Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

404 Nginx, Happili.com redirect, among other things


  • This topic is locked This topic is locked
15 replies to this topic

#1 Oh no!

Oh no!

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 06 April 2012 - 03:02 AM

So, this problem has probably started since End-January to Early-February. On Firefox and Chrome, I am constantly getting redirected to either the 404 nginx page or the happili.com page when I'm using the Google search engine, which makes it extremely difficult while I'm in school. Sometimes the google search engine doesn't work, and when it does it won't show results past page 1. When using Chrome, some images won't show. Every now and then it blue-screens, with 0x000000E or some other code I can't remember. I'll keep my comp from resetting next time it does that. Also, any sites I've previously logged in last session with the express purpose of staying logged in, logs me out and I have to log in all over again.

And when I log onto my account, which is an Administrator account, the screen stays black for a minute before pulling up the desktop. If I try to open programs quickly, it'll freeze and BSOD, which hasn't happened until recently.

I run Windows 7 Home Edition 64-bit. Norton 360 hasn't detected squat, and I don't want to Factory Restore my computer unless there's no more hope since it's my last trial run of Norton even if it is useless.

I've resetted all settings and such on Firefox and Google to recommended settings, checked for any unauthorized proxy servers that might've been redirecting me, looked for alien system files that could've been trojans and got tired and decided to download Malwarebytes.

Here's the log. I've scanned a few times afterwards and it's detected nothing. But it hasn't solved my problems.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Admin :: ADMIN-PC [administrator]

4/1/2012 11:23:01 PM
mbam-log-2012-04-01 (23-23-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 547532
Time elapsed: 2 hour(s), 9 minute(s), 57 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1772 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar (PUP.Zugo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe (PUP.Zugo) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\5FB2.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\5FD2.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
C:\Users\Admin\Desktop\Photoshop CS4 Portable!\photoshop\1000000600002i\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Admin\Downloads\Photoshop CS2 v9.0 + working KeyGen\Photoshop.CS2.KeyGen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

(end)


I've waited too long to do a system restore, and this is the only computer I have. Help is much appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 06 April 2012 - 09:35 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC

Now run malwarebytes ,remove infections,scan once again until you get a clean log

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 06 April 2012 - 09:35 AM.


#3 Oh no!

Oh no!
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 07 April 2012 - 07:59 AM

Thanks for responding to my dilemma! Here's the TDLFS log:

23:51:15.0272 3908 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
23:51:17.0277 3908 ============================================================
23:51:17.0277 3908 Current date / time: 2012/04/06 23:51:17.0277
23:51:17.0277 3908 SystemInfo:
23:51:17.0277 3908
23:51:17.0277 3908 OS Version: 6.1.7601 ServicePack: 1.0
23:51:17.0277 3908 Product type: Workstation
23:51:17.0278 3908 ComputerName: ADMIN-PC
23:51:17.0278 3908 UserName: Admin
23:51:17.0278 3908 Windows directory: C:\Windows
23:51:17.0278 3908 System windows directory: C:\Windows
23:51:17.0278 3908 Running under WOW64
23:51:17.0278 3908 Processor architecture: Intel x64
23:51:17.0278 3908 Number of processors: 2
23:51:17.0278 3908 Page size: 0x1000
23:51:17.0278 3908 Boot type: Normal boot
23:51:17.0278 3908 ============================================================
23:51:17.0859 3908 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:51:17.0874 3908 \Device\Harddisk0\DR0:
23:51:17.0874 3908 MBR used
23:51:17.0874 3908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x180F000
23:51:17.0874 3908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1823000, BlocksNum 0x55D22800
23:51:17.0905 3908 Initialize success
23:51:17.0905 3908 ============================================================
23:56:56.0336 6584 ============================================================
23:56:56.0336 6584 Scan started
23:56:56.0336 6584 Mode: Manual; TDLFS;
23:56:56.0336 6584 ============================================================
23:56:56.0719 6584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:56:56.0753 6584 1394ohci - ok
23:56:56.0779 6584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:56:56.0782 6584 ACPI - ok
23:56:56.0821 6584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:56:56.0823 6584 AcpiPmi - ok
23:56:56.0904 6584 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:56:56.0909 6584 Adobe LM Service - ok
23:56:56.0996 6584 AdobeActiveFileMonitor8.0 (765fe0463e711e5a68ac7b69538ed922) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
23:56:57.0000 6584 AdobeActiveFileMonitor8.0 - ok
23:56:57.0091 6584 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:56:57.0095 6584 AdobeFlashPlayerUpdateSvc - ok
23:56:57.0132 6584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:56:57.0154 6584 adp94xx - ok
23:56:57.0188 6584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:56:57.0194 6584 adpahci - ok
23:56:57.0213 6584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:56:57.0216 6584 adpu320 - ok
23:56:57.0236 6584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:56:57.0237 6584 AeLookupSvc - ok
23:56:57.0302 6584 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:56:57.0319 6584 AFD - ok
23:56:57.0349 6584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:56:57.0352 6584 agp440 - ok
23:56:57.0369 6584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:56:57.0371 6584 ALG - ok
23:56:57.0393 6584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:56:57.0395 6584 aliide - ok
23:56:57.0403 6584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:56:57.0424 6584 amdide - ok
23:56:57.0452 6584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:56:57.0454 6584 AmdK8 - ok
23:56:57.0476 6584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:56:57.0478 6584 AmdPPM - ok
23:56:57.0495 6584 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:56:57.0513 6584 amdsata - ok
23:56:57.0525 6584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:56:57.0529 6584 amdsbs - ok
23:56:57.0557 6584 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:56:57.0558 6584 amdxata - ok
23:56:57.0600 6584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:56:57.0602 6584 AppID - ok
23:56:57.0621 6584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:56:57.0624 6584 AppIDSvc - ok
23:56:57.0662 6584 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:56:57.0663 6584 Appinfo - ok
23:56:57.0716 6584 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:56:57.0717 6584 Apple Mobile Device - ok
23:56:57.0738 6584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:56:57.0741 6584 arc - ok
23:56:57.0753 6584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:56:57.0757 6584 arcsas - ok
23:56:57.0863 6584 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:56:57.0902 6584 aspnet_state - ok
23:56:57.0936 6584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:56:57.0939 6584 AsyncMac - ok
23:56:57.0972 6584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:56:57.0974 6584 atapi - ok
23:56:58.0026 6584 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:56:58.0032 6584 AudioEndpointBuilder - ok
23:56:58.0043 6584 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:56:58.0047 6584 AudioSrv - ok
23:56:58.0085 6584 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:56:58.0089 6584 AxInstSV - ok
23:56:58.0117 6584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:56:58.0123 6584 b06bdrv - ok
23:56:58.0151 6584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:56:58.0155 6584 b57nd60a - ok
23:56:58.0200 6584 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:56:58.0218 6584 BBSvc - ok
23:56:58.0265 6584 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:56:58.0268 6584 BBUpdate - ok
23:56:58.0286 6584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:56:58.0306 6584 BDESVC - ok
23:56:58.0348 6584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:56:58.0362 6584 Beep - ok
23:56:58.0436 6584 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:56:58.0444 6584 BFE - ok
23:56:58.0668 6584 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
23:56:58.0681 6584 BHDrvx64 - ok
23:56:58.0712 6584 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:56:58.0745 6584 BITS - ok
23:56:58.0778 6584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:56:58.0779 6584 blbdrive - ok
23:56:58.0850 6584 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:56:58.0855 6584 Bonjour Service - ok
23:56:58.0892 6584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:56:58.0908 6584 bowser - ok
23:56:58.0935 6584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:56:58.0938 6584 BrFiltLo - ok
23:56:58.0951 6584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:56:58.0953 6584 BrFiltUp - ok
23:56:58.0997 6584 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:56:58.0998 6584 Browser - ok
23:56:59.0021 6584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:56:59.0024 6584 Brserid - ok
23:56:59.0048 6584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:56:59.0050 6584 BrSerWdm - ok
23:56:59.0062 6584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:56:59.0064 6584 BrUsbMdm - ok
23:56:59.0073 6584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:56:59.0075 6584 BrUsbSer - ok
23:56:59.0097 6584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:56:59.0099 6584 BTHMODEM - ok
23:56:59.0112 6584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:56:59.0129 6584 bthserv - ok
23:56:59.0160 6584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:56:59.0163 6584 cdfs - ok
23:56:59.0208 6584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:56:59.0223 6584 cdrom - ok
23:56:59.0244 6584 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:56:59.0246 6584 CertPropSvc - ok
23:56:59.0263 6584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:56:59.0265 6584 circlass - ok
23:56:59.0289 6584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:56:59.0293 6584 CLFS - ok
23:56:59.0344 6584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:56:59.0346 6584 clr_optimization_v2.0.50727_32 - ok
23:56:59.0375 6584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:56:59.0377 6584 clr_optimization_v2.0.50727_64 - ok
23:56:59.0448 6584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:56:59.0544 6584 clr_optimization_v4.0.30319_32 - ok
23:56:59.0581 6584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:56:59.0587 6584 clr_optimization_v4.0.30319_64 - ok
23:56:59.0610 6584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:56:59.0612 6584 CmBatt - ok
23:56:59.0626 6584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:56:59.0628 6584 cmdide - ok
23:56:59.0682 6584 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:56:59.0706 6584 CNG - ok
23:56:59.0729 6584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:56:59.0731 6584 Compbatt - ok
23:56:59.0780 6584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:56:59.0782 6584 CompositeBus - ok
23:56:59.0790 6584 COMSysApp - ok
23:56:59.0810 6584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:56:59.0828 6584 crcdisk - ok
23:56:59.0898 6584 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:56:59.0901 6584 CryptSvc - ok
23:56:59.0984 6584 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:56:59.0994 6584 cvhsvc - ok
23:57:00.0050 6584 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:57:00.0058 6584 DcomLaunch - ok
23:57:00.0089 6584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:57:00.0092 6584 defragsvc - ok
23:57:00.0135 6584 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
23:57:00.0137 6584 Desura Install Service - ok
23:57:00.0175 6584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:57:00.0177 6584 DfsC - ok
23:57:00.0237 6584 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:57:00.0240 6584 Dhcp - ok
23:57:00.0259 6584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:57:00.0261 6584 discache - ok
23:57:00.0286 6584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:57:00.0288 6584 Disk - ok
23:57:00.0334 6584 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:57:00.0337 6584 Dnscache - ok
23:57:00.0398 6584 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
23:57:00.0400 6584 DockLoginService - ok
23:57:00.0441 6584 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:57:00.0445 6584 dot3svc - ok
23:57:00.0489 6584 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:57:00.0492 6584 DPS - ok
23:57:00.0519 6584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:57:00.0520 6584 drmkaud - ok
23:57:00.0579 6584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:57:00.0593 6584 DXGKrnl - ok
23:57:00.0615 6584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:57:00.0618 6584 EapHost - ok
23:57:00.0680 6584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:57:00.0772 6584 ebdrv - ok
23:57:00.0859 6584 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:57:00.0868 6584 eeCtrl - ok
23:57:00.0919 6584 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:57:00.0921 6584 EFS - ok
23:57:00.0967 6584 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:57:00.0975 6584 ehRecvr - ok
23:57:01.0011 6584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:57:01.0033 6584 ehSched - ok
23:57:01.0065 6584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:57:01.0073 6584 elxstor - ok
23:57:01.0129 6584 EraserUtilDrv11122 (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
23:57:01.0132 6584 EraserUtilDrv11122 - ok
23:57:01.0188 6584 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:57:01.0204 6584 EraserUtilRebootDrv - ok
23:57:01.0237 6584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:57:01.0240 6584 ErrDev - ok
23:57:01.0265 6584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:57:01.0270 6584 EventSystem - ok
23:57:01.0303 6584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:57:01.0308 6584 exfat - ok
23:57:01.0331 6584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:57:01.0334 6584 fastfat - ok
23:57:01.0384 6584 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:57:01.0391 6584 Fax - ok
23:57:01.0422 6584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:57:01.0424 6584 fdc - ok
23:57:01.0442 6584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:57:01.0444 6584 fdPHost - ok
23:57:01.0468 6584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:57:01.0469 6584 FDResPub - ok
