Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up in right hand corner of browswer - malware problem?


  • Please log in to reply
8 replies to this topic

#1 pfloyd1220

pfloyd1220

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 01 June 2012 - 04:23 PM

Hi all,

While using web browsers (Firefox and Chrome) there is a pop up in the right hand corner of many web pages. Also, while clicking on links in legit pages (i.e. nytimes.com) get redirected to different sits with brief screen that says document has moved and being redirected. I suspect this is malware but am unsure how to approach it. Have run the virus scanner AVG and have tried rkill and mbam in safemode, but the problem persists.

I have noticed a thread (last updated 30 May) that seems to handle the same problem, but unsure if I should be walked through steps or just try them myself. Please advise on how to proceed.

Thank you.

BC AdBot (Login to Remove)

 


#2 pfloyd1220

pfloyd1220
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 01 June 2012 - 04:24 PM

Sorry, maybe I should have mentioned that I am running Windows Vista. If there is any other info you need let me know.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:00 AM

Posted 01 June 2012 - 05:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#4 pfloyd1220

pfloyd1220
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 01 June 2012 - 08:01 PM

First, thanks for the help. I followed your advice.

TDSSKiller Log:

17:26:13.0676 4620 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:26:14.0106 4620 ============================================================
17:26:14.0106 4620 Current date / time: 2012/06/01 17:26:14.0106
17:26:14.0107 4620 SystemInfo:
17:26:14.0107 4620
17:26:14.0107 4620 OS Version: 6.0.6002 ServicePack: 2.0
17:26:14.0107 4620 Product type: Workstation
17:26:14.0107 4620 ComputerName: JOST-HOME
17:26:14.0107 4620 UserName: Patty
17:26:14.0107 4620 Windows directory: C:\Windows
17:26:14.0107 4620 System windows directory: C:\Windows
17:26:14.0107 4620 Running under WOW64
17:26:14.0107 4620 Processor architecture: Intel x64
17:26:14.0107 4620 Number of processors: 3
17:26:14.0107 4620 Page size: 0x1000
17:26:14.0107 4620 Boot type: Normal boot
17:26:14.0107 4620 ============================================================
17:26:15.0602 4620 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:15.0681 4620 ============================================================
17:26:15.0681 4620 \Device\Harddisk0\DR0:
17:26:15.0681 4620 MBR partitions:
17:26:15.0681 4620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1EEAD23
17:26:15.0681 4620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EEAD62, BlocksNum 0x38499EDF
17:26:15.0681 4620 ============================================================
17:26:15.0720 4620 C: <-> \Device\Harddisk0\DR0\Partition1
17:26:15.0738 4620 D: <-> \Device\Harddisk0\DR0\Partition0
17:26:15.0739 4620 ============================================================
17:26:15.0739 4620 Initialize success
17:26:15.0739 4620 ============================================================
17:26:27.0304 4316 ============================================================
17:26:27.0304 4316 Scan started
17:26:27.0304 4316 Mode: Manual; TDLFS;
17:26:27.0304 4316 ============================================================
17:26:27.0934 4316 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:26:27.0937 4316 ACPI - ok
17:26:28.0029 4316 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:26:28.0032 4316 adp94xx - ok
17:26:28.0088 4316 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:26:28.0090 4316 adpahci - ok
17:26:28.0115 4316 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:26:28.0116 4316 adpu160m - ok
17:26:28.0138 4316 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:26:28.0139 4316 adpu320 - ok
17:26:28.0194 4316 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
17:26:28.0195 4316 AeLookupSvc - ok
17:26:28.0268 4316 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
17:26:28.0271 4316 AFD - ok
17:26:28.0321 4316 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:26:28.0322 4316 agp440 - ok
17:26:28.0370 4316 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:26:28.0371 4316 aic78xx - ok
17:26:28.0395 4316 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
17:26:28.0396 4316 ALG - ok
17:26:28.0476 4316 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:26:28.0476 4316 aliide - ok
17:26:28.0480 4316 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:26:28.0480 4316 amdide - ok
17:26:28.0510 4316 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
17:26:28.0510 4316 AmdK8 - ok
17:26:28.0581 4316 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
17:26:28.0581 4316 Appinfo - ok
17:26:28.0746 4316 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:26:28.0747 4316 Apple Mobile Device - ok
17:26:28.0773 4316 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:26:28.0774 4316 arc - ok
17:26:28.0820 4316 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:26:28.0821 4316 arcsas - ok
17:26:28.0865 4316 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:26:28.0866 4316 AsyncMac - ok
17:26:28.0889 4316 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:26:28.0890 4316 atapi - ok
17:26:29.0006 4316 Ati External Event Utility (f38f55ff3f6b51fe51a35d162bbbc9cc) C:\Windows\system32\Ati2evxx.exe
17:26:29.0011 4316 Ati External Event Utility - ok
