Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 -Celestial-

-Celestial-

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 March 2012 - 07:25 PM

Hello,

I received excellent service from this site before so I am hoping I could get some computer help again. I don't know all the symptoms because this is not my computer, but I do know that it has some search engine redirect malware. I'll edit if any more problems come up.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 AM

Posted 11 March 2012 - 07:32 PM

Hello Celestial,I moved this to Am I Infected... Lets look at these logs.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on [color=blue]Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 March 2012 - 09:06 PM

Yes, this computer is on a router. There is one other computer on it, but it doesn't have any problems at the moment. This computer also uses Firefox and occasionally Internet Explorer.

TDSS Killer found something and cured it, then it needed a reboot. I started a full scan with Malwarebytes before I posted this topic, so that's the log that I pasted here (instead of a quick scan).

I forgot to go to report after TDSS Killer found something, and then I rebooted so I don't know where to find that report if it's saved somewhere. I did run another scan after the reboot and have that report posted here.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Mary (administrator) on 11-03-2012 at 20:02:24
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom 4313 802.11b/g/n = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mary-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C0-CB-38-66-1A-E5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
Physical Address. . . . . . . . . : C0-CB-38-66-1A-E5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bc19:513b:7380:a290%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 11, 2012 4:37:55 PM
Lease Expires . . . . . . . . . . : Thursday, April 18, 2148 2:31:48 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 314624824
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-94-34-D9-3C-4A-92-03-45-0B
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 100:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18ad:47f:ba2e:1d05(Preferred)
Link-local IPv6 Address . . . . . : fe80::18ad:47f:ba2e:1d05%105(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable ISATAP Interface {9BE35484-0C61-4191-9B76-096BEAB959FC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {6E3EAD50-6FFB-4C8A-8427-4F7F0958D4B7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{97F7259A-4571-4D3B-8D77-4CAF742402A1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.225.32
74.125.225.33
74.125.225.34
74.125.225.35
74.125.225.36
74.125.225.37
74.125.225.38
74.125.225.39
74.125.225.40
74.125.225.41
74.125.225.46

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging yahoo.com [98.139.127.62] with 32 bytes of data:
Reply from 98.139.127.62: bytes=32 time=317ms TTL=50
Reply from 98.139.127.62: bytes=32 time=305ms TTL=50

Ping statistics for 98.139.127.62:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 305ms, Maximum = 317ms, Average = 311ms
Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
51...c0 cb 38 66 1a e5 ......Microsoft Virtual WiFi Miniport Adapter
11...c0 cb 38 66 1a e5 ......Broadcom 4313 802.11b/g/n
1...........................Software Loopback Interface 1
106...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
105...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
107...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
119...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
108...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 281
192.168.2.2 255.255.255.255 On-link 192.168.2.2 281
192.168.2.255 255.255.255.255 On-link 192.168.2.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
105 58 ::/0 On-link
1 306 ::1/128 On-link
105 58 2001::/32 On-link
105 306 2001:0:4137:9e76:18ad:47f:ba2e:1d05/128
On-link
11 281 fe80::/64 On-link
105 306 fe80::/64 On-link
105 306 fe80::18ad:47f:ba2e:1d05/128
On-link
11 281 fe80::bc19:513b:7380:a290/128
On-link
1 306 ff00::/8 On-link
105 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/11/2012 02:15:07 PM) (Source: Norton Ghost) (User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 02:07:10 PM) (Source: Norton Ghost) (User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 02:04:33 PM) (Source: Norton Ghost) (User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 01:57:59 PM) (Source: Norton Ghost) (User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 01:56:32 PM) (Source: Norton Ghost) (User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/10/2012 07:25:36 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b74

Start Time: 01ccff1cd2e28546

Termination Time: 14

Application Path: C:\Windows\Explorer.EXE

Report Id: 9e26efcd-6b10-11e1-a494-d26397c862f4

Error: (03/09/2012 01:01:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 11.2.0.9, time stamp: 0x4ed5768a
Faulting module name: SYMHTML.DLL, version: 6.5.0.23, time stamp: 0x4ee5934c
Exception code: 0xc0000005
Fault offset: 0x00129179
Faulting process id: 0x660
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3

Error: (03/09/2012 00:56:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc0000005
Fault offset: 0x00545438
Faulting process id: 0xca4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/08/2012 09:16:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x120864c4
Faulting process id: 0xb34
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/01/2012 07:33:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Unexpected error: dwIndex out of scope 5 6. hr = 0x8000ffff, Catastrophic failure
.


