Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirects and pop ups


  • This topic is locked This topic is locked
12 replies to this topic

#1 hbrummer

hbrummer

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 03 August 2012 - 09:05 PM

Hello everyone and first off, thank you for *existing* because I am usually decent with computers but I don't know what else to do with this seeming malware trouble. For approximately 2 months, I have been receiving right side pop ups when browsing webpages. If I right click the "global settings" link which doesn't always appear, it will show edgesuite.net; when clicking a webpage link, maybe 50% of the time, I am redirected to another site. I also notice that the home page keeps reverting to AVG search.

I am running Windows 7 Home Premium, Service Pack 1 using Firefox (but still get the msg if I try IE)
Please let me know what else I can do to help. Thanks!

Heather

Edited by hbrummer, 03 August 2012 - 09:07 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 03 August 2012 - 09:20 PM

Hello Heather, pleae do these and let me know.



Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.




If you had to reboot after TDSS then rerun RKill and

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on [color=blue]Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hbrummer

hbrummer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 03 August 2012 - 10:37 PM

Thank you Boopme! I have done as you requested and am posting the logs here. I don't see much found but here are the results:

RKILL Results -
Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/03/2012 11:07:50 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Heather's laptop\Desktop\rkill-backup\rkill-08-03-2012-11-07-53.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* SMTMP folder detected. Your machine is or has been infected with the Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/03/2012 11:08:04 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