17:26:29.0173 4316 atikmdag (a534642d594e653912cb6e49ba6f5c59) C:\Windows\system32\DRIVERS\atikmdag.sys
17:26:29.0202 4316 atikmdag - ok
17:26:29.0323 4316 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:26:29.0323 4316 AtiPcie - ok
17:26:29.0402 4316 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
17:26:29.0405 4316 AudioEndpointBuilder - ok
17:26:29.0411 4316 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
17:26:29.0414 4316 AudioSrv - ok
17:26:29.0588 4316 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
17:26:29.0589 4316 AVG Security Toolbar Service - ok
17:26:29.0891 4316 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
17:26:29.0942 4316 AVGIDSAgent - ok
17:26:30.0092 4316 AVGIDSDriver (6ab06c4e99f575b9b5701a33ba9fd19e) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
17:26:30.0093 4316 AVGIDSDriver - ok
17:26:30.0164 4316 AVGIDSEH (0994ba65388c7d5282242d1124fe8373) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:26:30.0165 4316 AVGIDSEH - ok
17:26:30.0186 4316 AVGIDSFilter (bf9ebe32b3827991d2100fcebca1af01) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
17:26:30.0187 4316 AVGIDSFilter - ok
17:26:30.0267 4316 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
17:26:30.0269 4316 Avgldx64 - ok
17:26:30.0321 4316 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:26:30.0321 4316 Avgmfx64 - ok
17:26:30.0396 4316 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:26:30.0397 4316 Avgrkx64 - ok
17:26:30.0469 4316 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
17:26:30.0472 4316 Avgtdia - ok
17:26:30.0564 4316 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
17:26:30.0566 4316 avgwd - ok
17:26:30.0655 4316 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:26:30.0657 4316 b57nd60a - ok
17:26:30.0692 4316 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:26:30.0695 4316 BCM43XV - ok
17:26:30.0763 4316 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
17:26:30.0766 4316 BFE - ok
17:26:30.0876 4316 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
17:26:30.0884 4316 BITS - ok
17:26:30.0928 4316 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:26:30.0928 4316 blbdrive - ok
17:26:31.0049 4316 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:26:31.0052 4316 Bonjour Service - ok
17:26:31.0094 4316 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:26:31.0095 4316 bowser - ok
17:26:31.0145 4316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:26:31.0145 4316 BrFiltLo - ok
17:26:31.0155 4316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:26:31.0156 4316 BrFiltUp - ok
17:26:31.0209 4316 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
17:26:31.0210 4316 Browser - ok
17:26:31.0292 4316 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:26:31.0293 4316 Brserid - ok
17:26:31.0332 4316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:26:31.0333 4316 BrSerWdm - ok
17:26:31.0356 4316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:26:31.0356 4316 BrUsbMdm - ok
17:26:31.0369 4316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:26:31.0369 4316 BrUsbSer - ok
17:26:31.0396 4316 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:26:31.0396 4316 BTHMODEM - ok
17:26:31.0468 4316 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:26:31.0469 4316 BVRPMPR5a64 - ok
17:26:31.0571 4316 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
17:26:31.0574 4316 CAXHWBS2 - ok
17:26:31.0584 4316 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:26:31.0585 4316 cdfs - ok
17:26:31.0608 4316 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:26:31.0609 4316 cdrom - ok
17:26:31.0678 4316 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
17:26:31.0679 4316 CertPropSvc - ok
17:26:31.0700 4316 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
17:26:31.0701 4316 circlass - ok
17:26:31.0735 4316 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:26:31.0737 4316 CLFS - ok
17:26:31.0846 4316 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:31.0847 4316 clr_optimization_v2.0.50727_32 - ok
17:26:31.0892 4316 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:31.0893 4316 clr_optimization_v2.0.50727_64 - ok
17:26:31.0988 4316 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:31.0989 4316 clr_optimization_v4.0.30319_32 - ok
17:26:32.0082 4316 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:26:32.0083 4316 clr_optimization_v4.0.30319_64 - ok
17:26:32.0154 4316 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
17:26:32.0154 4316 CmBatt - ok
17:26:32.0158 4316 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:26:32.0159 4316 cmdide - ok
17:26:32.0197 4316 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
17:26:32.0197 4316 Compbatt - ok
17:26:32.0200 4316 COMSysApp - ok
17:26:32.0207 4316 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:26:32.0208 4316 crcdisk - ok
17:26:32.0280 4316 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
17:26:32.0282 4316 CryptSvc - ok
17:26:32.0373 4316 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
17:26:32.0379 4316 DcomLaunch - ok
17:26:32.0405 4316 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:26:32.0406 4316 DfsC - ok
17:26:32.0759 4316 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
17:26:32.0781 4316 DFSR - ok
17:26:32.0907 4316 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
17:26:32.0909 4316 Dhcp - ok