Operation:
OnPostSnapshot event
PostSnapshot Event

Context:
Execution Context: Shadow Copy Optimization Writer
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {48bc8ee7-e651-4bc2-91a7-e99073ac406b}


System errors:
=============
Error: (03/11/2012 05:05:12 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/11/2012 01:57:53 PM) (Source: DCOM) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

Error: (03/11/2012 00:07:11 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/11/2012 08:06:40 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (03/10/2012 07:28:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (03/10/2012 04:55:44 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (03/10/2012 09:06:40 AM) (Source: BugCheck) (User: )
Description: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f11ab5)C:\Windows\MEMORY.DMP031012-81432-01

Error: (03/10/2012 09:06:32 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:03:54 AM on ?3/?10/?2012 was unexpected.

Error: (03/10/2012 09:04:29 AM) (Source: Service Control Manager) (User: )
Description: The HP Wireless Assistant Service service failed to start due to the following error:
%%1053

Error: (03/10/2012 09:04:29 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.


Microsoft Office Sessions:
=========================
Error: (03/11/2012 02:15:07 PM) (Source: Norton Ghost)(User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 02:07:10 PM) (Source: Norton Ghost)(User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 02:04:33 PM) (Source: Norton Ghost)(User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 01:57:59 PM) (Source: Norton Ghost)(User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/11/2012 01:56:32 PM) (Source: Norton Ghost)(User: )
Description: Error EC8F1780: Cannot successfully reconcile changes since last session.
Error EC8F1771: Cannot enumerate the current drives on this system.
Error E0BB0147: The operation 'Snap Volume' is not currently enabled for this Volume. (UMI:V-281-3215-6016)

Details:
Source: Norton Ghost

Error: (03/10/2012 07:25:36 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567b7401ccff1cd2e2854614C:\Windows\Explorer.EXE9e26efcd-6b10-11e1-a494-d26397c862f4

Error: (03/09/2012 01:01:07 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe11.2.0.94ed5768aSYMHTML.DLL6.5.0.234ee5934cc00000050012917966001ccfe1cea47a5fcC:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SYMHTML.DLLd79a8c21-6a11-11e1-ba43-c0ffec90dff3

Error: (03/09/2012 00:56:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.164414ee81830c000000500545438ca401ccfe1cfcdb3601\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dll23a29387-6a11-11e1-ba43-c0ffec90dff3

Error: (03/08/2012 09:16:03 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c0000005120864c4b3401ccfd99bf7ce12c\\.\globalroot\systemroot\svchost.exeunknownd18ff3bd-698d-11e1-9040-86c21729def4

Error: (03/01/2012 07:33:23 PM) (Source: VSS)(User: )
Description: Unexpected error: dwIndex out of scope 5 60x8000ffff, Catastrophic failure


Operation:
OnPostSnapshot event
PostSnapshot Event

Context:
Execution Context: Shadow Copy Optimization Writer
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {48bc8ee7-e651-4bc2-91a7-e99073ac406b}


=========================== Installed Programs ============================

A+ Italian
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.5.0 MUI (Version: 9.5.0)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Amazon Kindle
Apple Application Support (Version: 2.0.1)
Apple Software Update (Version: 2.1.3.127)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.0.609.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
CyberLink DVD Suite (Version: 7.0.3003)
CyberLink MediaShow (Version: 5.0.1616)
CyberLink PowerDVD 9 (Version: 9.0.1.4217)
CyberLink YouCam (Version: 3.0.2511)
D3DX10 (Version: 15.4.2368.0902)
Dairy Dash
Diner Dash 2
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Diner Dash Seasonal Snack Pack
Doggie Dash
Dora's Carnival Adventure (Version: 2.2.0.95)
Dress Shop Hop
Energy Star Digital Logo (Version: 1.0.1)
EPSON NX110 Series Printer Uninstall
ER Mania 1.0
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Game Console
HP Games (Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.4.4)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 4.1.13.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.9.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iWin Games (remove only)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 26 (Version: 6.0.260)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Jojos Fashion Show (remove only)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2907)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
Lost Secrets Bermuda Triangle (Version: 1.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Ghost (Version: 15.0.1.36526)
Norton Internet Security (Version: 19.6.1.8)
Norton Online Backup (Version: 2.1.17869)
Penguins! (Version: 2.2.0.95)
Pet Shop Hop
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
PowerDirector (Version: 8.0.3003)
QuickTime (Version: 7.70.80.34)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
Recovery Manager (Version: 5.5.3023)
Roxio CinemaNow 2.0 (Version: 1.0.278)
RtVOsd (Version: 1.0.6)
Sally's Salon (Version: 1.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 3893.86 MB
Available physical RAM: 854.06 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 4011.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:448.45 GB) (Free:392.05 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:17.01 GB) (Free:2.46 GB) NTFS