23:57:01.0495 6584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:57:01.0498 6584 FileInfo - ok
23:57:01.0508 6584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:57:01.0510 6584 Filetrace - ok
23:57:01.0564 6584 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:57:01.0590 6584 FLEXnet Licensing Service - ok
23:57:01.0619 6584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:57:01.0622 6584 flpydisk - ok
23:57:01.0664 6584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:57:01.0669 6584 FltMgr - ok
23:57:01.0737 6584 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:57:01.0756 6584 FontCache - ok
23:57:01.0848 6584 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:57:01.0852 6584 FontCache3.0.0.0 - ok
23:57:01.0872 6584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:57:01.0874 6584 FsDepends - ok
23:57:01.0888 6584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:57:01.0889 6584 Fs_Rec - ok
23:57:01.0925 6584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:57:01.0931 6584 fvevol - ok
23:57:01.0942 6584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:57:01.0960 6584 gagp30kx - ok
23:57:02.0019 6584 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:57:02.0032 6584 GEARAspiWDM - ok
23:57:02.0081 6584 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
23:57:02.0084 6584 GoToAssist - ok
23:57:02.0140 6584 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:57:02.0151 6584 gpsvc - ok
23:57:02.0171 6584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:57:02.0174 6584 hcw85cir - ok
23:57:02.0237 6584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:57:02.0240 6584 HDAudBus - ok
23:57:02.0262 6584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:57:02.0266 6584 HidBatt - ok
23:57:02.0278 6584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:57:02.0282 6584 HidBth - ok
23:57:02.0294 6584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:57:02.0299 6584 HidIr - ok
23:57:02.0340 6584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:57:02.0342 6584 hidserv - ok
23:57:02.0366 6584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:57:02.0368 6584 HidUsb - ok
23:57:02.0410 6584 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:57:02.0413 6584 hkmsvc - ok
23:57:02.0432 6584 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:57:02.0435 6584 HomeGroupListener - ok
23:57:02.0453 6584 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:57:02.0456 6584 HomeGroupProvider - ok
23:57:02.0471 6584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:57:02.0473 6584 HpSAMD - ok
23:57:02.0524 6584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:57:02.0531 6584 HTTP - ok
23:57:02.0593 6584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:57:02.0595 6584 hwpolicy - ok
23:57:02.0614 6584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:57:02.0617 6584 i8042prt - ok
23:57:02.0652 6584 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
23:57:02.0655 6584 iaStor - ok
23:57:02.0695 6584 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:57:02.0699 6584 IAStorDataMgrSvc - ok
23:57:02.0723 6584 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:57:02.0731 6584 iaStorV - ok
23:57:02.0797 6584 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:57:02.0807 6584 idsvc - ok
23:57:03.0019 6584 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120406.002\IDSvia64.sys
23:57:03.0025 6584 IDSVia64 - ok
23:57:03.0255 6584 igfx (4eaa4261e1ad4b860657cada790b9b38) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:57:03.0478 6584 igfx - ok
23:57:03.0541 6584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:57:03.0563 6584 iirsp - ok
23:57:03.0616 6584 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:57:03.0625 6584 IKEEXT - ok
23:57:03.0701 6584 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
23:57:03.0735 6584 IntcAzAudAddService - ok
23:57:03.0777 6584 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
23:57:03.0780 6584 IntcHdmiAddService - ok
23:57:03.0827 6584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:57:03.0829 6584 intelide - ok
23:57:03.0853 6584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:57:03.0854 6584 intelppm - ok
23:57:03.0885 6584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:57:03.0889 6584 IPBusEnum - ok
23:57:03.0913 6584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:57:03.0915 6584 IpFilterDriver - ok
23:57:03.0957 6584 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:57:03.0963 6584 iphlpsvc - ok
23:57:04.0008 6584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:57:04.0010 6584 IPMIDRV - ok
23:57:04.0027 6584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:57:04.0030 6584 IPNAT - ok
23:57:04.0119 6584 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
23:57:04.0131 6584 iPod Service - ok
23:57:04.0160 6584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:57:04.0163 6584 IRENUM - ok
23:57:04.0178 6584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:57:04.0180 6584 isapnp - ok
23:57:04.0223 6584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:57:04.0228 6584 iScsiPrt - ok
23:57:04.0258 6584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:57:04.0260 6584 kbdclass - ok
23:57:04.0308 6584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:57:04.0310 6584 kbdhid - ok
23:57:04.0361 6584 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:57:04.0362 6584 KeyIso - ok
23:57:04.0376 6584 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:57:04.0378 6584 KSecDD - ok
23:57:04.0394 6584 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:57:04.0397 6584 KSecPkg - ok
23:57:04.0408 6584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:57:04.0429 6584 ksthunk - ok
23:57:04.0455 6584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:57:04.0467 6584 KtmRm - ok
23:57:04.0503 6584 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:57:04.0507 6584 LanmanServer - ok
23:57:04.0525 6584 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:57:04.0528 6584 LanmanWorkstation - ok
23:57:04.0560 6584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:57:04.0561 6584 lltdio - ok
23:57:04.0586 6584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:57:04.0591 6584 lltdsvc - ok
23:57:04.0614 6584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:57:04.0616 6584 lmhosts - ok
23:57:04.0651 6584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:57:04.0653 6584 LSI_FC - ok
23:57:04.0668 6584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:57:04.0670 6584 LSI_SAS - ok
23:57:04.0680 6584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:57:04.0682 6584 LSI_SAS2 - ok
23:57:04.0700 6584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:57:04.0702 6584 LSI_SCSI - ok
23:57:04.0716 6584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:57:04.0718 6584 luafv - ok
23:57:04.0759 6584 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:57:04.0766 6584 Mcx2Svc - ok
23:57:04.0776 6584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:57:04.0779 6584 megasas - ok
23:57:04.0803 6584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:57:04.0807 6584 MegaSR - ok
23:57:04.0825 6584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:57:04.0827 6584 MMCSS - ok
23:57:04.0838 6584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:57:04.0841 6584 Modem - ok
23:57:04.0858 6584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:57:04.0859 6584 monitor - ok
23:57:04.0880 6584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:57:04.0882 6584 mouclass - ok
23:57:04.0911 6584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:57:04.0913 6584 mouhid - ok
23:57:04.0954 6584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:57:04.0955 6584 mountmgr - ok
23:57:04.0994 6584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:57:05.0013 6584 mpio - ok
23:57:05.0046 6584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:57:05.0048 6584 mpsdrv - ok
23:57:05.0099 6584 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:57:05.0110 6584 MpsSvc - ok
23:57:05.0125 6584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:57:05.0129 6584 MRxDAV - ok
23:57:05.0175 6584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:57:05.0197 6584 mrxsmb - ok
23:57:05.0238 6584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:57:05.0254 6584 mrxsmb10 - ok
23:57:05.0278 6584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:57:05.0299 6584 mrxsmb20 - ok
23:57:05.0342 6584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:57:05.0344 6584 msahci - ok
23:57:05.0394 6584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:57:05.0397 6584 msdsm - ok
23:57:05.0418 6584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:57:05.0422 6584 MSDTC - ok
23:57:05.0459 6584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:57:05.0461 6584 Msfs - ok
23:57:05.0487 6584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:57:05.0489 6584 mshidkmdf - ok
23:57:05.0507 6584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:57:05.0508 6584 msisadrv - ok
23:57:05.0526 6584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:57:05.0551 6584 MSiSCSI - ok
23:57:05.0560 6584 msiserver - ok
23:57:05.0603 6584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:57:05.0604 6584 MSKSSRV - ok
23:57:05.0635 6584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:57:05.0637 6584 MSPCLOCK - ok
23:57:05.0648 6584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:57:05.0650 6584 MSPQM - ok
23:57:05.0704 6584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:57:05.0709 6584 MsRPC - ok
23:57:05.0739 6584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:57:05.0741 6584 mssmbios - ok
23:57:05.0750 6584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:57:05.0752 6584 MSTEE - ok
23:57:05.0770 6584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:57:05.0773 6584 MTConfig - ok
23:57:05.0793 6584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:57:05.0795 6584 Mup - ok
23:57:05.0883 6584 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
23:57:05.0886 6584 N360 - ok
23:57:05.0934 6584 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:57:05.0945 6584 napagent - ok
23:57:05.0976 6584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:57:05.0998 6584 NativeWifiP - ok
23:57:06.0166 6584 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120406.020\ENG64.SYS
23:57:06.0168 6584 NAVENG - ok
23:57:06.0251 6584 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120406.020\EX64.SYS
23:57:06.0289 6584 NAVEX15 - ok
23:57:06.0346 6584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:57:06.0356 6584 NDIS - ok
23:57:06.0390 6584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:57:06.0393 6584 NdisCap - ok
23:57:06.0423 6584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:57:06.0440 6584 NdisTapi - ok
23:57:06.0498 6584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:57:06.0501 6584 Ndisuio - ok
23:57:06.0551 6584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:57:06.0555 6584 NdisWan - ok
23:57:06.0602 6584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:57:06.0620 6584 NDProxy - ok
23:57:06.0646 6584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:57:06.0648 6584 NetBIOS - ok
23:57:06.0669 6584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:57:06.0673 6584 NetBT - ok
23:57:06.0710 6584 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:57:06.0712 6584 Netlogon - ok
23:57:06.0742 6584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:57:06.0746 6584 Netman - ok
23:57:06.0830 6584 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:06.0859 6584 NetMsmqActivator - ok
23:57:06.0865 6584 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:06.0866 6584 NetPipeActivator - ok
23:57:06.0901 6584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:57:06.0907 6584 netprofm - ok
23:57:06.0916 6584 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:06.0918 6584 NetTcpActivator - ok
