 7888 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
06:26:34.0730 7888 bthserv - ok
06:26:34.0745 7888 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
06:26:34.0792 7888 BTHUSB - ok
06:26:34.0964 7888 Cam5607 (27c684d57a49dab19bce9d69529e8be7) C:\windows\system32\Drivers\BisonC07.sys
06:26:35.0088 7888 Cam5607 - ok
06:26:35.0120 7888 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
06:26:35.0135 7888 cdfs - ok
06:26:35.0198 7888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
06:26:35.0276 7888 cdrom - ok
06:26:35.0322 7888 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
06:26:35.0400 7888 CertPropSvc - ok
06:26:35.0447 7888 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
06:26:35.0541 7888 cfwids - ok
06:26:35.0572 7888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
06:26:35.0588 7888 circlass - ok
06:26:35.0650 7888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
06:26:35.0728 7888 CLFS - ok
06:26:35.0837 7888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:26:35.0853 7888 clr_optimization_v2.0.50727_32 - ok
06:26:35.0900 7888 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:26:35.0915 7888 clr_optimization_v2.0.50727_64 - ok
06:26:35.0993 7888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:26:36.0118 7888 clr_optimization_v4.0.30319_32 - ok
06:26:36.0149 7888 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:26:36.0212 7888 clr_optimization_v4.0.30319_64 - ok
06:26:36.0258 7888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
06:26:36.0258 7888 CmBatt - ok
06:26:36.0290 7888 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
06:26:36.0305 7888 cmdide - ok
06:26:36.0383 7888 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
06:26:36.0461 7888 CNG - ok
06:26:36.0477 7888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
06:26:36.0477 7888 Compbatt - ok
06:26:36.0539 7888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
06:26:36.0617 7888 CompositeBus - ok
06:26:36.0633 7888 COMSysApp - ok
06:26:36.0664 7888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
06:26:36.0680 7888 crcdisk - ok
06:26:36.0742 7888 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
06:26:36.0742 7888 CryptSvc - ok
06:26:36.0882 7888 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
06:26:36.0898 7888 DcomLaunch - ok
06:26:36.0976 7888 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
06:26:36.0992 7888 defragsvc - ok
06:26:37.0054 7888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
06:26:37.0132 7888 DfsC - ok
06:26:37.0194 7888 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
06:26:37.0210 7888 Dhcp - ok
06:26:37.0241 7888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
06:26:37.0241 7888 discache - ok
06:26:37.0288 7888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
06:26:37.0304 7888 Disk - ok
06:26:37.0335 7888 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
06:26:37.0350 7888 Dnscache - ok
06:26:37.0413 7888 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
06:26:37.0460 7888 dot3svc - ok
06:26:37.0506 7888 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
06:26:37.0522 7888 Dot4 - ok
06:26:37.0553 7888 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
06:26:37.0600 7888 Dot4Print - ok
06:26:37.0647 7888 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
06:26:37.0662 7888 dot4usb - ok
06:26:37.0740 7888 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
06:26:37.0818 7888 DPS - ok
06:26:37.0850 7888 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
06:26:37.0850 7888 drmkaud - ok
06:26:37.0959 7888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
06:26:38.0037 7888 DXGKrnl - ok
06:26:38.0099 7888 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
06:26:38.0099 7888 EapHost - ok
06:26:38.0286 7888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
06:26:38.0411 7888 ebdrv - ok
06:26:38.0552 7888 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
06:26:38.0567 7888 EFS - ok
06:26:38.0692 7888 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
06:26:38.0786 7888 ehRecvr - ok
06:26:38.0817 7888 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
06:26:38.0832 7888 ehSched - ok
06:26:38.0942 7888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
06:26:38.0973 7888 elxstor - ok
06:26:39.0004 7888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
06:26:39.0020 7888 ErrDev - ok
06:26:39.0098 7888 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
06:26:39.0113 7888 EventSystem - ok
06:26:39.0160 7888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
06:26:39.0176 7888 exfat - ok
06:26:39.0207 7888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
06:26:39.0238 7888 fastfat - ok
06:26:39.0347 7888 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
06:26:39.0441 7888 Fax - ok
06:26:39.0456 7888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
06:26:39.0456 7888 fdc - ok
06:26:39.0488 7888 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
06:26:39.0488 7888 fdPHost - ok
06:26:39.0488 7888 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
06:26:39.0503 7888 FDResPub - ok
06:26:39.0503 7888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
06:26:39.0519 7888 FileInfo - ok
06:26:39.0534 7888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
06:26:39.0534 7888 Filetrace - ok
06:26:39.0550 7888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
06:26:39.0550 7888 flpydisk - ok
06:26:39.0628 7888 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
06:26:39.0628 7888 FltMgr - ok
06:26:39.0768 7888 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
06:26:39.0831 7888 FontCache - ok
06:26:39.0909 7888 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:26:39.0987 7888 FontCache3.0.0.0 - ok
06:26:40.0065 7888 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
06:26:40.0080 7888 FsDepends - ok
