Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus infected


  • Please log in to reply
17 replies to this topic

#1 Nagato

Nagato

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 02 April 2012 - 08:00 PM

Ive been infected with the Google Redirect Virus. I have downloaded Combofix and i am prepared to run it when directed.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 02 April 2012 - 08:23 PM

Hello,please do not run it until asked.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?





Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 06:34 PM

Ok i completed all the tasks.

I use Internet Explorer, but i recently downloaded Firefox and installed it. It was around the time that this infection started. I may have used an infected link to download it.

Here are the logs requested. Standing by for further instructions. Thanks.

From MiniToolBox -

MiniToolBox by Farbar Version: 18-01-2012
Ran by owner (administrator) on 04-04-2012 at 18:26:14
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: :0

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
DW1525 (802.11n) WLAN PCIe Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ga.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ga.comcast.net.
Description . . . . . . . . . . . : DW1525 (802.11n) WLAN PCIe Card
Physical Address. . . . . . . . . : C4-17-FE-0E-A9-D5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ga.comcast.net.
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-25-64-F5-41-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4c61:3d94:0:c944:b980:96db:4246(Preferred)
Temporary IPv6 Address. . . . . . : 2002:4c61:3d94:0:94c6:3a8a:da9d:8fcf(Preferred)
Link-local IPv6 Address . . . . . : fe80::c944:b980:96db:4246%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.145(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 04, 2012 6:15:50 PM
Lease Expires . . . . . . . . . . : Thursday, April 05, 2012 6:15:50 PM
Default Gateway . . . . . . . . . : fe80::c2c1:c0ff:fe7b:2743%11
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-06-50-5D-00-25-64-F5-41-CF
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.ga.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ga.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c9d:b31:b39e:c26b(Preferred)
Link-local IPv6 Address . . . . . : fe80::c9d:b31:b39e:c26b%15(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.45.113
74.125.45.102
74.125.45.101
74.125.45.138
74.125.45.100
74.125.45.139


Pinging google.com [74.125.159.113] with 32 bytes of data:
Reply from 74.125.159.113: bytes=32 time=18ms TTL=53
Reply from 74.125.159.113: bytes=32 time=26ms TTL=53

Ping statistics for 74.125.159.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 26ms, Average = 22ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/04/2012 06:16:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/03/2012 10:04:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: Flash11e.ocx, version: 11.1.102.55, time stamp: 0x4eaf89fc
Exception code: 0xc0000005
Fault offset: 0x004050e3
Faulting process id: 0x14b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/03/2012 09:44:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/03/2012 09:22:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xb9cc546a
Faulting process id: 0x1048
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/03/2012 08:55:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/03/2012 05:33:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (04/03/2012 04:24:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/03/2012 04:20:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/03/2012 11:27:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/03/2012 10:57:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (04/04/2012 06:24:16 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).

Error: (04/04/2012 06:24:08 PM) (Source: Service Control Manager) (User: )
Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (04/04/2012 06:23:54 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (04/04/2012 06:23:16 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (04/04/2012 06:16:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/04/2012 06:16:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (04/04/2012 06:15:53 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (04/04/2012 06:15:40 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff8000316cf2a, 0x0000000000000001, 0x0000000000000018)C:\Windows\MEMORY.DMP040412-36785-01

Error: (04/03/2012 09:49:41 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).

Error: (04/03/2012 09:49:13 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader 9.4.5 (Version: 9.4.5)
ATI Catalyst Control Center (Version: 2.009.0918.2131)
Banctec Service Agreement (Version: 2.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Full Existing (Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Full New (Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Light (Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Previews Common (Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0918.2132.36825)
Catalyst Control Center InstallProxy (Version: 2009.0918.2132.36825)
Catalyst Control Center Localization All (Version: 2009.0918.2132.36825)
ccc-core-static (Version: 2009.0918.2132.36825)
ccc-utility64 (Version: 2009.0918.2132.36825)
CCC Help Chinese Standard (Version: 2009.0918.2131.36825)
CCC Help Chinese Traditional (Version: 2009.0918.2131.36825)
CCC Help Czech (Version: 2009.0918.2131.36825)
CCC Help Danish (Version: 2009.0918.2131.36825)
CCC Help Dutch (Version: 2009.0918.2131.36825)
CCC Help English (Version: 2009.0918.2131.36825)
CCC Help Finnish (Version: 2009.0918.2131.36825)
CCC Help French (Version: 2009.0918.2131.36825)
CCC Help German (Version: 2009.0918.2131.36825)
CCC Help Greek (Version: 2009.0918.2131.36825)
CCC Help Hungarian (Version: 2009.0918.2131.36825)
CCC Help Italian (Version: 2009.0918.2131.36825)
CCC Help Japanese (Version: 2009.0918.2131.36825)
CCC Help Korean (Version: 2009.0918.2131.36825)
CCC Help Norwegian (Version: 2009.0918.2131.36825)
CCC Help Polish (Version: 2009.0918.2131.36825)
CCC Help Portuguese (Version: 2009.0918.2131.36825)
CCC Help Russian (Version: 2009.0918.2131.36825)
CCC Help Spanish (Version: 2009.0918.2131.36825)
CCC Help Swedish (Version: 2009.0918.2131.36825)
CCC Help Thai (Version: 2009.0918.2131.36825)
CCC Help Turkish (Version: 2009.0918.2131.36825)
Cisco Connect (Version: 1.2.10260.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink BD Advisor 2.0
CyberLink MediaShow (Version: 4.1.3102)
CyberLink PowerDVD 10 (Version: 10.0.1705)
D3DX10 (Version: 15.4.2368.0902)
Dell Communications (Support Software) (Version: 1.0.09094)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
DirectXInstallService (Version: 9.0.2)
Dynex 1.3MP Webcam Driver (1.00.03.0000)
Dynex Webcam User's Guide
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
GoToAssist 8.0.0.514
Intel® Control Center (Version: 1.2.0.1006)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 23 (64-bit) (Version: 6.0.230)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Development Kit 6 Update 23 (64-bit) (Version: 1.6.0.230)
Junk Mail filter update (Version: 15.4.3502.0922)
League of Legends (Version: 1.0020)
League of Legends (Version: 1.3)
Live! Cam Center
Logitech GamePanel Software 3.03.133 (Version: 3.03.133)
MagicTune Premium (Version: 1.0 Beta)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
Multimedia Card Reader (Version: 1.4.915.1)
MultiScreen (Version: 1.00.0000)
Mumble 1.2.3 (Version: 1.2.3)
Norton Security Suite (Version: 4.3.0.5)
Pando Media Booster (Version: 2.3.5.6)
Pandora (Version: 2.0.5)
PowerDVD DX (Version: 8.3.5424)
Realtek High Definition Audio Driver (Version: 6.0.1.5953)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.106)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
Samsung_MonSetup (Version: 1.00.0000)
Skins (Version: 2009.0918.2132.36825)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Star Wars: The Old Republic (Version: 1.00)
StarCraft II (Version: 1.0.1.16195)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst (Version: 1.00.0000)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
World of Warcraft (Version: 4.3.0.15050)
Xvid Video Codec (Version: 1.3.2)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 12247.08 MB
Available physical RAM: 8775.9 MB
Total Pagefile: 24492.3 MB
Available Pagefile: 21362.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.18 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:778.21 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest owner


