Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser pop-ups and redirects


  • Please log in to reply
13 replies to this topic

#1 BoringK

BoringK

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 16 April 2012 - 10:26 PM

I've got some kind of malware I can't get rid of that causes pop-ups in my browser and occasionally redirects when I click on a link. This happens in both Firefox and Chrome. The pop-ups sometimes resemble this:

Posted Image

Other times it'll be a smaller, non-iPhone-looking box; when you click the "X" it just minimizes into a smaller box that says "Recommended for You". They don't show up on certain websites including Google, Facebook and Twitter. Eventually, I'll click on some link and my browser will get redirected to a different site, and after that the pop-ups will stop appearing until the next time I close my laptop and reopen it, or restart it. I've had a couple of other, nastier malware infections (Internet Security and SmartHDD) appear since this started happening; I managed to kill those but it seems like this is what's allowing them to get in. I've run MBAM, SuperAntiSpyware, Ad-Aware, Spybot, TDSSKiller and RKill and nothing seems to be able to find this thing. TDSSKiller turns up a few things when I click both of the Additional Options boxes, but they seem to be legit files and not threats, although I could be wrong. I've run HijackThis as well, but I'm not really sure what to do with the results; it gives me a message about not being able to write to the Hosts file, and that's something I'm afraid to mess with without guidance. I'm running Windows 7 on an ASUS G60V laptop.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 AM

Posted 16 April 2012 - 10:28 PM

This may possibly be a hosts hijack but lets make sure PC is clean

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 quatin

quatin

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 16 April 2012 - 11:13 PM

I have the exact same pop-ups. It's definitely a host hijack. I have found a temporary fix for the pop-ups in the thread I made for my case.

http://www.bleepingcomputer.com/forums/topic450331.html

Also, this user has the same malware we have:

http://www.bleepingcomputer.com/forums/topic449943.html

Edited by quatin, 16 April 2012 - 11:16 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 AM

Posted 16 April 2012 - 11:17 PM

@quatin

Your hosts file is still hijacked..We can remove the entries without hijack this.You can create a new topic to avoid confusion

thanks

#5 BoringK

BoringK
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 17 April 2012 - 02:20 AM

Alright, here are the logs. GMER and aswMBR both seemed to turn up a few things.