06:26:40.0127 7888 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
06:26:40.0221 7888 Fs_Rec - ok
06:26:40.0283 7888 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
06:26:40.0377 7888 fvevol - ok
06:26:40.0408 7888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
06:26:40.0408 7888 gagp30kx - ok
06:26:40.0455 7888 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
06:26:40.0548 7888 GEARAspiWDM - ok
06:26:40.0642 7888 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
06:26:40.0673 7888 gpsvc - ok
06:26:40.0689 7888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
06:26:40.0689 7888 hcw85cir - ok
06:26:40.0782 7888 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
06:26:40.0876 7888 HdAudAddService - ok
06:26:40.0923 7888 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
06:26:41.0001 7888 HDAudBus - ok
06:26:41.0032 7888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
06:26:41.0032 7888 HidBatt - ok
06:26:41.0048 7888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
06:26:41.0063 7888 HidBth - ok
06:26:41.0079 7888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
06:26:41.0079 7888 HidIr - ok
06:26:41.0110 7888 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
06:26:41.0110 7888 hidserv - ok
06:26:41.0172 7888 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
06:26:41.0250 7888 HidUsb - ok
06:26:41.0328 7888 hitmanpro35 (461f1ca9b00f7142480c21a22efa7288) C:\windows\system32\drivers\hitmanpro36.sys
06:26:41.0422 7888 hitmanpro35 - ok
06:26:41.0453 7888 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
06:26:41.0500 7888 hkmsvc - ok
06:26:41.0547 7888 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
06:26:41.0594 7888 HomeGroupListener - ok
06:26:41.0672 7888 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
06:26:41.0718 7888 HomeGroupProvider - ok
06:26:41.0796 7888 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
06:26:41.0874 7888 HpSAMD - ok
06:26:42.0140 7888 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
06:26:42.0218 7888 HPSLPSVC - ok
06:26:42.0327 7888 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
06:26:42.0389 7888 HTTP - ok
06:26:42.0420 7888 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
06:26:42.0467 7888 hwpolicy - ok
06:26:42.0514 7888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
06:26:42.0545 7888 i8042prt - ok
06:26:42.0639 7888 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
06:26:42.0717 7888 iaStorV - ok
06:26:42.0873 7888 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:26:42.0982 7888 idsvc - ok
06:26:43.0310 7888 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
06:26:43.0450 7888 igfx - ok
06:26:43.0559 7888 IGRS (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
06:26:43.0668 7888 IGRS - ok
06:26:43.0793 7888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
06:26:43.0809 7888 iirsp - ok
06:26:43.0918 7888 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
06:26:43.0934 7888 IKEEXT - ok
06:26:44.0168 7888 IntcAzAudAddService (72190080ab7d7d876f4210a048a0a892) C:\windows\system32\drivers\RTKVHD64.sys
06:26:44.0308 7888 IntcAzAudAddService - ok
06:26:44.0448 7888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
06:26:44.0448 7888 intelide - ok
06:26:44.0511 7888 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
06:26:44.0526 7888 intelppm - ok
06:26:44.0558 7888 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
06:26:44.0573 7888 IPBusEnum - ok
06:26:44.0636 7888 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
06:26:44.0698 7888 IpFilterDriver - ok
06:26:44.0776 7888 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
06:26:44.0792 7888 iphlpsvc - ok
06:26:44.0838 7888 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
06:26:44.0901 7888 IPMIDRV - ok
06:26:44.0932 7888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
06:26:44.0932 7888 IPNAT - ok
06:26:45.0088 7888 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
06:26:45.0166 7888 iPod Service - ok
06:26:45.0197 7888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
06:26:45.0213 7888 IRENUM - ok
06:26:45.0244 7888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
06:26:45.0244 7888 isapnp - ok
06:26:45.0306 7888 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
06:26:45.0384 7888 iScsiPrt - ok
06:26:45.0462 7888 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
06:26:45.0478 7888 k57nd60a - ok
06:26:45.0525 7888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
06:26:45.0540 7888 kbdclass - ok
06:26:45.0603 7888 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
06:26:45.0696 7888 kbdhid - ok
06:26:45.0743 7888 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:26:45.0743 7888 KeyIso - ok
06:26:45.0790 7888 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
06:26:45.0852 7888 KSecDD - ok
06:26:45.0899 7888 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
06:26:45.0977 7888 KSecPkg - ok
06:26:46.0024 7888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
06:26:46.0024 7888 ksthunk - ok
06:26:46.0102 7888 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
06:26:46.0133 7888 KtmRm - ok
06:26:46.0211 7888 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
06:26:46.0274 7888 L1C - ok
06:26:46.0336 7888 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
06:26:46.0352 7888 LanmanServer - ok
06:26:46.0414 7888 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
06:26:46.0445 7888 LanmanWorkstation - ok
06:26:46.0617 7888 Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
06:26:46.0710 7888 Lenovo ReadyComm AppSvc - ok
06:26:46.0773 7888 Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
06:26:46.0835 7888 Lenovo ReadyComm ConnSvc - ok
06:26:46.0929 7888 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
06:26:47.0022 7888 LHDmgr - ok
06:26:47.0069 7888 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
