Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

constant popups in lower right corner of browser


  • Please log in to reply
7 replies to this topic

#1 SadFlute

SadFlute

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 27 June 2012 - 09:55 PM

i am on windows7 and use ie. while browsing i recieve constant windows appearing in the lower right corner of my screen. I believe it may have something to do with ad.yieldmanager.com and revsci.com. I have used a whole bunch of scanners mbam, eset, spybot s&d, avg, superantispyware, kaspersky, smitfraudfix. also i cannot modify my hosts file. ive tried many methods including hosts-perm.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 27 June 2012 - 09:59 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#3 SadFlute

SadFlute
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 30 June 2012 - 01:08 AM

00:33:39.0271 5764 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
00:33:39.0650 5764 ============================================================
00:33:39.0650 5764 Current date / time: 2012/06/29 00:33:39.0650
00:33:39.0650 5764 SystemInfo:
00:33:39.0650 5764
00:33:39.0651 5764 OS Version: 6.1.7601 ServicePack: 1.0
00:33:39.0651 5764 Product type: Workstation
00:33:39.0651 5764 ComputerName: ALFRED
00:33:39.0651 5764 UserName: Owner
00:33:39.0651 5764 Windows directory: C:\Windows
00:33:39.0651 5764 System windows directory: C:\Windows
00:33:39.0651 5764 Running under WOW64
00:33:39.0651 5764 Processor architecture: Intel x64
00:33:39.0651 5764 Number of processors: 4
00:33:39.0651 5764 Page size: 0x1000
00:33:39.0651 5764 Boot type: Normal boot
00:33:39.0651 5764 ============================================================
00:33:40.0953 5764 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:33:40.0970 5764 ============================================================
00:33:40.0970 5764 \Device\Harddisk0\DR0:
00:33:40.0970 5764 MBR partitions:
00:33:40.0970 5764 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:33:40.0970 5764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55D63800
00:33:40.0970 5764 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55D96000, BlocksNum 0x17AF800
00:33:40.0970 5764 ============================================================
00:33:40.0995 5764 C: <-> \Device\Harddisk0\DR0\Partition1
00:33:41.0034 5764 D: <-> \Device\Harddisk0\DR0\Partition2
00:33:41.0034 5764 ============================================================
00:33:41.0034 5764 Initialize success
00:33:41.0034 5764 ============================================================
00:34:12.0977 1700 ============================================================
00:34:12.0977 1700 Scan started
00:34:12.0977 1700 Mode: Manual; TDLFS;
00:34:12.0977 1700 ============================================================
00:34:13.0602 1700 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:34:13.0604 1700 !SASCORE - ok
00:34:13.0697 1700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:34:13.0700 1700 1394ohci - ok
00:34:13.0805 1700 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
00:34:13.0807 1700 ACDaemon - ok
00:34:13.0832 1700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:34:13.0834 1700 ACPI - ok
00:34:13.0844 1700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:34:13.0845 1700 AcpiPmi - ok
00:34:13.0864 1700 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
00:34:13.0866 1700 adfs - ok
00:34:13.0926 1700 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:34:13.0927 1700 AdobeARMservice - ok
00:34:13.0996 1700 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:34:13.0999 1700 AdobeFlashPlayerUpdateSvc - ok
00:34:14.0027 1700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:34:14.0033 1700 adp94xx - ok
00:34:14.0050 1700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:34:14.0054 1700 adpahci - ok
00:34:14.0068 1700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:34:14.0071 1700 adpu320 - ok
00:34:14.0093 1700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:34:14.0094 1700 AeLookupSvc - ok
00:34:14.0166 1700 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
00:34:14.0167 1700 Afc - ok
00:34:14.0228 1700 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:34:14.0234 1700 AFD - ok
00:34:14.0246 1700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:34:14.0247 1700 agp440 - ok
00:34:14.0259 1700 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:34:14.0260 1700 ALG - ok
00:34:14.0275 1700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:34:14.0276 1700 aliide - ok
00:34:14.0283 1700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:34:14.0284 1700 amdide - ok
00:34:14.0301 1700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:34:14.0302 1700 AmdK8 - ok
00:34:14.0311 1700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:34:14.0313 1700 AmdPPM - ok
00:34:14.0325 1700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:34:14.0327 1700 amdsata - ok
00:34:14.0344 1700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:34:14.0347 1700 amdsbs - ok
00:34:14.0363 1700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:34:14.0364 1700 amdxata - ok
00:34:14.0422 1700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:34:14.0425 1700 AppID - ok
00:34:14.0439 1700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:34:14.0441 1700 AppIDSvc - ok
00:34:14.0481 1700 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:34:14.0483 1700 Appinfo - ok
00:34:14.0567 1700 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:34:14.0569 1700 Apple Mobile Device - ok
00:34:14.0583 1700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:34:14.0585 1700 arc - ok
00:34:14.0601 1700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:34:14.0602 1700 arcsas - ok
00:34:14.0633 1700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:34:14.0634 1700 AsyncMac - ok
00:34:14.0647 1700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:34:14.0647 1700 atapi - ok
00:34:14.0713 1700 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
00:34:14.0743 1700 athr - ok
00:34:14.0849 1700 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:34:14.0853 1700 AudioEndpointBuilder - ok
00:34:14.0860 1700 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:34:14.0864 1700 AudioSrv - ok
00:34:15.0014 1700 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
00:34:15.0101 1700 AVGIDSAgent - ok
00:34:15.0151 1700 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
00:34:15.0153 1700 AVGIDSDriver - ok
00:34:15.0168 1700 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
00:34:15.0169 1700 AVGIDSFilter - ok
00:34:15.0173 1700 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
00:34:15.0174 1700 AVGIDSHA - ok
00:34:15.0201 1700 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
00:34:15.0204 1700 Avgldx64 - ok
00:34:15.0213 1700 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
00:34:15.0213 1700 Avgmfx64 - ok
00:34:15.0243 1700 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
00:34:15.0244 1700 Avgrkx64 - ok
00:34:15.0275 1700 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
00:34:15.0279 1700 Avgtdia - ok
00:34:15.0309 1700 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:34:15.0310 1700 avgwd - ok
00:34:15.0357 1700 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:34:15.0360 1700 AxInstSV - ok
00:34:15.0423 1700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:34:15.0428 1700 b06bdrv - ok
00:34:15.0491 1700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:34:15.0495 1700 b57nd60a - ok
00:34:15.0534 1700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:34:15.0536 1700 BDESVC - ok
00:34:15.0548 1700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:34:15.0548 1700 Beep - ok
00:34:15.0646 1700 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:34:15.0654 1700 BFE - ok
00:34:15.0705 1700 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:34:15.0715 1700 BITS - ok
00:34:15.0753 1700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:34:15.0755 1700 blbdrive - ok
00:34:15.0817 1700 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:34:15.0821 1700 Bonjour Service - ok
00:34:15.0866 1700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:34:15.0867 1700 bowser - ok
00:34:15.0876 1700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:34:15.0877 1700 BrFiltLo - ok
00:34:15.0893 1700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:34:15.0894 1700 BrFiltUp - ok
00:34:15.0933 1700 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:34:15.0935 1700 Browser - ok
00:34:15.0952 1700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:34:15.0955 1700 Brserid - ok
00:34:15.0969 1700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:34:15.0971 1700 BrSerWdm - ok
00:34:15.0978 1700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:34:15.0979 1700 BrUsbMdm - ok
00:34:15.0993 1700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:34:15.0994 1700 BrUsbSer - ok
00:34:16.0010 1700 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
00:34:16.0011 1700 BTCFilterService - ok
00:34:16.0024 1700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:34:16.0026 1700 BTHMODEM - ok
00:34:16.0052 1700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:34:16.0053 1700 bthserv - ok
00:34:16.0076 1700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:34:16.0078 1700 cdfs - ok
00:34:16.0091 1700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:34:16.0094 1700 cdrom - ok
00:34:16.0138 1700 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:34:16.0140 1700 CertPropSvc - ok
00:34:16.0155 1700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:34:16.0156 1700 circlass - ok