========================= Users: ========================================

User accounts for \\MARY-HP

Administrator Guest Mary


**** End of log ****

20:59:50.0673 0816 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
20:59:51.0926 0816 ============================================================
20:59:51.0927 0816 Current date / time: 2012/03/11 20:59:51.0926
20:59:51.0927 0816 SystemInfo:
20:59:51.0927 0816
20:59:51.0927 0816 OS Version: 6.1.7601 ServicePack: 1.0
20:59:51.0927 0816 Product type: Workstation
20:59:51.0927 0816 ComputerName: MARY-HP
20:59:51.0927 0816 UserName: Mary
20:59:51.0927 0816 Windows directory: C:\Windows
20:59:51.0927 0816 System windows directory: C:\Windows
20:59:51.0927 0816 Running under WOW64
20:59:51.0927 0816 Processor architecture: Intel x64
20:59:51.0927 0816 Number of processors: 4
20:59:51.0927 0816 Page size: 0x1000
20:59:51.0927 0816 Boot type: Normal boot
20:59:51.0927 0816 ============================================================
20:59:53.0753 0816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:59:53.0764 0816 \Device\Harddisk0\DR0:
20:59:53.0764 0816 MBR used
20:59:53.0764 0816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:59:53.0764 0816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380E8800
20:59:53.0764 0816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3814C800, BlocksNum 0x2205800
20:59:53.0764 0816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:59:54.0033 0816 Initialize success
20:59:54.0033 0816 ============================================================
20:59:57.0743 5200 ============================================================
20:59:57.0743 5200 Scan started
20:59:57.0743 5200 Mode: Manual;
20:59:57.0743 5200 ============================================================
20:59:59.0284 5200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:59:59.0289 5200 1394ohci - ok
20:59:59.0418 5200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:59:59.0425 5200 ACPI - ok
20:59:59.0536 5200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:59:59.0539 5200 AcpiPmi - ok
20:59:59.0725 5200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:00:00.0115 5200 adp94xx - ok
21:00:00.0308 5200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:00:00.0316 5200 adpahci - ok
21:00:00.0423 5200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:00:00.0427 5200 adpu320 - ok
21:00:00.0678 5200 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:00:00.0687 5200 AFD - ok
21:00:00.0990 5200 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
21:00:01.0016 5200 AgereSoftModem - ok
21:00:01.0134 5200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:00:01.0157 5200 agp440 - ok
21:00:01.0289 5200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:00:01.0311 5200 aliide - ok
21:00:01.0429 5200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:00:01.0466 5200 amdide - ok
21:00:01.0567 5200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:00:01.0570 5200 AmdK8 - ok
21:00:01.0681 5200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:00:01.0683 5200 AmdPPM - ok
21:00:01.0822 5200 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:00:01.0825 5200 amdsata - ok
21:00:01.0929 5200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:00:01.0955 5200 amdsbs - ok
21:00:02.0079 5200 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:00:02.0099 5200 amdxata - ok
21:00:02.0231 5200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:00:02.0233 5200 AppID - ok
21:00:02.0362 5200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:00:02.0380 5200 arc - ok
21:00:02.0471 5200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:00:02.0487 5200 arcsas - ok
21:00:02.0615 5200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:02.0639 5200 AsyncMac - ok
21:00:02.0781 5200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:00:02.0782 5200 atapi - ok
21:00:02.0950 5200 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
21:00:02.0983 5200 athr - ok
21:00:03.0125 5200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:00:03.0164 5200 b06bdrv - ok
21:00:03.0316 5200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:00:03.0341 5200 b57nd60a - ok
21:00:03.0532 5200 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:00:03.0557 5200 BCM43XX - ok
21:00:03.0800 5200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:00:03.0802 5200 Beep - ok
21:00:04.0252 5200 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
21:00:04.0267 5200 BHDrvx64 - ok
21:00:04.0377 5200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:00:04.0378 5200 blbdrive - ok
21:00:04.0510 5200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:00:04.0532 5200 bowser - ok
21:00:04.0625 5200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:00:04.0647 5200 BrFiltLo - ok
21:00:04.0771 5200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:00:04.0772 5200 BrFiltUp - ok
21:00:04.0897 5200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:00:04.0903 5200 Brserid - ok
21:00:05.0103 5200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:00:05.0105 5200 BrSerWdm - ok
21:00:05.0208 5200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:00:05.0229 5200 BrUsbMdm - ok
21:00:05.0370 5200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:00:05.0371 5200 BrUsbSer - ok