TDDSKILLER results -
23:13:22.0765 1396 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:13:23.0127 1396 ============================================================
23:13:23.0127 1396 Current date / time: 2012/08/03 23:13:23.0127
23:13:23.0127 1396 SystemInfo:
23:13:23.0127 1396
23:13:23.0127 1396 OS Version: 6.1.7601 ServicePack: 1.0
23:13:23.0127 1396 Product type: Workstation
23:13:23.0127 1396 ComputerName: HEATHERSLAPTOP
23:13:23.0127 1396 UserName: Heather's laptop
23:13:23.0127 1396 Windows directory: C:\Windows
23:13:23.0127 1396 System windows directory: C:\Windows
23:13:23.0127 1396 Running under WOW64
23:13:23.0127 1396 Processor architecture: Intel x64
23:13:23.0127 1396 Number of processors: 2
23:13:23.0127 1396 Page size: 0x1000
23:13:23.0127 1396 Boot type: Safe boot with network
23:13:23.0127 1396 ============================================================
23:13:23.0699 1396 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:13:23.0702 1396 ============================================================
23:13:23.0702 1396 \Device\Harddisk0\DR0:
23:13:23.0702 1396 MBR partitions:
23:13:23.0702 1396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:13:23.0702 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23833000
23:13:23.0702 1396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23897000, BlocksNum 0x1B63800
23:13:23.0702 1396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
23:13:23.0702 1396 ============================================================
23:13:23.0738 1396 C: <-> \Device\Harddisk0\DR0\Partition1
23:13:23.0790 1396 D: <-> \Device\Harddisk0\DR0\Partition2
23:13:23.0790 1396 ============================================================
23:13:23.0790 1396 Initialize success
23:13:23.0790 1396 ============================================================
23:13:29.0159 1164 ============================================================
23:13:29.0159 1164 Scan started
23:13:29.0159 1164 Mode: Manual;
23:13:29.0159 1164 ============================================================
23:13:29.0601 1164 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:13:29.0605 1164 1394ohci - ok
23:13:29.0679 1164 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:13:29.0683 1164 ACPI - ok
23:13:29.0785 1164 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:13:29.0786 1164 AcpiPmi - ok
23:13:29.0928 1164 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:13:29.0931 1164 AdobeARMservice - ok
23:13:30.0048 1164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:13:30.0053 1164 adp94xx - ok
23:13:30.0104 1164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:13:30.0108 1164 adpahci - ok
23:13:30.0163 1164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:13:30.0165 1164 adpu320 - ok
23:13:30.0231 1164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:13:30.0233 1164 AeLookupSvc - ok
23:13:30.0305 1164 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:13:30.0307 1164 AERTFilters - ok
23:13:30.0365 1164 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:13:30.0370 1164 AFD - ok
23:13:30.0436 1164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:13:30.0437 1164 agp440 - ok
23:13:30.0477 1164 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:13:30.0478 1164 ALG - ok
23:13:30.0517 1164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:13:30.0518 1164 aliide - ok
23:13:30.0527 1164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:13:30.0528 1164 amdide - ok
23:13:30.0569 1164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:13:30.0570 1164 AmdK8 - ok
23:13:30.0609 1164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:13:30.0610 1164 AmdPPM - ok
23:13:30.0655 1164 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:13:30.0657 1164 amdsata - ok
23:13:30.0693 1164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:13:30.0695 1164 amdsbs - ok
23:13:30.0747 1164 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:13:30.0748 1164 amdxata - ok
23:13:30.0795 1164 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:13:30.0796 1164 AppID - ok
23:13:30.0831 1164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:13:30.0832 1164 AppIDSvc - ok
23:13:30.0878 1164 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:13:30.0879 1164 Appinfo - ok
23:13:30.0996 1164 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:13:31.0020 1164 Apple Mobile Device - ok
23:13:31.0046 1164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:13:31.0048 1164 arc - ok
23:13:31.0085 1164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:13:31.0087 1164 arcsas - ok
23:13:31.0122 1164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:13:31.0123 1164 AsyncMac - ok
23:13:31.0174 1164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:13:31.0175 1164 atapi - ok
23:13:31.0237 1164 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:13:31.0244 1164 AudioEndpointBuilder - ok
23:13:31.0251 1164 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:13:31.0255 1164 AudioSrv - ok
23:13:31.0289 1164 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:13:31.0291 1164 AxInstSV - ok
23:13:31.0360 1164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:13:31.0365 1164 b06bdrv - ok
23:13:31.0399 1164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:13:31.0402 1164 b57nd60a - ok
23:13:31.0494 1164 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:13:31.0507 1164 BCM43XX - ok
23:13:31.0536 1164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:13:31.0538 1164 BDESVC - ok
23:13:31.0608 1164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:13:31.0609 1164 Beep - ok
23:13:31.0682 1164 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:13:31.0690 1164 BFE - ok
23:13:31.0757 1164 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:13:31.0804 1164 BITS - ok
23:13:31.0848 1164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:13:31.0849 1164 blbdrive - ok
23:13:31.0991 1164 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:13:31.0996 1164 Bonjour Service - ok
23:13:32.0040 1164 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:13:32.0041 1164 bowser - ok
23:13:32.0075 1164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:13:32.0076 1164 BrFiltLo - ok
23:13:32.0089 1164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:13:32.0090 1164 BrFiltUp - ok
23:13:32.0129 1164 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:13:32.0131 1164 Browser - ok
23:13:32.0270 1164 Browser Defender Update Service (7effccd7b6ea4d3428f5b3ace8de8f5a) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
23:13:32.0276 1164 Browser Defender Update Service - ok
23:13:32.0320 1164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:13:32.0324 1164 Brserid - ok
23:13:32.0334 1164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:13:32.0335 1164 BrSerWdm - ok
23:13:32.0370 1164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:13:32.0371 1164 BrUsbMdm - ok
23:13:32.0381 1164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:13:32.0389 1164 BrUsbSer - ok
23:13:32.0440 1164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:13:32.0442 1164 BTHMODEM - ok
23:13:32.0510 1164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:13:32.0511 1164 bthserv - ok
23:13:32.0566 1164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:13:32.0568 1164 cdfs - ok
23:13:32.0606 1164 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:13:32.0608 1164 cdrom - ok
23:13:32.0648 1164 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:13:32.0649 1164 CertPropSvc - ok
23:13:32.0682 1164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:13:32.0683 1164 circlass - ok
23:13:32.0729 1164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:13:32.0733 1164 CLFS - ok
23:13:32.0820 1164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:13:32.0884 1164 clr_optimization_v2.0.50727_32 - ok