00:34:16.0177 1700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:34:16.0180 1700 CLFS - ok
00:34:16.0237 1700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:34:16.0239 1700 clr_optimization_v2.0.50727_32 - ok
00:34:16.0274 1700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:34:16.0276 1700 clr_optimization_v2.0.50727_64 - ok
00:34:16.0396 1700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:34:16.0398 1700 clr_optimization_v4.0.30319_32 - ok
00:34:16.0450 1700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:34:16.0451 1700 clr_optimization_v4.0.30319_64 - ok
00:34:16.0464 1700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:34:16.0466 1700 CmBatt - ok
00:34:16.0477 1700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:34:16.0478 1700 cmdide - ok
00:34:16.0526 1700 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:34:16.0529 1700 CNG - ok
00:34:16.0548 1700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:34:16.0550 1700 Compbatt - ok
00:34:16.0574 1700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:34:16.0576 1700 CompositeBus - ok
00:34:16.0579 1700 COMSysApp - ok
00:34:16.0591 1700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:34:16.0592 1700 crcdisk - ok
00:34:16.0651 1700 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:34:16.0652 1700 CryptSvc - ok
00:34:16.0703 1700 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:34:16.0708 1700 DcomLaunch - ok
00:34:16.0734 1700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:34:16.0738 1700 defragsvc - ok
00:34:16.0856 1700 DeviceMonitorService (893a82d118833a850459dd470ffa48d9) C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
00:34:16.0857 1700 DeviceMonitorService - ok
00:34:16.0904 1700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:34:16.0905 1700 DfsC - ok
00:34:16.0932 1700 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:34:16.0935 1700 Dhcp - ok
00:34:16.0952 1700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:34:16.0953 1700 discache - ok
00:34:17.0005 1700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:34:17.0006 1700 Disk - ok
00:34:17.0056 1700 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:34:17.0058 1700 Dnscache - ok
00:34:17.0109 1700 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:34:17.0113 1700 dot3svc - ok
00:34:17.0148 1700 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:34:17.0150 1700 DPS - ok
00:34:17.0164 1700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:34:17.0166 1700 drmkaud - ok
00:34:17.0199 1700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:34:17.0209 1700 DXGKrnl - ok
00:34:17.0223 1700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:34:17.0224 1700 EapHost - ok
00:34:17.0318 1700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:34:17.0378 1700 ebdrv - ok
00:34:17.0455 1700 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:34:17.0457 1700 EFS - ok
00:34:17.0523 1700 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:34:17.0531 1700 ehRecvr - ok
00:34:17.0548 1700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:34:17.0549 1700 ehSched - ok
00:34:17.0598 1700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:34:17.0604 1700 elxstor - ok
00:34:17.0610 1700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:34:17.0611 1700 ErrDev - ok
00:34:17.0651 1700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:34:17.0654 1700 EventSystem - ok
00:34:17.0678 1700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:34:17.0682 1700 exfat - ok
00:34:17.0702 1700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:34:17.0705 1700 fastfat - ok
00:34:17.0769 1700 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:34:17.0777 1700 Fax - ok
00:34:17.0791 1700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:34:17.0793 1700 fdc - ok
00:34:17.0807 1700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:34:17.0809 1700 fdPHost - ok
00:34:17.0821 1700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:34:17.0823 1700 FDResPub - ok
00:34:17.0836 1700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:34:17.0837 1700 FileInfo - ok
00:34:17.0845 1700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:34:17.0846 1700 Filetrace - ok
00:34:17.0856 1700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:34:17.0857 1700 flpydisk - ok
00:34:17.0896 1700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:34:17.0898 1700 FltMgr - ok
00:34:17.0961 1700 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:34:17.0984 1700 FontCache - ok
00:34:18.0053 1700 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:34:18.0054 1700 FontCache3.0.0.0 - ok
00:34:18.0064 1700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:34:18.0065 1700 FsDepends - ok
00:34:18.0077 1700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:34:18.0078 1700 Fs_Rec - ok
00:34:18.0124 1700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:34:18.0126 1700 fvevol - ok
00:34:18.0150 1700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:34:18.0152 1700 gagp30kx - ok
00:34:18.0229 1700 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:34:18.0232 1700 GamesAppService - ok
00:34:18.0245 1700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:34:18.0246 1700 GEARAspiWDM - ok
00:34:18.0303 1700 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:34:18.0308 1700 gpsvc - ok
00:34:18.0437 1700 gupdate1ca916fda31697a (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:34:18.0438 1700 gupdate1ca916fda31697a - ok
00:34:18.0451 1700 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:34:18.0452 1700 gupdatem - ok
00:34:18.0467 1700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:34:18.0469 1700 hcw85cir - ok
00:34:18.0491 1700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:34:18.0493 1700 HDAudBus - ok
00:34:18.0508 1700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:34:18.0509 1700 HidBatt - ok
00:34:18.0530 1700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:34:18.0532 1700 HidBth - ok
00:34:18.0554 1700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:34:18.0556 1700 HidIr - ok
00:34:18.0576 1700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:34:18.0578 1700 hidserv - ok
00:34:18.0606 1700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:34:18.0607 1700 HidUsb - ok
00:34:18.0661 1700 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:34:18.0663 1700 hkmsvc - ok
00:34:18.0702 1700 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:34:18.0706 1700 HomeGroupListener - ok
00:34:18.0753 1700 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:34:18.0756 1700 HomeGroupProvider - ok
00:34:18.0858 1700 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:34:18.0859 1700 HP Support Assistant Service - ok
00:34:18.0929 1700 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:34:18.0931 1700 HPDrvMntSvc.exe - ok
00:34:18.0972 1700 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:34:18.0980 1700 hpqwmiex - ok
00:34:19.0027 1700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:34:19.0029 1700 HpSAMD - ok
00:34:19.0089 1700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:34:19.0094 1700 HTTP - ok
00:34:19.0108 1700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:34:19.0109 1700 hwpolicy - ok
00:34:19.0127 1700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:34:19.0129 1700 i8042prt - ok
00:34:19.0158 1700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:34:19.0163 1700 iaStorV - ok
00:34:19.0248 1700 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:34:19.0257 1700 idsvc - ok
00:34:19.0531 1700 igfx (d926f1c76a78a69a154187ceb487e863) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:34:19.0687 1700 igfx - ok
00:34:19.0747 1700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:34:19.0748 1700 iirsp - ok
00:34:19.0777 1700 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:34:19.0786 1700 IKEEXT - ok
00:34:19.0855 1700 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
00:34:19.0891 1700 IntcAzAudAddService - ok
00:34:19.0931 1700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:34:19.0931 1700 intelide - ok
00:34:19.0956 1700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:34:19.0957 1700 intelppm - ok
00:34:19.0971 1700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:34:19.0973 1700 IPBusEnum - ok
00:34:20.0010 1700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:34:20.0012 1700 IpFilterDriver - ok
00:34:20.0059 1700 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:34:20.0066 1700 iphlpsvc - ok
00:34:20.0082 1700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:34:20.0084 1700 IPMIDRV - ok
00:34:20.0123 1700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:34:20.0125 1700 IPNAT - ok
00:34:20.0210 1700 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
00:34:20.0216 1700 iPod Service - ok
00:34:20.0234 1700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:34:20.0235 1700 IRENUM - ok
00:34:20.0247 1700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:34:20.0249 1700 isapnp - ok
00:34:20.0271 1700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:34:20.0274 1700 iScsiPrt - ok
00:34:20.0295 1700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:34:20.0297 1700 kbdclass - ok
00:34:20.0306 1700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:34:20.0307 1700 kbdhid - ok
00:34:20.0344 1700 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:20.0345 1700 KeyIso - ok
00:34:20.0391 1700 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:34:20.0392 1700 KSecDD - ok
00:34:20.0403 1700 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:34:20.0405 1700 KSecPkg - ok