21:00:05.0529 5200 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:00:05.0558 5200 BthEnum - ok
21:00:05.0665 5200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:00:05.0686 5200 BTHMODEM - ok
21:00:05.0768 5200 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:00:05.0772 5200 BthPan - ok
21:00:05.0970 5200 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:00:05.0991 5200 BTHPORT - ok
21:00:06.0140 5200 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:00:06.0185 5200 BTHUSB - ok
21:00:06.0718 5200 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys
21:00:06.0721 5200 ccSet_NIS - ok
21:00:07.0009 5200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:00:07.0052 5200 cdfs - ok
21:00:07.0453 5200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:00:07.0498 5200 cdrom - ok
21:00:07.0857 5200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:00:07.0895 5200 circlass - ok
21:00:08.0080 5200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:00:08.0086 5200 CLFS - ok
21:00:08.0255 5200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:08.0288 5200 CmBatt - ok
21:00:08.0348 5200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:00:08.0358 5200 cmdide - ok
21:00:08.0609 5200 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:00:08.0658 5200 CNG - ok
21:00:08.0812 5200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:00:08.0813 5200 Compbatt - ok
21:00:09.0010 5200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:00:09.0050 5200 CompositeBus - ok
21:00:09.0104 5200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:00:09.0118 5200 crcdisk - ok
21:00:09.0249 5200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:00:09.0282 5200 DfsC - ok
21:00:09.0481 5200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:00:09.0482 5200 discache - ok
21:00:09.0645 5200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:00:09.0675 5200 Disk - ok
21:00:09.0843 5200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:00:09.0844 5200 drmkaud - ok
21:00:10.0069 5200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:00:10.0082 5200 DXGKrnl - ok
21:00:10.0906 5200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:00:10.0991 5200 ebdrv - ok
21:00:11.0129 5200 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:00:11.0136 5200 eeCtrl - ok
21:00:11.0258 5200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:00:11.0267 5200 elxstor - ok
21:00:11.0419 5200 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:00:11.0449 5200 EraserUtilRebootDrv - ok
21:00:11.0577 5200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:00:11.0579 5200 ErrDev - ok
21:00:11.0695 5200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:00:11.0720 5200 exfat - ok
21:00:11.0800 5200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:00:11.0804 5200 fastfat - ok
21:00:11.0923 5200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:00:11.0925 5200 fdc - ok
21:00:12.0009 5200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:00:12.0034 5200 FileInfo - ok
21:00:12.0221 5200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:00:12.0224 5200 Filetrace - ok
21:00:12.0320 5200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:00:12.0322 5200 flpydisk - ok
21:00:12.0456 5200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:00:12.0484 5200 FltMgr - ok
21:00:12.0601 5200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:00:12.0632 5200 FsDepends - ok
21:00:12.0667 5200 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:00:12.0668 5200 Fs_Rec - ok
21:00:12.0855 5200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:00:12.0860 5200 fvevol - ok
21:00:12.0958 5200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:00:12.0966 5200 gagp30kx - ok
21:00:13.0102 5200 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:00:13.0111 5200 GEARAspiWDM - ok
21:00:13.0228 5200 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys
21:00:13.0230 5200 GenericMount - ok
21:00:13.0340 5200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:00:13.0342 5200 hcw85cir - ok
21:00:13.0544 5200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:00:13.0561 5200 HdAudAddService - ok
21:00:13.0695 5200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:00:13.0697 5200 HDAudBus - ok
21:00:13.0780 5200 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:00:13.0781 5200 HECIx64 - ok
21:00:13.0986 5200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:00:14.0003 5200 HidBatt - ok
21:00:14.0091 5200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:00:14.0094 5200 HidBth - ok
21:00:14.0189 5200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:00:14.0218 5200 HidIr - ok
21:00:14.0357 5200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:00:14.0358 5200 HidUsb - ok
21:00:14.0574 5200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:00:14.0585 5200 HpSAMD - ok
21:00:14.0779 5200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:00:14.0793 5200 HTTP - ok
21:00:14.0902 5200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:00:14.0902 5200 hwpolicy - ok
21:00:15.0080 5200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:00:15.0124 5200 i8042prt - ok
21:00:15.0388 5200 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
21:00:15.0395 5200 iaStor - ok
21:00:15.0620 5200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:00:15.0629 5200 iaStorV - ok