23:13:32.0946 1164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:13:32.0949 1164 clr_optimization_v2.0.50727_64 - ok
23:13:33.0013 1164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:13:33.0059 1164 clr_optimization_v4.0.30319_32 - ok
23:13:33.0095 1164 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:13:33.0124 1164 clr_optimization_v4.0.30319_64 - ok
23:13:33.0184 1164 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:13:33.0185 1164 clwvd - ok
23:13:33.0195 1164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:13:33.0196 1164 CmBatt - ok
23:13:33.0221 1164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:13:33.0222 1164 cmdide - ok
23:13:33.0282 1164 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:13:33.0287 1164 CNG - ok
23:13:33.0332 1164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:13:33.0333 1164 Compbatt - ok
23:13:33.0376 1164 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:13:33.0377 1164 CompositeBus - ok
23:13:33.0394 1164 COMSysApp - ok
23:13:33.0430 1164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:13:33.0432 1164 crcdisk - ok
23:13:33.0485 1164 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:13:33.0487 1164 CryptSvc - ok
23:13:33.0554 1164 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:13:33.0561 1164 DcomLaunch - ok
23:13:33.0603 1164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:13:33.0607 1164 defragsvc - ok
23:13:33.0636 1164 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:13:33.0638 1164 DfsC - ok
23:13:33.0700 1164 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:13:33.0704 1164 Dhcp - ok
23:13:33.0748 1164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:13:33.0749 1164 discache - ok
23:13:33.0782 1164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:13:33.0784 1164 Disk - ok
23:13:33.0826 1164 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:13:33.0828 1164 Dnscache - ok
23:13:33.0886 1164 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:13:33.0889 1164 dot3svc - ok
23:13:33.0906 1164 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:13:33.0908 1164 DPS - ok
23:13:33.0947 1164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:13:33.0948 1164 drmkaud - ok
23:13:34.0032 1164 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:13:34.0042 1164 DXGKrnl - ok
23:13:34.0090 1164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:13:34.0092 1164 EapHost - ok
23:13:34.0284 1164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:13:34.0317 1164 ebdrv - ok
23:13:34.0437 1164 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:13:34.0438 1164 EFS - ok
23:13:34.0525 1164 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:13:34.0533 1164 ehRecvr - ok
23:13:34.0561 1164 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:13:34.0563 1164 ehSched - ok
23:13:34.0644 1164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:13:34.0650 1164 elxstor - ok
23:13:34.0680 1164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:13:34.0681 1164 ErrDev - ok
23:13:34.0733 1164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:13:34.0737 1164 EventSystem - ok
23:13:34.0759 1164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:13:34.0761 1164 exfat - ok
23:13:34.0780 1164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:13:34.0783 1164 fastfat - ok
23:13:34.0853 1164 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:13:34.0861 1164 Fax - ok
23:13:34.0892 1164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:13:34.0894 1164 fdc - ok
23:13:34.0928 1164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:13:34.0929 1164 fdPHost - ok
23:13:34.0940 1164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:13:34.0942 1164 FDResPub - ok
23:13:34.0973 1164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:13:34.0974 1164 FileInfo - ok
23:13:34.0997 1164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:13:34.0998 1164 Filetrace - ok
23:13:35.0027 1164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:13:35.0028 1164 flpydisk - ok
23:13:35.0097 1164 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:13:35.0101 1164 FltMgr - ok
23:13:35.0185 1164 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
23:13:35.0197 1164 FontCache - ok
23:13:35.0266 1164 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:13:35.0267 1164 FontCache3.0.0.0 - ok
23:13:35.0314 1164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:13:35.0315 1164 FsDepends - ok
23:13:35.0344 1164 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:13:35.0345 1164 Fs_Rec - ok
23:13:35.0399 1164 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:13:35.0402 1164 fvevol - ok
23:13:35.0428 1164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:13:35.0429 1164 gagp30kx - ok
23:13:35.0464 1164 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:13:35.0465 1164 GEARAspiWDM - ok
23:13:35.0550 1164 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:13:35.0559 1164 gpsvc - ok
23:13:35.0586 1164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:13:35.0587 1164 hcw85cir - ok
23:13:35.0638 1164 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:13:35.0642 1164 HdAudAddService - ok
23:13:35.0682 1164 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:13:35.0684 1164 HDAudBus - ok
23:13:35.0721 1164 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:13:35.0722 1164 HECIx64 - ok
23:13:35.0751 1164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:13:35.0752 1164 HidBatt - ok
23:13:35.0781 1164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:13:35.0783 1164 HidBth - ok
23:13:35.0817 1164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:13:35.0818 1164 HidIr - ok
23:13:35.0835 1164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:13:35.0837 1164 hidserv - ok
23:13:35.0893 1164 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:13:35.0894 1164 HidUsb - ok
23:13:35.0932 1164 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:13:35.0934 1164 hkmsvc - ok
23:13:35.0955 1164 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:13:35.0959 1164 HomeGroupListener - ok
23:13:35.0983 1164 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:13:35.0986 1164 HomeGroupProvider - ok
23:13:36.0099 1164 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:13:36.0101 1164 HP Support Assistant Service - ok
23:13:36.0193 1164 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
23:13:36.0267 1164 HP Wireless Assistant Service - ok
23:13:36.0312 1164 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:13:36.0314 1164 HPDrvMntSvc.exe - ok
23:13:36.0355 1164 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:13:36.0364 1164 hpqwmiex - ok
23:13:36.0519 1164 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:13:36.0520 1164 HpSAMD - ok
23:13:36.0592 1164 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:13:36.0594 1164 HPWMISVC - ok
23:13:36.0669 1164 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:13:36.0678 1164 HTTP - ok
23:13:36.0688 1164 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:13:36.0689 1164 hwpolicy - ok
23:13:36.0729 1164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:13:36.0731 1164 i8042prt - ok
23:13:36.0819 1164 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
23:13:36.0822 1164 iaStor - ok
23:13:36.0937 1164 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:13:36.0938 1164 IAStorDataMgrSvc - ok
23:13:36.0994 1164 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:13:36.0999 1164 iaStorV - ok
23:13:37.0136 1164 IconMan_R (e4693409d06785477a49fb34afae1b92) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:13:39.0064 1164 IconMan_R - ok
23:13:39.0215 1164 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:13:39.0225 1164 idsvc - ok
23:13:39.0826 1164 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:13:40.0016 1164 igfx - ok
23:13:40.0142 1164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:13:40.0143 1164 iirsp - ok