06:26:47.0085 7888 lltdio - ok
06:26:47.0132 7888 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
06:26:47.0147 7888 lltdsvc - ok
06:26:47.0163 7888 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
06:26:47.0178 7888 lmhosts - ok
06:26:47.0225 7888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
06:26:47.0241 7888 LSI_FC - ok
06:26:47.0256 7888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
06:26:47.0256 7888 LSI_SAS - ok
06:26:47.0272 7888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
06:26:47.0272 7888 LSI_SAS2 - ok
06:26:47.0288 7888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
06:26:47.0288 7888 LSI_SCSI - ok
06:26:47.0319 7888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
06:26:47.0334 7888 luafv - ok
06:26:47.0459 7888 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
06:26:47.0475 7888 McAfee SiteAdvisor Service - ok
06:26:47.0615 7888 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
06:26:47.0662 7888 McComponentHostService - ok
06:26:47.0662 7888 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
06:26:47.0678 7888 McMPFSvc - ok
06:26:47.0709 7888 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
06:26:47.0709 7888 mcmscsvc - ok
06:26:47.0724 7888 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
06:26:47.0724 7888 McNaiAnn - ok
06:26:47.0740 7888 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
06:26:47.0740 7888 McNASvc - ok
06:26:47.0849 7888 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
06:26:47.0865 7888 McODS - ok
06:26:47.0896 7888 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
06:26:47.0896 7888 McProxy - ok
06:26:48.0005 7888 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
06:26:48.0005 7888 McShield - ok
06:26:48.0192 7888 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
06:26:48.0255 7888 Mcx2Svc - ok
06:26:48.0286 7888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
06:26:48.0286 7888 megasas - ok
06:26:48.0317 7888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
06:26:48.0317 7888 MegaSR - ok
06:26:48.0380 7888 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
06:26:48.0473 7888 mfeapfk - ok
06:26:48.0551 7888 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
06:26:48.0629 7888 mfeavfk - ok
06:26:48.0676 7888 mfeavfk01 - ok
06:26:48.0738 7888 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
06:26:48.0754 7888 mfefire - ok
06:26:48.0848 7888 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
06:26:48.0957 7888 mfefirek - ok
06:26:49.0035 7888 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
06:26:49.0160 7888 mfehidk - ok
06:26:49.0191 7888 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
06:26:49.0284 7888 mfenlfk - ok
06:26:49.0331 7888 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
06:26:49.0378 7888 mferkdet - ok
06:26:49.0440 7888 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\windows\system32\mfevtps.exe
06:26:49.0518 7888 mfevtp - ok
06:26:49.0565 7888 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
06:26:49.0612 7888 mfewfpk - ok
06:26:49.0815 7888 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:26:49.0893 7888 Microsoft Office Groove Audit Service - ok
06:26:49.0940 7888 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
06:26:49.0940 7888 MMCSS - ok
06:26:49.0971 7888 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
06:26:49.0986 7888 Modem - ok
06:26:50.0002 7888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
06:26:50.0018 7888 monitor - ok
06:26:50.0064 7888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
06:26:50.0080 7888 mouclass - ok
06:26:50.0142 7888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
06:26:50.0158 7888 mouhid - ok
06:26:50.0189 7888 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
06:26:50.0252 7888 mountmgr - ok
06:26:50.0330 7888 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:26:50.0423 7888 MozillaMaintenance - ok
06:26:50.0470 7888 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
06:26:50.0532 7888 mpio - ok
06:26:50.0564 7888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
06:26:50.0579 7888 mpsdrv - ok
06:26:50.0688 7888 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
06:26:50.0751 7888 MpsSvc - ok
06:26:50.0798 7888 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
06:26:50.0907 7888 MRxDAV - ok
06:26:50.0938 7888 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
06:26:50.0985 7888 mrxsmb - ok
06:26:51.0047 7888 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
06:26:51.0110 7888 mrxsmb10 - ok
06:26:51.0125 7888 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
06:26:51.0172 7888 mrxsmb20 - ok
06:26:51.0203 7888 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
06:26:51.0250 7888 msahci - ok
06:26:51.0281 7888 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
06:26:51.0344 7888 msdsm - ok
06:26:51.0390 7888 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
06:26:51.0422 7888 MSDTC - ok
06:26:51.0468 7888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
06:26:51.0468 7888 Msfs - ok
06:26:51.0484 7888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
06:26:51.0484 7888 mshidkmdf - ok
06:26:51.0515 7888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
06:26:51.0515 7888 msisadrv - ok
06:26:51.0593 7888 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
06:26:51.0671 7888 MSiSCSI - ok
06:26:51.0671 7888 msiserver - ok
06:26:51.0749 7888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
06:26:51.0765 7888 MSKSSRV - ok
06:26:51.0780 7888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
06:26:51.0796 7888 MSPCLOCK - ok
06:26:51.0812 7888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
06:26:51.0812 7888 MSPQM - ok
06:26:51.0858 7888 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
06:26:51.0921 7888 MsRPC - ok
06:26:51.0952 7888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