**** End of log ****

From TDSSKiller -

18:39:14.0261 7008 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:39:14.0620 7008 ============================================================
18:39:14.0620 7008 Current date / time: 2012/04/04 18:39:14.0620
18:39:14.0620 7008 SystemInfo:
18:39:14.0620 7008
18:39:14.0620 7008 OS Version: 6.1.7600 ServicePack: 0.0
18:39:14.0620 7008 Product type: Workstation
18:39:14.0620 7008 ComputerName: OWNER-PC
18:39:14.0620 7008 UserName: owner
18:39:14.0620 7008 Windows directory: C:\Windows
18:39:14.0620 7008 System windows directory: C:\Windows
18:39:14.0620 7008 Running under WOW64
18:39:14.0620 7008 Processor architecture: Intel x64
18:39:14.0620 7008 Number of processors: 8
18:39:14.0620 7008 Page size: 0x1000
18:39:14.0620 7008 Boot type: Normal boot
18:39:14.0620 7008 ============================================================
18:39:14.0963 7008 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:39:14.0979 7008 \Device\Harddisk0\DR0:
18:39:14.0979 7008 MBR used
18:39:14.0979 7008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:39:14.0979 7008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x729A65B0
18:39:15.0010 7008 Initialize success
18:39:15.0010 7008 ============================================================
18:39:17.0085 6336 ============================================================
18:39:17.0085 6336 Scan started
18:39:17.0085 6336 Mode: Manual;
18:39:17.0085 6336 ============================================================
18:39:17.0443 6336 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:39:17.0443 6336 1394ohci - ok
18:39:17.0521 6336 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:39:17.0521 6336 ACPI - ok
18:39:17.0599 6336 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:39:17.0599 6336 AcpiPmi - ok
18:39:17.0693 6336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:39:17.0693 6336 adp94xx - ok
18:39:17.0787 6336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:39:17.0787 6336 adpahci - ok
18:39:17.0865 6336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:39:17.0865 6336 adpu320 - ok
18:39:17.0943 6336 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:39:17.0943 6336 AeLookupSvc - ok
18:39:18.0036 6336 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:39:18.0036 6336 AFD - ok
18:39:18.0114 6336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:39:18.0114 6336 agp440 - ok
18:39:18.0192 6336 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:39:18.0192 6336 ALG - ok
18:39:18.0270 6336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:39:18.0270 6336 aliide - ok
18:39:18.0348 6336 AMD External Events Utility (ee048ef96ee7f7fdf1dce45c9ebbf19a) C:\Windows\system32\atiesrxx.exe
18:39:18.0348 6336 AMD External Events Utility - ok
18:39:18.0426 6336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:39:18.0426 6336 amdide - ok
18:39:18.0504 6336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:39:18.0504 6336 AmdK8 - ok
18:39:18.0707 6336 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:39:18.0738 6336 amdkmdag - ok
18:39:18.0738 6336 Scan interrupted by user!
18:39:18.0738 6336 Scan interrupted by user!
18:39:18.0738 6336 Scan interrupted by user!
18:39:18.0738 6336 ============================================================
18:39:18.0738 6336 Scan finished
18:39:18.0738 6336 ============================================================
18:39:18.0738 7088 Detected object count: 0
18:39:18.0738 7088 Actual detected object count: 0
18:39:22.0716 5540 ============================================================
18:39:22.0716 5540 Scan started
18:39:22.0716 5540 Mode: Manual; TDLFS;
18:39:22.0716 5540 ============================================================
18:39:22.0857 5540 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:39:22.0872 5540 1394ohci - ok
18:39:22.0888 5540 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:39:22.0888 5540 ACPI - ok
18:39:22.0919 5540 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:39:22.0919 5540 AcpiPmi - ok
18:39:22.0935 5540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:39:22.0935 5540 adp94xx - ok
18:39:22.0950 5540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:39:22.0950 5540 adpahci - ok
18:39:22.0981 5540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:39:22.0981 5540 adpu320 - ok
18:39:23.0013 5540 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:39:23.0028 5540 AeLookupSvc - ok
18:39:23.0059 5540 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:39:23.0059 5540 AFD - ok
18:39:23.0075 5540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:39:23.0075 5540 agp440 - ok
18:39:23.0091 5540 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:39:23.0091 5540 ALG - ok
18:39:23.0106 5540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:39:23.0122 5540 aliide - ok
18:39:23.0137 5540 AMD External Events Utility (ee048ef96ee7f7fdf1dce45c9ebbf19a) C:\Windows\system32\atiesrxx.exe
18:39:23.0137 5540 AMD External Events Utility - ok
18:39:23.0153 5540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:39:23.0153 5540 amdide - ok
18:39:23.0169 5540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:39:23.0169 5540 AmdK8 - ok
18:39:23.0309 5540 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:39:23.0340 5540 amdkmdag - ok
18:39:23.0371 5540 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:39:23.0371 5540 amdkmdap - ok
18:39:23.0403 5540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:39:23.0403 5540 AmdPPM - ok
18:39:23.0434 5540 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:39:23.0434 5540 amdsata - ok
18:39:23.0465 5540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:39:23.0465 5540 amdsbs - ok
18:39:23.0496 5540 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:39:23.0496 5540 amdxata - ok
18:39:23.0527 5540 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:39:23.0527 5540 AppID - ok
18:39:23.0527 5540 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:39:23.0543 5540 AppIDSvc - ok
18:39:23.0559 5540 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:39:23.0559 5540 Appinfo - ok
18:39:23.0590 5540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:39:23.0590 5540 arc - ok
18:39:23.0605 5540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:39:23.0605 5540 arcsas - ok
18:39:23.0637 5540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:23.0637 5540 AsyncMac - ok
18:39:23.0668 5540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:39:23.0683 5540 atapi - ok
18:39:23.0730 5540 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
18:39:23.0730 5540 athr - ok
18:39:23.0746 5540 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
18:39:23.0746 5540 AtiHdmiService - ok
18:39:23.0902 5540 atikmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:39:23.0917 5540 atikmdag - ok
18:39:23.0949 5540 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:39:23.0949 5540 AudioEndpointBuilder - ok
18:39:23.0964 5540 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:39:23.0964 5540 AudioSrv - ok
18:39:23.0995 5540 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:39:23.0995 5540 AxInstSV - ok
18:39:24.0011 5540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:39:24.0027 5540 b06bdrv - ok
18:39:24.0042 5540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:39:24.0042 5540 b57nd60a - ok
18:39:24.0073 5540 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:39:24.0073 5540 BDESVC - ok
18:39:24.0089 5540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:39:24.0105 5540 Beep - ok
18:39:24.0136 5540 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:39:24.0151 5540 BFE - ok
18:39:24.0339 5540 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
18:39:24.0339 5540 BHDrvx64 - ok
18:39:24.0401 5540 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:39:24.0401 5540 BITS - ok
18:39:24.0432 5540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:39:24.0432 5540 blbdrive - ok
18:39:24.0448 5540 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:39:24.0448 5540 bowser - ok