17:26:32.0940 4316 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:26:32.0941 4316 disk - ok
17:26:33.0000 4316 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
17:26:33.0001 4316 Dnscache - ok
17:26:33.0044 4316 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
17:26:33.0046 4316 dot3svc - ok
17:26:33.0075 4316 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
17:26:33.0076 4316 Dot4 - ok
17:26:33.0103 4316 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:26:33.0104 4316 Dot4Print - ok
17:26:33.0130 4316 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
17:26:33.0130 4316 dot4usb - ok
17:26:33.0191 4316 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
17:26:33.0192 4316 DPS - ok
17:26:33.0265 4316 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:26:33.0266 4316 drmkaud - ok
17:26:33.0325 4316 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:26:33.0331 4316 DXGKrnl - ok
17:26:33.0405 4316 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:26:33.0406 4316 E1G60 - ok
17:26:33.0434 4316 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
17:26:33.0435 4316 EapHost - ok
17:26:33.0449 4316 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:26:33.0451 4316 Ecache - ok
17:26:33.0508 4316 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
17:26:33.0510 4316 ehRecvr - ok
17:26:33.0539 4316 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
17:26:33.0540 4316 ehSched - ok
17:26:33.0585 4316 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
17:26:33.0585 4316 ehstart - ok
17:26:33.0622 4316 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:26:33.0625 4316 elxstor - ok
17:26:33.0676 4316 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
17:26:33.0679 4316 EMDMgmt - ok
17:26:33.0749 4316 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:26:33.0750 4316 ErrDev - ok
17:26:33.0824 4316 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
17:26:33.0827 4316 EventSystem - ok
17:26:33.0869 4316 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:26:33.0870 4316 exfat - ok
17:26:33.0916 4316 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:26:33.0918 4316 fastfat - ok
17:26:33.0946 4316 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:26:33.0947 4316 fdc - ok
17:26:33.0983 4316 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
17:26:33.0984 4316 fdPHost - ok
17:26:33.0992 4316 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
17:26:33.0992 4316 FDResPub - ok
17:26:34.0007 4316 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:26:34.0008 4316 FileInfo - ok
17:26:34.0034 4316 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:26:34.0034 4316 Filetrace - ok
17:26:34.0081 4316 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:34.0081 4316 flpydisk - ok
17:26:34.0129 4316 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:26:34.0131 4316 FltMgr - ok
17:26:34.0234 4316 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
17:26:34.0242 4316 FontCache - ok
17:26:34.0274 4316 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:34.0275 4316 FontCache3.0.0.0 - ok
17:26:34.0311 4316 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
17:26:34.0312 4316 Fs_Rec - ok
17:26:34.0341 4316 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:26:34.0342 4316 gagp30kx - ok
17:26:34.0438 4316 GameConsoleService (3eafdd637416393722aa98e940dfd0a0) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
17:26:34.0439 4316 GameConsoleService - ok
17:26:34.0519 4316 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:26:34.0520 4316 GEARAspiWDM - ok
17:26:34.0633 4316 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
17:26:34.0638 4316 gpsvc - ok
17:26:34.0712 4316 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:34.0713 4316 gupdate - ok
17:26:34.0747 4316 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:34.0748 4316 gupdatem - ok
17:26:34.0802 4316 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:26:34.0804 4316 gusvc - ok
17:26:34.0887 4316 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
17:26:34.0889 4316 HdAudAddService - ok
17:26:34.0951 4316 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:34.0957 4316 HDAudBus - ok
17:26:34.0987 4316 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:26:34.0988 4316 HidBth - ok
17:26:34.0997 4316 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
17:26:34.0997 4316 HidIr - ok
17:26:35.0031 4316 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
17:26:35.0032 4316 hidserv - ok
17:26:35.0057 4316 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:26:35.0058 4316 HidUsb - ok
17:26:35.0085 4316 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
17:26:35.0087 4316 hkmsvc - ok
17:26:35.0134 4316 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:26:35.0135 4316 HpCISSs - ok
17:26:35.0252 4316 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:26:35.0254 4316 hpqcxs08 - ok
17:26:35.0281 4316 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:26:35.0282 4316 hpqddsvc - ok
17:26:35.0381 4316 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:26:35.0388 4316 HPSLPSVC - ok
17:26:35.0530 4316 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
17:26:35.0540 4316 HSF_DPV - ok
17:26:35.0602 4316 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:26:35.0606 4316 HTTP - ok
17:26:35.0636 4316 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:26:35.0637 4316 i2omp - ok