06:26:51.0952 7888 mssmbios - ok
06:26:51.0999 7888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
06:26:52.0014 7888 MSTEE - ok
06:26:52.0014 7888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
06:26:52.0030 7888 MTConfig - ok
06:26:52.0077 7888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
06:26:52.0077 7888 Mup - ok
06:26:52.0139 7888 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
06:26:52.0217 7888 napagent - ok
06:26:52.0248 7888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
06:26:52.0264 7888 NativeWifiP - ok
06:26:52.0326 7888 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
06:26:52.0404 7888 NDIS - ok
06:26:52.0420 7888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
06:26:52.0420 7888 NdisCap - ok
06:26:52.0436 7888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
06:26:52.0436 7888 NdisTapi - ok
06:26:52.0498 7888 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
06:26:52.0560 7888 Ndisuio - ok
06:26:52.0607 7888 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
06:26:52.0654 7888 NdisWan - ok
06:26:52.0701 7888 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
06:26:52.0748 7888 NDProxy - ok
06:26:52.0794 7888 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
06:26:52.0841 7888 Net Driver HPZ12 - ok
06:26:52.0872 7888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
06:26:52.0888 7888 NetBIOS - ok
06:26:52.0935 7888 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
06:26:53.0044 7888 NetBT - ok
06:26:53.0075 7888 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:26:53.0075 7888 Netlogon - ok
06:26:53.0153 7888 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
06:26:53.0169 7888 Netman - ok
06:26:53.0200 7888 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
06:26:53.0216 7888 netprofm - ok
06:26:53.0309 7888 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:26:53.0325 7888 NetTcpPortSharing - ok
06:26:53.0762 7888 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
06:26:53.0886 7888 netw5v64 - ok
06:26:54.0042 7888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
06:26:54.0058 7888 nfrd960 - ok
06:26:54.0136 7888 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
06:26:54.0152 7888 NlaSvc - ok
06:26:54.0198 7888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
06:26:54.0198 7888 Npfs - ok
06:26:54.0230 7888 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
06:26:54.0230 7888 nsi - ok
06:26:54.0245 7888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
06:26:54.0261 7888 nsiproxy - ok
06:26:54.0432 7888 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
06:26:54.0588 7888 Ntfs - ok
06:26:54.0744 7888 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
06:26:54.0760 7888 Null - ok
06:26:54.0807 7888 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
06:26:54.0900 7888 nvraid - ok
06:26:54.0947 7888 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
06:26:55.0010 7888 nvstor - ok
06:26:55.0041 7888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
06:26:55.0056 7888 nv_agp - ok
06:26:55.0212 7888 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:26:55.0290 7888 odserv - ok
06:26:55.0322 7888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
06:26:55.0337 7888 ohci1394 - ok
06:26:55.0353 7888 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:26:55.0400 7888 ose - ok
06:26:55.0462 7888 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
06:26:55.0478 7888 p2pimsvc - ok
06:26:55.0509 7888 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
06:26:55.0524 7888 p2psvc - ok
06:26:55.0556 7888 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
06:26:55.0556 7888 Parport - ok
06:26:55.0587 7888 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
06:26:55.0634 7888 partmgr - ok
06:26:55.0649 7888 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
06:26:55.0665 7888 PcaSvc - ok
06:26:55.0712 7888 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
06:26:55.0712 7888 pci - ok
06:26:55.0743 7888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
06:26:55.0743 7888 pciide - ok
06:26:55.0790 7888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
06:26:55.0790 7888 pcmcia - ok
06:26:55.0821 7888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
06:26:55.0821 7888 pcw - ok
06:26:55.0868 7888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
06:26:55.0899 7888 PEAUTH - ok
06:26:56.0008 7888 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
06:26:56.0008 7888 PerfHost - ok
06:26:56.0180 7888 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
06:26:56.0289 7888 pla - ok
06:26:56.0367 7888 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
06:26:56.0367 7888 PlugPlay - ok
06:26:56.0445 7888 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
06:26:56.0523 7888 Pml Driver HPZ12 - ok
06:26:56.0570 7888 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
06:26:56.0570 7888 PNRPAutoReg - ok
06:26:56.0601 7888 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
06:26:56.0601 7888 PNRPsvc - ok
06:26:56.0679 7888 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
06:26:56.0772 7888 PolicyAgent - ok
06:26:56.0819 7888 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
06:26:56.0835 7888 Power - ok
06:26:56.0913 7888 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
06:26:57.0006 7888 PptpMiniport - ok
06:26:57.0038 7888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
06:26:57.0038 7888 Processor - ok
06:26:57.0116 7888 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
06:26:57.0116 7888 ProfSvc - ok
06:26:57.0162 7888 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:26:57.0162 7888 ProtectedStorage - ok
06:26:57.0209 7888 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
06:26:57.0272 7888 Psched - ok
06:26:57.0272 7888 PS_MDP - ok
06:26:57.0443 7888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