22:33:08.0558 5308 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:33:08.0974 5308 ============================================================
22:33:08.0974 5308 Current date / time: 2012/04/16 22:33:08.0974
22:33:08.0974 5308 SystemInfo:
22:33:08.0974 5308
22:33:08.0974 5308 OS Version: 6.1.7600 ServicePack: 0.0
22:33:08.0974 5308 Product type: Workstation
22:33:08.0974 5308 ComputerName: KEITH-PC
22:33:08.0974 5308 UserName: Keith
22:33:08.0974 5308 Windows directory: C:\Windows
22:33:08.0974 5308 System windows directory: C:\Windows
22:33:08.0974 5308 Running under WOW64
22:33:08.0974 5308 Processor architecture: Intel x64
22:33:08.0974 5308 Number of processors: 2
22:33:08.0974 5308 Page size: 0x1000
22:33:08.0974 5308 Boot type: Normal boot
22:33:08.0974 5308 ============================================================
22:33:09.0464 5308 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:33:09.0470 5308 \Device\Harddisk0\DR0:
22:33:09.0470 5308 MBR used
22:33:09.0470 5308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B000, BlocksNum 0x236E32B0
22:33:09.0505 5308 Initialize success
22:33:09.0505 5308 ============================================================
22:33:18.0536 2948 ============================================================
22:33:18.0537 2948 Scan started
22:33:18.0537 2948 Mode: Manual; TDLFS;
22:33:18.0537 2948 ============================================================
22:33:19.0047 2948 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:33:19.0050 2948 !SASCORE - ok
22:33:19.0206 2948 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:33:19.0210 2948 1394ohci - ok
22:33:19.0251 2948 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:33:19.0257 2948 ACPI - ok
22:33:19.0299 2948 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:33:19.0300 2948 AcpiPmi - ok
22:33:19.0349 2948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:33:19.0355 2948 adp94xx - ok
22:33:19.0412 2948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:33:19.0415 2948 adpahci - ok
22:33:19.0459 2948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:33:19.0460 2948 adpu320 - ok
22:33:19.0543 2948 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
22:33:19.0548 2948 ADSMService - ok
22:33:19.0590 2948 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:33:19.0591 2948 AeLookupSvc - ok
22:33:19.0644 2948 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
22:33:19.0654 2948 AFBAgent - ok
22:33:19.0736 2948 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:33:19.0743 2948 AFD - ok
22:33:19.0786 2948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:33:19.0788 2948 agp440 - ok
22:33:19.0831 2948 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:33:19.0832 2948 ALG - ok
22:33:19.0883 2948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:33:19.0884 2948 aliide - ok
22:33:19.0930 2948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:33:19.0932 2948 amdide - ok
22:33:19.0985 2948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:33:19.0986 2948 AmdK8 - ok
22:33:20.0029 2948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:33:20.0031 2948 AmdPPM - ok
22:33:20.0084 2948 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:33:20.0086 2948 amdsata - ok
22:33:20.0132 2948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:33:20.0134 2948 amdsbs - ok
22:33:20.0172 2948 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:33:20.0173 2948 amdxata - ok
22:33:20.0231 2948 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:33:20.0232 2948 AppID - ok
22:33:20.0281 2948 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:33:20.0282 2948 AppIDSvc - ok
22:33:20.0312 2948 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:33:20.0313 2948 Appinfo - ok
22:33:20.0392 2948 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:33:20.0393 2948 Apple Mobile Device - ok
22:33:20.0416 2948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:33:20.0417 2948 arc - ok
22:33:20.0440 2948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:33:20.0441 2948 arcsas - ok
22:33:20.0473 2948 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
22:33:20.0474 2948 AsDsm - ok
22:33:20.0519 2948 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
22:33:20.0520 2948 ASLDRService - ok
22:33:20.0582 2948 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
22:33:20.0583 2948 ASMMAP64 - ok
22:33:20.0696 2948 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:33:20.0698 2948 aspnet_state - ok
22:33:20.0735 2948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:33:20.0737 2948 AsyncMac - ok
22:33:20.0767 2948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:33:20.0769 2948 atapi - ok
22:33:20.0833 2948 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
22:33:20.0843 2948 athr - ok
22:33:20.0874 2948 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
22:33:20.0875 2948 ATKGFNEXSrv - ok
22:33:20.0927 2948 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:33:20.0931 2948 AudioEndpointBuilder - ok
22:33:20.0952 2948 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:33:20.0957 2948 AudioSrv - ok
22:33:21.0011 2948 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:33:21.0012 2948 AxInstSV - ok
22:33:21.0045 2948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:33:21.0048 2948 b06bdrv - ok
22:33:21.0086 2948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:33:21.0088 2948 b57nd60a - ok
22:33:21.0187 2948 BBSvc (b98c4efad723f9e18cbf68aa2b63d225) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:33:21.0191 2948 BBSvc - ok
22:33:21.0223 2948 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:33:21.0225 2948 BDESVC - ok
22:33:21.0255 2948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:33:21.0256 2948 Beep - ok
22:33:21.0309 2948 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:33:21.0314 2948 BFE - ok
22:33:21.0357 2948 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
22:33:21.0367 2948 BITS - ok
22:33:21.0399 2948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:33:21.0400 2948 blbdrive - ok
22:33:21.0510 2948 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:33:21.0517 2948 Bonjour Service - ok
22:33:21.0569 2948 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:33:21.0571 2948 bowser - ok
22:33:21.0620 2948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:33:21.0621 2948 BrFiltLo - ok
22:33:21.0658 2948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:33:21.0659 2948 BrFiltUp - ok
22:33:21.0713 2948 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:33:21.0717 2948 Browser - ok
22:33:21.0752 2948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:33:21.0755 2948 Brserid - ok
22:33:21.0789 2948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:33:21.0790 2948 BrSerWdm - ok
22:33:21.0823 2948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:33:21.0823 2948 BrUsbMdm - ok
22:33:21.0851 2948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:33:21.0852 2948 BrUsbSer - ok
22:33:21.0893 2948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:33:21.0895 2948 BTHMODEM - ok
22:33:21.0927 2948 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:33:21.0929 2948 bthserv - ok
22:33:21.0959 2948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:33:21.0960 2948 cdfs - ok
22:33:21.0992 2948 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:33:21.0993 2948 cdrom - ok
22:33:22.0033 2948 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:33:22.0035 2948 CertPropSvc - ok
22:33:22.0058 2948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:33:22.0060 2948 circlass - ok
22:33:22.0084 2948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:33:22.0088 2948 CLFS - ok
22:33:22.0129 2948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:22.0131 2948 clr_optimization_v2.0.50727_32 - ok
22:33:22.0168 2948 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:33:22.0170 2948 clr_optimization_v2.0.50727_64 - ok
22:33:22.0248 2948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:33:22.0252 2948 clr_optimization_v4.0.30319_32 - ok
22:33:22.0333 2948 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:33:22.0337 2948 clr_optimization_v4.0.30319_64 - ok
22:33:22.0399 2948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:33:22.0400 2948 CmBatt - ok
22:33:22.0433 2948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:33:22.0434 2948 cmdide - ok
22:33:22.0500 2948 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
22:33:22.0506 2948 CNG - ok
22:33:22.0529 2948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:33:22.0530 2948 Compbatt - ok
22:33:22.0554 2948 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:33:22.0554 2948 CompositeBus - ok
22:33:22.0572 2948 COMSysApp - ok
22:33:22.0594 2948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:33:22.0595 2948 crcdisk - ok
22:33:22.0633 2948 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:33:22.0634 2948 Creative ALchemy AL6 Licensing Service - ok
22:33:22.0651 2948 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:33:22.0653 2948 Creative Audio Engine Licensing Service - ok
22:33:22.0687 2948 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
22:33:22.0689 2948 CryptSvc - ok
22:33:22.0729 2948 dc3d (db0459afd124ce5ccb649e33f95d715f) C:\Windows\system32\DRIVERS\dc3d.sys
22:33:22.0730 2948 dc3d - ok
22:33:22.0770 2948 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:33:22.0778 2948 DcomLaunch - ok
22:33:22.0813 2948 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:33:22.0817 2948 defragsvc - ok
22:33:22.0886 2948 Desura Install Service (2c301b28cc8cb8317890fc6edb7500e1) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
22:33:22.0889 2948 Desura Install Service - ok
22:33:22.0944 2948 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:33:22.0946 2948 DfsC - ok
22:33:22.0974 2948 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:33:22.0978 2948 Dhcp - ok
22:33:23.0010 2948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:33:23.0011 2948 discache - ok
22:33:23.0053 2948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:33:23.0054 2948 Disk - ok
22:33:23.0083 2948 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:33:23.0086 2948 Dnscache - ok
22:33:23.0124 2948 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:33:23.0127 2948 dot3svc - ok
22:33:23.0148 2948 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:33:23.0151 2948 DPS - ok
22:33:23.0187 2948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:33:23.0188 2948 drmkaud - ok
22:33:23.0231 2948 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:33:23.0239 2948 DXGKrnl - ok
22:33:23.0275 2948 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:33:23.0277 2948 EapHost - ok
22:33:23.0384 2948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:33:23.0409 2948 ebdrv - ok
22:33:23.0475 2948 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:33:23.0481 2948 EFS - ok
22:33:23.0548 2948 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:33:23.0554 2948 ehRecvr - ok
22:33:23.0582 2948 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:33:23.0583 2948 ehSched - ok
22:33:23.0633 2948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:33:23.0637 2948 elxstor - ok
22:33:23.0658 2948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:33:23.0659 2948 ErrDev - ok
22:33:23.0717 2948 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:33:23.0721 2948 EventSystem - ok
22:33:23.0757 2948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:33:23.0759 2948 exfat - ok
22:33:23.0788 2948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:33:23.0790 2948 fastfat - ok
22:33:23.0844 2948 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:33:23.0851 2948 Fax - ok