17:26:35.0685 4316 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:35.0685 4316 i8042prt - ok
17:26:35.0708 4316 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:26:35.0710 4316 iaStorV - ok
17:26:35.0831 4316 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:35.0837 4316 idsvc - ok
17:26:35.0853 4316 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:26:35.0854 4316 iirsp - ok
17:26:35.0890 4316 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
17:26:35.0894 4316 IKEEXT - ok
17:26:36.0014 4316 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys
17:26:36.0023 4316 IntcAzAudAddService - ok
17:26:36.0097 4316 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:26:36.0097 4316 intelide - ok
17:26:36.0126 4316 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:26:36.0126 4316 intelppm - ok
17:26:36.0154 4316 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
17:26:36.0155 4316 IPBusEnum - ok
17:26:36.0194 4316 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:36.0195 4316 IpFilterDriver - ok
17:26:36.0235 4316 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
17:26:36.0237 4316 iphlpsvc - ok
17:26:36.0241 4316 IpInIp - ok
17:26:36.0268 4316 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:26:36.0268 4316 IPMIDRV - ok
17:26:36.0281 4316 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:26:36.0282 4316 IPNAT - ok
17:26:36.0376 4316 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
17:26:36.0382 4316 iPod Service - ok
17:26:36.0412 4316 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:26:36.0412 4316 IRENUM - ok
17:26:36.0445 4316 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:26:36.0445 4316 isapnp - ok
17:26:36.0510 4316 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:26:36.0512 4316 iScsiPrt - ok
17:26:36.0538 4316 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:26:36.0538 4316 iteatapi - ok
17:26:36.0581 4316 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:26:36.0582 4316 iteraid - ok
17:26:36.0605 4316 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:36.0605 4316 kbdclass - ok
17:26:36.0632 4316 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:36.0633 4316 kbdhid - ok
17:26:36.0663 4316 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:26:36.0664 4316 KeyIso - ok
17:26:36.0695 4316 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
17:26:36.0699 4316 KSecDD - ok
17:26:36.0707 4316 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:26:36.0708 4316 ksthunk - ok
17:26:36.0742 4316 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
17:26:36.0746 4316 KtmRm - ok
17:26:36.0777 4316 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
17:26:36.0779 4316 LanmanServer - ok
17:26:36.0842 4316 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
17:26:36.0845 4316 LanmanWorkstation - ok
17:26:36.0859 4316 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:26:36.0859 4316 lltdio - ok
17:26:36.0892 4316 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
17:26:36.0894 4316 lltdsvc - ok
17:26:36.0917 4316 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
17:26:36.0919 4316 lmhosts - ok
17:26:36.0953 4316 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:26:36.0954 4316 LSI_FC - ok
17:26:37.0002 4316 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:26:37.0003 4316 LSI_SAS - ok
17:26:37.0045 4316 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:26:37.0046 4316 LSI_SCSI - ok
17:26:37.0077 4316 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:26:37.0078 4316 luafv - ok
17:26:37.0160 4316 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
17:26:37.0163 4316 LVRS64 - ok
17:26:37.0351 4316 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
17:26:37.0379 4316 LVUVC64 - ok
17:26:37.0477 4316 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
17:26:37.0480 4316 McciCMService - ok
17:26:37.0593 4316 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
17:26:37.0596 4316 McciCMService64 - ok
17:26:37.0703 4316 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
17:26:37.0704 4316 Mcx2Svc - ok
17:26:37.0749 4316 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:26:37.0750 4316 mdmxsdk - ok
17:26:37.0824 4316 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:26:37.0824 4316 megasas - ok
17:26:37.0883 4316 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:26:37.0886 4316 MegaSR - ok
17:26:37.0985 4316 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:26:37.0986 4316 Microsoft Office Groove Audit Service - ok
17:26:38.0023 4316 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:26:38.0025 4316 MMCSS - ok
17:26:38.0033 4316 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:26:38.0034 4316 Modem - ok
17:26:38.0041 4316 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:26:38.0042 4316 monitor - ok
17:26:38.0048 4316 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:26:38.0049 4316 mouclass - ok
17:26:38.0104 4316 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:26:38.0104 4316 mouhid - ok
17:26:38.0119 4316 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:26:38.0120 4316 MountMgr - ok
17:26:38.0169 4316 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:26:38.0170 4316 mpio - ok
17:26:38.0197 4316 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:26:38.0198 4316 mpsdrv - ok
17:26:38.0249 4316 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
17:26:38.0254 4316 MpsSvc - ok
17:26:38.0282 4316 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:26:38.0283 4316 Mraid35x - ok