23:57:06.0926 6584 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:06.0928 6584 NetTcpPortSharing - ok
23:57:06.0947 6584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:57:06.0951 6584 nfrd960 - ok
23:57:06.0984 6584 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:57:06.0989 6584 NlaSvc - ok
23:57:07.0003 6584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:57:07.0005 6584 Npfs - ok
23:57:07.0022 6584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:57:07.0024 6584 nsi - ok
23:57:07.0041 6584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:57:07.0043 6584 nsiproxy - ok
23:57:07.0113 6584 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:57:07.0169 6584 Ntfs - ok
23:57:07.0187 6584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:57:07.0188 6584 Null - ok
23:57:07.0230 6584 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:57:07.0234 6584 nvraid - ok
23:57:07.0285 6584 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:57:07.0289 6584 nvstor - ok
23:57:07.0319 6584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:57:07.0322 6584 nv_agp - ok
23:57:07.0411 6584 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:57:07.0416 6584 odserv - ok
23:57:07.0461 6584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:57:07.0463 6584 ohci1394 - ok
23:57:07.0505 6584 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:57:07.0507 6584 ose - ok
23:57:07.0644 6584 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:57:07.0758 6584 osppsvc - ok
23:57:07.0806 6584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:57:07.0812 6584 p2pimsvc - ok
23:57:07.0839 6584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:57:07.0848 6584 p2psvc - ok
23:57:07.0860 6584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:57:07.0863 6584 Parport - ok
23:57:07.0908 6584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:57:07.0910 6584 partmgr - ok
23:57:07.0926 6584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:57:07.0937 6584 PcaSvc - ok
23:57:07.0956 6584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:57:07.0959 6584 pci - ok
23:57:07.0975 6584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:57:07.0977 6584 pciide - ok
23:57:08.0000 6584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:57:08.0005 6584 pcmcia - ok
23:57:08.0021 6584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:57:08.0023 6584 pcw - ok
23:57:08.0047 6584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:57:08.0055 6584 PEAUTH - ok
23:57:08.0103 6584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:57:08.0106 6584 PerfHost - ok
23:57:08.0154 6584 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:57:08.0171 6584 pla - ok
23:57:08.0222 6584 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:57:08.0228 6584 PlugPlay - ok
23:57:08.0245 6584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:57:08.0248 6584 PNRPAutoReg - ok
23:57:08.0262 6584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:57:08.0265 6584 PNRPsvc - ok
23:57:08.0309 6584 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:57:08.0315 6584 PolicyAgent - ok
23:57:08.0377 6584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:57:08.0380 6584 Power - ok
23:57:08.0441 6584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:57:08.0443 6584 PptpMiniport - ok
23:57:08.0453 6584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:57:08.0455 6584 Processor - ok
23:57:08.0485 6584 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:57:08.0488 6584 ProfSvc - ok
23:57:08.0527 6584 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:57:08.0528 6584 ProtectedStorage - ok
23:57:08.0570 6584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:57:08.0572 6584 Psched - ok
23:57:08.0642 6584 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
23:57:08.0646 6584 PSI_SVC_2 - ok
23:57:08.0689 6584 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:57:08.0708 6584 PxHlpa64 - ok
23:57:08.0757 6584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:57:08.0773 6584 ql2300 - ok
23:57:08.0805 6584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:57:08.0820 6584 ql40xx - ok
23:57:08.0864 6584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:57:08.0870 6584 QWAVE - ok
23:57:08.0905 6584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:57:08.0914 6584 QWAVEdrv - ok
23:57:08.0934 6584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:57:08.0936 6584 RasAcd - ok
23:57:08.0968 6584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:57:08.0971 6584 RasAgileVpn - ok
23:57:08.0990 6584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:57:08.0993 6584 RasAuto - ok
23:57:09.0013 6584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:57:09.0015 6584 Rasl2tp - ok
23:57:09.0045 6584 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:57:09.0068 6584 RasMan - ok
23:57:09.0092 6584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:57:09.0094 6584 RasPppoe - ok
23:57:09.0127 6584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:57:09.0129 6584 RasSstp - ok
23:57:09.0150 6584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:57:09.0155 6584 rdbss - ok
23:57:09.0166 6584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:57:09.0169 6584 rdpbus - ok
23:57:09.0187 6584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:57:09.0188 6584 RDPCDD - ok
23:57:09.0212 6584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:57:09.0213 6584 RDPENCDD - ok
23:57:09.0236 6584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:57:09.0237 6584 RDPREFMP - ok
23:57:09.0281 6584 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:57:09.0319 6584 RDPWD - ok
23:57:09.0366 6584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:57:09.0369 6584 rdyboost - ok
23:57:09.0397 6584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:57:09.0400 6584 RemoteAccess - ok
23:57:09.0422 6584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:57:09.0439 6584 RemoteRegistry - ok
23:57:09.0469 6584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:57:09.0472 6584 RpcEptMapper - ok
23:57:09.0496 6584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:57:09.0500 6584 RpcLocator - ok
23:57:09.0549 6584 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:57:09.0554 6584 RpcSs - ok
23:57:09.0575 6584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:57:09.0590 6584 rspndr - ok
23:57:09.0651 6584 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:57:09.0655 6584 RTL8167 - ok
23:57:09.0700 6584 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys
23:57:09.0707 6584 RTL8192su - ok
23:57:09.0743 6584 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:57:09.0745 6584 SamSs - ok
23:57:09.0789 6584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:57:09.0792 6584 sbp2port - ok
23:57:09.0812 6584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:57:09.0818 6584 SCardSvr - ok
23:57:09.0858 6584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:57:09.0881 6584 scfilter - ok
23:57:09.0932 6584 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:57:09.0945 6584 Schedule - ok
23:57:09.0984 6584 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:57:09.0986 6584 SCPolicySvc - ok
23:57:10.0023 6584 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:57:10.0027 6584 SDRSVC - ok
23:57:10.0049 6584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:57:10.0051 6584 secdrv - ok
23:57:10.0091 6584 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:57:10.0094 6584 seclogon - ok
23:57:10.0132 6584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:57:10.0136 6584 SENS - ok
23:57:10.0158 6584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:57:10.0160 6584 SensrSvc - ok
23:57:10.0182 6584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:57:10.0184 6584 Serenum - ok
23:57:10.0216 6584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:57:10.0219 6584 Serial - ok
23:57:10.0241 6584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:57:10.0255 6584 sermouse - ok
23:57:10.0300 6584 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:57:10.0304 6584 SessionEnv - ok
23:57:10.0350 6584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:57:10.0352 6584 sffdisk - ok
23:57:10.0366 6584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:57:10.0370 6584 sffp_mmc - ok
23:57:10.0383 6584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:57:10.0385 6584 sffp_sd - ok
23:57:10.0420 6584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:57:10.0422 6584 sfloppy - ok
23:57:10.0484 6584 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:57:10.0492 6584 Sftfs - ok
23:57:10.0588 6584 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:57:10.0593 6584 sftlist - ok
23:57:10.0614 6584 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:57:10.0617 6584 Sftplay - ok
23:57:10.0643 6584 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:57:10.0643 6584 Sftredir - ok
23:57:10.0680 6584 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:57:10.0687 6584 SftService - ok
23:57:10.0730 6584 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:57:10.0731 6584 Sftvol - ok
23:57:10.0747 6584 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:57:10.0750 6584 sftvsa - ok
23:57:10.0782 6584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:57:10.0788 6584 SharedAccess - ok
23:57:10.0831 6584 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:57:10.0836 6584 ShellHWDetection - ok
23:57:10.0863 6584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:57:10.0865 6584 SiSRaid2 - ok
23:57:10.0880 6584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:57:10.0894 6584 SiSRaid4 - ok
23:57:10.0906 6584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:57:10.0910 6584 Smb - ok
23:57:10.0952 6584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:57:10.0967 6584 SNMPTRAP - ok
23:57:11.0006 6584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:57:11.0008 6584 spldr - ok
23:57:11.0036 6584 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:57:11.0043 6584 Spooler - ok
23:57:11.0143 6584 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:57:11.0210 6584 sppsvc - ok
23:57:11.0231 6584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:57:11.0247 6584 sppuinotify - ok
23:57:11.0287 6584 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
23:57:11.0289 6584 sprtsvc_DellComms - ok
23:57:11.0398 6584 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
23:57:11.0419 6584 SRTSP - ok
23:57:11.0457 6584 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
23:57:11.0460 6584 SRTSPX - ok
23:57:11.0508 6584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:57:11.0513 6584 srv - ok
23:57:11.0538 6584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:57:11.0544 6584 srv2 - ok
23:57:11.0561 6584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:57:11.0580 6584 srvnet - ok
23:57:11.0605 6584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:57:11.0609 6584 SSDPSRV - ok
23:57:11.0622 6584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:57:11.0625 6584 SstpSvc - ok
23:57:11.0652 6584 Steam Client Service - ok
23:57:11.0674 6584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:57:11.0678 6584 stexstor - ok
23:57:11.0720 6584 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
23:57:11.0721 6584 StillCam - ok
23:57:11.0744 6584 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:57:11.0763 6584 stisvc - ok
23:57:11.0808 6584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:57:11.0811 6584 swenum - ok
23:57:11.0835 6584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:57:11.0842 6584 swprv - ok
23:57:11.0866 6584 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
23:57:11.0874 6584 SymDS - ok
23:57:11.0921 6584 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
23:57:11.0932 6584 SymEFA - ok
23:57:11.0981 6584 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:57:11.0984 6584 SymEvent - ok
23:57:12.0031 6584 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