23:13:40.0221 1164 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:13:40.0231 1164 IKEEXT - ok
23:13:40.0399 1164 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys
23:13:40.0479 1164 IntcAzAudAddService - ok
23:13:40.0620 1164 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:13:40.0623 1164 IntcDAud - ok
23:13:40.0657 1164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:13:40.0658 1164 intelide - ok
23:13:40.0718 1164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:13:40.0719 1164 intelppm - ok
23:13:40.0746 1164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:13:40.0748 1164 IPBusEnum - ok
23:13:40.0778 1164 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:13:40.0780 1164 IpFilterDriver - ok
23:13:40.0824 1164 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:13:40.0831 1164 iphlpsvc - ok
23:13:40.0873 1164 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:13:40.0874 1164 IPMIDRV - ok
23:13:40.0916 1164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:13:40.0918 1164 IPNAT - ok
23:13:40.0995 1164 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:13:41.0005 1164 iPod Service - ok
23:13:41.0051 1164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:13:41.0052 1164 IRENUM - ok
23:13:41.0077 1164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:13:41.0078 1164 isapnp - ok
23:13:41.0116 1164 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:13:41.0119 1164 iScsiPrt - ok
23:13:41.0160 1164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:13:41.0160 1164 kbdclass - ok
23:13:41.0199 1164 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:13:41.0200 1164 kbdhid - ok
23:13:41.0238 1164 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:41.0239 1164 KeyIso - ok
23:13:41.0271 1164 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:13:41.0273 1164 KSecDD - ok
23:13:41.0319 1164 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:13:41.0335 1164 KSecPkg - ok
23:13:41.0380 1164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:13:41.0381 1164 ksthunk - ok
23:13:41.0413 1164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:13:41.0418 1164 KtmRm - ok
23:13:41.0489 1164 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:13:41.0493 1164 LanmanServer - ok
23:13:41.0538 1164 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:13:41.0541 1164 LanmanWorkstation - ok
23:13:41.0648 1164 LightScribeService (511e99ac5e322283df6a752001cebf05) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:13:41.0650 1164 LightScribeService - ok
23:13:41.0701 1164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:13:41.0702 1164 lltdio - ok
23:13:41.0746 1164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:13:41.0750 1164 lltdsvc - ok
23:13:41.0769 1164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:13:41.0770 1164 lmhosts - ok
23:13:41.0872 1164 LMS (f40692f0fbede1bb5d636734cd93354e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:13:41.0876 1164 LMS - ok
23:13:41.0922 1164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:13:41.0924 1164 LSI_FC - ok
23:13:41.0949 1164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:13:41.0951 1164 LSI_SAS - ok
23:13:41.0996 1164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:13:41.0997 1164 LSI_SAS2 - ok
23:13:42.0039 1164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:13:42.0041 1164 LSI_SCSI - ok
23:13:42.0075 1164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:13:42.0076 1164 luafv - ok
23:13:42.0152 1164 McAfee SiteAdvisor Service (02aa4f6f30605c72faab7a2858735c11) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
23:13:42.0153 1164 McAfee SiteAdvisor Service - ok
23:13:42.0204 1164 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:13:42.0207 1164 Mcx2Svc - ok
23:13:42.0239 1164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:13:42.0240 1164 megasas - ok
23:13:42.0268 1164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:13:42.0271 1164 MegaSR - ok
23:13:42.0330 1164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:13:42.0332 1164 MMCSS - ok
23:13:42.0367 1164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:13:42.0369 1164 Modem - ok
23:13:42.0404 1164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:13:42.0412 1164 monitor - ok
23:13:42.0444 1164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:13:42.0445 1164 mouclass - ok
23:13:42.0485 1164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:13:42.0486 1164 mouhid - ok
23:13:42.0524 1164 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:13:42.0526 1164 mountmgr - ok
23:13:42.0615 1164 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:13:42.0617 1164 MozillaMaintenance - ok
23:13:42.0649 1164 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:13:42.0652 1164 mpio - ok
23:13:42.0688 1164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:13:42.0690 1164 mpsdrv - ok
23:13:42.0764 1164 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:13:42.0773 1164 MpsSvc - ok
23:13:42.0808 1164 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:13:42.0811 1164 MRxDAV - ok
23:13:42.0841 1164 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:13:42.0843 1164 mrxsmb - ok
23:13:42.0887 1164 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:13:42.0890 1164 mrxsmb10 - ok
23:13:42.0924 1164 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:13:42.0925 1164 mrxsmb20 - ok
23:13:42.0946 1164 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:13:42.0947 1164 msahci - ok
23:13:42.0982 1164 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:13:42.0984 1164 msdsm - ok
23:13:43.0015 1164 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:13:43.0017 1164 MSDTC - ok
23:13:43.0061 1164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:13:43.0062 1164 Msfs - ok
23:13:43.0093 1164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:13:43.0094 1164 mshidkmdf - ok
23:13:43.0125 1164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:13:43.0126 1164 msisadrv - ok
23:13:43.0172 1164 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:13:43.0175 1164 MSiSCSI - ok
23:13:43.0178 1164 msiserver - ok
23:13:43.0225 1164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:13:43.0226 1164 MSKSSRV - ok
23:13:43.0230 1164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:13:43.0231 1164 MSPCLOCK - ok
23:13:43.0234 1164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:13:43.0235 1164 MSPQM - ok
23:13:43.0263 1164 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:13:43.0267 1164 MsRPC - ok
23:13:43.0312 1164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:13:43.0313 1164 mssmbios - ok
23:13:43.0358 1164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:13:43.0359 1164 MSTEE - ok
23:13:43.0390 1164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:13:43.0391 1164 MTConfig - ok
23:13:43.0444 1164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:13:43.0446 1164 Mup - ok
23:13:43.0502 1164 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:13:43.0508 1164 napagent - ok
23:13:43.0563 1164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:13:43.0566 1164 NativeWifiP - ok
23:13:43.0645 1164 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:13:43.0655 1164 NDIS - ok
23:13:43.0677 1164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:13:43.0678 1164 NdisCap - ok
23:13:43.0743 1164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:13:43.0744 1164 NdisTapi - ok
23:13:43.0756 1164 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:13:43.0758 1164 Ndisuio - ok
23:13:43.0778 1164 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:13:43.0780 1164 NdisWan - ok
23:13:43.0793 1164 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:13:43.0794 1164 NDProxy - ok
23:13:43.0834 1164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:13:43.0835 1164 NetBIOS - ok