22:33:23.0882 2948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:33:23.0883 2948 fdc - ok
22:33:23.0907 2948 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:33:23.0910 2948 fdPHost - ok
22:33:23.0926 2948 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:33:23.0928 2948 FDResPub - ok
22:33:23.0950 2948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:33:23.0951 2948 FileInfo - ok
22:33:23.0968 2948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:33:23.0969 2948 Filetrace - ok
22:33:23.0996 2948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:33:23.0998 2948 flpydisk - ok
22:33:24.0024 2948 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:33:24.0027 2948 FltMgr - ok
22:33:24.0072 2948 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
22:33:24.0082 2948 FontCache - ok
22:33:24.0123 2948 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:33:24.0124 2948 FontCache3.0.0.0 - ok
22:33:24.0162 2948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:33:24.0163 2948 FsDepends - ok
22:33:24.0223 2948 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
22:33:24.0225 2948 fssfltr - ok
22:33:24.0293 2948 fsssvc (f6717211c1ec2cddaa81b97b0727c2e9) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:33:24.0303 2948 fsssvc - ok
22:33:24.0370 2948 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:33:24.0371 2948 Fs_Rec - ok
22:33:24.0416 2948 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:33:24.0418 2948 fvevol - ok
22:33:24.0457 2948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:33:24.0458 2948 gagp30kx - ok
22:33:24.0522 2948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:33:24.0524 2948 GEARAspiWDM - ok
22:33:24.0595 2948 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:33:24.0602 2948 gpsvc - ok
22:33:24.0637 2948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:33:24.0638 2948 hcw85cir - ok
22:33:24.0688 2948 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:33:24.0691 2948 HdAudAddService - ok
22:33:24.0734 2948 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:33:24.0736 2948 HDAudBus - ok
22:33:24.0773 2948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:33:24.0774 2948 HidBatt - ok
22:33:24.0811 2948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:33:24.0812 2948 HidBth - ok
22:33:24.0859 2948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:33:24.0861 2948 HidIr - ok
22:33:24.0895 2948 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:33:24.0898 2948 hidserv - ok
22:33:24.0967 2948 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:33:24.0969 2948 HidUsb - ok
22:33:25.0006 2948 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:33:25.0013 2948 hkmsvc - ok
22:33:25.0047 2948 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:33:25.0053 2948 HomeGroupListener - ok
22:33:25.0095 2948 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:33:25.0101 2948 HomeGroupProvider - ok
22:33:25.0123 2948 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:33:25.0125 2948 HpSAMD - ok
22:33:25.0159 2948 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:33:25.0164 2948 HTTP - ok
22:33:25.0197 2948 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:33:25.0198 2948 hwpolicy - ok
22:33:25.0231 2948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:33:25.0232 2948 i8042prt - ok
22:33:25.0255 2948 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
22:33:25.0258 2948 iaStor - ok
22:33:25.0298 2948 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:33:25.0302 2948 iaStorV - ok
22:33:25.0349 2948 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:33:25.0356 2948 idsvc - ok
22:33:25.0401 2948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:33:25.0403 2948 iirsp - ok
22:33:25.0454 2948 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:33:25.0462 2948 IKEEXT - ok
22:33:25.0556 2948 IntcAzAudAddService (a9638fa0fb0c5b86229c3fd809ce8cff) C:\Windows\system32\drivers\RTKVHD64.sys
22:33:25.0573 2948 IntcAzAudAddService - ok
22:33:25.0617 2948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:33:25.0618 2948 intelide - ok
22:33:25.0652 2948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:33:25.0655 2948 intelppm - ok
22:33:25.0674 2948 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:33:25.0678 2948 IPBusEnum - ok
22:33:25.0701 2948 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:33:25.0702 2948 IpFilterDriver - ok
22:33:25.0734 2948 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:33:25.0741 2948 iphlpsvc - ok
22:33:25.0806 2948 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:33:25.0808 2948 IPMIDRV - ok
22:33:25.0875 2948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:33:25.0878 2948 IPNAT - ok
22:33:25.0967 2948 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:33:25.0981 2948 iPod Service - ok
22:33:26.0015 2948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:33:26.0016 2948 IRENUM - ok
22:33:26.0038 2948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:33:26.0039 2948 isapnp - ok
22:33:26.0064 2948 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:33:26.0066 2948 iScsiPrt - ok
22:33:26.0109 2948 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
22:33:26.0110 2948 itecir - ok
22:33:26.0133 2948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:33:26.0134 2948 kbdclass - ok
22:33:26.0153 2948 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:33:26.0153 2948 kbdhid - ok
22:33:26.0200 2948 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
22:33:26.0201 2948 kbfiltr - ok
22:33:26.0247 2948 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:33:26.0253 2948 KeyIso - ok
22:33:26.0316 2948 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
22:33:26.0318 2948 KSecDD - ok
22:33:26.0349 2948 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
22:33:26.0351 2948 KSecPkg - ok
22:33:26.0369 2948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:33:26.0370 2948 ksthunk - ok
22:33:26.0407 2948 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:33:26.0413 2948 KtmRm - ok
22:33:26.0457 2948 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
22:33:26.0464 2948 LanmanServer - ok
22:33:26.0486 2948 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:33:26.0492 2948 LanmanWorkstation - ok
22:33:26.0537 2948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:33:26.0538 2948 lltdio - ok
22:33:26.0576 2948 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:33:26.0582 2948 lltdsvc - ok
22:33:26.0602 2948 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:33:26.0606 2948 lmhosts - ok
22:33:26.0658 2948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:33:26.0659 2948 LSI_FC - ok
22:33:26.0682 2948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:33:26.0683 2948 LSI_SAS - ok
22:33:26.0706 2948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:33:26.0707 2948 LSI_SAS2 - ok
22:33:26.0729 2948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:33:26.0730 2948 LSI_SCSI - ok
22:33:26.0763 2948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:33:26.0764 2948 luafv - ok
22:33:26.0807 2948 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
22:33:26.0810 2948 mcdbus - ok
22:33:26.0837 2948 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:33:26.0841 2948 Mcx2Svc - ok
22:33:26.0860 2948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:33:26.0861 2948 megasas - ok
22:33:26.0892 2948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:33:26.0895 2948 MegaSR - ok
22:33:26.0933 2948 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:33:26.0937 2948 MMCSS - ok
22:33:26.0959 2948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:33:26.0961 2948 Modem - ok
22:33:26.0999 2948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:33:27.0001 2948 monitor - ok
22:33:27.0031 2948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:33:27.0032 2948 mouclass - ok
22:33:27.0063 2948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:33:27.0064 2948 mouhid - ok
22:33:27.0099 2948 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:33:27.0101 2948 mountmgr - ok
22:33:27.0129 2948 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:33:27.0131 2948 mpio - ok
22:33:27.0156 2948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:33:27.0157 2948 mpsdrv - ok
22:33:27.0199 2948 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:33:27.0208 2948 MpsSvc - ok
22:33:27.0262 2948 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:33:27.0264 2948 MRxDAV - ok
22:33:27.0307 2948 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:33:27.0311 2948 mrxsmb - ok
22:33:27.0364 2948 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:33:27.0367 2948 mrxsmb10 - ok
22:33:27.0389 2948 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:33:27.0391 2948 mrxsmb20 - ok
22:33:27.0408 2948 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:33:27.0409 2948 msahci - ok
22:33:27.0432 2948 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:33:27.0435 2948 msdsm - ok
22:33:27.0462 2948 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:33:27.0467 2948 MSDTC - ok
22:33:27.0489 2948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:33:27.0490 2948 Msfs - ok
22:33:27.0508 2948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:33:27.0509 2948 mshidkmdf - ok
22:33:27.0521 2948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:33:27.0522 2948 msisadrv - ok
22:33:27.0571 2948 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:33:27.0574 2948 MSiSCSI - ok
22:33:27.0584 2948 msiserver - ok
22:33:27.0614 2948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:33:27.0615 2948 MSKSSRV - ok
22:33:27.0650 2948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:33:27.0651 2948 MSPCLOCK - ok
22:33:27.0676 2948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:33:27.0677 2948 MSPQM - ok
22:33:27.0703 2948 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:33:27.0706 2948 MsRPC - ok
22:33:27.0731 2948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:33:27.0732 2948 mssmbios - ok
22:33:27.0756 2948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:33:27.0757 2948 MSTEE - ok
22:33:27.0778 2948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:33:27.0779 2948 MTConfig - ok
22:33:27.0811 2948 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
22:33:27.0811 2948 MTsensor - ok
22:33:27.0834 2948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:33:27.0835 2948 Mup - ok
22:33:27.0878 2948 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:33:27.0885 2948 napagent - ok
22:33:27.0922 2948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:33:27.0925 2948 NativeWifiP - ok
22:33:27.0960 2948 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:33:27.0967 2948 NDIS - ok
22:33:27.0999 2948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:33:28.0000 2948 NdisCap - ok
22:33:28.0035 2948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:33:28.0036 2948 NdisTapi - ok
22:33:28.0067 2948 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:33:28.0068 2948 Ndisuio - ok
22:33:28.0090 2948 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:33:28.0092 2948 NdisWan - ok
22:33:28.0105 2948 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:33:28.0106 2948 NDProxy - ok
22:33:28.0131 2948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:33:28.0132 2948 NetBIOS - ok
22:33:28.0155 2948 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:33:28.0157 2948 NetBT - ok
22:33:28.0210 2948 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:33:28.0217 2948 Netlogon - ok
22:33:28.0268 2948 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:33:28.0274 2948 Netman - ok