00:34:20.0414 1700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:34:20.0415 1700 ksthunk - ok
00:34:20.0443 1700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:34:20.0449 1700 KtmRm - ok
00:34:20.0501 1700 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:34:20.0506 1700 LanmanServer - ok
00:34:20.0548 1700 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:34:20.0551 1700 LanmanWorkstation - ok
00:34:20.0629 1700 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:34:20.0630 1700 LightScribeService - ok
00:34:20.0666 1700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:34:20.0667 1700 lltdio - ok
00:34:20.0688 1700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:34:20.0692 1700 lltdsvc - ok
00:34:20.0702 1700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:34:20.0704 1700 lmhosts - ok
00:34:20.0728 1700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:34:20.0730 1700 LSI_FC - ok
00:34:20.0749 1700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:34:20.0751 1700 LSI_SAS - ok
00:34:20.0768 1700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:34:20.0770 1700 LSI_SAS2 - ok
00:34:20.0826 1700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:34:20.0828 1700 LSI_SCSI - ok
00:34:20.0866 1700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:34:20.0868 1700 luafv - ok
00:34:20.0905 1700 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:34:20.0908 1700 Mcx2Svc - ok
00:34:20.0921 1700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:34:20.0923 1700 megasas - ok
00:34:20.0937 1700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:34:20.0941 1700 MegaSR - ok
00:34:20.0954 1700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:34:20.0956 1700 MMCSS - ok
00:34:20.0969 1700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:34:20.0970 1700 Modem - ok
00:34:20.0987 1700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:34:20.0988 1700 monitor - ok
00:34:21.0005 1700 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
00:34:21.0006 1700 motandroidusb - ok
00:34:21.0030 1700 motccgp (5d1080dbd8ec5f2d6e550e01398e17cf) C:\Windows\system32\DRIVERS\motccgp.sys
00:34:21.0032 1700 motccgp - ok
00:34:21.0040 1700 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
00:34:21.0042 1700 motccgpfl - ok
00:34:21.0055 1700 motmodem (6cbc0f4005593c96c9aecad39f0690fc) C:\Windows\system32\DRIVERS\motmodem.sys
00:34:21.0056 1700 motmodem - ok
00:34:21.0167 1700 MotoHelper (705568b735847b3304f9602834def733) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
00:34:21.0169 1700 MotoHelper - ok
00:34:21.0180 1700 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
00:34:21.0181 1700 MotoSwitchService - ok
00:34:21.0196 1700 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
00:34:21.0197 1700 Motousbnet - ok
00:34:21.0201 1700 motusbdevice - ok
00:34:21.0229 1700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:34:21.0230 1700 mouclass - ok
00:34:21.0255 1700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:34:21.0256 1700 mouhid - ok
00:34:21.0297 1700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:34:21.0298 1700 mountmgr - ok
00:34:21.0314 1700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:34:21.0317 1700 mpio - ok
00:34:21.0340 1700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:34:21.0341 1700 mpsdrv - ok
00:34:21.0393 1700 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:34:21.0399 1700 MpsSvc - ok
00:34:21.0530 1700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:34:21.0532 1700 MRxDAV - ok
00:34:21.0576 1700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:34:21.0577 1700 mrxsmb - ok
00:34:21.0613 1700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:34:21.0615 1700 mrxsmb10 - ok
00:34:21.0640 1700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:34:21.0642 1700 mrxsmb20 - ok
00:34:21.0657 1700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:34:21.0659 1700 msahci - ok
00:34:21.0675 1700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:34:21.0678 1700 msdsm - ok
00:34:21.0704 1700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:34:21.0707 1700 MSDTC - ok
00:34:21.0728 1700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:34:21.0728 1700 Msfs - ok
00:34:21.0740 1700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:34:21.0741 1700 mshidkmdf - ok
00:34:21.0752 1700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:34:21.0752 1700 msisadrv - ok
00:34:21.0785 1700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:34:21.0788 1700 MSiSCSI - ok
00:34:21.0791 1700 msiserver - ok
00:34:21.0810 1700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:34:21.0812 1700 MSKSSRV - ok
00:34:21.0828 1700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:34:21.0829 1700 MSPCLOCK - ok
00:34:21.0843 1700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:34:21.0844 1700 MSPQM - ok
00:34:21.0897 1700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:34:21.0899 1700 MsRPC - ok
00:34:21.0912 1700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:34:21.0913 1700 mssmbios - ok
00:34:21.0929 1700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:34:21.0930 1700 MSTEE - ok
00:34:21.0940 1700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:34:21.0942 1700 MTConfig - ok
00:34:21.0992 1700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:34:21.0993 1700 Mup - ok
00:34:22.0038 1700 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:34:22.0044 1700 napagent - ok
00:34:22.0082 1700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:34:22.0085 1700 NativeWifiP - ok
00:34:22.0146 1700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:34:22.0152 1700 NDIS - ok
00:34:22.0165 1700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:34:22.0167 1700 NdisCap - ok
00:34:22.0181 1700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:34:22.0183 1700 NdisTapi - ok
00:34:22.0232 1700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:34:22.0233 1700 Ndisuio - ok
00:34:22.0251 1700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:34:22.0253 1700 NdisWan - ok
00:34:22.0294 1700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:34:22.0296 1700 NDProxy - ok
00:34:22.0307 1700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:34:22.0307 1700 NetBIOS - ok
00:34:22.0350 1700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:34:22.0354 1700 NetBT - ok
00:34:22.0391 1700 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:22.0393 1700 Netlogon - ok
00:34:22.0415 1700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:34:22.0420 1700 Netman - ok
00:34:22.0442 1700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:34:22.0448 1700 netprofm - ok
00:34:22.0501 1700 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:34:22.0503 1700 NetTcpPortSharing - ok
00:34:22.0549 1700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:34:22.0550 1700 nfrd960 - ok
00:34:22.0591 1700 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:34:22.0595 1700 NlaSvc - ok
00:34:22.0600 1700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:34:22.0601 1700 Npfs - ok
00:34:22.0612 1700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:34:22.0614 1700 nsi - ok
00:34:22.0621 1700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:34:22.0622 1700 nsiproxy - ok
00:34:22.0700 1700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:34:22.0710 1700 Ntfs - ok
00:34:22.0757 1700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:34:22.0758 1700 Null - ok
00:34:22.0797 1700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:34:22.0799 1700 nvraid - ok
00:34:22.0816 1700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:34:22.0818 1700 nvstor - ok
00:34:22.0835 1700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:34:22.0837 1700 nv_agp - ok
00:34:22.0951 1700 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:34:22.0956 1700 odserv - ok
00:34:22.0966 1700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:34:22.0968 1700 ohci1394 - ok
00:34:23.0040 1700 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:34:23.0042 1700 ose - ok
00:34:23.0065 1700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:34:23.0070 1700 p2pimsvc - ok
00:34:23.0093 1700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:34:23.0100 1700 p2psvc - ok
00:34:23.0118 1700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:34:23.0120 1700 Parport - ok
00:34:23.0165 1700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:34:23.0166 1700 partmgr - ok
00:34:23.0176 1700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:34:23.0179 1700 PcaSvc - ok
00:34:23.0255 1700 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
00:34:23.0261 1700 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
00:34:23.0323 1700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:34:23.0324 1700 pci - ok
00:34:23.0336 1700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:34:23.0338 1700 pciide - ok
00:34:23.0354 1700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:34:23.0357 1700 pcmcia - ok
00:34:23.0381 1700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:34:23.0382 1700 pcw - ok
00:34:23.0407 1700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:34:23.0411 1700 PEAUTH - ok
00:34:23.0458 1700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:34:23.0460 1700 PerfHost - ok
00:34:23.0519 1700 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:34:23.0551 1700 pla - ok
00:34:23.0618 1700 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:34:23.0623 1700 PlugPlay - ok
00:34:23.0632 1700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:34:23.0635 1700 PNRPAutoReg - ok