23:13:43.0863 1164 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:13:43.0866 1164 NetBT - ok
23:13:43.0916 1164 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:43.0917 1164 Netlogon - ok
23:13:43.0965 1164 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:13:43.0970 1164 Netman - ok
23:13:44.0001 1164 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:13:44.0007 1164 netprofm - ok
23:13:44.0098 1164 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:13:44.0100 1164 NetTcpPortSharing - ok
23:13:44.0129 1164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:13:44.0131 1164 nfrd960 - ok
23:13:44.0233 1164 NitroReaderDriverReadSpool2 (0734398d3d99986bb8006e9bb5eab1e5) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
23:13:44.0238 1164 NitroReaderDriverReadSpool2 - ok
23:13:44.0318 1164 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:13:44.0322 1164 NlaSvc - ok
23:13:44.0366 1164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:13:44.0367 1164 Npfs - ok
23:13:44.0382 1164 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:13:44.0390 1164 nsi - ok
23:13:44.0438 1164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:13:44.0439 1164 nsiproxy - ok
23:13:44.0534 1164 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:13:44.0551 1164 Ntfs - ok
23:13:44.0673 1164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:13:44.0674 1164 Null - ok
23:13:44.0716 1164 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:13:44.0721 1164 NVENETFD - ok
23:13:44.0757 1164 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:13:44.0759 1164 nvraid - ok
23:13:44.0791 1164 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:13:44.0793 1164 nvstor - ok
23:13:44.0818 1164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:13:44.0820 1164 nv_agp - ok
23:13:44.0957 1164 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:13:44.0963 1164 odserv - ok
23:13:44.0991 1164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:13:44.0993 1164 ohci1394 - ok
23:13:45.0051 1164 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:13:45.0053 1164 ose - ok
23:13:45.0082 1164 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:13:45.0087 1164 p2pimsvc - ok
23:13:45.0124 1164 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:13:45.0130 1164 p2psvc - ok
23:13:45.0167 1164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:13:45.0168 1164 Parport - ok
23:13:45.0196 1164 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:13:45.0197 1164 partmgr - ok
23:13:45.0256 1164 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:13:45.0259 1164 PcaSvc - ok
23:13:45.0294 1164 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:13:45.0297 1164 pci - ok
23:13:45.0322 1164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:13:45.0323 1164 pciide - ok
23:13:45.0364 1164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:13:45.0367 1164 pcmcia - ok
23:13:45.0425 1164 PCTBD (a87932ff09593ba8d197667a13e2a628) C:\Windows\system32\Drivers\PCTBD64.sys
23:13:45.0427 1164 PCTBD - ok
23:13:45.0508 1164 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
23:13:45.0513 1164 PCTCore - ok
23:13:45.0607 1164 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
23:13:45.0612 1164 pctDS - ok
23:13:45.0715 1164 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
23:13:45.0727 1164 pctEFA - ok
23:13:45.0770 1164 PCTSD (c4775e7f54f3cc6307b73462b1b802c6) C:\Windows\system32\Drivers\PCTSD64.sys
23:13:45.0773 1164 PCTSD - ok
23:13:45.0804 1164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:13:45.0805 1164 pcw - ok
23:13:45.0842 1164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:13:45.0849 1164 PEAUTH - ok
23:13:45.0913 1164 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:13:45.0914 1164 PerfHost - ok
23:13:46.0009 1164 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:13:46.0024 1164 pla - ok
23:13:46.0072 1164 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:13:46.0077 1164 PlugPlay - ok
23:13:46.0115 1164 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:13:46.0116 1164 PNRPAutoReg - ok
23:13:46.0139 1164 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:13:46.0142 1164 PNRPsvc - ok
23:13:46.0197 1164 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:13:46.0203 1164 PolicyAgent - ok
23:13:46.0239 1164 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:13:46.0242 1164 Power - ok
23:13:46.0298 1164 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:13:46.0299 1164 PptpMiniport - ok
23:13:46.0317 1164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:13:46.0318 1164 Processor - ok
23:13:46.0366 1164 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:13:46.0370 1164 ProfSvc - ok
23:13:46.0416 1164 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:46.0417 1164 ProtectedStorage - ok
23:13:46.0457 1164 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:13:46.0459 1164 Psched - ok
23:13:46.0551 1164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:13:46.0566 1164 ql2300 - ok
23:13:46.0672 1164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:13:46.0674 1164 ql40xx - ok
23:13:46.0705 1164 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:13:46.0708 1164 QWAVE - ok
23:13:46.0736 1164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:13:46.0737 1164 QWAVEdrv - ok
23:13:46.0751 1164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:13:46.0752 1164 RasAcd - ok
23:13:46.0791 1164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:13:46.0793 1164 RasAgileVpn - ok
23:13:46.0820 1164 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:13:46.0823 1164 RasAuto - ok
23:13:46.0864 1164 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:13:46.0866 1164 Rasl2tp - ok
23:13:46.0898 1164 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:13:46.0903 1164 RasMan - ok
23:13:46.0932 1164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:13:46.0933 1164 RasPppoe - ok
23:13:46.0979 1164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:13:46.0980 1164 RasSstp - ok
23:13:47.0004 1164 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:13:47.0007 1164 rdbss - ok
23:13:47.0042 1164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:13:47.0043 1164 rdpbus - ok
23:13:47.0063 1164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:13:47.0064 1164 RDPCDD - ok
23:13:47.0094 1164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:13:47.0095 1164 RDPENCDD - ok
23:13:47.0112 1164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:13:47.0113 1164 RDPREFMP - ok
23:13:47.0173 1164 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:13:47.0176 1164 RDPWD - ok
23:13:47.0214 1164 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:13:47.0217 1164 rdyboost - ok
23:13:47.0242 1164 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:13:47.0244 1164 RemoteAccess - ok
23:13:47.0265 1164 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:13:47.0268 1164 RemoteRegistry - ok
23:13:47.0318 1164 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:13:47.0320 1164 RimUsb - ok
23:13:47.0359 1164 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
23:13:47.0360 1164 RimVSerPort - ok
23:13:47.0412 1164 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
23:13:47.0413 1164 ROOTMODEM - ok
23:13:47.0450 1164 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:13:47.0452 1164 RpcEptMapper - ok
23:13:47.0495 1164 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:13:47.0496 1164 RpcLocator - ok
23:13:47.0558 1164 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:13:47.0562 1164 RpcSs - ok
23:13:47.0610 1164 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:13:47.0614 1164 RSPCIESTOR - ok
23:13:47.0651 1164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:13:47.0652 1164 rspndr - ok
23:13:47.0711 1164 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:13:47.0713 1164 RTL8167 - ok
23:13:47.0787 1164 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