21:00:15.0935 5200 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120309.002\IDSvia64.sys
21:00:15.0941 5200 IDSVia64 - ok
21:00:17.0352 5200 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:00:17.0568 5200 igfx - ok
21:00:18.0031 5200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:00:18.0033 5200 iirsp - ok
21:00:18.0249 5200 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
21:00:18.0264 5200 IntcAzAudAddService - ok
21:00:18.0493 5200 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:00:18.0538 5200 IntcDAud - ok
21:00:18.0670 5200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:00:18.0671 5200 intelide - ok
21:00:18.0740 5200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:00:18.0742 5200 intelppm - ok
21:00:18.0858 5200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:18.0861 5200 IpFilterDriver - ok
21:00:18.0927 5200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:00:18.0947 5200 IPMIDRV - ok
21:00:18.0990 5200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:00:19.0006 5200 IPNAT - ok
21:00:19.0218 5200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:00:19.0252 5200 IRENUM - ok
21:00:19.0370 5200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:00:19.0396 5200 isapnp - ok
21:00:19.0512 5200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:00:19.0518 5200 iScsiPrt - ok
21:00:19.0667 5200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:00:19.0669 5200 kbdclass - ok
21:00:19.0741 5200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:00:19.0743 5200 kbdhid - ok
21:00:19.0806 5200 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:00:19.0814 5200 KSecDD - ok
21:00:19.0844 5200 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:00:19.0847 5200 KSecPkg - ok
21:00:19.0899 5200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:00:19.0917 5200 ksthunk - ok
21:00:20.0194 5200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:00:20.0224 5200 lltdio - ok
21:00:20.0387 5200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:00:20.0390 5200 LSI_FC - ok
21:00:20.0481 5200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:00:20.0484 5200 LSI_SAS - ok
21:00:20.0517 5200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:00:20.0527 5200 LSI_SAS2 - ok
21:00:20.0609 5200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:00:20.0613 5200 LSI_SCSI - ok
21:00:20.0668 5200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:00:20.0680 5200 luafv - ok
21:00:20.0857 5200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:00:20.0859 5200 megasas - ok
21:00:21.0029 5200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:00:21.0067 5200 MegaSR - ok
21:00:21.0164 5200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:00:21.0166 5200 Modem - ok
21:00:21.0210 5200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:00:21.0211 5200 monitor - ok
21:00:21.0494 5200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:00:21.0518 5200 mouclass - ok
21:00:21.0688 5200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:00:21.0704 5200 mouhid - ok
21:00:21.0978 5200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:00:21.0980 5200 mountmgr - ok
21:00:22.0146 5200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:00:22.0182 5200 mpio - ok
21:00:22.0225 5200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:00:22.0251 5200 mpsdrv - ok
21:00:22.0493 5200 mr7910 (500aa519c22b9b039c4308267a002b06) C:\Windows\system32\DRIVERS\mr7910.sys
21:00:22.0495 5200 mr7910 - ok
21:00:22.0581 5200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:00:22.0586 5200 MRxDAV - ok
21:00:22.0644 5200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:22.0667 5200 mrxsmb - ok
21:00:22.0818 5200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:22.0845 5200 mrxsmb10 - ok
21:00:22.0897 5200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:22.0911 5200 mrxsmb20 - ok
21:00:22.0997 5200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:00:23.0023 5200 msahci - ok
21:00:23.0096 5200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:00:23.0099 5200 msdsm - ok
21:00:23.0152 5200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:00:23.0169 5200 Msfs - ok
21:00:23.0287 5200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:00:23.0289 5200 mshidkmdf - ok
21:00:23.0344 5200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:00:23.0355 5200 msisadrv - ok
21:00:23.0408 5200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:00:23.0429 5200 MSKSSRV - ok
21:00:23.0497 5200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:23.0527 5200 MSPCLOCK - ok
21:00:23.0546 5200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:00:23.0548 5200 MSPQM - ok
21:00:23.0587 5200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:00:23.0593 5200 MsRPC - ok
21:00:23.0665 5200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:00:23.0666 5200 mssmbios - ok
21:00:23.0729 5200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:00:23.0744 5200 MSTEE - ok
21:00:23.0766 5200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:00:23.0768 5200 MTConfig - ok
21:00:23.0787 5200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:00:23.0788 5200 Mup - ok
21:00:24.0021 5200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:00:24.0029 5200 NativeWifiP - ok
21:00:24.0398 5200 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120309.034\ENG64.SYS
21:00:24.0401 5200 NAVENG - ok