22:33:28.0356 2948 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0358 2948 NetMsmqActivator - ok
22:33:28.0365 2948 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0367 2948 NetPipeActivator - ok
22:33:28.0392 2948 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:33:28.0398 2948 netprofm - ok
22:33:28.0474 2948 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys
22:33:28.0483 2948 netr28ux - ok
22:33:28.0493 2948 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0496 2948 NetTcpActivator - ok
22:33:28.0501 2948 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0503 2948 NetTcpPortSharing - ok
22:33:28.0716 2948 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:33:28.0756 2948 NETw5s64 - ok
22:33:28.0909 2948 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
22:33:28.0940 2948 netw5v64 - ok
22:33:28.0991 2948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:33:28.0992 2948 nfrd960 - ok
22:33:29.0044 2948 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:33:29.0049 2948 NlaSvc - ok
22:33:29.0068 2948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:33:29.0068 2948 Npfs - ok
22:33:29.0102 2948 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:33:29.0105 2948 nsi - ok
22:33:29.0122 2948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:33:29.0123 2948 nsiproxy - ok
22:33:29.0177 2948 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:33:29.0187 2948 Ntfs - ok
22:33:29.0209 2948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:33:29.0210 2948 Null - ok
22:33:29.0495 2948 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:33:29.0569 2948 nvlddmkm - ok
22:33:29.0603 2948 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:33:29.0605 2948 nvraid - ok
22:33:29.0638 2948 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:33:29.0640 2948 nvstor - ok
22:33:29.0710 2948 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
22:33:29.0732 2948 nvsvc - ok
22:33:29.0876 2948 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:33:29.0894 2948 nvUpdatusService - ok
22:33:29.0929 2948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:33:29.0930 2948 nv_agp - ok
22:33:29.0985 2948 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:33:29.0992 2948 odserv - ok
22:33:30.0016 2948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:33:30.0017 2948 ohci1394 - ok
22:33:30.0051 2948 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:33:30.0053 2948 ose - ok
22:33:30.0086 2948 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:33:30.0093 2948 p2pimsvc - ok
22:33:30.0121 2948 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:33:30.0128 2948 p2psvc - ok
22:33:30.0149 2948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:33:30.0151 2948 Parport - ok
22:33:30.0180 2948 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:33:30.0182 2948 partmgr - ok
22:33:30.0205 2948 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:33:30.0211 2948 PcaSvc - ok
22:33:30.0233 2948 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:33:30.0235 2948 pci - ok
22:33:30.0255 2948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:33:30.0256 2948 pciide - ok
22:33:30.0286 2948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:33:30.0289 2948 pcmcia - ok
22:33:30.0308 2948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:33:30.0309 2948 pcw - ok
22:33:30.0341 2948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:33:30.0347 2948 PEAUTH - ok
22:33:30.0401 2948 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:33:30.0405 2948 PerfHost - ok
22:33:30.0503 2948 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:33:30.0521 2948 pla - ok
22:33:30.0586 2948 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:33:30.0592 2948 PlugPlay - ok
22:33:30.0624 2948 PnkBstrA - ok
22:33:30.0648 2948 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:33:30.0651 2948 PNRPAutoReg - ok
22:33:30.0671 2948 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:33:30.0677 2948 PNRPsvc - ok
22:33:30.0712 2948 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:33:30.0716 2948 PolicyAgent - ok
22:33:30.0749 2948 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:33:30.0754 2948 Power - ok
22:33:30.0786 2948 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:33:30.0787 2948 PptpMiniport - ok
22:33:30.0812 2948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:33:30.0813 2948 Processor - ok
22:33:30.0838 2948 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
22:33:30.0843 2948 ProfSvc - ok
22:33:30.0873 2948 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:33:30.0876 2948 ProtectedStorage - ok
22:33:30.0910 2948 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:33:30.0912 2948 Psched - ok
22:33:30.0955 2948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:33:30.0964 2948 ql2300 - ok
22:33:30.0990 2948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:33:30.0991 2948 ql40xx - ok
22:33:31.0016 2948 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:33:31.0020 2948 QWAVE - ok
22:33:31.0040 2948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:33:31.0041 2948 QWAVEdrv - ok
22:33:31.0068 2948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:33:31.0069 2948 RasAcd - ok
22:33:31.0100 2948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:33:31.0101 2948 RasAgileVpn - ok
22:33:31.0114 2948 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:33:31.0118 2948 RasAuto - ok
22:33:31.0135 2948 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:33:31.0137 2948 Rasl2tp - ok
22:33:31.0157 2948 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:33:31.0162 2948 RasMan - ok
22:33:31.0179 2948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:33:31.0180 2948 RasPppoe - ok
22:33:31.0201 2948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:33:31.0202 2948 RasSstp - ok
22:33:31.0227 2948 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:33:31.0230 2948 rdbss - ok
22:33:31.0255 2948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:33:31.0256 2948 rdpbus - ok
22:33:31.0272 2948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:33:31.0273 2948 RDPCDD - ok
22:33:31.0299 2948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:33:31.0300 2948 RDPENCDD - ok
22:33:31.0319 2948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:33:31.0320 2948 RDPREFMP - ok
22:33:31.0354 2948 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
22:33:31.0355 2948 RDPWD - ok
22:33:31.0383 2948 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:33:31.0384 2948 rdyboost - ok
22:33:31.0411 2948 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:33:31.0414 2948 RemoteAccess - ok
22:33:31.0438 2948 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:33:31.0442 2948 RemoteRegistry - ok
22:33:31.0474 2948 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:33:31.0475 2948 rimmptsk - ok
22:33:31.0510 2948 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
22:33:31.0511 2948 rimsptsk - ok
22:33:31.0539 2948 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:33:31.0540 2948 rismxdp - ok
22:33:31.0569 2948 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:33:31.0573 2948 RpcEptMapper - ok
22:33:31.0591 2948 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:33:31.0594 2948 RpcLocator - ok
22:33:31.0621 2948 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:33:31.0627 2948 RpcSs - ok
22:33:31.0655 2948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:33:31.0656 2948 rspndr - ok
22:33:31.0701 2948 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:33:31.0703 2948 RTL8167 - ok
22:33:31.0750 2948 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:33:31.0756 2948 SamSs - ok
22:33:31.0858 2948 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:33:31.0859 2948 SASDIFSV - ok
22:33:31.0894 2948 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:33:31.0895 2948 SASKUTIL - ok
22:33:31.0929 2948 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:33:31.0931 2948 sbp2port - ok
22:33:31.0979 2948 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:33:31.0985 2948 SCardSvr - ok
22:33:32.0004 2948 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:33:32.0005 2948 scfilter - ok
22:33:32.0057 2948 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:33:32.0069 2948 Schedule - ok
22:33:32.0098 2948 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:33:32.0099 2948 SCPolicySvc - ok
22:33:32.0128 2948 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
22:33:32.0129 2948 sdbus - ok
22:33:32.0162 2948 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:33:32.0167 2948 SDRSVC - ok
22:33:32.0247 2948 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:33:32.0252 2948 SeaPort - ok
22:33:32.0282 2948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:33:32.0283 2948 secdrv - ok
22:33:32.0316 2948 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:33:32.0322 2948 seclogon - ok
22:33:32.0343 2948 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:33:32.0348 2948 SENS - ok
22:33:32.0379 2948 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:33:32.0385 2948 SensrSvc - ok
22:33:32.0418 2948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:33:32.0419 2948 Serenum - ok
22:33:32.0448 2948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:33:32.0449 2948 Serial - ok
22:33:32.0462 2948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:33:32.0464 2948 sermouse - ok
22:33:32.0495 2948 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:33:32.0501 2948 SessionEnv - ok
22:33:32.0559 2948 SfCtlCom (6e81d09bebb45d072c077c05567097e8) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
22:33:32.0566 2948 SfCtlCom - ok
22:33:32.0589 2948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:33:32.0590 2948 sffdisk - ok
22:33:32.0607 2948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:33:32.0608 2948 sffp_mmc - ok
22:33:32.0619 2948 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:33:32.0620 2948 sffp_sd - ok
22:33:32.0632 2948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:33:32.0633 2948 sfloppy - ok
22:33:32.0673 2948 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:33:32.0677 2948 SharedAccess - ok
22:33:32.0711 2948 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:33:32.0717 2948 ShellHWDetection - ok
22:33:32.0750 2948 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
22:33:32.0751 2948 SiSGbeLH - ok
22:33:32.0780 2948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:33:32.0781 2948 SiSRaid2 - ok
22:33:32.0803 2948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:33:32.0804 2948 SiSRaid4 - ok
22:33:32.0831 2948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:33:32.0832 2948 Smb - ok
22:33:32.0868 2948 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:33:32.0872 2948 SNMPTRAP - ok
22:33:32.0928 2948 SNP2UVC (2d280b5799f9c143fa7d49e032fbce46) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:33:32.0938 2948 SNP2UVC - ok
22:33:32.0957 2948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:33:32.0958 2948 spldr - ok
22:33:32.0994 2948 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:33:33.0001 2948 Spooler - ok
22:33:33.0104 2948 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:33:33.0132 2948 sppsvc - ok
22:33:33.0152 2948 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:33:33.0156 2948 sppuinotify - ok
22:33:33.0210 2948 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:33:33.0213 2948 srv - ok
22:33:33.0243 2948 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:33:33.0246 2948 srv2 - ok
22:33:33.0264 2948 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:33:33.0265 2948 srvnet - ok