18:39:24.0479 5540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:39:24.0479 5540 BrFiltLo - ok
18:39:24.0495 5540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:39:24.0495 5540 BrFiltUp - ok
18:39:24.0526 5540 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:39:24.0526 5540 BridgeMP - ok
18:39:24.0573 5540 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:39:24.0573 5540 Browser - ok
18:39:24.0604 5540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:39:24.0604 5540 Brserid - ok
18:39:24.0619 5540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:39:24.0635 5540 BrSerWdm - ok
18:39:24.0635 5540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:39:24.0635 5540 BrUsbMdm - ok
18:39:24.0666 5540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:39:24.0666 5540 BrUsbSer - ok
18:39:24.0682 5540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:39:24.0682 5540 BTHMODEM - ok
18:39:24.0713 5540 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:39:24.0713 5540 bthserv - ok
18:39:24.0713 5540 catchme - ok
18:39:24.0791 5540 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
18:39:24.0807 5540 ccHP - ok
18:39:24.0838 5540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:39:24.0838 5540 cdfs - ok
18:39:24.0853 5540 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:39:24.0853 5540 cdrom - ok
18:39:24.0885 5540 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:39:24.0885 5540 CertPropSvc - ok
18:39:24.0900 5540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:39:24.0900 5540 circlass - ok
18:39:24.0931 5540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:39:24.0931 5540 CLFS - ok
18:39:24.0994 5540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:24.0994 5540 clr_optimization_v2.0.50727_32 - ok
18:39:25.0041 5540 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:39:25.0041 5540 clr_optimization_v2.0.50727_64 - ok
18:39:25.0103 5540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:25.0103 5540 clr_optimization_v4.0.30319_32 - ok
18:39:25.0134 5540 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:39:25.0134 5540 clr_optimization_v4.0.30319_64 - ok
18:39:25.0150 5540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:39:25.0150 5540 CmBatt - ok
18:39:25.0165 5540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:39:25.0165 5540 cmdide - ok
18:39:25.0212 5540 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:39:25.0212 5540 CNG - ok
18:39:25.0228 5540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:39:25.0228 5540 Compbatt - ok
18:39:25.0243 5540 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:39:25.0243 5540 CompositeBus - ok
18:39:25.0243 5540 COMSysApp - ok
18:39:25.0275 5540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:39:25.0275 5540 crcdisk - ok
18:39:25.0290 5540 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:39:25.0290 5540 CryptSvc - ok
18:39:25.0337 5540 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:39:25.0337 5540 DcomLaunch - ok
18:39:25.0368 5540 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:39:25.0384 5540 defragsvc - ok
18:39:25.0415 5540 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:39:25.0415 5540 DfsC - ok
18:39:25.0431 5540 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:39:25.0431 5540 Dhcp - ok
18:39:25.0462 5540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:39:25.0462 5540 discache - ok
18:39:25.0477 5540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:39:25.0493 5540 Disk - ok
18:39:25.0524 5540 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:39:25.0524 5540 Dnscache - ok
18:39:25.0587 5540 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
18:39:25.0587 5540 DockLoginService - ok
18:39:25.0602 5540 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:39:25.0618 5540 dot3svc - ok
18:39:25.0633 5540 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:39:25.0633 5540 DPS - ok
18:39:25.0665 5540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:39:25.0665 5540 drmkaud - ok
18:39:25.0711 5540 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:39:25.0727 5540 DXGKrnl - ok
18:39:25.0743 5540 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:39:25.0743 5540 EapHost - ok
18:39:25.0821 5540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:39:25.0821 5540 ebdrv - ok
18:39:25.0899 5540 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:39:25.0899 5540 eeCtrl - ok
18:39:25.0930 5540 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:39:25.0930 5540 EFS - ok
18:39:25.0977 5540 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:39:25.0992 5540 ehRecvr - ok
18:39:26.0008 5540 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:39:26.0008 5540 ehSched - ok
18:39:26.0055 5540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:39:26.0055 5540 elxstor - ok
18:39:26.0086 5540 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:39:26.0101 5540 EraserUtilRebootDrv - ok
18:39:26.0117 5540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:39:26.0117 5540 ErrDev - ok
18:39:26.0148 5540 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:39:26.0148 5540 EventSystem - ok
18:39:26.0179 5540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:39:26.0179 5540 exfat - ok
18:39:26.0211 5540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:39:26.0211 5540 fastfat - ok
18:39:26.0242 5540 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:39:26.0242 5540 Fax - ok
18:39:26.0257 5540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:39:26.0273 5540 fdc - ok
18:39:26.0289 5540 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:39:26.0289 5540 fdPHost - ok
18:39:26.0304 5540 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:39:26.0304 5540 FDResPub - ok
18:39:26.0320 5540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:39:26.0320 5540 FileInfo - ok
18:39:26.0335 5540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:39:26.0335 5540 Filetrace - ok
18:39:26.0351 5540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:26.0351 5540 flpydisk - ok
18:39:26.0382 5540 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:39:26.0382 5540 FltMgr - ok
18:39:26.0429 5540 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:39:26.0445 5540 FontCache - ok
18:39:26.0523 5540 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:39:26.0523 5540 FontCache3.0.0.0 - ok
18:39:26.0538 5540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:39:26.0538 5540 FsDepends - ok
18:39:26.0585 5540 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:39:26.0585 5540 fssfltr - ok
18:39:26.0601 5540 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:26.0601 5540 Fs_Rec - ok
18:39:26.0632 5540 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:39:26.0632 5540 fvevol - ok
18:39:26.0663 5540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:39:26.0663 5540 gagp30kx - ok
18:39:26.0694 5540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:39:26.0694 5540 GEARAspiWDM - ok
18:39:26.0757 5540 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
18:39:26.0757 5540 GoToAssist - ok
18:39:26.0803 5540 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:39:26.0803 5540 gpsvc - ok
18:39:26.0866 5540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:26.0866 5540 gupdate - ok
18:39:26.0881 5540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:26.0881 5540 gupdatem - ok
18:39:26.0897 5540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:39:26.0897 5540 hcw85cir - ok
18:39:26.0928 5540 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:39:26.0928 5540 HDAudBus - ok
18:39:26.0959 5540 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:39:26.0959 5540 HECIx64 - ok
18:39:26.0975 5540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:39:26.0975 5540 HidBatt - ok
18:39:26.0991 5540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:39:26.0991 5540 HidBth - ok
18:39:27.0006 5540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:39:27.0006 5540 HidIr - ok
18:39:27.0037 5540 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:39:27.0037 5540 hidserv - ok