00:34:23.0656 1700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:34:23.0659 1700 PNRPsvc - ok
00:34:23.0681 1700 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:34:23.0687 1700 PolicyAgent - ok
00:34:23.0705 1700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:34:23.0708 1700 Power - ok
00:34:23.0760 1700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:34:23.0761 1700 PptpMiniport - ok
00:34:23.0779 1700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:34:23.0780 1700 Processor - ok
00:34:23.0797 1700 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:34:23.0800 1700 ProfSvc - ok
00:34:23.0840 1700 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:23.0841 1700 ProtectedStorage - ok
00:34:23.0900 1700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:34:23.0902 1700 Psched - ok
00:34:23.0951 1700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:34:23.0983 1700 ql2300 - ok
00:34:24.0046 1700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:34:24.0049 1700 ql40xx - ok
00:34:24.0062 1700 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:34:24.0067 1700 QWAVE - ok
00:34:24.0106 1700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:34:24.0107 1700 QWAVEdrv - ok
00:34:24.0202 1700 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
00:34:24.0205 1700 RapiMgr - ok
00:34:24.0209 1700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:34:24.0211 1700 RasAcd - ok
00:34:24.0240 1700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:34:24.0243 1700 RasAgileVpn - ok
00:34:24.0259 1700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:34:24.0262 1700 RasAuto - ok
00:34:24.0275 1700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:34:24.0277 1700 Rasl2tp - ok
00:34:24.0301 1700 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:34:24.0307 1700 RasMan - ok
00:34:24.0324 1700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:34:24.0326 1700 RasPppoe - ok
00:34:24.0336 1700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:34:24.0338 1700 RasSstp - ok
00:34:24.0359 1700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:34:24.0363 1700 rdbss - ok
00:34:24.0380 1700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:34:24.0382 1700 rdpbus - ok
00:34:24.0401 1700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:34:24.0402 1700 RDPCDD - ok
00:34:24.0418 1700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:34:24.0419 1700 RDPENCDD - ok
00:34:24.0452 1700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:34:24.0453 1700 RDPREFMP - ok
00:34:24.0509 1700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:34:24.0512 1700 RDPWD - ok
00:34:24.0554 1700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:34:24.0557 1700 rdyboost - ok
00:34:24.0574 1700 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:34:24.0576 1700 RemoteAccess - ok
00:34:24.0587 1700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:34:24.0590 1700 RemoteRegistry - ok
00:34:24.0614 1700 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:34:24.0616 1700 RimUsb - ok
00:34:24.0642 1700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:34:24.0645 1700 RpcEptMapper - ok
00:34:24.0666 1700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:34:24.0668 1700 RpcLocator - ok
00:34:24.0712 1700 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:34:24.0717 1700 RpcSs - ok
00:34:24.0732 1700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:34:24.0733 1700 rspndr - ok
00:34:24.0754 1700 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:34:24.0758 1700 RTL8167 - ok
00:34:24.0811 1700 SABProcEnum - ok
00:34:24.0848 1700 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:24.0850 1700 SamSs - ok
00:34:24.0904 1700 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:34:24.0905 1700 SASDIFSV - ok
00:34:24.0910 1700 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:34:24.0911 1700 SASKUTIL - ok
00:34:24.0930 1700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:34:24.0932 1700 sbp2port - ok
00:34:25.0009 1700 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:34:25.0050 1700 SBSDWSCService - ok
00:34:25.0073 1700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:34:25.0077 1700 SCardSvr - ok
00:34:25.0128 1700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:34:25.0129 1700 scfilter - ok
00:34:25.0185 1700 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:34:25.0194 1700 Schedule - ok
00:34:25.0229 1700 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:34:25.0230 1700 SCPolicySvc - ok
00:34:25.0278 1700 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:34:25.0282 1700 SDRSVC - ok
00:34:25.0311 1700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:34:25.0312 1700 secdrv - ok
00:34:25.0330 1700 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:34:25.0332 1700 seclogon - ok
00:34:25.0349 1700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:34:25.0352 1700 SENS - ok
00:34:25.0372 1700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:34:25.0375 1700 SensrSvc - ok
00:34:25.0389 1700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:34:25.0390 1700 Serenum - ok
00:34:25.0404 1700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:34:25.0406 1700 Serial - ok
00:34:25.0417 1700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:34:25.0418 1700 sermouse - ok
00:34:25.0465 1700 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:34:25.0468 1700 SessionEnv - ok
00:34:25.0485 1700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:34:25.0486 1700 sffdisk - ok
00:34:25.0493 1700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:34:25.0495 1700 sffp_mmc - ok
00:34:25.0501 1700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:34:25.0503 1700 sffp_sd - ok
00:34:25.0518 1700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:34:25.0519 1700 sfloppy - ok
00:34:25.0572 1700 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:34:25.0577 1700 SharedAccess - ok
00:34:25.0623 1700 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:34:25.0628 1700 ShellHWDetection - ok
00:34:25.0644 1700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:34:25.0646 1700 SiSRaid2 - ok
00:34:25.0664 1700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:34:25.0666 1700 SiSRaid4 - ok
00:34:25.0692 1700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:34:25.0693 1700 Smb - ok
00:34:25.0722 1700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:34:25.0724 1700 SNMPTRAP - ok
00:34:25.0732 1700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:34:25.0733 1700 spldr - ok
00:34:25.0759 1700 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:34:25.0765 1700 Spooler - ok
00:34:25.0887 1700 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:34:25.0908 1700 sppsvc - ok
00:34:25.0961 1700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:34:25.0964 1700 sppuinotify - ok
00:34:26.0036 1700 sprtsvc_verizondm - ok
00:34:26.0097 1700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:34:26.0102 1700 srv - ok
00:34:26.0140 1700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:34:26.0145 1700 srv2 - ok
00:34:26.0160 1700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:34:26.0161 1700 srvnet - ok
00:34:26.0173 1700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:34:26.0177 1700 SSDPSRV - ok
00:34:26.0188 1700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:34:26.0191 1700 SstpSvc - ok
00:34:26.0226 1700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:34:26.0227 1700 stexstor - ok
00:34:26.0260 1700 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:34:26.0265 1700 stisvc - ok
00:34:26.0269 1700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:34:26.0271 1700 swenum - ok
00:34:26.0305 1700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:34:26.0312 1700 swprv - ok
00:34:26.0398 1700 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:34:26.0410 1700 SysMain - ok
00:34:26.0450 1700 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:34:26.0454 1700 TabletInputService - ok
00:34:26.0477 1700 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:34:26.0482 1700 TapiSrv - ok
00:34:26.0503 1700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:34:26.0506 1700 TBS - ok
00:34:26.0637 1700 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:34:26.0648 1700 Tcpip - ok
00:34:26.0737 1700 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:34:26.0747 1700 TCPIP6 - ok
00:34:26.0821 1700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:34:26.0822 1700 tcpipreg - ok
00:34:26.0841 1700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:34:26.0842 1700 TDPIPE - ok
00:34:26.0846 1700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:34:26.0848 1700 TDTCP - ok
00:34:26.0894 1700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:34:26.0896 1700 tdx - ok
00:34:26.0938 1700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:34:26.0939 1700 TermDD - ok
00:34:26.0970 1700 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:34:26.0978 1700 TermService - ok
00:34:27.0052 1700 tgsrvc_verizondm - ok
00:34:27.0063 1700 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:34:27.0065 1700 Themes - ok
00:34:27.0090 1700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:34:27.0092 1700 THREADORDER - ok
00:34:27.0105 1700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:34:27.0108 1700 TrkWks - ok
00:34:27.0156 1700 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:34:27.0159 1700 TrustedInstaller - ok
00:34:27.0205 1700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:34:27.0206 1700 tssecsrv - ok
00:34:27.0222 1700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:34:27.0224 1700 TsUsbFlt - ok