17:26:38.0375 4316 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
17:26:38.0376 4316 MREMP50 - ok
17:26:38.0457 4316 MREMP50a64 - ok
17:26:38.0486 4316 MREMPR5 - ok
17:26:38.0491 4316 MRENDIS5 - ok
17:26:38.0524 4316 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
17:26:38.0525 4316 MRESP50 - ok
17:26:38.0558 4316 MRESP50a64 - ok
17:26:38.0602 4316 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:26:38.0603 4316 MRxDAV - ok
17:26:38.0627 4316 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:38.0628 4316 mrxsmb - ok
17:26:38.0660 4316 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:38.0662 4316 mrxsmb10 - ok
17:26:38.0673 4316 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:38.0674 4316 mrxsmb20 - ok
17:26:38.0706 4316 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
17:26:38.0707 4316 msahci - ok
17:26:38.0721 4316 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:26:38.0722 4316 msdsm - ok
17:26:38.0770 4316 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
17:26:38.0772 4316 MSDTC - ok
17:26:38.0847 4316 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:26:38.0848 4316 Msfs - ok
17:26:38.0897 4316 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:26:38.0897 4316 msisadrv - ok
17:26:38.0936 4316 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
17:26:38.0938 4316 MSiSCSI - ok
17:26:38.0942 4316 msiserver - ok
17:26:38.0981 4316 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:26:38.0982 4316 MSKSSRV - ok
17:26:39.0022 4316 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:39.0022 4316 MSPCLOCK - ok
17:26:39.0042 4316 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:26:39.0042 4316 MSPQM - ok
17:26:39.0088 4316 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:26:39.0090 4316 MsRPC - ok
17:26:39.0116 4316 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:39.0116 4316 mssmbios - ok
17:26:39.0140 4316 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:26:39.0140 4316 MSTEE - ok
17:26:39.0167 4316 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:26:39.0168 4316 Mup - ok
17:26:39.0208 4316 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
17:26:39.0211 4316 napagent - ok
17:26:39.0277 4316 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:26:39.0279 4316 NativeWifiP - ok
17:26:39.0375 4316 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:26:39.0381 4316 NDIS - ok
17:26:39.0391 4316 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:39.0391 4316 NdisTapi - ok
17:26:39.0409 4316 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:39.0410 4316 Ndisuio - ok
17:26:39.0442 4316 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:39.0443 4316 NdisWan - ok
17:26:39.0457 4316 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:26:39.0458 4316 NDProxy - ok
17:26:39.0489 4316 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
17:26:39.0490 4316 Net Driver HPZ12 - ok
17:26:39.0499 4316 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:26:39.0500 4316 NetBIOS - ok
17:26:39.0544 4316 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:26:39.0546 4316 netbt - ok
17:26:39.0571 4316 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:26:39.0572 4316 Netlogon - ok
17:26:39.0598 4316 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
17:26:39.0601 4316 Netman - ok
17:26:39.0618 4316 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
17:26:39.0621 4316 netprofm - ok
17:26:39.0662 4316 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:39.0663 4316 NetTcpPortSharing - ok
17:26:39.0683 4316 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:26:39.0684 4316 nfrd960 - ok
17:26:39.0703 4316 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
17:26:39.0706 4316 NlaSvc - ok
17:26:39.0734 4316 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:26:39.0735 4316 Npfs - ok
17:26:39.0759 4316 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
17:26:39.0760 4316 nsi - ok
17:26:39.0766 4316 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:26:39.0767 4316 nsiproxy - ok
17:26:39.0839 4316 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:26:39.0849 4316 Ntfs - ok
17:26:39.0932 4316 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:26:39.0933 4316 Null - ok
17:26:39.0948 4316 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:26:39.0949 4316 nvraid - ok
17:26:39.0985 4316 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:26:39.0986 4316 nvstor - ok
17:26:40.0003 4316 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:26:40.0004 4316 nv_agp - ok
17:26:40.0007 4316 NwlnkFlt - ok
17:26:40.0012 4316 NwlnkFwd - ok
17:26:40.0125 4316 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:26:40.0129 4316 odserv - ok
17:26:40.0182 4316 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
17:26:40.0183 4316 ohci1394 - ok
17:26:40.0214 4316 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:40.0216 4316 ose - ok
17:26:40.0266 4316 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:26:40.0272 4316 p2pimsvc - ok
17:26:40.0281 4316 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:26:40.0288 4316 p2psvc - ok
17:26:40.0354 4316 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
17:26:40.0355 4316 Parport - ok
17:26:40.0394 4316 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
17:26:40.0395 4316 partmgr - ok
17:26:40.0432 4316 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