06:26:57.0506 7888 ql2300 - ok
06:26:57.0677 7888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
06:26:57.0693 7888 ql40xx - ok
06:26:57.0771 7888 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
06:26:57.0786 7888 QWAVE - ok
06:26:57.0802 7888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
06:26:57.0818 7888 QWAVEdrv - ok
06:26:57.0818 7888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
06:26:57.0818 7888 RasAcd - ok
06:26:57.0864 7888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
06:26:57.0864 7888 RasAgileVpn - ok
06:26:57.0927 7888 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
06:26:57.0942 7888 RasAuto - ok
06:26:57.0989 7888 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
06:26:58.0067 7888 Rasl2tp - ok
06:26:58.0130 7888 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
06:26:58.0208 7888 RasMan - ok
06:26:58.0239 7888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
06:26:58.0254 7888 RasPppoe - ok
06:26:58.0270 7888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
06:26:58.0270 7888 RasSstp - ok
06:26:58.0317 7888 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
06:26:58.0379 7888 rdbss - ok
06:26:58.0395 7888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
06:26:58.0410 7888 rdpbus - ok
06:26:58.0426 7888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
06:26:58.0426 7888 RDPCDD - ok
06:26:58.0457 7888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
06:26:58.0457 7888 RDPENCDD - ok
06:26:58.0473 7888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
06:26:58.0473 7888 RDPREFMP - ok
06:26:58.0535 7888 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
06:26:58.0613 7888 RDPWD - ok
06:26:58.0676 7888 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
06:26:58.0800 7888 rdyboost - ok
06:26:58.0800 7888 ReadyComm.DirectRouter - ok
06:26:58.0847 7888 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
06:26:58.0863 7888 RemoteAccess - ok
06:26:58.0894 7888 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
06:26:58.0910 7888 RemoteRegistry - ok
06:26:58.0972 7888 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
06:26:59.0003 7888 RFCOMM - ok
06:26:59.0066 7888 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
06:26:59.0128 7888 RimUsb - ok
06:26:59.0175 7888 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
06:26:59.0253 7888 RimVSerPort - ok
06:26:59.0300 7888 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
06:26:59.0300 7888 ROOTMODEM - ok
06:26:59.0346 7888 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
06:26:59.0362 7888 RpcEptMapper - ok
06:26:59.0378 7888 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
06:26:59.0393 7888 RpcLocator - ok
06:26:59.0471 7888 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
06:26:59.0487 7888 RpcSs - ok
06:26:59.0534 7888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
06:26:59.0534 7888 rspndr - ok
06:26:59.0612 7888 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
06:26:59.0690 7888 RSUSBSTOR - ok
06:26:59.0736 7888 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:26:59.0736 7888 SamSs - ok
06:26:59.0768 7888 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
06:26:59.0814 7888 sbp2port - ok
06:26:59.0877 7888 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
06:26:59.0939 7888 SCardSvr - ok
06:27:00.0002 7888 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
06:27:00.0095 7888 scfilter - ok
06:27:00.0220 7888 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
06:27:00.0251 7888 Schedule - ok
06:27:00.0298 7888 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
06:27:00.0298 7888 SCPolicySvc - ok
06:27:00.0345 7888 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
06:27:00.0407 7888 SDRSVC - ok
06:27:00.0501 7888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
06:27:00.0501 7888 secdrv - ok
06:27:00.0532 7888 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
06:27:00.0579 7888 seclogon - ok
06:27:00.0610 7888 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
06:27:00.0610 7888 SENS - ok
06:27:00.0626 7888 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
06:27:00.0626 7888 SensrSvc - ok
06:27:00.0641 7888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
06:27:00.0641 7888 Serenum - ok
06:27:00.0657 7888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
06:27:00.0672 7888 Serial - ok
06:27:00.0704 7888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
06:27:00.0704 7888 sermouse - ok
06:27:00.0750 7888 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
06:27:00.0797 7888 SessionEnv - ok
06:27:00.0828 7888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
06:27:00.0828 7888 sffdisk - ok
06:27:00.0844 7888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
06:27:00.0860 7888 sffp_mmc - ok
06:27:00.0860 7888 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
06:27:00.0906 7888 sffp_sd - ok
06:27:00.0938 7888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
06:27:00.0938 7888 sfloppy - ok
06:27:01.0000 7888 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
06:27:01.0016 7888 SharedAccess - ok
06:27:01.0078 7888 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
06:27:01.0094 7888 ShellHWDetection - ok
06:27:01.0140 7888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
06:27:01.0140 7888 SiSRaid2 - ok
06:27:01.0156 7888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
06:27:01.0172 7888 SiSRaid4 - ok
06:27:01.0187 7888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
06:27:01.0187 7888 Smb - ok
06:27:01.0234 7888 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
06:27:01.0234 7888 SNMPTRAP - ok
06:27:01.0265 7888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
06:27:01.0281 7888 spldr - ok
06:27:01.0343 7888 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