21:00:24.0876 5200 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120309.034\EX64.SYS
21:00:24.0891 5200 NAVEX15 - ok
21:00:25.0217 5200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:00:25.0233 5200 NDIS - ok
21:00:25.0355 5200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:00:25.0357 5200 NdisCap - ok
21:00:25.0399 5200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:25.0400 5200 NdisTapi - ok
21:00:25.0454 5200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:25.0472 5200 Ndisuio - ok
21:00:25.0522 5200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:25.0526 5200 NdisWan - ok
21:00:25.0667 5200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:00:25.0686 5200 NDProxy - ok
21:00:25.0808 5200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:00:25.0829 5200 NetBIOS - ok
21:00:25.0884 5200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:00:25.0889 5200 NetBT - ok
21:00:26.0722 5200 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:00:26.0847 5200 netw5v64 - ok
21:00:26.0983 5200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:00:26.0985 5200 nfrd960 - ok
21:00:27.0064 5200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:00:27.0075 5200 Npfs - ok
21:00:27.0230 5200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:00:27.0231 5200 nsiproxy - ok
21:00:27.0574 5200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:00:27.0613 5200 Ntfs - ok
21:00:27.0733 5200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:00:27.0734 5200 Null - ok
21:00:27.0880 5200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:00:27.0883 5200 nvraid - ok
21:00:28.0058 5200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:00:28.0062 5200 nvstor - ok
21:00:28.0207 5200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:00:28.0225 5200 nv_agp - ok
21:00:28.0362 5200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:00:28.0365 5200 ohci1394 - ok
21:00:28.0488 5200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:00:28.0490 5200 Parport - ok
21:00:28.0670 5200 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:00:28.0672 5200 partmgr - ok
21:00:28.0761 5200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:00:28.0795 5200 pci - ok
21:00:28.0826 5200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:00:28.0845 5200 pciide - ok
21:00:28.0911 5200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:00:28.0916 5200 pcmcia - ok
21:00:28.0958 5200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:00:28.0976 5200 pcw - ok
21:00:29.0015 5200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:00:29.0022 5200 PEAUTH - ok
21:00:29.0181 5200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:00:29.0209 5200 PptpMiniport - ok
21:00:29.0236 5200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:00:29.0238 5200 Processor - ok
21:00:29.0364 5200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:00:29.0366 5200 Psched - ok
21:00:29.0893 5200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:00:29.0948 5200 ql2300 - ok
21:00:30.0117 5200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:00:30.0121 5200 ql40xx - ok
21:00:30.0168 5200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:00:30.0170 5200 QWAVEdrv - ok
21:00:30.0398 5200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:00:30.0400 5200 RasAcd - ok
21:00:30.0509 5200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:00:30.0531 5200 RasAgileVpn - ok
21:00:30.0639 5200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:30.0651 5200 Rasl2tp - ok
21:00:30.0784 5200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:30.0788 5200 RasPppoe - ok
21:00:30.0893 5200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:00:30.0919 5200 RasSstp - ok
21:00:31.0194 5200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:00:31.0200 5200 rdbss - ok
21:00:31.0314 5200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:00:31.0315 5200 rdpbus - ok
21:00:31.0407 5200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:31.0408 5200 RDPCDD - ok
21:00:31.0544 5200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:00:31.0545 5200 RDPENCDD - ok
21:00:31.0829 5200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:00:31.0830 5200 RDPREFMP - ok
21:00:31.0935 5200 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:00:31.0966 5200 RDPWD - ok
21:00:32.0075 5200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:00:32.0079 5200 rdyboost - ok
21:00:32.0277 5200 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:00:32.0280 5200 RFCOMM - ok
21:00:32.0397 5200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:00:32.0423 5200 rspndr - ok
21:00:32.0587 5200 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
21:00:32.0661 5200 RSUSBSTOR - ok
21:00:32.0962 5200 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:00:32.0973 5200 RTL8167 - ok
21:00:33.0137 5200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:00:33.0140 5200 sbp2port - ok
21:00:33.0204 5200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:00:33.0216 5200 scfilter - ok
21:00:33.0631 5200 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:00:33.0651 5200 sdbus - ok
21:00:34.0034 5200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:00:34.0036 5200 secdrv - ok
21:00:34.0139 5200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:00:34.0141 5200 Serenum - ok