17:26:40.0434 4316 PcaSvc - ok
17:26:40.0451 4316 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:26:40.0452 4316 pci - ok
17:26:40.0516 4316 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
17:26:40.0517 4316 pciide - ok
17:26:40.0594 4316 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
17:26:40.0596 4316 pcmcia - ok
17:26:40.0644 4316 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:26:40.0649 4316 PEAUTH - ok
17:26:40.0708 4316 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
17:26:40.0709 4316 PerfHost - ok
17:26:40.0818 4316 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
17:26:40.0827 4316 pla - ok
17:26:40.0862 4316 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
17:26:40.0866 4316 PlugPlay - ok
17:26:40.0897 4316 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
17:26:40.0898 4316 Pml Driver HPZ12 - ok
17:26:40.0950 4316 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:26:40.0956 4316 PNRPAutoReg - ok
17:26:40.0965 4316 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:26:40.0971 4316 PNRPsvc - ok
17:26:41.0026 4316 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
17:26:41.0030 4316 PolicyAgent - ok
17:26:41.0073 4316 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:26:41.0074 4316 PptpMiniport - ok
17:26:41.0169 4316 PrismXL (6135b976e16f80c1b1363be882344785) C:\Program Files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
17:26:41.0170 4316 PrismXL - ok
17:26:41.0192 4316 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
17:26:41.0193 4316 Processor - ok
17:26:41.0229 4316 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
17:26:41.0231 4316 ProfSvc - ok
17:26:41.0254 4316 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:26:41.0255 4316 ProtectedStorage - ok
17:26:41.0287 4316 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:26:41.0288 4316 PSched - ok
17:26:41.0355 4316 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:26:41.0363 4316 ql2300 - ok
17:26:41.0381 4316 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:26:41.0382 4316 ql40xx - ok
17:26:41.0431 4316 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
17:26:41.0434 4316 QWAVE - ok
17:26:41.0443 4316 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:26:41.0444 4316 QWAVEdrv - ok
17:26:41.0660 4316 R300 (a534642d594e653912cb6e49ba6f5c59) C:\Windows\system32\DRIVERS\atikmdag.sys
17:26:41.0687 4316 R300 - ok
17:26:41.0771 4316 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:26:41.0771 4316 RasAcd - ok
17:26:41.0838 4316 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
17:26:41.0840 4316 RasAuto - ok
17:26:41.0879 4316 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:41.0880 4316 Rasl2tp - ok
17:26:41.0905 4316 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
17:26:41.0908 4316 RasMan - ok
17:26:41.0932 4316 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:41.0933 4316 RasPppoe - ok
17:26:41.0964 4316 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:26:41.0965 4316 RasSstp - ok
17:26:42.0043 4316 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:26:42.0045 4316 rdbss - ok
17:26:42.0066 4316 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:42.0067 4316 RDPCDD - ok
17:26:42.0109 4316 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:26:42.0111 4316 rdpdr - ok
17:26:42.0115 4316 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:26:42.0116 4316 RDPENCDD - ok
17:26:42.0172 4316 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
17:26:42.0174 4316 RDPWD - ok
17:26:42.0229 4316 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
17:26:42.0230 4316 RemoteAccess - ok
17:26:42.0259 4316 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
17:26:42.0261 4316 RemoteRegistry - ok
17:26:42.0269 4316 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
17:26:42.0270 4316 RpcLocator - ok
17:26:42.0324 4316 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
17:26:42.0330 4316 RpcSs - ok
17:26:42.0338 4316 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:26:42.0339 4316 rspndr - ok
17:26:42.0406 4316 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
17:26:42.0408 4316 RTHDMIAzAudService - ok
17:26:42.0432 4316 RTSTOR (15c2f0082d5e1ce5124eda4050e77986) C:\Windows\system32\drivers\RTSTOR64.SYS
17:26:42.0433 4316 RTSTOR - ok
17:26:42.0454 4316 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:26:42.0455 4316 SamSs - ok
17:26:42.0494 4316 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:26:42.0495 4316 sbp2port - ok
17:26:42.0537 4316 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
17:26:42.0539 4316 SCardSvr - ok
17:26:42.0590 4316 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
17:26:42.0597 4316 Schedule - ok
17:26:42.0625 4316 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
17:26:42.0626 4316 SCPolicySvc - ok
17:26:42.0852 4316 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
17:26:42.0853 4316 sdbus - ok
17:26:42.0882 4316 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
17:26:42.0884 4316 SDRSVC - ok
17:26:42.0893 4316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:26:42.0894 4316 secdrv - ok
17:26:42.0906 4316 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
17:26:42.0907 4316 seclogon - ok
17:26:42.0923 4316 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
17:26:42.0925 4316 SENS - ok
17:26:42.0946 4316 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