23:57:12.0034 6584 SymIRON - ok
23:57:12.0062 6584 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
23:57:12.0067 6584 SymNetS - ok
23:57:12.0131 6584 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:57:12.0157 6584 SysMain - ok
23:57:12.0181 6584 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:57:12.0184 6584 TabletInputService - ok
23:57:12.0298 6584 TabletServiceWacom (c0255d8e3abe790694927624603f8f10) C:\Windows\system32\Wacom_Tablet.exe
23:57:12.0403 6584 TabletServiceWacom - ok
23:57:12.0440 6584 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:57:12.0457 6584 TapiSrv - ok
23:57:12.0494 6584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:57:12.0497 6584 TBS - ok
23:57:12.0562 6584 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:57:12.0603 6584 Tcpip - ok
23:57:12.0650 6584 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:57:12.0661 6584 TCPIP6 - ok
23:57:12.0705 6584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:57:12.0707 6584 tcpipreg - ok
23:57:12.0740 6584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:57:12.0743 6584 TDPIPE - ok
23:57:12.0784 6584 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:57:12.0798 6584 TDTCP - ok
23:57:12.0843 6584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:57:12.0845 6584 tdx - ok
23:57:12.0896 6584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:57:12.0898 6584 TermDD - ok
23:57:12.0933 6584 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:57:12.0944 6584 TermService - ok
23:57:12.0972 6584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:57:12.0974 6584 Themes - ok
23:57:13.0009 6584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:57:13.0012 6584 THREADORDER - ok
23:57:13.0067 6584 Toolbar Updater Service (222d07b010af51888098da869bd9c173) C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
23:57:13.0071 6584 Toolbar Updater Service - ok
23:57:13.0091 6584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:57:13.0095 6584 TrkWks - ok
23:57:13.0123 6584 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:57:13.0128 6584 TrustedInstaller - ok
23:57:13.0181 6584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:57:13.0183 6584 tssecsrv - ok
23:57:13.0221 6584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:57:13.0223 6584 TsUsbFlt - ok
23:57:13.0293 6584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:57:13.0295 6584 tunnel - ok
23:57:13.0312 6584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:57:13.0328 6584 uagp35 - ok
23:57:13.0365 6584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:57:13.0370 6584 udfs - ok
23:57:13.0408 6584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:57:13.0412 6584 UI0Detect - ok
23:57:13.0439 6584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:57:13.0443 6584 uliagpkx - ok
23:57:13.0504 6584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:57:13.0505 6584 umbus - ok
23:57:13.0529 6584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:57:13.0531 6584 UmPass - ok
23:57:13.0556 6584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:57:13.0562 6584 upnphost - ok
23:57:13.0612 6584 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
23:57:13.0626 6584 USBAAPL64 - ok
23:57:13.0660 6584 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:57:13.0662 6584 usbccgp - ok
23:57:13.0695 6584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:57:13.0700 6584 usbcir - ok
23:57:13.0732 6584 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:57:13.0733 6584 usbehci - ok
23:57:13.0752 6584 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:57:13.0757 6584 usbhub - ok
23:57:13.0774 6584 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:57:13.0776 6584 usbohci - ok
23:57:13.0797 6584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:57:13.0814 6584 usbprint - ok
23:57:13.0862 6584 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:57:13.0864 6584 usbscan - ok
23:57:13.0879 6584 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:57:13.0881 6584 USBSTOR - ok
23:57:13.0901 6584 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:57:13.0903 6584 usbuhci - ok
23:57:13.0920 6584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:57:13.0923 6584 UxSms - ok
23:57:13.0977 6584 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:57:13.0979 6584 VaultSvc - ok
23:57:13.0998 6584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:57:14.0000 6584 vdrvroot - ok
23:57:14.0025 6584 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:57:14.0031 6584 vds - ok
23:57:14.0060 6584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:57:14.0062 6584 vga - ok
23:57:14.0077 6584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:57:14.0078 6584 VgaSave - ok
23:57:14.0100 6584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:57:14.0103 6584 vhdmp - ok
23:57:14.0129 6584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:57:14.0131 6584 viaide - ok
23:57:14.0144 6584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:57:14.0147 6584 volmgr - ok
23:57:14.0169 6584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:57:14.0191 6584 volmgrx - ok
23:57:14.0205 6584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:57:14.0210 6584 volsnap - ok
23:57:14.0247 6584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:57:14.0250 6584 vsmraid - ok
23:57:14.0317 6584 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:57:14.0353 6584 VSS - ok
23:57:14.0376 6584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:57:14.0377 6584 vwifibus - ok
23:57:14.0400 6584 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:57:14.0402 6584 vwififlt - ok
23:57:14.0425 6584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:57:14.0432 6584 W32Time - ok
23:57:14.0463 6584 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
23:57:14.0465 6584 wacmoumonitor - ok
23:57:14.0492 6584 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:57:14.0493 6584 wacommousefilter - ok
23:57:14.0503 6584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:57:14.0521 6584 WacomPen - ok
23:57:14.0555 6584 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
23:57:14.0557 6584 wacomvhid - ok
23:57:14.0587 6584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:57:14.0589 6584 WANARP - ok
23:57:14.0595 6584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:57:14.0596 6584 Wanarpv6 - ok
23:57:14.0669 6584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:57:14.0697 6584 WatAdminSvc - ok
23:57:14.0753 6584 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:57:14.0779 6584 wbengine - ok
23:57:14.0805 6584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:57:14.0811 6584 WbioSrvc - ok
23:57:14.0842 6584 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:57:14.0848 6584 wcncsvc - ok
23:57:14.0871 6584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:57:14.0874 6584 WcsPlugInService - ok
23:57:14.0896 6584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:57:14.0899 6584 Wd - ok
23:57:14.0924 6584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:57:14.0931 6584 Wdf01000 - ok
23:57:14.0952 6584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:57:14.0955 6584 WdiServiceHost - ok
23:57:14.0961 6584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:57:14.0964 6584 WdiSystemHost - ok
23:57:15.0006 6584 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:57:15.0012 6584 WebClient - ok
23:57:15.0040 6584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:57:15.0045 6584 Wecsvc - ok
23:57:15.0069 6584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:57:15.0073 6584 wercplsupport - ok
23:57:15.0098 6584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:57:15.0101 6584 WerSvc - ok
23:57:15.0123 6584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:57:15.0124 6584 WfpLwf - ok
23:57:15.0162 6584 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
23:57:15.0166 6584 WimFltr - ok
23:57:15.0184 6584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:57:15.0186 6584 WIMMount - ok
23:57:15.0199 6584 WinDefend - ok
23:57:15.0214 6584 WinHttpAutoProxySvc - ok
23:57:15.0262 6584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:57:15.0265 6584 Winmgmt - ok
23:57:15.0331 6584 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:57:15.0371 6584 WinRM - ok
23:57:15.0421 6584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:57:15.0431 6584 Wlansvc - ok
23:57:15.0470 6584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:57:15.0472 6584 WmiAcpi - ok
23:57:15.0497 6584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:57:15.0500 6584 wmiApSrv - ok
23:57:15.0520 6584 WMPNetworkSvc - ok
23:57:15.0538 6584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:57:15.0542 6584 WPCSvc - ok
23:57:15.0566 6584 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:57:15.0568 6584 WPDBusEnum - ok
23:57:15.0590 6584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:57:15.0592 6584 ws2ifsl - ok
23:57:15.0614 6584 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:57:15.0618 6584 wscsvc - ok
23:57:15.0627 6584 WSearch - ok
23:57:15.0716 6584 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:57:15.0754 6584 wuauserv - ok
23:57:15.0797 6584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:57:15.0799 6584 WudfPf - ok
23:57:15.0833 6584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:57:15.0835 6584 WUDFRd - ok
23:57:15.0855 6584 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:57:15.0858 6584 wudfsvc - ok
23:57:15.0893 6584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:57:15.0914 6584 WwanSvc - ok
23:57:16.0036 6584 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:57:16.0043 6584 YahooAUService - ok
23:57:16.0069 6584 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0
23:57:16.0100 6584 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:57:16.0100 6584 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:57:16.0125 6584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:57:16.0125 6584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:57:16.0160 6584 Boot (0x1200) (2106932fb4917bfd2befa70d04dc08e6) \Device\Harddisk0\DR0\Partition0
23:57:16.0161 6584 \Device\Harddisk0\DR0\Partition0 - ok
23:57:16.0185 6584 Boot (0x1200) (c858ae14d8c2fbf2c198054e0e227390) \Device\Harddisk0\DR0\Partition1
23:57:16.0187 6584 \Device\Harddisk0\DR0\Partition1 - ok
23:57:16.0187 6584 ============================================================
23:57:16.0187 6584 Scan finished
23:57:16.0187 6584 ============================================================
23:57:16.0205 6588 Detected object count: 2
23:57:16.0205 6588 Actual detected object count: 2
23:58:06.0326 6588 \Device\Harddisk0\DR0\# - copied to quarantine
23:58:06.0326 6588 \Device\Harddisk0\DR0 - copied to quarantine
23:58:06.0361 6588 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:58:06.0363 6588 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:58:06.0367 6588 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:58:06.0371 6588 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:58:06.0382 6588 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:58:06.0391 6588 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:58:06.0394 6588 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:58:06.0395 6588 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:58:06.0397 6588 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:58:06.0400 6588 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:58:06.0403 6588 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:58:06.0405 6588 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:58:06.0406 6588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:58:06.0407 6588 \Device\Harddisk0\DR0 - ok
23:58:06.0519 6588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:58:06.0519 6588 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:58:06.0520 6588 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:02:57.0502 2920 Deinitialize success