22:33:33.0301 2948 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:33:33.0306 2948 SSDPSRV - ok
22:33:33.0332 2948 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:33:33.0337 2948 SstpSvc - ok
22:33:33.0377 2948 Steam Client Service - ok
22:33:33.0449 2948 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:33:33.0455 2948 Stereo Service - ok
22:33:33.0488 2948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:33:33.0489 2948 stexstor - ok
22:33:33.0540 2948 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:33:33.0550 2948 stisvc - ok
22:33:33.0571 2948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:33:33.0573 2948 swenum - ok
22:33:33.0610 2948 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:33:33.0617 2948 swprv - ok
22:33:33.0651 2948 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
22:33:33.0653 2948 SynTP - ok
22:33:33.0701 2948 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:33:33.0715 2948 SysMain - ok
22:33:33.0736 2948 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:33:33.0740 2948 TabletInputService - ok
22:33:33.0763 2948 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:33:33.0769 2948 TapiSrv - ok
22:33:33.0783 2948 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:33:33.0787 2948 TBS - ok
22:33:33.0874 2948 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
22:33:33.0885 2948 Tcpip - ok
22:33:33.0950 2948 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
22:33:33.0970 2948 TCPIP6 - ok
22:33:33.0996 2948 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:33:33.0996 2948 tcpipreg - ok
22:33:34.0033 2948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:33:34.0034 2948 TDPIPE - ok
22:33:34.0064 2948 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:33:34.0065 2948 TDTCP - ok
22:33:34.0094 2948 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:33:34.0095 2948 tdx - ok
22:33:34.0115 2948 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:33:34.0116 2948 TermDD - ok
22:33:34.0153 2948 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:33:34.0161 2948 TermService - ok
22:33:34.0202 2948 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:33:34.0209 2948 Themes - ok
22:33:34.0243 2948 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:33:34.0251 2948 THREADORDER - ok
22:33:34.0321 2948 TMBMServer (963c903e5176c5cdcae321d48635b21f) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
22:33:34.0327 2948 TMBMServer - ok
22:33:34.0372 2948 tmpreflt (ee0d3cb7368bf08ff5610dd62990e62e) C:\Windows\system32\DRIVERS\tmpreflt.sys
22:33:34.0373 2948 tmpreflt - ok
22:33:34.0419 2948 TmProxy (3ae913b4fbf06ee49831ff9db2330830) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
22:33:34.0427 2948 TmProxy - ok
22:33:34.0457 2948 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
22:33:34.0459 2948 tmtdi - ok
22:33:34.0486 2948 tmxpflt (850db5e4b0c840c1ede013ac9838f1eb) C:\Windows\system32\DRIVERS\tmxpflt.sys
22:33:34.0489 2948 tmxpflt - ok
22:33:34.0525 2948 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:33:34.0531 2948 TrkWks - ok
22:33:34.0556 2948 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:33:34.0558 2948 TrustedInstaller - ok
22:33:34.0585 2948 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:33:34.0586 2948 tssecsrv - ok
22:33:34.0626 2948 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:33:34.0628 2948 tunnel - ok
22:33:34.0649 2948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:33:34.0650 2948 uagp35 - ok
22:33:34.0682 2948 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:33:34.0685 2948 udfs - ok
22:33:34.0706 2948 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:33:34.0712 2948 UI0Detect - ok
22:33:34.0764 2948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:33:34.0766 2948 uliagpkx - ok
22:33:34.0804 2948 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:33:34.0806 2948 umbus - ok
22:33:34.0840 2948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:33:34.0841 2948 UmPass - ok
22:33:34.0873 2948 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:33:34.0881 2948 upnphost - ok
22:33:34.0918 2948 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:33:34.0920 2948 USBAAPL64 - ok
22:33:34.0969 2948 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
22:33:34.0971 2948 usbbus - ok
22:33:35.0016 2948 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
22:33:35.0017 2948 usbccgp - ok
22:33:35.0040 2948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:33:35.0042 2948 usbcir - ok
22:33:35.0068 2948 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
22:33:35.0069 2948 UsbDiag - ok
22:33:35.0097 2948 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
22:33:35.0098 2948 usbehci - ok
22:33:35.0127 2948 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:33:35.0131 2948 usbhub - ok
22:33:35.0168 2948 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
22:33:35.0169 2948 USBModem - ok
22:33:35.0194 2948 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
22:33:35.0195 2948 usbohci - ok
22:33:35.0230 2948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:33:35.0231 2948 usbprint - ok
22:33:35.0263 2948 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:33:35.0264 2948 usbscan - ok
22:33:35.0306 2948 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:33:35.0308 2948 USBSTOR - ok
22:33:35.0324 2948 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:33:35.0325 2948 usbuhci - ok
22:33:35.0364 2948 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:33:35.0366 2948 usbvideo - ok
22:33:35.0402 2948 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:33:35.0408 2948 UxSms - ok
22:33:35.0454 2948 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:33:35.0457 2948 VaultSvc - ok
22:33:35.0490 2948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:33:35.0491 2948 vdrvroot - ok
22:33:35.0524 2948 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:33:35.0533 2948 vds - ok
22:33:35.0551 2948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:33:35.0552 2948 vga - ok
22:33:35.0576 2948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:33:35.0577 2948 VgaSave - ok
22:33:35.0603 2948 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:33:35.0605 2948 vhdmp - ok
22:33:35.0629 2948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:33:35.0629 2948 viaide - ok
22:33:35.0648 2948 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:33:35.0649 2948 volmgr - ok
22:33:35.0683 2948 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:33:35.0686 2948 volmgrx - ok
22:33:35.0705 2948 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:33:35.0707 2948 volsnap - ok
22:33:35.0769 2948 vsapint (6a42451b220ac2eaeb3524200c3b8acc) C:\Windows\system32\DRIVERS\vsapint.sys
22:33:35.0781 2948 vsapint - ok
22:33:35.0814 2948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:33:35.0816 2948 vsmraid - ok
22:33:35.0864 2948 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:33:35.0877 2948 VSS - ok
22:33:35.0911 2948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:33:35.0912 2948 vwifibus - ok
22:33:35.0930 2948 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:33:35.0931 2948 vwififlt - ok
22:33:35.0962 2948 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:33:35.0968 2948 W32Time - ok
22:33:35.0989 2948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:33:35.0990 2948 WacomPen - ok
22:33:36.0024 2948 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:36.0025 2948 WANARP - ok
22:33:36.0030 2948 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:36.0031 2948 Wanarpv6 - ok
22:33:36.0089 2948 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:33:36.0097 2948 WatAdminSvc - ok
22:33:36.0147 2948 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:33:36.0160 2948 wbengine - ok
22:33:36.0179 2948 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:33:36.0184 2948 WbioSrvc - ok
22:33:36.0220 2948 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:33:36.0226 2948 wcncsvc - ok
22:33:36.0245 2948 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:33:36.0250 2948 WcsPlugInService - ok
22:33:36.0268 2948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:33:36.0269 2948 Wd - ok
22:33:36.0302 2948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:33:36.0306 2948 Wdf01000 - ok
22:33:36.0328 2948 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:33:36.0333 2948 WdiServiceHost - ok
22:33:36.0337 2948 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:33:36.0342 2948 WdiSystemHost - ok
22:33:36.0383 2948 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:33:36.0389 2948 WebClient - ok
22:33:36.0419 2948 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:33:36.0425 2948 Wecsvc - ok
22:33:36.0440 2948 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:33:36.0445 2948 wercplsupport - ok
22:33:36.0472 2948 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:33:36.0477 2948 WerSvc - ok
22:33:36.0542 2948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:33:36.0545 2948 WfpLwf - ok
22:33:36.0574 2948 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
22:33:36.0576 2948 WimFltr - ok
22:33:36.0601 2948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:33:36.0602 2948 WIMMount - ok
22:33:36.0622 2948 WinDefend - ok
22:33:36.0634 2948 WinHttpAutoProxySvc - ok
22:33:36.0681 2948 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:33:36.0684 2948 Winmgmt - ok
22:33:36.0750 2948 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:33:36.0771 2948 WinRM - ok
22:33:36.0825 2948 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:33:36.0826 2948 WinUsb - ok
22:33:36.0874 2948 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:33:36.0884 2948 Wlansvc - ok
22:33:36.0973 2948 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:33:36.0987 2948 wlidsvc - ok
22:33:37.0017 2948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:33:37.0017 2948 WmiAcpi - ok
22:33:37.0057 2948 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:33:37.0059 2948 wmiApSrv - ok
22:33:37.0086 2948 WMPNetworkSvc - ok
22:33:37.0111 2948 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:33:37.0116 2948 WPCSvc - ok
22:33:37.0132 2948 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:33:37.0137 2948 WPDBusEnum - ok
22:33:37.0155 2948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:33:37.0156 2948 ws2ifsl - ok
22:33:37.0183 2948 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
22:33:37.0188 2948 wscsvc - ok
22:33:37.0197 2948 WSearch - ok
22:33:37.0290 2948 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
22:33:37.0311 2948 wuauserv - ok
22:33:37.0331 2948 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:33:37.0332 2948 WudfPf - ok
22:33:37.0358 2948 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:37.0360 2948 WUDFRd - ok
22:33:37.0381 2948 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:33:37.0386 2948 wudfsvc - ok
22:33:37.0409 2948 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:33:37.0415 2948 WwanSvc - ok
22:33:37.0467 2948 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
22:33:37.0469 2948 xusb21 - ok
22:33:37.0501 2948 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:33:37.0725 2948 \Device\Harddisk0\DR0 - ok
22:33:37.0764 2948 Boot (0x1200) (f29fd4e225c6c2437abfa8533881a634) \Device\Harddisk0\DR0\Partition0
22:33:37.0768 2948 \Device\Harddisk0\DR0\Partition0 - ok
22:33:37.0769 2948 ============================================================
22:33:37.0769 2948 Scan finished
22:33:37.0769 2948 ============================================================
22:33:37.0848 6172 Detected object count: 0
22:33:37.0848 6172 Actual detected object count: 0
22:36:27.0677 5588 Deinitialize success