17:26:42.0947 4316 Serenum - ok
17:26:43.0004 4316 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
17:26:43.0005 4316 Serial - ok
17:26:43.0036 4316 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:26:43.0036 4316 sermouse - ok
17:26:43.0091 4316 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
17:26:43.0093 4316 SessionEnv - ok
17:26:43.0119 4316 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:26:43.0120 4316 sffdisk - ok
17:26:43.0130 4316 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:26:43.0130 4316 sffp_mmc - ok
17:26:43.0145 4316 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:26:43.0145 4316 sffp_sd - ok
17:26:43.0156 4316 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:26:43.0156 4316 sfloppy - ok
17:26:43.0203 4316 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
17:26:43.0206 4316 SharedAccess - ok
17:26:43.0283 4316 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
17:26:43.0286 4316 ShellHWDetection - ok
17:26:43.0302 4316 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:26:43.0303 4316 SiSRaid2 - ok
17:26:43.0340 4316 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:26:43.0341 4316 SiSRaid4 - ok
17:26:43.0461 4316 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
17:26:43.0479 4316 slsvc - ok
17:26:43.0562 4316 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
17:26:43.0563 4316 SLUINotify - ok
17:26:43.0599 4316 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:26:43.0600 4316 Smb - ok
17:26:43.0669 4316 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
17:26:43.0671 4316 SNMPTRAP - ok
17:26:43.0692 4316 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:26:43.0693 4316 spldr - ok
17:26:43.0723 4316 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
17:26:43.0726 4316 Spooler - ok
17:26:43.0771 4316 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:26:43.0774 4316 srv - ok
17:26:43.0813 4316 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:26:43.0815 4316 srv2 - ok
17:26:43.0827 4316 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:26:43.0829 4316 srvnet - ok
17:26:43.0848 4316 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
17:26:43.0851 4316 SSDPSRV - ok
17:26:43.0921 4316 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
17:26:43.0923 4316 SstpSvc - ok
17:26:43.0950 4316 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
17:26:43.0951 4316 StillCam - ok
17:26:43.0998 4316 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
17:26:44.0003 4316 stisvc - ok
17:26:44.0042 4316 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:26:44.0043 4316 swenum - ok
17:26:44.0081 4316 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
17:26:44.0085 4316 swprv - ok
17:26:44.0104 4316 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:26:44.0104 4316 Symc8xx - ok
17:26:44.0112 4316 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:26:44.0113 4316 Sym_hi - ok
17:26:44.0120 4316 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:26:44.0121 4316 Sym_u3 - ok
17:26:44.0172 4316 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
17:26:44.0178 4316 SysMain - ok
17:26:44.0201 4316 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
17:26:44.0203 4316 TabletInputService - ok
17:26:44.0235 4316 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
17:26:44.0238 4316 TapiSrv - ok
17:26:44.0248 4316 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
17:26:44.0250 4316 TBS - ok
17:26:44.0334 4316 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
17:26:44.0344 4316 Tcpip - ok
17:26:44.0357 4316 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
17:26:44.0368 4316 Tcpip6 - ok
17:26:44.0397 4316 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
17:26:44.0398 4316 tcpipreg - ok
17:26:44.0433 4316 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:26:44.0434 4316 TDPIPE - ok
17:26:44.0448 4316 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:26:44.0449 4316 TDTCP - ok
17:26:44.0475 4316 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:26:44.0476 4316 tdx - ok
17:26:44.0507 4316 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:26:44.0508 4316 TermDD - ok
17:26:44.0547 4316 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
17:26:44.0552 4316 TermService - ok
17:26:44.0591 4316 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
17:26:44.0594 4316 Themes - ok
17:26:44.0614 4316 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:26:44.0615 4316 THREADORDER - ok
17:26:44.0717 4316 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
17:26:44.0718 4316 TomTomHOMEService - ok
17:26:44.0744 4316 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
17:26:44.0746 4316 TrkWks - ok
17:26:44.0784 4316 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
17:26:44.0785 4316 TrustedInstaller - ok
17:26:44.0826 4316 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:44.0827 4316 tssecsrv - ok
17:26:44.0873 4316 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:26:44.0873 4316 tunmp - ok
17:26:44.0900 4316 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:26:44.0901 4316 tunnel - ok
17:26:44.0929 4316 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:26:44.0930 4316 uagp35 - ok
17:26:44.0987 4316 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:26:44.0989 4316 udfs - ok
17:26:45.0032 4316 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
17:26:45.0034 4316 UI0Detect - ok