00:34:27.0291 1700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:34:27.0294 1700 tunnel - ok
00:34:27.0311 1700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:34:27.0313 1700 uagp35 - ok
00:34:27.0355 1700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:34:27.0359 1700 udfs - ok
00:34:27.0377 1700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:34:27.0379 1700 UI0Detect - ok
00:34:27.0398 1700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:34:27.0400 1700 uliagpkx - ok
00:34:27.0416 1700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:34:27.0417 1700 umbus - ok
00:34:27.0426 1700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:34:27.0427 1700 UmPass - ok
00:34:27.0450 1700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:34:27.0455 1700 upnphost - ok
00:34:27.0481 1700 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:34:27.0483 1700 USBAAPL64 - ok
00:34:27.0504 1700 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:34:27.0506 1700 usbaudio - ok
00:34:27.0522 1700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:34:27.0524 1700 usbccgp - ok
00:34:27.0546 1700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:34:27.0547 1700 usbcir - ok
00:34:27.0567 1700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:34:27.0569 1700 usbehci - ok
00:34:27.0587 1700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:34:27.0591 1700 usbhub - ok
00:34:27.0603 1700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:34:27.0604 1700 usbohci - ok
00:34:27.0626 1700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:34:27.0627 1700 usbprint - ok
00:34:27.0640 1700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:34:27.0642 1700 USBSTOR - ok
00:34:27.0655 1700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:34:27.0656 1700 usbuhci - ok
00:34:27.0681 1700 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:34:27.0684 1700 usbvideo - ok
00:34:27.0693 1700 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
00:34:27.0695 1700 usb_rndisx - ok
00:34:27.0710 1700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:34:27.0712 1700 UxSms - ok
00:34:27.0735 1700 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:27.0737 1700 VaultSvc - ok
00:34:27.0756 1700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:34:27.0756 1700 vdrvroot - ok
00:34:27.0805 1700 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:34:27.0812 1700 vds - ok
00:34:27.0828 1700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:34:27.0830 1700 vga - ok
00:34:27.0851 1700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:34:27.0852 1700 VgaSave - ok
00:34:27.0870 1700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:34:27.0873 1700 vhdmp - ok
00:34:27.0892 1700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:34:27.0894 1700 viaide - ok
00:34:27.0909 1700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:34:27.0910 1700 volmgr - ok
00:34:27.0949 1700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:34:27.0951 1700 volmgrx - ok
00:34:27.0972 1700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:34:27.0975 1700 volsnap - ok
00:34:27.0996 1700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:34:27.0999 1700 vsmraid - ok
00:34:28.0069 1700 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:34:28.0097 1700 VSS - ok
00:34:28.0158 1700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:34:28.0160 1700 vwifibus - ok
00:34:28.0180 1700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:34:28.0182 1700 vwififlt - ok
00:34:28.0204 1700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:34:28.0206 1700 vwifimp - ok
00:34:28.0238 1700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:34:28.0245 1700 W32Time - ok
00:34:28.0256 1700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:34:28.0258 1700 WacomPen - ok
00:34:28.0326 1700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:28.0328 1700 WANARP - ok
00:34:28.0335 1700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:28.0336 1700 Wanarpv6 - ok
00:34:28.0419 1700 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:34:28.0444 1700 WatAdminSvc - ok
00:34:28.0520 1700 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:34:28.0551 1700 wbengine - ok
00:34:28.0595 1700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:34:28.0600 1700 WbioSrvc - ok
00:34:28.0686 1700 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
00:34:28.0692 1700 WcesComm - ok
00:34:28.0734 1700 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:34:28.0740 1700 wcncsvc - ok
00:34:28.0759 1700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:34:28.0762 1700 WcsPlugInService - ok
00:34:28.0817 1700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:34:28.0819 1700 Wd - ok
00:34:28.0854 1700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:34:28.0859 1700 Wdf01000 - ok
00:34:28.0877 1700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:34:28.0880 1700 WdiServiceHost - ok
00:34:28.0884 1700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:34:28.0887 1700 WdiSystemHost - ok
00:34:28.0909 1700 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:34:28.0914 1700 WebClient - ok
00:34:28.0936 1700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:34:28.0941 1700 Wecsvc - ok
00:34:28.0953 1700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:34:28.0957 1700 wercplsupport - ok
00:34:28.0974 1700 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:34:28.0977 1700 WerSvc - ok
00:34:29.0000 1700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:34:29.0001 1700 WfpLwf - ok
00:34:29.0012 1700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:34:29.0013 1700 WIMMount - ok
00:34:29.0018 1700 WinHttpAutoProxySvc - ok
00:34:29.0069 1700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:34:29.0072 1700 Winmgmt - ok
00:34:29.0137 1700 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:34:29.0179 1700 WinRM - ok
00:34:29.0248 1700 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
00:34:29.0250 1700 WinUSB - ok
00:34:29.0284 1700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:34:29.0292 1700 Wlansvc - ok
00:34:29.0423 1700 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:34:29.0436 1700 wlidsvc - ok
00:34:29.0479 1700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:34:29.0480 1700 WmiAcpi - ok
00:34:29.0505 1700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:34:29.0509 1700 wmiApSrv - ok
00:34:29.0528 1700 WMPNetworkSvc - ok
00:34:29.0611 1700 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
00:34:29.0615 1700 WMZuneComm - ok
00:34:29.0629 1700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:34:29.0632 1700 WPCSvc - ok
00:34:29.0667 1700 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:34:29.0671 1700 WPDBusEnum - ok
00:34:29.0687 1700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:34:29.0688 1700 ws2ifsl - ok
00:34:29.0692 1700 WSearch - ok
00:34:29.0779 1700 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:34:29.0826 1700 wuauserv - ok
00:34:29.0891 1700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:34:29.0892 1700 WudfPf - ok
00:34:29.0912 1700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:34:29.0915 1700 WUDFRd - ok
00:34:29.0945 1700 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:34:29.0948 1700 wudfsvc - ok
00:34:29.0963 1700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:34:29.0968 1700 WwanSvc - ok
00:34:30.0196 1700 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
00:34:30.0354 1700 ZuneNetworkSvc - ok
00:34:30.0422 1700 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
00:34:30.0427 1700 ZuneWlanCfgSvc - ok
00:34:30.0476 1700 MBR (0x1B8) (f7182332b2b601676e896aeeda61ca3a) \Device\Harddisk0\DR0
00:34:30.0656 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:34:30.0656 1700 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:34:30.0660 1700 Boot (0x1200) (2c93e33009dbd4a04ab783cba51c3f9a) \Device\Harddisk0\DR0\Partition0
00:34:30.0661 1700 \Device\Harddisk0\DR0\Partition0 - ok
00:34:30.0685 1700 Boot (0x1200) (e0a1f7f125b2f2ceb4392975d9978129) \Device\Harddisk0\DR0\Partition1
00:34:30.0687 1700 \Device\Harddisk0\DR0\Partition1 - ok
00:34:30.0711 1700 Boot (0x1200) (32e64ec078546e5cf97ca0088686ec3c) \Device\Harddisk0\DR0\Partition2
00:34:30.0712 1700 \Device\Harddisk0\DR0\Partition2 - ok
00:34:30.0713 1700 ============================================================
00:34:30.0713 1700 Scan finished
00:34:30.0713 1700 ============================================================
00:34:30.0723 5276 Detected object count: 1
00:34:30.0723 5276 Actual detected object count: 1
00:35:12.0884 5276 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:35:12.0886 5276 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:35:12.0890 5276 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
00:35:12.0894 5276 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
00:35:12.0906 5276 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:35:12.0913 5276 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:35:12.0914 5276 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:35:12.0915 5276 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:35:12.0917 5276 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:35:12.0919 5276 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:35:12.0921 5276 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:35:12.0923 5276 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:35:12.0923 5276 \Device\Harddisk0\DR0\TDLFS - deleted
00:35:12.0923 5276 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
00:36:06.0612 4904 Deinitialize success