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-17 01:04:52
Windows 6.1.7600
Running: 3of6j328.exe


---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 01:06:08
-----------------------------
01:06:08.881 OS Version: Windows x64 6.1.7600
01:06:08.882 Number of processors: 2 586 0x170A
01:06:08.882 ComputerName: KEITH-PC UserName: Keith
01:06:10.912 Initialize success
01:08:52.025 AVAST engine defs: 12041601
01:09:35.544 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:09:35.550 Disk 0 Vendor: ST932042 0002 Size: 305245MB BusType: 3
01:09:35.568 Disk 0 MBR read successfully
01:09:35.574 Disk 0 MBR scan
01:09:35.584 Disk 0 Windows VISTA default MBR code
01:09:35.593 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
01:09:35.616 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 290246 MB offset 30715904
01:09:35.671 Disk 0 scanning C:\Windows\system32\drivers
01:09:46.415 Service scanning
01:10:05.982 Modules scanning
01:10:06.000 Disk 0 trace - called modules:
01:10:06.037 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
01:10:06.048 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a39490]
01:10:06.062 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004718370]
01:10:06.068 5 ACPI.sys[fffff88000ef9781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471d050]
01:10:07.175 AVAST engine scan C:\Windows
01:10:09.582 AVAST engine scan C:\Windows\system32
01:13:28.810 AVAST engine scan C:\Windows\system32\drivers
01:13:41.087 AVAST engine scan C:\Users\Keith
01:45:57.281 File: C:\Users\Keith\AppData\Local\Temp\C5A5.tmp **INFECTED** Win32:Malware-gen
01:47:41.455 File: C:\Users\Keith\AppData\Local\Temp\SoftwareUpdate.exe **INFECTED** Win32:Malware-gen
02:06:33.199 AVAST engine scan C:\ProgramData
02:10:25.341 File: C:\ProgramData\Microsoft\Windows\DRM\4916.tmp.dat **INFECTED** Win32:Alureon-ARJ [Rtk]
02:10:25.435 File: C:\ProgramData\Microsoft\Windows\DRM\4917.tmp **INFECTED** Win32:Malware-gen
02:10:25.642 File: C:\ProgramData\Microsoft\Windows\DRM\4D4C.tmp **INFECTED** Win32:Alureon-ARJ [Rtk]
02:10:28.693 File: C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll **INFECTED** Win32:Alureon-ARJ [Rtk]
02:11:38.888 Scan finished successfully
02:13:08.822 Disk 0 MBR has been saved successfully to "C:\Users\Keith\Desktop\MBR.dat"
02:13:08.827 The log file has been saved successfully to "C:\Users\Keith\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 AM