18:39:27.0069 5540 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:39:27.0069 5540 HidUsb - ok
18:39:27.0100 5540 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:39:27.0100 5540 hkmsvc - ok
18:39:27.0115 5540 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:39:27.0131 5540 HomeGroupListener - ok
18:39:27.0162 5540 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:39:27.0162 5540 HomeGroupProvider - ok
18:39:27.0193 5540 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:39:27.0193 5540 HpSAMD - ok
18:39:27.0209 5540 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:39:27.0225 5540 HTTP - ok
18:39:27.0225 5540 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:39:27.0225 5540 hwpolicy - ok
18:39:27.0240 5540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:39:27.0240 5540 i8042prt - ok
18:39:27.0271 5540 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
18:39:27.0271 5540 iaStor - ok
18:39:27.0412 5540 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:39:27.0412 5540 IAStorDataMgrSvc - ok
18:39:27.0505 5540 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:39:27.0505 5540 iaStorV - ok
18:39:27.0739 5540 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:39:27.0755 5540 idsvc - ok
18:39:28.0020 5540 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120404.002\IDSvia64.sys
18:39:28.0020 5540 IDSVia64 - ok
18:39:28.0051 5540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:39:28.0051 5540 iirsp - ok
18:39:28.0176 5540 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:39:28.0192 5540 IKEEXT - ok
18:39:28.0285 5540 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
18:39:28.0301 5540 IntcAzAudAddService - ok
18:39:28.0348 5540 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:39:28.0348 5540 IntcDAud - ok
18:39:28.0395 5540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:39:28.0395 5540 intelide - ok
18:39:28.0426 5540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:28.0426 5540 intelppm - ok
18:39:28.0457 5540 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:39:28.0457 5540 IPBusEnum - ok
18:39:28.0504 5540 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:28.0504 5540 IpFilterDriver - ok
18:39:28.0535 5540 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:39:28.0551 5540 iphlpsvc - ok
18:39:28.0582 5540 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:39:28.0582 5540 IPMIDRV - ok
18:39:28.0613 5540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:39:28.0613 5540 IPNAT - ok
18:39:28.0629 5540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:39:28.0644 5540 IRENUM - ok
18:39:28.0675 5540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:39:28.0675 5540 isapnp - ok
18:39:28.0722 5540 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:39:28.0722 5540 iScsiPrt - ok
18:39:28.0800 5540 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
18:39:28.0800 5540 ivusb - ok
18:39:28.0863 5540 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:39:28.0863 5540 k57nd60a - ok
18:39:28.0909 5540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:39:28.0909 5540 kbdclass - ok
18:39:28.0956 5540 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:39:28.0956 5540 kbdhid - ok
18:39:29.0003 5540 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:29.0019 5540 KeyIso - ok
18:39:29.0034 5540 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:39:29.0050 5540 KSecDD - ok
18:39:29.0065 5540 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:39:29.0065 5540 KSecPkg - ok
18:39:29.0081 5540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:39:29.0081 5540 ksthunk - ok
18:39:29.0128 5540 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:39:29.0128 5540 KtmRm - ok
18:39:29.0175 5540 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:39:29.0175 5540 LanmanServer - ok
18:39:29.0206 5540 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:39:29.0206 5540 LanmanWorkstation - ok
18:39:29.0237 5540 LGBusEnum (db164eb571fd118d277d939510b0f562) C:\Windows\system32\drivers\LGBusEnum.sys
18:39:29.0237 5540 LGBusEnum - ok
18:39:29.0268 5540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:29.0268 5540 lltdio - ok
18:39:29.0299 5540 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:39:29.0299 5540 lltdsvc - ok
18:39:29.0315 5540 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:39:29.0315 5540 lmhosts - ok
18:39:29.0346 5540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:39:29.0346 5540 LSI_FC - ok
18:39:29.0362 5540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:39:29.0362 5540 LSI_SAS - ok
18:39:29.0377 5540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:39:29.0377 5540 LSI_SAS2 - ok
18:39:29.0409 5540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:39:29.0409 5540 LSI_SCSI - ok
18:39:29.0424 5540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:39:29.0424 5540 luafv - ok
18:39:29.0471 5540 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
18:39:29.0487 5540 MagicTuneEngine - ok
18:39:29.0518 5540 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:39:29.0518 5540 Mcx2Svc - ok
18:39:29.0533 5540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:39:29.0533 5540 megasas - ok
18:39:29.0549 5540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:39:29.0549 5540 MegaSR - ok
18:39:29.0611 5540 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:39:29.0611 5540 Microsoft Office Groove Audit Service - ok
18:39:29.0627 5540 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:39:29.0627 5540 MMCSS - ok
18:39:29.0643 5540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:39:29.0643 5540 Modem - ok
18:39:29.0674 5540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:39:29.0674 5540 monitor - ok
18:39:29.0705 5540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:39:29.0705 5540 mouclass - ok
18:39:29.0721 5540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:29.0721 5540 mouhid - ok
18:39:29.0752 5540 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:39:29.0752 5540 mountmgr - ok
18:39:29.0799 5540 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:39:29.0814 5540 MpFilter - ok
18:39:29.0830 5540 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:39:29.0830 5540 mpio - ok
18:39:29.0845 5540 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:39:29.0845 5540 MpNWMon - ok
18:39:29.0861 5540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:39:29.0861 5540 mpsdrv - ok
18:39:29.0892 5540 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:39:29.0908 5540 MpsSvc - ok
18:39:29.0923 5540 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:39:29.0923 5540 MRxDAV - ok
18:39:29.0955 5540 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:29.0955 5540 mrxsmb - ok
18:39:30.0001 5540 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:30.0001 5540 mrxsmb10 - ok
18:39:30.0017 5540 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:30.0017 5540 mrxsmb20 - ok
18:39:30.0048 5540 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:39:30.0048 5540 msahci - ok
18:39:30.0064 5540 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:39:30.0064 5540 msdsm - ok
18:39:30.0095 5540 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:39:30.0095 5540 MSDTC - ok
18:39:30.0126 5540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:39:30.0126 5540 Msfs - ok
18:39:30.0157 5540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:39:30.0157 5540 mshidkmdf - ok
18:39:30.0173 5540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:39:30.0173 5540 msisadrv - ok
18:39:30.0204 5540 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:39:30.0204 5540 MSiSCSI - ok
18:39:30.0220 5540 msiserver - ok
18:39:30.0235 5540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:30.0235 5540 MSKSSRV - ok
18:39:30.0329 5540 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:39:30.0329 5540 MsMpSvc - ok
18:39:30.0345 5540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:30.0345 5540 MSPCLOCK - ok