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-29 22:23:30
-----------------------------
22:23:30.464 OS Version: Windows x64 6.1.7601 Service Pack 1
22:23:30.464 Number of processors: 4 586 0x170A
22:23:30.464 ComputerName: ALFRED UserName: Owner
22:23:40.870 Initialize success
22:23:47.718 AVAST engine defs: 12062900
22:23:54.426 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:23:54.426 Disk 0 Vendor: ST3750528AS HP34 Size: 715404MB BusType: 3
22:23:54.457 Disk 0 MBR read successfully
22:23:54.457 Disk 0 MBR scan
22:23:54.457 Disk 0 unknown MBR code
22:23:54.473 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:23:54.488 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 703175 MB offset 206848
22:23:54.504 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12127 MB offset 1440309248
22:23:54.551 Disk 0 scanning C:\Windows\system32\drivers
22:24:07.514 Service scanning
22:24:25.829 Modules scanning
22:24:25.829 Disk 0 trace - called modules:
22:24:25.860 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:24:25.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800775b790]
22:24:25.860 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80071a8e40]
22:24:25.876 5 ACPI.sys[fffff88000f3f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80071ad060]
22:24:37.264 AVAST engine scan C:\Windows
22:24:45.797 AVAST engine scan C:\Windows\system32
22:27:19.067 AVAST engine scan C:\Windows\system32\drivers
22:27:30.705 AVAST engine scan C:\Users\Owner
22:59:39.077 AVAST engine scan C:\ProgramData
23:03:01.752 Scan finished successfully
23:05:55.786 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
23:05:55.786 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"