23:13:47.0793 1164 RTL8192Ce - ok
23:13:47.0870 1164 SABDIFSV (895900fc306c93ed4797a191692bbaf4) C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
23:13:47.0871 1164 SABDIFSV - ok
23:13:47.0927 1164 SABKUTIL (6b4888345ba3764719592862bfde7d11) C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
23:13:47.0928 1164 SABKUTIL - ok
23:13:47.0942 1164 SABProcEnum (e737a60011510680386cc56ebaf43e6a) C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys
23:13:47.0943 1164 SABProcEnum - ok
23:13:47.0979 1164 SABSVC (738ae56909e7d1413ed3602493b0091f) C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
23:13:47.0992 1164 SABSVC - ok
23:13:48.0038 1164 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:48.0039 1164 SamSs - ok
23:13:48.0070 1164 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:13:48.0072 1164 sbp2port - ok
23:13:48.0120 1164 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:13:48.0123 1164 SCardSvr - ok
23:13:48.0163 1164 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:13:48.0164 1164 scfilter - ok
23:13:48.0236 1164 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:13:48.0248 1164 Schedule - ok
23:13:48.0282 1164 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:13:48.0283 1164 SCPolicySvc - ok
23:13:48.0362 1164 sdAuxService (cfeb26a26452d5337c2f3aadd8218fc3) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
23:13:48.0367 1164 sdAuxService - ok
23:13:48.0443 1164 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
23:13:48.0444 1164 sdbus - ok
23:13:48.0538 1164 sdCoreService (b906c04f469060f2dd7fcb84706b4493) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
23:13:48.0550 1164 sdCoreService - ok
23:13:48.0587 1164 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:13:48.0590 1164 SDRSVC - ok
23:13:48.0656 1164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:13:48.0658 1164 secdrv - ok
23:13:48.0676 1164 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:13:48.0677 1164 seclogon - ok
23:13:48.0691 1164 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:13:48.0693 1164 SENS - ok
23:13:48.0738 1164 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:13:48.0740 1164 SensrSvc - ok
23:13:48.0783 1164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:13:48.0785 1164 Serenum - ok
23:13:48.0847 1164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:13:48.0849 1164 Serial - ok
23:13:48.0867 1164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:13:48.0868 1164 sermouse - ok
23:13:48.0916 1164 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:13:48.0919 1164 SessionEnv - ok
23:13:48.0943 1164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:13:48.0944 1164 sffdisk - ok
23:13:48.0978 1164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:13:48.0979 1164 sffp_mmc - ok
23:13:48.0998 1164 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:13:48.0999 1164 sffp_sd - ok
23:13:49.0040 1164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:13:49.0041 1164 sfloppy - ok
23:13:49.0084 1164 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:13:49.0089 1164 SharedAccess - ok
23:13:49.0124 1164 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:13:49.0130 1164 ShellHWDetection - ok
23:13:49.0167 1164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:13:49.0168 1164 SiSRaid2 - ok
23:13:49.0203 1164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:13:49.0204 1164 SiSRaid4 - ok
23:13:49.0278 1164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:13:49.0281 1164 Smb - ok
23:13:49.0362 1164 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:13:49.0364 1164 SNMPTRAP - ok
23:13:49.0388 1164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:13:49.0389 1164 spldr - ok
23:13:49.0440 1164 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:13:49.0447 1164 Spooler - ok
23:13:49.0618 1164 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:13:49.0653 1164 sppsvc - ok
23:13:49.0743 1164 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:13:49.0745 1164 sppuinotify - ok
23:13:49.0807 1164 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:13:49.0812 1164 srv - ok
23:13:49.0841 1164 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:13:49.0846 1164 srv2 - ok
23:13:49.0904 1164 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:13:49.0907 1164 SrvHsfHDA - ok
23:13:49.0981 1164 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:13:49.0996 1164 SrvHsfV92 - ok
23:13:50.0129 1164 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:13:50.0137 1164 SrvHsfWinac - ok
23:13:50.0172 1164 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:13:50.0174 1164 srvnet - ok
23:13:50.0226 1164 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:13:50.0229 1164 SSDPSRV - ok
23:13:50.0248 1164 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:13:50.0250 1164 SstpSvc - ok
23:13:50.0285 1164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:13:50.0286 1164 stexstor - ok
23:13:50.0339 1164 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:13:50.0346 1164 stisvc - ok
23:13:50.0370 1164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:13:50.0370 1164 swenum - ok
23:13:50.0451 1164 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:13:50.0458 1164 swprv - ok
23:13:50.0600 1164 SynTP (ec4dca6539eb97376f1a1743d209d842) C:\Windows\system32\DRIVERS\SynTP.sys
23:13:50.0608 1164 SynTP - ok
23:13:50.0766 1164 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:13:50.0785 1164 SysMain - ok
23:13:50.0889 1164 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:13:50.0891 1164 TabletInputService - ok
23:13:50.0943 1164 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:13:50.0948 1164 TapiSrv - ok
23:13:50.0975 1164 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:13:50.0977 1164 TBS - ok
23:13:51.0108 1164 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:13:51.0127 1164 Tcpip - ok
23:13:51.0341 1164 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:13:51.0351 1164 TCPIP6 - ok
23:13:51.0478 1164 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:13:51.0479 1164 tcpipreg - ok
23:13:51.0502 1164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:13:51.0503 1164 TDPIPE - ok
23:13:51.0552 1164 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:13:51.0553 1164 TDTCP - ok
23:13:51.0596 1164 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:13:51.0598 1164 tdx - ok
23:13:51.0622 1164 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:13:51.0623 1164 TermDD - ok
23:13:51.0687 1164 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:13:51.0696 1164 TermService - ok
23:13:51.0723 1164 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:13:51.0725 1164 Themes - ok
23:13:51.0752 1164 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:13:51.0753 1164 THREADORDER - ok
23:13:51.0802 1164 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:13:51.0804 1164 TrkWks - ok
23:13:51.0865 1164 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:13:51.0867 1164 TrustedInstaller - ok
23:13:51.0907 1164 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:13:51.0909 1164 tssecsrv - ok
23:13:51.0936 1164 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:13:51.0938 1164 TsUsbFlt - ok
23:13:51.0975 1164 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:13:51.0976 1164 TsUsbGD - ok
23:13:52.0042 1164 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:13:52.0044 1164 tunnel - ok
23:13:52.0056 1164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:13:52.0058 1164 uagp35 - ok
23:13:52.0081 1164 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:13:52.0085 1164 udfs - ok
23:13:52.0119 1164 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:13:52.0122 1164 UI0Detect - ok
23:13:52.0157 1164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:13:52.0158 1164 uliagpkx - ok