06:27:01.0343 7888 Spooler - ok
06:27:01.0655 7888 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
06:27:01.0671 7888 sppsvc - ok
06:27:01.0827 7888 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
06:27:01.0842 7888 sppuinotify - ok
06:27:01.0920 7888 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
06:27:01.0983 7888 srv - ok
06:27:02.0030 7888 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
06:27:02.0092 7888 srv2 - ok
06:27:02.0108 7888 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
06:27:02.0154 7888 srvnet - ok
06:27:02.0217 7888 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
06:27:02.0232 7888 SSDPSRV - ok
06:27:02.0232 7888 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
06:27:02.0248 7888 SstpSvc - ok
06:27:02.0279 7888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
06:27:02.0295 7888 stexstor - ok
06:27:02.0388 7888 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
06:27:02.0466 7888 stisvc - ok
06:27:02.0498 7888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
06:27:02.0498 7888 swenum - ok
06:27:02.0576 7888 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
06:27:02.0591 7888 swprv - ok
06:27:02.0654 7888 SynTP (e5d73228176c9f69072d1f91ced83484) C:\windows\system32\DRIVERS\SynTP.sys
06:27:02.0732 7888 SynTP - ok
06:27:02.0872 7888 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
06:27:03.0012 7888 SysMain - ok
06:27:03.0168 7888 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
06:27:03.0246 7888 TabletInputService - ok
06:27:03.0324 7888 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
06:27:03.0402 7888 TapiSrv - ok
06:27:03.0434 7888 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
06:27:03.0434 7888 TBS - ok
06:27:03.0699 7888 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
06:27:03.0964 7888 Tcpip - ok
06:27:04.0276 7888 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
06:27:04.0292 7888 TCPIP6 - ok
06:27:04.0448 7888 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
06:27:04.0541 7888 tcpipreg - ok
06:27:04.0588 7888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
06:27:04.0588 7888 TDPIPE - ok
06:27:04.0619 7888 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
06:27:04.0666 7888 TDTCP - ok
06:27:04.0697 7888 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
06:27:04.0744 7888 tdx - ok
06:27:04.0775 7888 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
06:27:04.0822 7888 TermDD - ok
06:27:04.0869 7888 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
06:27:04.0931 7888 TermService - ok
06:27:04.0962 7888 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
06:27:04.0962 7888 Themes - ok
06:27:04.0994 7888 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
06:27:04.0994 7888 THREADORDER - ok
06:27:05.0009 7888 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
06:27:05.0009 7888 TrkWks - ok
06:27:05.0087 7888 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
06:27:05.0181 7888 TrustedInstaller - ok
06:27:05.0212 7888 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
06:27:05.0259 7888 tssecsrv - ok
06:27:05.0290 7888 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
06:27:05.0337 7888 TsUsbFlt - ok
06:27:05.0399 7888 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
06:27:05.0477 7888 tunnel - ok
06:27:05.0524 7888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
06:27:05.0540 7888 uagp35 - ok
06:27:05.0602 7888 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
06:27:05.0727 7888 udfs - ok
06:27:05.0758 7888 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
06:27:05.0774 7888 UI0Detect - ok
06:27:05.0805 7888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
06:27:05.0805 7888 uliagpkx - ok
06:27:05.0852 7888 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
06:27:05.0930 7888 umbus - ok
06:27:05.0961 7888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
06:27:05.0961 7888 UmPass - ok
06:27:06.0023 7888 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
06:27:06.0039 7888 upnphost - ok
06:27:06.0086 7888 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
06:27:06.0132 7888 USBAAPL64 - ok
06:27:06.0195 7888 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
06:27:06.0242 7888 usbccgp - ok
06:27:06.0288 7888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
06:27:06.0288 7888 usbcir - ok
06:27:06.0335 7888 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
06:27:06.0429 7888 usbehci - ok
06:27:06.0476 7888 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
06:27:06.0538 7888 usbhub - ok
06:27:06.0554 7888 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
06:27:06.0600 7888 usbohci - ok
06:27:06.0647 7888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
06:27:06.0647 7888 usbprint - ok
06:27:06.0694 7888 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
06:27:06.0710 7888 usbscan - ok
06:27:06.0756 7888 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
06:27:06.0850 7888 USBSTOR - ok
06:27:06.0897 7888 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
06:27:06.0944 7888 usbuhci - ok
06:27:06.0990 7888 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
06:27:07.0100 7888 usbvideo - ok
06:27:07.0115 7888 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
06:27:07.0131 7888 UxSms - ok
06:27:07.0162 7888 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:27:07.0162 7888 VaultSvc - ok
06:27:07.0224 7888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
06:27:07.0240 7888 vdrvroot - ok
06:27:07.0302 7888 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
06:27:07.0380 7888 vds - ok
06:27:07.0412 7888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
06:27:07.0427 7888 vga - ok
06:27:07.0443 7888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
06:27:07.0443 7888 VgaSave - ok
06:27:07.0490 7888 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