Ran Malwarebytes with full scan, turned up squat.

Here's the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 03:30:13
-----------------------------
03:30:13.205 OS Version: Windows x64 6.1.7601 Service Pack 1
03:30:13.205 Number of processors: 2 586 0x170A
03:30:13.206 ComputerName: ADMIN-PC UserName: Admin
03:30:14.939 Initialize success
03:52:05.468 AVAST engine defs: 12040700
03:54:46.689 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:54:46.691 Disk 0 Vendor: WDC_WD75 05.0 Size: 715404MB BusType: 3
03:54:46.708 Disk 0 MBR read successfully
03:54:46.710 Disk 0 MBR scan
03:54:46.717 Disk 0 Windows VISTA default MBR code
03:54:46.723 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
03:54:46.741 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12318 MB offset 81920
03:54:46.758 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703045 MB offset 25309184
03:54:46.781 Disk 0 scanning C:\Windows\system32\drivers
03:54:57.733 Service scanning
03:55:17.631 Modules scanning
03:55:17.648 Disk 0 trace - called modules:
03:55:17.673 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
03:55:17.680 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800616a060]
03:55:17.684 3 CLASSPNP.SYS[fffff88001bc143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c51050]
03:55:19.295 AVAST engine scan C:\Windows
03:55:22.242 AVAST engine scan C:\Windows\system32
04:00:27.178 AVAST engine scan C:\Windows\system32\drivers
04:01:21.153 AVAST engine scan C:\Users\Admin
05:03:17.360 AVAST engine scan C:\ProgramData
05:07:19.179 Scan finished successfully
05:50:22.623 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Documents\MBR.dat"
05:50:22.631 The log file has been saved successfully to "C:\Users\Admin\Documents\aswMBR.txt"