18:39:30.0360 5540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:39:30.0360 5540 MSPQM - ok
18:39:30.0391 5540 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:39:30.0391 5540 MsRPC - ok
18:39:30.0423 5540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:39:30.0423 5540 mssmbios - ok
18:39:30.0438 5540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:39:30.0438 5540 MSTEE - ok
18:39:30.0454 5540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:39:30.0454 5540 MTConfig - ok
18:39:30.0469 5540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:39:30.0469 5540 Mup - ok
18:39:30.0610 5540 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
18:39:30.0625 5540 N360 - ok
18:39:30.0657 5540 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:39:30.0672 5540 napagent - ok
18:39:30.0688 5540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:30.0688 5540 NativeWifiP - ok
18:39:30.0844 5540 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120404.004\ENG64.SYS
18:39:30.0844 5540 NAVENG - ok
18:39:30.0906 5540 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120404.004\EX64.SYS
18:39:30.0922 5540 NAVEX15 - ok
18:39:30.0953 5540 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:39:30.0969 5540 NDIS - ok
18:39:30.0984 5540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:30.0984 5540 NdisCap - ok
18:39:31.0000 5540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:31.0000 5540 NdisTapi - ok
18:39:31.0015 5540 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:31.0015 5540 Ndisuio - ok
18:39:31.0031 5540 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:31.0047 5540 NdisWan - ok
18:39:31.0062 5540 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:39:31.0062 5540 NDProxy - ok
18:39:31.0078 5540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:39:31.0078 5540 NetBIOS - ok
18:39:31.0109 5540 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:39:31.0109 5540 NetBT - ok
18:39:31.0140 5540 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:31.0140 5540 Netlogon - ok
18:39:31.0187 5540 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:39:31.0187 5540 Netman - ok
18:39:31.0218 5540 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:39:31.0218 5540 netprofm - ok
18:39:31.0312 5540 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:39:31.0312 5540 NetTcpPortSharing - ok
18:39:31.0343 5540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:39:31.0343 5540 nfrd960 - ok
18:39:31.0374 5540 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:39:31.0374 5540 NisDrv - ok
18:39:31.0468 5540 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
18:39:31.0468 5540 NisSrv - ok
18:39:31.0483 5540 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:39:31.0499 5540 NlaSvc - ok
18:39:31.0515 5540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:39:31.0515 5540 Npfs - ok
18:39:31.0530 5540 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:39:31.0530 5540 nsi - ok
18:39:31.0561 5540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:39:31.0561 5540 nsiproxy - ok
18:39:31.0624 5540 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:39:31.0639 5540 Ntfs - ok
18:39:31.0639 5540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:39:31.0639 5540 Null - ok
18:39:31.0686 5540 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:39:31.0686 5540 nvraid - ok
18:39:31.0717 5540 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:39:31.0717 5540 nvstor - ok
18:39:31.0749 5540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:39:31.0749 5540 nv_agp - ok
18:39:31.0827 5540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:39:31.0827 5540 odserv - ok
18:39:31.0858 5540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:39:31.0858 5540 ohci1394 - ok
18:39:31.0889 5540 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:39:31.0889 5540 ose - ok
18:39:31.0920 5540 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:39:31.0920 5540 p2pimsvc - ok
18:39:31.0951 5540 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:39:31.0951 5540 p2psvc - ok
18:39:31.0967 5540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:39:31.0967 5540 Parport - ok
18:39:31.0983 5540 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:39:31.0983 5540 partmgr - ok
18:39:32.0014 5540 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:39:32.0014 5540 PcaSvc - ok
18:39:32.0045 5540 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:39:32.0045 5540 pci - ok
18:39:32.0076 5540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:39:32.0076 5540 pciide - ok
18:39:32.0107 5540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:39:32.0107 5540 pcmcia - ok
18:39:32.0123 5540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:39:32.0123 5540 pcw - ok
18:39:32.0154 5540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:39:32.0154 5540 PEAUTH - ok
18:39:32.0217 5540 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:39:32.0217 5540 PerfHost - ok
18:39:32.0279 5540 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:39:32.0295 5540 pla - ok
18:39:32.0341 5540 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:39:32.0357 5540 PlugPlay - ok
18:39:32.0373 5540 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:39:32.0373 5540 PNRPAutoReg - ok
18:39:32.0404 5540 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:39:32.0404 5540 PNRPsvc - ok
18:39:32.0451 5540 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
18:39:32.0451 5540 Point64 - ok
18:39:32.0497 5540 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:39:32.0497 5540 PolicyAgent - ok
18:39:32.0529 5540 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:39:32.0529 5540 Power - ok
18:39:32.0560 5540 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:32.0560 5540 PptpMiniport - ok
18:39:32.0575 5540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:39:32.0575 5540 Processor - ok
18:39:32.0591 5540 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:39:32.0591 5540 ProfSvc - ok
18:39:32.0622 5540 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:32.0622 5540 ProtectedStorage - ok
18:39:32.0638 5540 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:39:32.0638 5540 Psched - ok
18:39:32.0669 5540 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:39:32.0669 5540 PxHlpa64 - ok
18:39:32.0716 5540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:39:32.0731 5540 ql2300 - ok
18:39:32.0747 5540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:39:32.0747 5540 ql40xx - ok
18:39:32.0763 5540 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:39:32.0763 5540 QWAVE - ok
18:39:32.0778 5540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:39:32.0778 5540 QWAVEdrv - ok
18:39:32.0794 5540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:32.0794 5540 RasAcd - ok
18:39:32.0825 5540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:32.0841 5540 RasAgileVpn - ok
18:39:32.0856 5540 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:39:32.0856 5540 RasAuto - ok
18:39:32.0872 5540 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:32.0872 5540 Rasl2tp - ok
18:39:32.0903 5540 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:39:32.0903 5540 RasMan - ok
18:39:32.0919 5540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:32.0934 5540 RasPppoe - ok
18:39:32.0950 5540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:32.0950 5540 RasSstp - ok
18:39:32.0981 5540 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:32.0981 5540 rdbss - ok
18:39:32.0997 5540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:39:32.0997 5540 rdpbus - ok
18:39:33.0012 5540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:33.0012 5540 RDPCDD - ok
18:39:33.0043 5540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:39:33.0043 5540 RDPENCDD - ok
18:39:33.0059 5540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:39:33.0059 5540 RDPREFMP - ok
18:39:33.0075 5540 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
18:39:33.0090 5540 RDPWD - ok
18:39:33.0106 5540 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:39:33.0106 5540 rdyboost - ok