23:13:52.0201 1164 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:13:52.0202 1164 umbus - ok
23:13:52.0230 1164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:13:52.0231 1164 UmPass - ok
23:13:52.0409 1164 UNS (493bb5cb35de270439ed11e616f04724) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:13:52.0432 1164 UNS - ok
23:13:52.0550 1164 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:13:52.0555 1164 upnphost - ok
23:13:52.0621 1164 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:13:52.0622 1164 USBAAPL64 - ok
23:13:52.0651 1164 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:13:52.0652 1164 usbccgp - ok
23:13:52.0685 1164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:13:52.0687 1164 usbcir - ok
23:13:52.0713 1164 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:13:52.0715 1164 usbehci - ok
23:13:52.0739 1164 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:13:52.0743 1164 usbhub - ok
23:13:52.0754 1164 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:13:52.0755 1164 usbohci - ok
23:13:52.0795 1164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:13:52.0796 1164 usbprint - ok
23:13:52.0843 1164 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:13:52.0844 1164 usbscan - ok
23:13:52.0897 1164 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:13:52.0899 1164 USBSTOR - ok
23:13:52.0920 1164 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:13:52.0927 1164 usbuhci - ok
23:13:52.0972 1164 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:13:52.0975 1164 usbvideo - ok
23:13:53.0002 1164 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:13:53.0004 1164 UxSms - ok
23:13:53.0060 1164 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:53.0061 1164 VaultSvc - ok
23:13:53.0090 1164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:13:53.0091 1164 vdrvroot - ok
23:13:53.0147 1164 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:13:53.0154 1164 vds - ok
23:13:53.0174 1164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:13:53.0175 1164 vga - ok
23:13:53.0219 1164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:13:53.0220 1164 VgaSave - ok
23:13:53.0254 1164 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:13:53.0257 1164 vhdmp - ok
23:13:53.0284 1164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:13:53.0285 1164 viaide - ok
23:13:53.0324 1164 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:13:53.0325 1164 volmgr - ok
23:13:53.0361 1164 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:13:53.0365 1164 volmgrx - ok
23:13:53.0417 1164 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:13:53.0420 1164 volsnap - ok
23:13:53.0440 1164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:13:53.0442 1164 vsmraid - ok
23:13:53.0540 1164 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:13:53.0557 1164 VSS - ok
23:13:53.0690 1164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:13:53.0691 1164 vwifibus - ok
23:13:53.0717 1164 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:13:53.0718 1164 vwififlt - ok
23:13:53.0779 1164 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:13:53.0779 1164 vwifimp - ok
23:13:53.0816 1164 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:13:53.0822 1164 W32Time - ok
23:13:53.0862 1164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:13:53.0863 1164 WacomPen - ok
23:13:53.0903 1164 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:53.0904 1164 WANARP - ok
23:13:53.0907 1164 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:53.0908 1164 Wanarpv6 - ok
23:13:54.0014 1164 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:13:54.0027 1164 WatAdminSvc - ok
23:13:54.0107 1164 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:13:54.0123 1164 wbengine - ok
23:13:54.0228 1164 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:13:54.0231 1164 WbioSrvc - ok
23:13:54.0295 1164 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:13:54.0300 1164 wcncsvc - ok
23:13:54.0315 1164 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:13:54.0317 1164 WcsPlugInService - ok
23:13:54.0369 1164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:13:54.0370 1164 Wd - ok
23:13:54.0454 1164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:13:54.0461 1164 Wdf01000 - ok
23:13:54.0484 1164 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:13:54.0487 1164 WdiServiceHost - ok
23:13:54.0489 1164 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:13:54.0491 1164 WdiSystemHost - ok
23:13:54.0515 1164 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:13:54.0519 1164 WebClient - ok
23:13:54.0541 1164 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:13:54.0545 1164 Wecsvc - ok
23:13:54.0596 1164 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:13:54.0598 1164 wercplsupport - ok
23:13:54.0657 1164 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:13:54.0659 1164 WerSvc - ok
23:13:54.0715 1164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:13:54.0716 1164 WfpLwf - ok
23:13:54.0731 1164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:13:54.0732 1164 WIMMount - ok
23:13:54.0764 1164 WinDefend - ok
23:13:54.0770 1164 WinHttpAutoProxySvc - ok
23:13:54.0854 1164 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:13:54.0857 1164 Winmgmt - ok
23:13:54.0982 1164 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:13:55.0003 1164 WinRM - ok
23:13:55.0139 1164 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:13:55.0141 1164 WinUsb - ok
23:13:55.0200 1164 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:13:55.0210 1164 Wlansvc - ok
23:13:55.0399 1164 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:13:55.0422 1164 wlidsvc - ok
23:13:55.0557 1164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:13:55.0557 1164 WmiAcpi - ok
23:13:55.0657 1164 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:13:55.0660 1164 wmiApSrv - ok
23:13:55.0706 1164 WMPNetworkSvc - ok
23:13:55.0728 1164 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:13:55.0730 1164 WPCSvc - ok
23:13:55.0743 1164 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:13:55.0746 1164 WPDBusEnum - ok
23:13:55.0790 1164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:13:55.0791 1164 ws2ifsl - ok
23:13:55.0839 1164 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:13:55.0841 1164 wscsvc - ok
23:13:55.0844 1164 WSearch - ok
23:13:55.0985 1164 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:13:56.0010 1164 wuauserv - ok
23:13:56.0151 1164 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:13:56.0153 1164 WudfPf - ok
23:13:56.0177 1164 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:13:56.0179 1164 WUDFRd - ok
23:13:56.0216 1164 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:13:56.0218 1164 wudfsvc - ok
23:13:56.0243 1164 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:13:56.0247 1164 WwanSvc - ok
23:13:56.0289 1164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:13:56.0500 1164 \Device\Harddisk0\DR0 - ok
23:13:56.0521 1164 Boot (0x1200) (cb846c5ba7fcdfd84bfb2a6968efb4d4) \Device\Harddisk0\DR0\Partition0
23:13:56.0523 1164 \Device\Harddisk0\DR0\Partition0 - ok
23:13:56.0534 1164 Boot (0x1200) (12428e4c3df40ceca9efc6f7d72e94e3) \Device\Harddisk0\DR0\Partition1
23:13:56.0536 1164 \Device\Harddisk0\DR0\Partition1 - ok
23:13:56.0565 1164 Boot (0x1200) (c57d18cee9628bbe95400c03f47e3406) \Device\Harddisk0\DR0\Partition2
23:13:56.0567 1164 \Device\Harddisk0\DR0\Partition2 - ok
23:13:56.0593 1164 Boot (0x1200) (9a6295632a518959b378441fc46a6759) \Device\Harddisk0\DR0\Partition3
23:13:56.0594 1164 \Device\Harddisk0\DR0\Partition3 - ok
23:13:56.0594 1164 ============================================================
23:13:56.0594 1164 Scan finished
23:13:56.0594 1164 ============================================================
23:13:56.0603 1636 Detected object count: 0
23:13:56.0603 1636 Actual detected object count: 0