21:00:34.0272 5200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:00:34.0275 5200 Serial - ok
21:00:34.0364 5200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:00:34.0366 5200 sermouse - ok
21:00:34.0433 5200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:00:34.0444 5200 sffdisk - ok
21:00:34.0462 5200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:00:34.0478 5200 sffp_mmc - ok
21:00:34.0507 5200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:00:34.0509 5200 sffp_sd - ok
21:00:34.0566 5200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:00:34.0568 5200 sfloppy - ok
21:00:34.0630 5200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:00:34.0632 5200 SiSRaid2 - ok
21:00:34.0675 5200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:00:34.0678 5200 SiSRaid4 - ok
21:00:34.0812 5200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:00:34.0832 5200 Smb - ok
21:00:34.0956 5200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:00:34.0957 5200 spldr - ok
21:00:35.0386 5200 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306010.008\SRTSP64.SYS
21:00:35.0397 5200 SRTSP - ok
21:00:35.0721 5200 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306010.008\SRTSPX64.SYS
21:00:35.0723 5200 SRTSPX - ok
21:00:35.0954 5200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:00:35.0982 5200 srv - ok
21:00:36.0187 5200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:00:36.0217 5200 srv2 - ok
21:00:36.0271 5200 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:00:36.0287 5200 SrvHsfHDA - ok
21:00:36.0667 5200 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:00:36.0720 5200 SrvHsfV92 - ok
21:00:37.0170 5200 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:00:37.0195 5200 SrvHsfWinac - ok
21:00:37.0336 5200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:00:37.0339 5200 srvnet - ok
21:00:37.0399 5200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:00:37.0428 5200 stexstor - ok
21:00:37.0509 5200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:00:37.0517 5200 swenum - ok
21:00:37.0755 5200 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS
21:00:37.0777 5200 SymDS - ok
21:00:38.0162 5200 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS
21:00:38.0182 5200 SymEFA - ok
21:00:38.0503 5200 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:00:38.0506 5200 SymEvent - ok
21:00:38.0952 5200 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS
21:00:38.0974 5200 SymIRON - ok
21:00:39.0442 5200 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS
21:00:39.0448 5200 SymNetS - ok
21:00:39.0626 5200 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys
21:00:39.0629 5200 symsnap - ok
21:00:39.0838 5200 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
21:00:39.0854 5200 SynTP - ok
21:00:40.0440 5200 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:00:40.0529 5200 Tcpip - ok
21:00:40.0996 5200 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:00:41.0017 5200 TCPIP6 - ok
21:00:41.0281 5200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:00:41.0283 5200 tcpipreg - ok
21:00:41.0396 5200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:00:41.0412 5200 TDPIPE - ok
21:00:41.0471 5200 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:00:41.0474 5200 TDTCP - ok
21:00:41.0527 5200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:00:41.0544 5200 tdx - ok
21:00:41.0614 5200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:00:41.0649 5200 TermDD - ok
21:00:41.0947 5200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:41.0982 5200 tssecsrv - ok
21:00:42.0465 5200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:00:42.0537 5200 TsUsbFlt - ok
21:00:42.0702 5200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:00:42.0717 5200 tunnel - ok
21:00:42.0928 5200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:00:42.0931 5200 uagp35 - ok
21:00:43.0296 5200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:00:43.0311 5200 udfs - ok
21:00:43.0450 5200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:00:43.0452 5200 uliagpkx - ok
21:00:43.0730 5200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:00:43.0801 5200 umbus - ok
21:00:43.0966 5200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:00:43.0968 5200 UmPass - ok
21:00:44.0602 5200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:44.0645 5200 usbccgp - ok
21:00:44.0805 5200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:00:44.0845 5200 usbcir - ok
21:00:45.0001 5200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:00:45.0004 5200 usbehci - ok
21:00:45.0143 5200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:00:45.0176 5200 usbhub - ok
21:00:45.0507 5200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:00:45.0535 5200 usbohci - ok
21:00:45.0674 5200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:00:45.0675 5200 usbprint - ok
21:00:45.0899 5200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:00:45.0917 5200 usbscan - ok
21:00:46.0054 5200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:46.0088 5200 USBSTOR - ok
21:00:46.0315 5200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:00:46.0340 5200 usbuhci - ok
21:00:46.0579 5200 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:00:46.0604 5200 usbvideo - ok
21:00:46.0819 5200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:00:46.0820 5200 vdrvroot - ok