Posted 17 April 2012 - 10:30 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 BoringK

BoringK
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 18 April 2012 - 03:36 AM

MBAM full scan didn't find anything. Here's the ESET log; looks like it found a few things and deleted them:


C:\ProgramData\Microsoft\Windows\DRM\4916.tmp.dat Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\4917.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\4D4C.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\ProgramData\TrackMania\Cache\AAD0EE8E769F39A71038440C782D3974_Skins%5cAny%5cAdvertisement%5c3D-LeftYellow.dds HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Keith\AppData\Local\Mozilla\Firefox\Profiles\ziv1prvg.default\Cache\2\40\47DE8d01 PDF/Exploit.Pidief.PHM.Gen trojan cleaned by deleting - quarantined
C:\Users\Keith\AppData\Local\Temp\C5A5.tmp a variant of Win32/Kryptik.BG trojan cleaned by deleting - quarantined
C:\Users\Keith\AppData\Local\Temp\SoftwareUpdate.exe a variant of Win32/Kryptik.BG trojan cleaned by deleting - quarantined
C:\Users\Keith\AppData\Local\Temp\plugtmp-10\plugin-yz_gzy.pdf PDF/Exploit.Pidief.PBK.Gen trojan cleaned by deleting - quarantined

I haven't had time to run Mini Toolbox, and it's late. I'll try to get to it tomorrow and post the log.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 AM

Posted 18 April 2012 - 06:08 AM

:thumbup2:

#9 BoringK

BoringK
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 18 April 2012 - 09:18 PM

Alright, here's the MiniToolbox log.


MiniToolBox by Farbar Version: 18-01-2012
Ran by Keith (administrator) on 18-04-2012 at 21:12:58
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Keith-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FA-77-C6-BE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c4ba:2c2b:85f6:976%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 12, 2012 3:16:57 AM
Lease Expires . . . . . . . . . . : Thursday, April 19, 2012 9:06:54 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 301998842
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-6B-DC-9B-90-E6-BA-7F-A7-AF
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-7F-A7-AF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D20CC776-FD91-475B-9D48-31E64EF4C494}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {615E1177-DC0D-4F86-B022-C7CE8D7D6B0C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:245b:2d7e:bb99:d375(Preferred)
Link-local IPv6 Address . . . . . : fe80::245b:2d7e:bb99:d375%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {318EF638-FB97-4895-9FA8-473260FC831D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{73D7B309-456E-4AF0-ADB3-798165D8826C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.227.37
74.125.227.38
74.125.227.39
74.125.227.40
74.125.227.41
74.125.227.46
74.125.227.32
74.125.227.33
74.125.227.34
74.125.227.35
74.125.227.36


Pinging google.com [74.125.227.133] with 32 bytes of data:
Reply from 74.125.227.133: bytes=32 time=174ms TTL=56
Reply from 74.125.227.133: bytes=32 time=81ms TTL=56

Ping statistics for 74.125.227.133:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 174ms, Average = 127ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=74ms TTL=55
Reply from 209.191.122.70: bytes=32 time=121ms TTL=55

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 121ms, Average = 97ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 22 fa 77 c6 be ......Intel® WiFi Link 5100 AGN
11...90 e6 ba 7f a7 af ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:245b:2d7e:bb99:d375/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::245b:2d7e:bb99:d375/128
On-link
12 281 fe80::c4ba:2c2b:85f6:976/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/18/2012 09:06:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34277725

Error: (04/18/2012 09:06:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34277725

Error: (04/18/2012 09:06:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2012 09:06:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34276727

Error: (04/18/2012 09:06:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34276727

Error: (04/18/2012 09:06:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2012 11:35:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8393

Error: (04/18/2012 11:35:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8393

Error: (04/18/2012 11:35:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2012 11:35:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7363


System errors:
=============
Error: (04/14/2012 09:36:24 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (04/13/2012 00:39:07 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D20CC776-FD91-475B-9D48-31E64EF4C494} because another computer on the network has the same name. The server could not start.