Pictures still won't show, but it seems like the redirecting crap is gone though I haven't messed with Google enough to know. The page results now let me past the first page though, that I can say for sure. I've also been logged out of all websites with saved sessions again, such as yahoo. The black screen seems to be gone, but I've only logged onto the admin account once and I can't say for sure until the second time. I'll go to bed and check again later.

Edited by Oh no!, 07 April 2012 - 08:01 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 07 April 2012 - 08:10 AM

Run malwarebytes,remove this

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

and post the clean log alone

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Oh no!

Oh no!
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 April 2012 - 07:59 AM

Here's the mbam log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Admin :: ADMIN-PC [administrator]

4/7/2012 8:40:07 PM
mbam-log-2012-04-07 (20-40-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221176
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here's the log from ESET Online Scanner:

C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Users\Admin\AppData\Local\Temp\NOD669F.tmp a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Users\Admin\Desktop\Downloads\cnet2_DTLite4451-0236_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined


And here's the log from toolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Admin (administrator) on 08-04-2012 at 05:50:40
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Belkin Basic Wireless USB Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Admin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Belkin Basic Wireless USB Adapter
Physical Address. . . . . . . . . : 94-44-52-76-00-17
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::60a1:1fdd:c968:8493%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.35(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 07, 2012 8:35:02 PM
Lease Expires . . . . . . . . . . : Saturday, April 14, 2012 8:35:08 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 429147218
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-47-8D-BE-B8-AC-6F-D8-CC-4D
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-D8-CC-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9AABC447-EE9E-4C4B-B3C9-BADCB1D9115E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:389c:67d:b8ac:6278(Preferred)
Link-local IPv6 Address . . . . . : fe80::389c:67d:b8ac:6278%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AA0DAC81-B250-4575-BD52-4A80FE20F3BE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
1.1.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.131
74.125.224.132
74.125.224.133
74.125.224.134
74.125.224.135
74.125.224.136
74.125.224.137
74.125.224.142
74.125.224.128
74.125.224.129
74.125.224.130


Pinging google.com [74.125.224.130] with 32 bytes of data:
Reply from 74.125.224.130: bytes=32 time=106ms TTL=49
Reply from 74.125.224.130: bytes=32 time=44ms TTL=49

Ping statistics for 74.125.224.130:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 106ms, Average = 75ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=105ms TTL=46
Reply from 72.30.38.140: bytes=32 time=133ms TTL=46

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 105ms, Maximum = 133ms, Average = 119ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...94 44 52 76 00 17 ......Belkin Basic Wireless USB Adapter
10...b8 ac 6f d8 cc 4d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.35 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.35 281
192.168.1.35 255.255.255.255 On-link 192.168.1.35 281
192.168.1.255 255.255.255.255 On-link 192.168.1.35 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.35 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.35 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:389c:67d:b8ac:6278/128
On-link
12 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::389c:67d:b8ac:6278/128
On-link
12 281 fe80::60a1:1fdd:c968:8493/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/07/2012 08:54:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/07/2012 08:53:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/07/2012 08:53:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/05/2012 04:34:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: RPG_RT.exe, version: 1.0.8.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
Exception code: 0x0eedfade
Fault offset: 0x0000b9bc
Faulting process id: 0x1b8
Faulting application start time: 0xRPG_RT.exe0
Faulting application path: RPG_RT.exe1
Faulting module path: RPG_RT.exe2
Report Id: RPG_RT.exe3