21:00:46.0988 5200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:47.0012 5200 vga - ok
21:00:47.0307 5200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:00:47.0309 5200 VgaSave - ok
21:00:47.0664 5200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:00:47.0708 5200 vhdmp - ok
21:00:47.0855 5200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:00:47.0897 5200 viaide - ok
21:00:48.0061 5200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:00:48.0063 5200 volmgr - ok
21:00:48.0255 5200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:00:48.0261 5200 volmgrx - ok
21:00:48.0457 5200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:00:48.0463 5200 volsnap - ok
21:00:48.0799 5200 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
21:00:48.0801 5200 VProEventMonitor - ok
21:00:48.0946 5200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:00:48.0962 5200 vsmraid - ok
21:00:49.0057 5200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:00:49.0059 5200 vwifibus - ok
21:00:49.0167 5200 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:00:49.0169 5200 vwififlt - ok
21:00:49.0342 5200 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:00:49.0343 5200 vwifimp - ok
21:00:49.0517 5200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:00:49.0569 5200 WacomPen - ok
21:00:49.0721 5200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:49.0745 5200 WANARP - ok
21:00:49.0758 5200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:49.0760 5200 Wanarpv6 - ok
21:00:49.0922 5200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:00:49.0924 5200 Wd - ok
21:00:50.0314 5200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:00:50.0337 5200 Wdf01000 - ok
21:00:50.0480 5200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:00:50.0482 5200 WfpLwf - ok
21:00:50.0544 5200 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:00:50.0548 5200 WimFltr - ok
21:00:50.0591 5200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:00:50.0611 5200 WIMMount - ok
21:00:50.0798 5200 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:00:50.0800 5200 WinUsb - ok
21:00:50.0933 5200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:00:50.0933 5200 WmiAcpi - ok
21:00:51.0123 5200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:00:51.0147 5200 ws2ifsl - ok
21:00:51.0327 5200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:00:51.0330 5200 WudfPf - ok
21:00:51.0442 5200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:51.0446 5200 WUDFRd - ok
21:00:51.0719 5200 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:00:51.0745 5200 yukonw7 - ok
21:00:51.0774 5200 MBR (0x1B8) (a9d691444202b6b49cc6c7223076f181) \Device\Harddisk0\DR0
21:00:51.0815 5200 \Device\Harddisk0\DR0 - ok
21:00:51.0842 5200 Boot (0x1200) (620d39ae2eca5c6efe12d531fd8f6db7) \Device\Harddisk0\DR0\Partition0
21:00:51.0845 5200 \Device\Harddisk0\DR0\Partition0 - ok
21:00:51.0867 5200 Boot (0x1200) (8ee34faca9fd81e8f6a09a9e499cc57b) \Device\Harddisk0\DR0\Partition1
21:00:51.0869 5200 \Device\Harddisk0\DR0\Partition1 - ok
21:00:51.0906 5200 Boot (0x1200) (f44230318efbfa246828d03c28e89285) \Device\Harddisk0\DR0\Partition2
21:00:51.0908 5200 \Device\Harddisk0\DR0\Partition2 - ok
21:00:51.0958 5200 Boot (0x1200) (04389cb8a58b1c204eba12af8944fe7b) \Device\Harddisk0\DR0\Partition3
21:00:51.0959 5200 \Device\Harddisk0\DR0\Partition3 - ok
21:00:51.0960 5200 ============================================================
21:00:51.0960 5200 Scan finished
21:00:51.0960 5200 ============================================================
21:00:51.0973 5248 Detected object count: 0
21:00:51.0973 5248 Actual detected object count: 0

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mary :: MARY-HP [administrator]

3/11/2012 6:46:44 PM
mbam-log-2012-03-11 (18-46-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 381226
Time elapsed: 1 hour(s), 59 minute(s), 33 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2928 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 AM

Posted 11 March 2012 - 10:39 PM

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


Is it still redirecting.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 March 2012 - 06:27 AM

Reset the HOSTS file and it's still being redirected (had to do more tests than usual though).

Also, this error message pops up when the computer starts:

"There was a problem starting
C:\Windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client\SoftGrid Client\klzgc.dll
The specificed module could not be found."

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 AM

Posted 12 March 2012 - 12:22 PM

Ok. about the error
Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete. --->> klzgc.dll
Reboot your computer and see if the startup error returns.



Now we will need a deeper look to find the issue..

Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 -Celestial-

-Celestial-
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 March 2012 - 02:30 PM

The error message doesn't come up anymore. I made the new topic and hopefully the problem can be resolved there.

Thanks for all the help.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 AM

Posted 12 March 2012 - 06:01 PM

Thank you it will be. It's a hidden or protected malware and needs to be uncovered.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users