06:27:07.0536 7888 vhdmp - ok
06:27:07.0568 7888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
06:27:07.0583 7888 viaide - ok
06:27:07.0599 7888 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
06:27:07.0661 7888 volmgr - ok
06:27:07.0739 7888 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
06:27:07.0848 7888 volmgrx - ok
06:27:07.0911 7888 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
06:27:07.0958 7888 volsnap - ok
06:27:08.0020 7888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
06:27:08.0036 7888 vsmraid - ok
06:27:08.0207 7888 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
06:27:08.0270 7888 VSS - ok
06:27:08.0410 7888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
06:27:08.0426 7888 vwifibus - ok
06:27:08.0441 7888 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
06:27:08.0441 7888 vwififlt - ok
06:27:08.0504 7888 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
06:27:08.0504 7888 W32Time - ok
06:27:08.0535 7888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
06:27:08.0550 7888 WacomPen - ok
06:27:08.0597 7888 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
06:27:08.0644 7888 WANARP - ok
06:27:08.0644 7888 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
06:27:08.0644 7888 Wanarpv6 - ok
06:27:08.0800 7888 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
06:27:08.0909 7888 WatAdminSvc - ok
06:27:09.0050 7888 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
06:27:09.0174 7888 wbengine - ok
06:27:09.0330 7888 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
06:27:09.0362 7888 WbioSrvc - ok
06:27:09.0408 7888 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
06:27:09.0471 7888 wcncsvc - ok
06:27:09.0486 7888 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
06:27:09.0486 7888 WcsPlugInService - ok
06:27:09.0596 7888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
06:27:09.0611 7888 Wd - ok
06:27:09.0720 7888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
06:27:09.0767 7888 Wdf01000 - ok
06:27:09.0783 7888 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
06:27:09.0798 7888 WdiServiceHost - ok
06:27:09.0798 7888 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
06:27:09.0798 7888 WdiSystemHost - ok
06:27:09.0845 7888 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
06:27:09.0923 7888 wdmirror - ok
06:27:09.0986 7888 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
06:27:10.0064 7888 WebClient - ok
06:27:10.0110 7888 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
06:27:10.0142 7888 Wecsvc - ok
06:27:10.0173 7888 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
06:27:10.0173 7888 wercplsupport - ok
06:27:10.0220 7888 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
06:27:10.0220 7888 WerSvc - ok
06:27:10.0266 7888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
06:27:10.0282 7888 WfpLwf - ok
06:27:10.0360 7888 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
06:27:10.0438 7888 WimFltr - ok
06:27:10.0454 7888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
06:27:10.0454 7888 WIMMount - ok
06:27:10.0469 7888 WinDefend - ok
06:27:10.0485 7888 WinHttpAutoProxySvc - ok
06:27:10.0594 7888 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
06:27:10.0610 7888 Winmgmt - ok
06:27:10.0766 7888 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
06:27:10.0875 7888 WinRM - ok
06:27:11.0062 7888 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
06:27:11.0140 7888 WinUsb - ok
06:27:11.0234 7888 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
06:27:11.0234 7888 Wlansvc - ok
06:27:11.0499 7888 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:27:11.0546 7888 wlidsvc - ok
06:27:11.0702 7888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
06:27:11.0702 7888 WmiAcpi - ok
06:27:11.0780 7888 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
06:27:11.0811 7888 wmiApSrv - ok
06:27:11.0889 7888 WMPNetworkSvc - ok
06:27:11.0936 7888 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
06:27:11.0951 7888 WPCSvc - ok
06:27:12.0014 7888 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
06:27:12.0076 7888 WPDBusEnum - ok
06:27:12.0123 7888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
06:27:12.0123 7888 ws2ifsl - ok
06:27:12.0154 7888 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
06:27:12.0154 7888 wscsvc - ok
06:27:12.0170 7888 WSearch - ok
06:27:12.0232 7888 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
06:27:12.0326 7888 wsvd - ok
06:27:12.0544 7888 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
06:27:12.0560 7888 wuauserv - ok
06:27:12.0716 7888 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
06:27:12.0809 7888 WudfPf - ok
06:27:12.0856 7888 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
06:27:12.0934 7888 WUDFRd - ok
06:27:12.0981 7888 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
06:27:13.0028 7888 wudfsvc - ok
06:27:13.0074 7888 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
06:27:13.0090 7888 WwanSvc - ok
06:27:13.0121 7888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:27:13.0340 7888 \Device\Harddisk0\DR0 - ok
06:27:13.0340 7888 Boot (0x1200) (3c314f0382acfd80507f90005ac21f20) \Device\Harddisk0\DR0\Partition0
06:27:13.0340 7888 \Device\Harddisk0\DR0\Partition0 - ok
06:27:13.0355 7888 Boot (0x1200) (728a3992aade6741ae1b32d443bc3e88) \Device\Harddisk0\DR0\Partition1
06:27:13.0355 7888 \Device\Harddisk0\DR0\Partition1 - ok
06:27:13.0386 7888 Boot (0x1200) (422b19d5343f30ad9bb14f0a860b6260) \Device\Harddisk0\DR0\Partition2
06:27:13.0386 7888 \Device\Harddisk0\DR0\Partition2 - ok
06:27:13.0386 7888 ============================================================
06:27:13.0386 7888 Scan finished
06:27:13.0386 7888 ============================================================
06:27:13.0386 7792 Detected object count: 0
06:27:13.0386 7792 Actual detected object count: 0