Error: (04/05/2012 04:34:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: RPG_RT.exe, version: 1.0.8.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
Exception code: 0x0eedfade
Fault offset: 0x0000b9bc
Faulting process id: 0xce0
Faulting application start time: 0xRPG_RT.exe0
Faulting application path: RPG_RT.exe1
Faulting module path: RPG_RT.exe2
Report Id: RPG_RT.exe3

Error: (04/05/2012 02:33:07 AM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3fc

Start Time: 01cd130c664c01d8

Termination Time: 40

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 21b54aa8-7f02-11e1-a62c-b8ac6fd8cc4d

Error: (04/05/2012 02:13:36 AM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1608

Start Time: 01cd1309a7d5c674

Termination Time: 19

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 9574bb09-7eff-11e1-a62c-b8ac6fd8cc4d

Error: (04/03/2012 07:14:03 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 1.0.1065.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 798

Start Time: 01cd11edab5ad8c6

Termination Time: 16

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: d6c35a59-7dfb-11e1-a96f-b8ac6fd8cc4d

Error: (04/02/2012 11:37:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: realplay.exe, version: 15.0.2.72, time stamp: 0x4f274889
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00038dc9
Faulting process id: 0x19b0
Faulting application start time: 0xrealplay.exe0
Faulting application path: realplay.exe1
Faulting module path: realplay.exe2
Report Id: realplay.exe3

Error: (04/02/2012 04:08:52 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
ErrorCode: 14007(0x36b7).


System errors:
=============
Error: (04/07/2012 08:38:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (04/07/2012 08:34:00 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/07/2012 05:05:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/07/2012 00:04:15 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/07/2012 00:04:15 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/06/2012 06:45:30 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/06/2012 05:44:07 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/06/2012 05:44:07 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/06/2012 00:35:41 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff800030b0045, 0x0000000000000000, 0xffffffffffffffff)C:\Windows\MEMORY.DMP040612-18907-01

Error: (04/06/2012 00:21:31 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{9AABC447-EE9E-4C4B-B3C9-BADCB1D9115E}.
The backup browser is stopping.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.228)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop CS5 (Version: CS5)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Reader 9.4.2 (Version: 9.4.2)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Amnesia: The Dark Descent
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
Assassin's Creed
Autodesk SketchBookExpress 2010 R1 (Version: 4.12.0001)
Belkin F7D1101 Basic Wireless USB Adapter (Version: 1.0.0.4)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 2.0.4.0)
Color Efex Pro 3.0 Wacom Edition 6 (Version: 3.106)
Corel Painter Sketch Pad
Corel SketchPad - ICA (Version: 1.0)
Dell Communications (Support Software) (Version: 1.0.09094)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.48)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Desura (Version: 100.53)
Desura: DLC Quest (Version: Full)
Desura: Lair of the Evildoer (Version: Full)
Drawn: The Painted Tower
EPSON Scan
ESET Online Scanner v3
Garry's Mod
Google Chrome (Version: 18.0.1025.151)
GoToAssist 8.0.0.514
Half-Life 2
Hard Reset
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.0.334.0)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2)
HP Officejet 6500 E710n-z Product Improvement Study (Version: 22.0.334.0)
HP Update (Version: 5.002.005.003)
I.R.I.S. OCR (Version: 12.3.4)
IconHandler 32 bit (Version: 1.0)
IconHandler 64 bit (Version: 1.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2555)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
IPM (Version: 01)
IrfanView (remove only) (Version: 4.28)
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 31 (Version: 6.0.310)
Jolly Rover
Junk Mail filter update (Version: 14.0.8089.726)
Left 4 Dead 2
LIMBO
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
Norton 360 (Version: 5.2.1.3)
Painter Sketch Pad (Version: 1.0)
Portal
Portal 2
Post Mortem
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5963)
RealUpgrade 1.1 (Version: 1.1.0)
Recettear: An Item Shop's Tale
Registration (Version: 01)
Roxio Burn (Version: 1.01)
Sequence
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Steam (Version: 1.0.0.0)
SWF & FLV Player 3.0 (build 3.0.33.5106) (Version: 3.0.33.5106)
System Requirements Lab for Intel (Version: 4.5.3.0)
Team Fortress 2
Team Fortress Classic
The Binding Of Isaac
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vertex Dispenser
Wacom Tablet
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yume Nikki 0.10 English

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 6108.98 MB
Available physical RAM: 1980.82 MB
Total Pagefile: 12216.16 MB
Available Pagefile: 7462.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.68 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:686.57 GB) (Free:376.19 GB) NTFS

========================= Users: ========================================

User accounts for \\ADMIN-PC

883945 Admin Administrator
Guest


**** End of log ****


The blackscreen is gone to be sure. I'll try to see how everything else is later, time to sleep.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 08 April 2012 - 08:38 AM

That looks clean,let me know if you have still face issues before we wrap up :thumbup2:

#7 Oh no!

Oh no!
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 09 April 2012 - 05:21 AM

Well, it seems as though nginx redirect is still about. Although I clicked around on google, it doesn't seem to redirect the links so that's a relief. However, images are still refusing to show up. I right-clicked the link that should've been an image and went to "view image", then it took me to the nginx 404 page.

Also, my log on sessions on every website keep getting reset, even if I check the box "keep me signed in." All this stuff is affecting both Firefox and Chrome.

Edited by Oh no!, 09 April 2012 - 05:23 AM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 09 April 2012 - 09:04 AM

Press Windows +R key and copy this line

notepad C:\Windows\System32\drivers\etc\hosts

Click ok

Copy the contents of the notepad and paste it here

good luck

Edited by narenxp, 09 April 2012 - 09:04 AM.


#9 Oh no!

Oh no!
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 09 April 2012 - 09:19 AM

Here:

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 09 April 2012 - 09:25 AM

I would suggest you to reinstall the browsers and see if issue persists

good luck

#11 Oh no!

Oh no!
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 10 April 2012 - 11:02 AM

I reinstalled both browsers, images still 403'd and got signed out again. (Correcting my previous statement that images went to nginx 403 forbidden, not 404)

Edited by Oh no!, 10 April 2012 - 11:06 AM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 11 April 2012 - 04:25 AM

Is the 403 error specific to a site ?

#13 Oh no!

Oh no!
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 11 April 2012 - 08:47 AM

Yeah, sites like mangafox.com and mangareader.com. Would that also be connected to getting signed out of any website?

Edited by Oh no!, 11 April 2012 - 08:48 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 11 April 2012 - 08:50 AM

We need to have a deeper look

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#15 Oh no!

Oh no!
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 11 April 2012 - 09:02 AM

Alright, thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users