18:39:33.0153 5540 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:39:33.0153 5540 RemoteAccess - ok
18:39:33.0168 5540 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:39:33.0168 5540 RemoteRegistry - ok
18:39:33.0262 5540 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
18:39:33.0262 5540 RichVideo - ok
18:39:33.0324 5540 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:39:33.0340 5540 RoxMediaDB10 - ok
18:39:33.0371 5540 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:39:33.0371 5540 RpcEptMapper - ok
18:39:33.0387 5540 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:39:33.0387 5540 RpcLocator - ok
18:39:33.0418 5540 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:39:33.0418 5540 RpcSs - ok
18:39:33.0449 5540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:33.0449 5540 rspndr - ok
18:39:33.0449 5540 RxFilter - ok
18:39:33.0480 5540 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:33.0480 5540 SamSs - ok
18:39:33.0511 5540 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:39:33.0511 5540 sbp2port - ok
18:39:33.0527 5540 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:39:33.0527 5540 SCardSvr - ok
18:39:33.0543 5540 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:39:33.0543 5540 scfilter - ok
18:39:33.0589 5540 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:39:33.0605 5540 Schedule - ok
18:39:33.0621 5540 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:39:33.0636 5540 SCPolicySvc - ok
18:39:33.0636 5540 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:39:33.0636 5540 SDRSVC - ok
18:39:33.0683 5540 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:39:33.0683 5540 SeaPort - ok
18:39:33.0714 5540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:39:33.0714 5540 secdrv - ok
18:39:33.0730 5540 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:39:33.0745 5540 seclogon - ok
18:39:33.0777 5540 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:39:33.0777 5540 SENS - ok
18:39:33.0792 5540 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:39:33.0808 5540 SensrSvc - ok
18:39:33.0823 5540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:39:33.0823 5540 Serenum - ok
18:39:33.0839 5540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:39:33.0855 5540 Serial - ok
18:39:33.0870 5540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:39:33.0870 5540 sermouse - ok
18:39:33.0901 5540 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:39:33.0901 5540 SessionEnv - ok
18:39:33.0917 5540 SessionLauncher - ok
18:39:33.0948 5540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:39:33.0948 5540 sffdisk - ok
18:39:33.0964 5540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:39:33.0964 5540 sffp_mmc - ok
18:39:33.0979 5540 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
18:39:33.0979 5540 sffp_sd - ok
18:39:34.0011 5540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:34.0011 5540 sfloppy - ok
18:39:34.0057 5540 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:39:34.0057 5540 SharedAccess - ok
18:39:34.0089 5540 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:39:34.0089 5540 ShellHWDetection - ok
18:39:34.0104 5540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:39:34.0104 5540 SiSRaid2 - ok
18:39:34.0120 5540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:39:34.0135 5540 SiSRaid4 - ok
18:39:34.0167 5540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:39:34.0167 5540 Smb - ok
18:39:34.0198 5540 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:39:34.0198 5540 SNMPTRAP - ok
18:39:34.0213 5540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:39:34.0213 5540 spldr - ok
18:39:34.0245 5540 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:39:34.0260 5540 Spooler - ok
18:39:34.0338 5540 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:39:34.0338 5540 sppsvc - ok
18:39:34.0369 5540 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:39:34.0369 5540 sppuinotify - ok
18:39:34.0416 5540 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
18:39:34.0416 5540 sprtsvc_DellComms - ok
18:39:34.0463 5540 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
18:39:34.0463 5540 sprtsvc_DellSupportCenter - ok
18:39:34.0525 5540 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
18:39:34.0541 5540 SRTSP - ok
18:39:34.0557 5540 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
18:39:34.0557 5540 SRTSPX - ok
18:39:34.0588 5540 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:39:34.0588 5540 srv - ok
18:39:34.0619 5540 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:39:34.0619 5540 srv2 - ok
18:39:34.0650 5540 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:34.0650 5540 srvnet - ok
18:39:34.0681 5540 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:39:34.0681 5540 SSDPSRV - ok
18:39:34.0697 5540 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:39:34.0697 5540 SstpSvc - ok
18:39:34.0728 5540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:39:34.0728 5540 stexstor - ok
18:39:34.0775 5540 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:39:34.0775 5540 stisvc - ok
18:39:34.0822 5540 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:39:34.0822 5540 stllssvr - ok
18:39:34.0853 5540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:39:34.0853 5540 swenum - ok
18:39:34.0869 5540 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:39:34.0884 5540 swprv - ok
18:39:34.0900 5540 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
18:39:34.0915 5540 SymDS - ok
18:39:34.0962 5540 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
18:39:34.0962 5540 SymEFA - ok
18:39:34.0993 5540 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:39:34.0993 5540 SymEvent - ok
18:39:35.0025 5540 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
18:39:35.0025 5540 SymIRON - ok
18:39:35.0056 5540 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
18:39:35.0056 5540 SYMTDIv - ok
18:39:35.0103 5540 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:39:35.0118 5540 SysMain - ok
18:39:35.0134 5540 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:39:35.0134 5540 TabletInputService - ok
18:39:35.0149 5540 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:39:35.0149 5540 TapiSrv - ok
18:39:35.0165 5540 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:39:35.0165 5540 TBS - ok
18:39:35.0227 5540 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:39:35.0243 5540 Tcpip - ok
18:39:35.0290 5540 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:35.0305 5540 TCPIP6 - ok
18:39:35.0337 5540 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:39:35.0337 5540 tcpipreg - ok
18:39:35.0352 5540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:39:35.0352 5540 TDPIPE - ok
18:39:35.0383 5540 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:39:35.0383 5540 TDTCP - ok
18:39:35.0399 5540 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:39:35.0399 5540 tdx - ok
18:39:35.0430 5540 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:39:35.0430 5540 TermDD - ok
18:39:35.0461 5540 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:39:35.0477 5540 TermService - ok
18:39:35.0493 5540 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:39:35.0493 5540 Themes - ok
18:39:35.0524 5540 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:39:35.0524 5540 THREADORDER - ok
18:39:35.0539 5540 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:39:35.0539 5540 TrkWks - ok
18:39:35.0586 5540 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:39:35.0586 5540 TrustedInstaller - ok
18:39:35.0602 5540 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:35.0617 5540 tssecsrv - ok
18:39:35.0633 5540 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:35.0649 5540 tunnel - ok
18:39:35.0664 5540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:39:35.0664 5540 uagp35 - ok
18:39:35.0680 5540 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:39:35.0695 5540 udfs - ok