#5 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 26 July 2012 - 06:10 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ryan :: RYAN-PC [administrator]

7/26/2012 6:34:02 AM
mbam-log-2012-07-26 (06-34-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192814
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Ryan\AppData\Local\ATI\Apps\xckor.dll (Trojan.Agent.RDH) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apps (Trojan.Agent.RDH) -> Data: rundll32.exe "C:\Users\Ryan\AppData\Local\ATI\Apps\xckor.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Ryan\AppData\Local\ATI\Apps\xckor.dll (Trojan.Agent.RDH) -> Delete on reboot.
C:\Users\Ryan\AppData\Local\Temp\0.4295239079816541 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Local\Temp\A735.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Local\Temp\0.8784600391039774 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 26 July 2012 - 06:51 PM

EDIT: a reboot is needed to complete the MBAM malware removal.

Ok, we should do one more scan and then update several things.

To clean up FF and see if it runs better. Clear the cache

If still slow Disable/Remove Addons.
OR
You may want to consider un and reinstalling Firefox.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 26 July 2012 - 06:52 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 26 July 2012 - 10:01 PM

The ESET Scan found some more stuff:

C:\ProgramData\Microsoft\Windows\DRM\3F9B.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\9ECC.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BEBBJUG8\ijsite_in[1].htm JS/Kryptik.JO trojan cleaned by deleting - quarantined
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DIFXS0F0\2[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6X1VGU1\6[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZGBWKKOL\6[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Ryan\AppData\Local\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BK trojan cleaned by deleting - quarantined
C:\Users\Ryan\AppData\Local\{62d7da57-1c30-350c-c8d3-b198c3d7d5d1}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g4dugteb.default\extensions\uhhdapfrvp@uhhdapfrvp.org.xpi JS/Redirector.NCA trojan deleted - quarantined

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 27 July 2012 - 07:03 PM

Great! things should be a lot better now. You will need to change all passwords kept on this machine as they have been harvested.


Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 28 July 2012 - 06:42 PM

It does seem to be running much better and I ran TFC. However, I got redirected a couple more times today. It doesn't seem to be happening nearly as often though. After I got redirected in FF I tried to test IE and eventually got redirected there also.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 28 July 2012 - 08:54 PM

Did you disable the Firefox add ons?
Do you also use Chrome,you may have do gisablr them also omw ata a time to see if that is it.

Make sure the other machine is not redirecting.

Let's see if you can reset the Hosts file.
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 30 July 2012 - 07:17 PM

The other computer using the wireless router is not getting redirected.
I do not use Chrome.

After disabling all of the Firefox add-ons I wasn't getting redirected at all. IE was of course still redirecting though. I then reset the Hosts file and restarted the computer. Since then I haven't gotten redirected on Firefox or IE. I have only been on in for a few minutes though, so I will see if it happens over the next day or so.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 30 July 2012 - 07:25 PM

OK, sound like the Hosts was jacked. Give it a couple days and let us know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 31 July 2012 - 08:16 PM

It's doesn't seem to be doing it as often but I am still getting redirected. I don't know if this helps but as it is getting redirected I see it going to http:// click.get-answers-fast.com/ads-clicktrack. I see this right after a click a link while it should be loading the page. Then it pulls up something different than the link that I clicked. A lot of time it is getting redirected to a Scour search results page. I regularly use Firefox and that is where I first noticed it getting redirected today. I tested Internet Explorer and the same thing is happening. However, McAfee stops it from getting redirected in IE because it has the McAfee toolbar addon enabled.

Edited by rburgquist, 31 July 2012 - 08:16 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 01 August 2012 - 02:35 PM

Lets get a deeper look and find the redirect.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 02 August 2012 - 08:24 PM

Ok, I did everything and made the other post. I am not sure that GMER worked the way it was supposed to. When I had C:\ selected I could only select Services, Registry, and Files. I was not able to hit the show all check box or the 8 other check boxes (System - Libraries). It only came back with 2 things. Not sure if they are bad or not though.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users