C:\$Recycle.Bin\S-1-5-21-2193901143-2822497681-3665832931-1000\$R9KSXNS.exe probably a variant of Win32/Adware.iBryte.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.LH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2012_00.33.39\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aapncjgnmajbadnnikinfbdepgphbnpk\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Owner\Desktop\scanners\SmitfraudFix.exe multiple threats deleted - quarantined
C:\Users\Owner\Desktop\scanners\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Users\Owner\Desktop\scanners\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\Users\Owner\Desktop\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Users\Owner\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\Users\Owner\Desktop\smitRem\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\smitRem.exe Win32/PrcView application deleted - quarantined
C:\Windows\System32\Process.exe Win32/PrcView application cleaned by deleting - quarantined












MiniToolBox by Farbar Version: 25-06-2012
Ran by Owner (administrator) on 30-06-2012 at 02:02:57
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Atheros 802.11 a/b/g/n Dualband Wireless Network Module = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Alfred
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-3E-20-10
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d2c:765d:3992:1714%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.24(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 30, 2012 1:54:08 AM
Lease Expires . . . . . . . . . . : Sunday, July 01, 2012 1:54:08 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890776
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-79-9A-50-90-E6-BA-3E-20-10
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28a2:503:b593:b1ab(Preferred)
Link-local IPv6 Address . . . . . : fe80::28a2:503:b593:b1ab%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:803::1000
173.194.43.36
173.194.43.34
173.194.43.40
173.194.43.41
173.194.43.32
173.194.43.39
173.194.43.35
173.194.43.37
173.194.43.38
173.194.43.33
173.194.43.46