18:39:35.0711 5540 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:39:35.0727 5540 UI0Detect - ok
18:39:35.0742 5540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:39:35.0742 5540 uliagpkx - ok
18:39:35.0758 5540 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:39:35.0773 5540 umbus - ok
18:39:35.0789 5540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:39:35.0789 5540 UmPass - ok
18:39:35.0820 5540 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:39:35.0820 5540 upnphost - ok
18:39:35.0867 5540 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:39:35.0867 5540 usbaudio - ok
18:39:35.0898 5540 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:35.0914 5540 usbccgp - ok
18:39:35.0929 5540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:39:35.0929 5540 usbcir - ok
18:39:35.0961 5540 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
18:39:35.0961 5540 usbehci - ok
18:39:35.0992 5540 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:35.0992 5540 usbhub - ok
18:39:36.0007 5540 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:39:36.0023 5540 usbohci - ok
18:39:36.0039 5540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:39:36.0039 5540 usbprint - ok
18:39:36.0070 5540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:39:36.0070 5540 usbscan - ok
18:39:36.0117 5540 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
18:39:36.0117 5540 USBSTOR - ok
18:39:36.0132 5540 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
18:39:36.0132 5540 usbuhci - ok
18:39:36.0163 5540 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
18:39:36.0163 5540 usbvideo - ok
18:39:36.0195 5540 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:39:36.0195 5540 UxSms - ok
18:39:36.0226 5540 V0500Dev (78b3efdc12d6e62736001b8249079dd8) C:\Windows\system32\DRIVERS\V0500Vid.sys
18:39:36.0241 5540 V0500Dev - ok
18:39:36.0257 5540 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:39:36.0257 5540 VaultSvc - ok
18:39:36.0288 5540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:39:36.0288 5540 vdrvroot - ok
18:39:36.0304 5540 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:39:36.0319 5540 vds - ok
18:39:36.0335 5540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:36.0335 5540 vga - ok
18:39:36.0351 5540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:39:36.0351 5540 VgaSave - ok
18:39:36.0366 5540 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:39:36.0366 5540 vhdmp - ok
18:39:36.0382 5540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:39:36.0382 5540 viaide - ok
18:39:36.0397 5540 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:39:36.0397 5540 volmgr - ok
18:39:36.0413 5540 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:39:36.0429 5540 volmgrx - ok
18:39:36.0444 5540 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:39:36.0444 5540 volsnap - ok
18:39:36.0460 5540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:39:36.0475 5540 vsmraid - ok
18:39:36.0507 5540 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:39:36.0522 5540 VSS - ok
18:39:36.0553 5540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:39:36.0553 5540 vwifibus - ok
18:39:36.0569 5540 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:39:36.0569 5540 vwififlt - ok
18:39:36.0600 5540 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:39:36.0600 5540 W32Time - ok
18:39:36.0616 5540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:39:36.0616 5540 WacomPen - ok
18:39:36.0647 5540 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:36.0647 5540 WANARP - ok
18:39:36.0647 5540 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:36.0647 5540 Wanarpv6 - ok
18:39:36.0725 5540 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:39:36.0725 5540 WatAdminSvc - ok
18:39:36.0772 5540 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:39:36.0787 5540 wbengine - ok
18:39:36.0803 5540 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:39:36.0803 5540 WbioSrvc - ok
18:39:36.0834 5540 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:39:36.0834 5540 wcncsvc - ok
18:39:36.0850 5540 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:39:36.0850 5540 WcsPlugInService - ok
18:39:36.0865 5540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:39:36.0865 5540 Wd - ok
18:39:36.0897 5540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:39:36.0897 5540 Wdf01000 - ok
18:39:36.0928 5540 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:39:36.0928 5540 WdiServiceHost - ok
18:39:36.0928 5540 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:39:36.0928 5540 WdiSystemHost - ok
18:39:36.0975 5540 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:39:36.0975 5540 WebClient - ok
18:39:36.0990 5540 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:39:36.0990 5540 Wecsvc - ok
18:39:37.0006 5540 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:39:37.0021 5540 wercplsupport - ok
18:39:37.0037 5540 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:39:37.0037 5540 WerSvc - ok
18:39:37.0053 5540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:37.0053 5540 WfpLwf - ok
18:39:37.0084 5540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:39:37.0084 5540 WIMMount - ok
18:39:37.0099 5540 WinDefend - ok
18:39:37.0099 5540 WinHttpAutoProxySvc - ok
18:39:37.0162 5540 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:39:37.0162 5540 Winmgmt - ok
18:39:37.0224 5540 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:39:37.0240 5540 WinRM - ok
18:39:37.0271 5540 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:39:37.0271 5540 Wlansvc - ok
18:39:37.0380 5540 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:39:37.0396 5540 wlidsvc - ok
18:39:37.0396 5540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:39:37.0396 5540 WmiAcpi - ok
18:39:37.0427 5540 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:39:37.0427 5540 wmiApSrv - ok
18:39:37.0443 5540 WMPNetworkSvc - ok
18:39:37.0474 5540 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:39:37.0474 5540 WPCSvc - ok
18:39:37.0505 5540 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:39:37.0505 5540 WPDBusEnum - ok
18:39:37.0521 5540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:37.0521 5540 ws2ifsl - ok
18:39:37.0567 5540 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:39:37.0567 5540 wscsvc - ok
18:39:37.0567 5540 WSearch - ok
18:39:37.0630 5540 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:39:37.0645 5540 wuauserv - ok
18:39:37.0661 5540 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:39:37.0661 5540 WudfPf - ok
18:39:37.0692 5540 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:37.0692 5540 WUDFRd - ok
18:39:37.0708 5540 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:39:37.0708 5540 wudfsvc - ok
18:39:37.0739 5540 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:39:37.0739 5540 WwanSvc - ok
18:39:37.0817 5540 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:39:37.0817 5540 YahooAUService - ok
18:39:37.0911 5540 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
18:39:37.0911 5540 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
18:39:37.0911 5540 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:39:38.0020 5540 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:39:38.0020 5540 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:39:38.0035 5540 Boot (0x1200) (a26cbc6651bc8d7fe92cf48fd85fea50) \Device\Harddisk0\DR0\Partition0
18:39:38.0035 5540 \Device\Harddisk0\DR0\Partition0 - ok
18:39:38.0051 5540 Boot (0x1200) (4d4014dd64287dea6372162158a497aa) \Device\Harddisk0\DR0\Partition1
18:39:38.0051 5540 \Device\Harddisk0\DR0\Partition1 - ok
18:39:38.0051 5540 ============================================================
18:39:38.0051 5540 Scan finished
18:39:38.0051 5540 ============================================================
18:39:38.0067 5532 Detected object count: 1
18:39:38.0067 5532 Actual detected object count: 1
18:39:41.0577 5532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:39:41.0577 5532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