Error: (04/08/2012 02:52:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (04/07/2012 00:15:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/07/2012 00:36:23 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Error: (04/07/2012 00:35:16 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (04/07/2012 00:34:43 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (04/03/2012 01:20:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (04/02/2012 11:35:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (04/02/2012 11:34:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader 9.2 MUI (Version: 9.2.0)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amnesia: The Dark Descent
And Yet It Moves
Anomaly Warzone Earth
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Aquaria
ASUS AI Recovery (Version: 1.0.6)
ASUS Data Security Manager (Version: 1.00.0013)
ASUS FancyStart (Version: 1.0.6)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS Live Update (Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.19)
ASUS SmartLogon (Version: 1.0.0007)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0028)
ASUS Virtual Camera (Version: 1.0.16)
Asus_Camera_ScreenSaver (Version: 2.0.0009)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.0.0051)
ATK Media (Version: 2.0.0005)
ATKOSD2 (Version: 7.0.0005)
Atom Zombie Smasher
Audiosurf
Avadon: The Black Fortress
Beat Hazard
Beneath a Steel Sky
Bing Bar (Version: 7.0.756.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BIT.TRIP BEAT
BIT.TRIP RUNNER
BitPim 1.0.7 (Version: 1.0.7)
Black and White
Blocks That Matter
Bonjour (Version: 3.0.0.10)
Breath of Death VII
Cave Story+
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ControlDeck (Version: 1.0.3)
Counter-Strike: Source
Creative MediaSource 5 (Version: 5.00)
Cthulhu Saves the World
CyberLink LabelPrint (Version: 2.5.1720)
CyberLink Power2Go (Version: 6.1.2713)
Darwinia
DEFCON
Desura (Version: 100.46)
Desura: Vertigo (Version: Full)
DOOM II: Hell on Earth
Dungeons and Dragons Anthology: The Master Collection (Version: 1.0.0)
Dungeons of Dredmor
ESET Online Scanner v3
ESN Sonar (Version: 0.70.0)
Eufloria
Eversion
Everyday Shooter
Express Gate (Version: 1.2.13.14)
Fast Boot (Version: 1.0.4)
Final DOOM
Flight Control HD
Fractal: Make Blooms Not War
Frozen Synapse
Galcon Fusion
GIMP 2.6.8
Google Chrome (Version: 18.0.1025.162)
Google Talk (remove only)
Grand Theft Auto
Gratuitous Space Battles
GridRunner Revolution
Half-Life 2
Hard Reset
Impulse (Version: 1.0)
Inside a Star-filled Sky
ITECIR (Version: 1.00.0000)
iTunes (Version: 10.6.1.7)
Jamestown
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 14.0.8050.1202)
Last.fm 1.5.4.27091
LG USB Modem driver
Lightfish
Machinarium
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Max Payne
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Flight
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mozilla Thunderbird (3.1.9) (Version: 3.1.9 (en-US))
MSVCRT (Version: 14.0.1468.721)
Multiwinia
Multiwinia - Beta
nQuake (Version: 1.9a)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 280.19 (Version: 280.19)
NVIDIA 3D Vision Driver 280.26 (Version: 280.26)
NVIDIA Control Panel 280.26 (Version: 280.26)
NVIDIA Graphics Driver 280.26 (Version: 280.26)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8026)
NVIDIA Update 1.4.28 (Version: 1.4.28)
NVIDIA Update Components (Version: 1.4.28)
OpenAL
Origin (Version: 8.3.1.9)
Osmos
Pando Media Booster (Version: 2.3.5.2)
Plants vs. Zombies: Game of the Year
Portal
PunkBuster Services (Version: 0.991)
Puzzle Agent
Puzzle Agent 2
QuickTime (Version: 7.71.80.42)
Realm of the Mad God
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5928)
Revenge of the Titans
RICOH R5U8xx Media Driver ver.3.62.02 (Version: 3.62.02)
Runespell: Overture
Sam & Max 101: Culture Shock
Samorost 2
Scoregasm
Sequence
Serious Sam HD: The First Encounter
Sid Meier's Civilization V
SOL: Exodus
Solar 2
Sound Blaster Audigy HD (Version: 1.0)
Source SDK Base 2007
Space Pirates and Zombies
Spotify (Version: 0.8.2.610.g090a06f8)
Spybot - Search & Destroy (Version: 1.6.2)
StarCraft II (Version: 1.3.2.18317)
Steam (Version: 1.0.0.0)
Super Meat Boy
SUPERAntiSpyware (Version: 5.0.1134)
Superbrothers: Sword & Sworcery EP
Synaptics Pointing Device Driver (Version: 13.2.6.1)
System Requirements Lab
Team Fortress 2
Team Fortress Classic
Terraria
The Binding Of Isaac
The Ultimate DOOM
Time Gentlemen, Please!
Tinker (Version: 1.0.0000.131)
Titan Attacks
TRAUMA
Trend Micro Internet Security (Version: 17.50)
Turba
Unity Web Player (Version: )
Universe Sandbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplink
Viva Pińata® (Version: 1.0.0342.129)
VLC media player 1.1.11 (Version: 1.1.11)
Voxatron 0.1.3 (Version: 0.1.3)
VVVVVV
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Waves
Winamp (Version: 5.581 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Family Safety (Version: 14.0.8052.1208)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFlash (Version: 2.29.0)
WinRAR archiver
Wireless Console 3 (Version: 3.0.10)
Wizorb
World of Goo
X-COM: UFO Defense
Xotic
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 4095.3 MB
Available physical RAM: 2257.84 MB
Total Pagefile: 8188.74 MB
Available Pagefile: 5609.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.25 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.44 GB) (Free:74.2 GB) NTFS

========================= Users: ========================================

User accounts for \\KEITH-PC

Administrator ASPNET Guest
Keith UpdatusUser


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 AM

Posted 18 April 2012 - 11:23 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now type following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f
attrib -s -h -r hosts
notepad hosts


A notepad should pop up

Now scroll to the bottom and delete the fake entries

You can check here on default hosts entries for windows 7

http://support.microsoft.com/kb/972034

Save the notepad and run this command

attrib +s +h +r hosts

Now launch mini toolbox and checkmark hosts contents alone and post the new log

good luck

Edited by narenxp, 19 April 2012 - 08:30 AM.


#11 BoringK

BoringK
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 19 April 2012 - 01:41 AM

The "takeown /a /f hosts" command just gives me "ERROR: The system cannot find the file specified."

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 AM

Posted 19 April 2012 - 08:30 AM

I'm sorry,run this command before that

cd C:\windows\system32\drivers\etc

good luck

Edited by narenxp, 19 April 2012 - 08:31 AM.


#13 BoringK

BoringK
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 19 April 2012 - 07:06 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Keith (administrator) on 19-04-2012 at 19:04:18
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost


**** End of log ****

Not getting any pop-ups right now. We'll see what happens. Thanks for the help.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 AM

Posted 19 April 2012 - 10:58 PM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users