Pinging google.com [173.194.43.46] with 32 bytes of data:
Reply from 173.194.43.46: bytes=32 time=30ms TTL=55
Reply from 173.194.43.46: bytes=32 time=31ms TTL=55

Ping statistics for 173.194.43.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 31ms, Average = 30ms
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=125ms TTL=56
Reply from 72.30.38.140: bytes=32 time=154ms TTL=56

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 154ms, Average = 139ms
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...90 e6 ba 3e 20 10 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.24 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.24 276
192.168.1.24 255.255.255.255 On-link 192.168.1.24 276
192.168.1.255 255.255.255.255 On-link 192.168.1.24 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.24 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.24 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:28a2:503:b593:b1ab/128
On-link
10 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::28a2:503:b593:b1ab/128
On-link
10 276 fe80::2d2c:765d:3992:1714/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/29/2012 10:23:34 PM) (Source: Google Update) (User: Alfred)Alfred
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (06/29/2012 07:49:06 PM) (Source: Google Update) (User: Alfred)Alfred
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (06/29/2012 10:54:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1107

Error: (06/29/2012 10:54:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1107

Error: (06/29/2012 10:54:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2012 04:22:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2012 11:44:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: solitaire.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc9f9
Faulting module name: solitaire.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc9f9
Exception code: 0xc0000005
Fault offset: 0x00000000000380f2
Faulting process id: 0xd14
Faulting application start time: 0xsolitaire.exe0
Faulting application path: solitaire.exe1
Faulting module path: solitaire.exe2
Report Id: solitaire.exe3

Error: (06/28/2012 03:37:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (06/28/2012 03:36:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/28/2012 03:34:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (06/30/2012 01:54:12 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (06/30/2012 01:54:06 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (06/29/2012 05:15:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (06/29/2012 05:14:58 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (06/29/2012 02:32:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (06/29/2012 02:31:58 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (06/29/2012 10:10:05 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (06/29/2012 10:09:58 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (06/28/2012 09:41:42 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/28/2012 02:38:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 0.0.0)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
AIM 7
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
ArcSoft WebCam Companion 2
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2180)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.19)
CDisplay 1.8
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CyberLink DVD Suite Deluxe (Version: 6.0.3101)
D3DX10 (Version: 15.4.2368.0902)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DivX Setup (Version: 2.6.1.9)
Download Updater (AOL LLC)
EasyCleaner (Version: 2.0.6.380)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
FileZilla Client 3.3.2.1 (Version: 3.3.2.1)
FL Studio 10
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Google Chrome (Version: 20.0.1132.47)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
Hardware Diagnostic Tools (Version: 6.0.5434.08)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HiJackThis (Version: 1.0.0)
HP Advisor (Version: 3.3.12286.3436)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.0.71)
HP MediaSmart Demo (Version: 1.00.0000)
HP MediaSmart DVD (Version: 3.0.3420)
HP MediaSmart Movie Themes (Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (Version: 3.1.3601)
HP MediaSmart SmartMenu (Version: 3.0.28.2)
HP Odometer (Version: 2.10.0000)
HP Product Detection (Version: 11.14.0001)
HP Remote Solution (Version: 1.1.9.0)
HP Setup (Version: 1.2.3220.3079)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.001.000.014)
ID3-TagIT 3 (Version: 3)
IL Download Manager
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2226)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
LabelPrint (Version: 2.5.1901)
LightScribe System Software (Version: 1.18.5.1)
LimeWire PRO 5.4.6 (Version: 5.4.6)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Home and Student 60 day trial
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook 2007 Trial (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MotoHelper 2.0.40 Driver 4.8.0 (Version: 2.0.40)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.2.5900.9)
Motorola Mobile Drivers Installation 4.9.0 (Version: 4.9.0)
Move Media Player
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netflix in Windows Media Center (Version: 3.3.101.0)
PictureMover (Version: 3.3.1.19)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Revo Uninstaller 1.94 (Version: 1.94)
Safari (Version: 5.34.57.2)
Skype™ 5.0 (Version: 5.0.152)
Sprite Backup HTC (Version: 6.2.1.2269)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1146)
Tag&Rename 3.5.4 (Version: 3.5.4)
TextPad 5 (Version: 5.2.0)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Verizon Download Manager (Version: 12)
Verizon High Speed Internet
Virtual DJ - Atomix Productions
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Vuze (Version: 4.7)
WavePad Sound Editor
WildTangent Games App (HP Games) (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Mobile® Device Handbook (Version: 1.0)
WinRAR archiver
ZSoft Uninstaller 2.5 (Version: 2.5)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 8157.18 MB
Available physical RAM: 6306.13 MB
Total Pagefile: 16312.55 MB
Available Pagefile: 14322.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.1 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:686.69 GB) (Free:247.84 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.83 GB) (Free:2.14 GB) NTFS

========================= Users: ========================================

User accounts for \\ALFRED

Administrator Guest Owner


**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 30 June 2012 - 07:43 AM

Download

Rogue killer

right click on it and select run as administrator

Now,click on HOSTS FIX option on right side

A log should get generated after the fix ,post the log here

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

#5 SadFlute

SadFlute
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 30 June 2012 - 09:37 AM

i have a question. when running aswmbr was i supposed to click on fixmbr when the scan had completed? i didnt do so.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 30 June 2012 - 10:05 AM

DO not click on FIXMBR.You aswmbr log is clean.Proceed with previous instructions

#7 SadFlute

SadFlute
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 30 June 2012 - 11:42 AM

RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: HOSTSFix -- Date: 06/30/2012 10:38:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt















Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: ALFRED [administrator]

6/30/2012 10:59:10 AM
mbam-log-2012-06-30 (10-59-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 609839
Time elapsed: 1 hour(s), 25 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 30 June 2012 - 11:59 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users