From SUPERANtiSpyware -

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/04/2012 at 07:23 PM

Application Version : 5.0.1146

Core Rules Database Version : 8417
Trace Rules Database Version: 6229

Scan type : Complete Scan
Total Scan Time : 00:36:39

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 651
Memory threats detected : 0
Registry items scanned : 68662
Registry threats detected : 0
File items scanned : 65828
File threats detected : 82

Adware.Tracking Cookie
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@www.sexy.banzaj[1].txt [ /www.sexy.banzaj ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\J2EPWNWF.txt [ /imrworldwide.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\MMCRIUXA.txt [ /www.hrsaccount.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Z1Y1DHTO.txt [ /www.googleadservices.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\W5EMM3X8.txt [ /www.naked.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\V6H1Q687.txt [ /account.swtor.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\YJX3NZCZ.txt [ /naked.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\N2BDPWYS.txt [ /myaccounts.navyfcu.org ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\AQXOLYLC.txt [ /pointroll.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\P9U0HEQ6.txt [ /accounts.google.com ]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\SFK5AJJD.txt [ /adknowledge.com ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\E73HU7IA.txt [ Cookie:owner@redorbit.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\SR2PXIVR.txt [ Cookie:owner@adtrackrs.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\XB8PKPOI.txt [ Cookie:owner@ads.redorbit.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5JUNLXH6.txt [ Cookie:owner@www.hrsaccount.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.google[3].txt [ Cookie:owner@www.google.com/accounts ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UROFCV8C.txt [ Cookie:owner@viewablemedia.net/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1N25EZ.txt [ Cookie:owner@media6degrees.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\9MTJY889.txt [ Cookie:owner@stats.ilivid.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FIXA41H.txt [ Cookie:owner@www.naked.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\6W06Q9U5.txt [ Cookie:owner@account.swtor.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\B6Y84DPM.txt [ Cookie:owner@naked.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ZMRHM0Q.txt [ Cookie:owner@search.toseeking.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5PYOQ0AH.txt [ Cookie:owner@myaccounts.navyfcu.org/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOKNITDA.txt [ Cookie:owner@google.com/accounts/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5CIP3OIK.txt [ Cookie:owner@richmedia.yahoo.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OGX2OV6.txt [ Cookie:owner@mediaforceltd.go2jump.org/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZY3M7Q1.txt [ Cookie:owner@accounts.google.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\578KGCI1.txt [ Cookie:owner@www.mktrack.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\V1WMHKJR.txt [ Cookie:owner@gottracked.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0RR8P52.txt [ Cookie:owner@feed.validclick.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\K8UGNK3D.txt [ Cookie:owner@www.googleadservices.com/pagead/conversion/1069620967/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYH3NEM7.txt [ Cookie:owner@www.googleadservices.com/pagead/conversion/1012865781/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WLPX6PHG.txt [ Cookie:owner@secure.naked.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EQO3YOUU.txt [ Cookie:owner@www.googleadservices.com/pagead/conversion/1055387170/ ]
C:\USERS\OWNER\Cookies\owner@www.sexy.banzaj[1].txt [ Cookie:owner@www.sexy.banzaj.pl/ ]
C:\USERS\OWNER\Cookies\MMCRIUXA.txt [ Cookie:owner@www.hrsaccount.com/ ]
C:\USERS\OWNER\Cookies\Z1Y1DHTO.txt [ Cookie:owner@www.googleadservices.com/pagead/conversion/1069620967/ ]
C:\USERS\OWNER\Cookies\W5EMM3X8.txt [ Cookie:owner@www.naked.com/ ]
C:\USERS\OWNER\Cookies\V6H1Q687.txt [ Cookie:owner@account.swtor.com/ ]
C:\USERS\OWNER\Cookies\YJX3NZCZ.txt [ Cookie:owner@naked.com/ ]
C:\USERS\OWNER\Cookies\N2BDPWYS.txt [ Cookie:owner@myaccounts.navyfcu.org/ ]
C:\USERS\OWNER\Cookies\AQXOLYLC.txt [ Cookie:owner@pointroll.com/ ]
C:\USERS\OWNER\Cookies\P9U0HEQ6.txt [ Cookie:owner@accounts.google.com/ ]
C:\USERS\OWNER\Cookies\SFK5AJJD.txt [ Cookie:owner@adknowledge.com/ ]
ad.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
beta.naked.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
content.yieldmanager.edgesuite.net [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
core.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
media.mtvnservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
media.socialvibe.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
media1.break.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
objects.tremormedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
s0.2mdn.net [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
secure-us.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
us.media.blizzard.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
www.naked.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2KANDV8K ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHA6Q0F4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHA6Q0F4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHA6Q0F4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHA6Q0F4.DEFAULT\COOKIES.SQLITE ]
art.aim4media.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
cdn.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
cdn2.baronsmedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
click.searchnation.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
convoad.technoratimedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
crackle.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
demo.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
ds.serving-sys.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
media.mtvnservices.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
media1.break.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
media4.onsugar.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
mediabrix.hs.llnwd.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
msnbcmedia.msn.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
s0.2mdn.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
tag.mediashakers.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]
wdw1.wdpromedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G7PGWWSL ]

#4 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 06:36 PM

Also I am on a Router but i do not use any other computers on it.

#5 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 06:39 PM

Someone keeps trying to access my system through a file called CONhost and also through Microsoft Security Essentials executable file.

#6 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 06:41 PM

Also, my browser does not seem to be redirecting anymore, but i am still recieving notices of blocked access from my security programs.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 04 April 2012 - 06:52 PM

Hello. we still have work to do.

We will reset the router later and update several things after I am sure this is clean..

Right click on the TDSS icon and delete it and run this one...

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 07:15 PM

FixTDSS reported that there were no infections.

I will run the scan requested as soon as i can. It will be a few hours.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 04 April 2012 - 07:41 PM

No problem,that was a good thing.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 08:16 PM

Looks like ESET found the trojan. Ill have the report posted soon.

#11 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 09:06 PM

ESEt OnlineScan Results:

C:\Program Files (x86)\BrightBreeze\bin\1.0.9.0\BrightBreezeSAHook.dll probably a variant of Win32/Adware.180Solutions application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2012_18.29.50\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GTRKO7I\index[1].htm JS/Iframe.CV trojan cleaned by deleting - quarantined
C:\Windows\temp\jar_cache3539880782111192446.tmp Java/Exploit.CVE-2012-0507.F trojan deleted - quarantined
C:\Windows\temp\jar_cache7831333673678620201.tmp Java/Exploit.CVE-2012-0507.F trojan deleted - quarantined

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 04 April 2012 - 09:29 PM

So did ComboFix. How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 09:33 PM

No redirect. Havent had any blocked access from outside sources since the scan started. What is next?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 04 April 2012 - 09:48 PM

Do you still run the Norton's AV? Norton Security Suite (Version: 4.3.0.5)


Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
>>>>

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Nagato

Nagato
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 04 April 2012 - 10:04 PM

Ran TFC and updated Java along with uninstalling the older versions.

I am still running Norton. I only installed it after my computer started showing signs of a problem. Is there a better free AV program you could recommend?

Edited by Nagato, 04 April 2012 - 10:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users