Malwarebytes Log after requested -
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Heather's laptop :: HEATHERSLAPTOP [administrator]

8/3/2012 11:19:56 PM
mbam-log-2012-08-03 (23-19-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190357
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks for any and all guidance provided!

Heather

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 03 August 2012 - 11:03 PM

Well lets make sure we didnt miss anything.
Do you still redirect?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hbrummer

hbrummer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 04 August 2012 - 12:42 AM

Here are the results!

Eset -

C:\ProgramData\CodecUpdate\runtime.dll Win32/GenUpdater application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Heather's laptop\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Heather's laptop\AppData\Local\Temp\ICReinstall\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Heather's laptop\AppData\Local\Temp\ICReinstall\cnet2_SuperAdBlocker_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Heather's laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2f2d5712-71cf1138 multiple threats deleted - quarantined
C:\Users\Heather's laptop\Downloads\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Heather's laptop\Downloads\cnet2_SuperAdBlocker_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Heather's laptop\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined

Minitoolbox -

MiniToolBox by Farbar Version: 23-07-2012
Ran by Heather's laptop (administrator) on 04-08-2012 at 01:37:24
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Heatherslaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 68-A3-C4-74-9B-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 3C-D9-2B-22-CC-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 68-A3-C4-74-9B-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e913:d30f:34fb:d787%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 04, 2012 12:12:48 AM
Lease Expires . . . . . . . . . . : Sunday, August 05, 2012 12:12:52 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 241738692
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-4A-34-78-68-A3-C4-74-9B-16
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{480700FA-DBA1-4865-989B-86346F9FD0A8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9313D5F1-A5C7-42A0-A9C3-6EF695E02ABA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {1D548B07-BB7F-43E9-8A03-65D2F3330499}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 2001:4860:4002:802::1003
74.125.227.129
74.125.227.130
74.125.227.131
74.125.227.132
74.125.227.133
74.125.227.134
74.125.227.135
74.125.227.136
74.125.227.137
74.125.227.142
74.125.227.128


Pinging google.com [74.125.227.96] with 32 bytes of data:
Reply from 74.125.227.96: bytes=32 time=84ms TTL=49
Reply from 74.125.227.96: bytes=32 time=59ms TTL=49

Ping statistics for 74.125.227.96:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 84ms, Average = 71ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=123ms TTL=45
Reply from 98.139.183.24: bytes=32 time=101ms TTL=45

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 101ms, Maximum = 123ms, Average = 112ms
Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...68 a3 c4 74 9b 16 ......Microsoft Virtual WiFi Miniport Adapter
12...3c d9 2b 22 cc ef ......Realtek PCIe GBE Family Controller
11...68 a3 c4 74 9b 16 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.68 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.68 281
192.168.1.68 255.255.255.255 On-link 192.168.1.68 281
192.168.1.255 255.255.255.255 On-link 192.168.1.68 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.68 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.68 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::e913:d30f:34fb:d787/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/04/2012 00:16:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/04/2012 00:16:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/04/2012 00:14:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 00:12:54 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (08/04/2012 00:12:54 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C

Error: (08/03/2012 11:42:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2012 11:04:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2012 11:03:46 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (08/03/2012 11:03:46 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C

Error: (08/03/2012 10:39:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2215


System errors:
=============
Error: (08/04/2012 01:36:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:36:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:36:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:31:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:31:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:31:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/04/2012 01:31:19 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bonjour (Version: 3.0.0.10)
Browser Guard 4.0 (Version: 4.0.0.1606)
Canon MP495 series MP Drivers
Canon My Printer
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CyberLink DVD Suite (Version: 7.0.3525)
CyberLink YouCam (Version: 3.2.1.3726)
D3DX10 (Version: 15.4.2368.0902)
DriveImage XML (Private Edition) (Version: 2.30)
Energy Star Digital Logo (Version: 1.0.1)
ESET Online Scanner v3
Evernote v. 4.2.2 (Version: 4.2.2.3869)
FastStone Image Viewer 4.6 (Version: 4.6)
Google Talk Plugin (Version: 3.3.3.8675)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP On Screen Display (Version: 1.0.7)
HP Power Manager (Version: 1.2.1)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.5.4526.3645)
HP Software Framework (Version: 4.0.108.1)
HP Support Assistant (Version: 6.0.5.4)
HP Wireless Assistant (Version: 4.0.10.0)
iCloud (Version: 1.0.2.17)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
IrfanView (remove only) (Version: 4.32)
iTunes (Version: 10.5.3.3)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
LabelPrint (Version: 2.5.3429)
LightScribe System Software (Version: 1.18.21.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee SiteAdvisor (Version: 3.4.0.143)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
Mystery Case Files: Return to Ravenhearst ™
Mystery Trackers: The Void
Nightfall Mysteries: Asylum Conspiracy
Nitro PDF Reader 2 (Version: 2.0.0.29)
PC Tools AntiVirus Free 9.0 (Version: 9.0)
PeaZip 4.6
Power2Go (Version: 6.1.4725)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver (Version: 7.34.1130.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6287)
Realtek PCIE Card Reader (Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (Version: 1.00.10.0416)
Recovery Manager (Version: 1.0.22)
Revo Uninstaller 1.94 (Version: 1.94)
Silvestri Comp Review PN 4e
Skype™ 5.1 (Version: 5.1.104)
Super Ad Blocker (Version: 4.6.0.1000)
Synaptics Pointing Device Driver (Version: 15.2.4.3)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3893.86 MB
Available physical RAM: 2769.66 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 6861.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:284.1 GB) (Free:206.77 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.71 GB) NTFS

========================= Users: ========================================

User accounts for \\HEATHERSLAPTOP

Administrator Guest Heather's laptop


**** End of log ****


Going to bed now but will check back tomorrow. Thank you again very much. Good night :)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 05 August 2012 - 01:19 PM

Hello
Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.


How is it?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 hbrummer

hbrummer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 05 August 2012 - 09:07 PM

Hello Boopme,

Well I used the automatic FixIt and it said everything was fixed. Unfortunately I went in to a website after and got another one of the yieldmanager.edgesuite.net pop ups :(
One thing that makes me wonder if it actually worked (besides the pop ups) is that when I view my system32 folder, there is no HOSTS file in it that I can see. I have unhidden all files but still to no avail. Any ideas?

One positive - I do NOT seem to be getting redirected anymore :)

Thanks so much,

Heather

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 06 August 2012 - 11:23 AM

Lets see if its here
1.Click Start
click All Programs,
click Accessories,
right-click Notepad,
and then click Run as administrator.

If you are prompted for an administrator password or for a confirmation, type the password, or click Allow or Yes.
2.Open the Hosts file or the Lmhosts file
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 hbrummer

hbrummer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 06 August 2012 - 05:29 PM

After running Notepad as an Administrator, I did not see anything under the C:\Windows\System32\drivers\etc\ file - it is blank... if I look the regular way, using explorer, I see these: lmhosts.sam, networks, protocol, services

Not sure what to think...?

Heather

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 06 August 2012 - 10:55 PM

Let me ask..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 hbrummer

hbrummer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 06 August 2012 - 11:17 PM

Thanks for your efforts; Btw the redirects have returned. *grrrrrr*

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 07 August 2012 - 08:03 PM

Rats!! Must be a protected malware. We can get it but we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.

Edited by boopme, 07 August 2012 - 08:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 14 August 2012 - 04:04 PM

Thank You,now that you have a reply at the new topic I will close this one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users