17:26:45.0064 4316 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:26:45.0065 4316 uliagpkx - ok
17:26:45.0098 4316 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:26:45.0100 4316 uliahci - ok
17:26:45.0129 4316 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:26:45.0130 4316 UlSata - ok
17:26:45.0145 4316 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:26:45.0146 4316 ulsata2 - ok
17:26:45.0183 4316 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:26:45.0184 4316 umbus - ok
17:26:45.0256 4316 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:26:45.0259 4316 UMVPFSrv - ok
17:26:45.0295 4316 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
17:26:45.0299 4316 upnphost - ok
17:26:45.0374 4316 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:26:45.0375 4316 USBAAPL64 - ok
17:26:45.0407 4316 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
17:26:45.0408 4316 usbaudio - ok
17:26:45.0468 4316 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:45.0469 4316 usbccgp - ok
17:26:45.0511 4316 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:26:45.0512 4316 usbcir - ok
17:26:45.0551 4316 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:26:45.0551 4316 usbehci - ok
17:26:45.0567 4316 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:26:45.0569 4316 usbhub - ok
17:26:45.0584 4316 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
17:26:45.0585 4316 usbohci - ok
17:26:45.0604 4316 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:26:45.0604 4316 usbprint - ok
17:26:45.0669 4316 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:26:45.0669 4316 usbscan - ok
17:26:45.0678 4316 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:45.0679 4316 USBSTOR - ok
17:26:45.0703 4316 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:26:45.0704 4316 usbuhci - ok
17:26:45.0756 4316 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
17:26:45.0758 4316 usbvideo - ok
17:26:45.0799 4316 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
17:26:45.0801 4316 UxSms - ok
17:26:45.0840 4316 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
17:26:45.0844 4316 vds - ok
17:26:45.0923 4316 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:45.0923 4316 vga - ok
17:26:45.0945 4316 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:26:45.0946 4316 VgaSave - ok
17:26:45.0975 4316 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:26:45.0975 4316 viaide - ok
17:26:46.0016 4316 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:26:46.0017 4316 volmgr - ok
17:26:46.0049 4316 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:26:46.0052 4316 volmgrx - ok
17:26:46.0123 4316 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:26:46.0125 4316 volsnap - ok
17:26:46.0157 4316 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:26:46.0158 4316 vsmraid - ok
17:26:46.0238 4316 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
17:26:46.0248 4316 VSS - ok
17:26:46.0388 4316 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
17:26:46.0394 4316 vToolbarUpdater11.1.0 - ok
17:26:46.0513 4316 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
17:26:46.0517 4316 W32Time - ok
17:26:46.0574 4316 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:26:46.0574 4316 WacomPen - ok
17:26:46.0607 4316 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:26:46.0608 4316 Wanarp - ok
17:26:46.0611 4316 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:26:46.0612 4316 Wanarpv6 - ok
17:26:46.0658 4316 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
17:26:46.0663 4316 wcncsvc - ok
17:26:46.0685 4316 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
17:26:46.0687 4316 WcsPlugInService - ok
17:26:46.0710 4316 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:26:46.0711 4316 Wd - ok
17:26:46.0764 4316 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
17:26:46.0771 4316 Wdf01000 - ok
17:26:46.0781 4316 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:26:46.0783 4316 WdiServiceHost - ok
17:26:46.0787 4316 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:26:46.0789 4316 WdiSystemHost - ok
17:26:46.0821 4316 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
17:26:46.0825 4316 WebClient - ok
17:26:46.0846 4316 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
17:26:46.0849 4316 Wecsvc - ok
17:26:46.0858 4316 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
17:26:46.0860 4316 wercplsupport - ok
17:26:46.0871 4316 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
17:26:46.0873 4316 WerSvc - ok
17:26:46.0988 4316 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
17:26:46.0993 4316 winachsf - ok
17:26:47.0045 4316 WinDefend - ok
17:26:47.0053 4316 WinHttpAutoProxySvc - ok
17:26:47.0105 4316 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
17:26:47.0107 4316 Winmgmt - ok
17:26:47.0198 4316 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
17:26:47.0213 4316 WinRM - ok
17:26:47.0315 4316 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
17:26:47.0321 4316 Wlansvc - ok
17:26:47.0376 4316 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
17:26:47.0377 4316 WmiAcpi - ok
17:26:47.0438 4316 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
17:26:47.0440 4316 wmiApSrv - ok
17:26:47.0472 4316 WMPNetworkSvc - ok
17:26:47.0499 4316 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
17:26:47.0502 4316 WPCSvc - ok
17:26:47.0544 4316 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
17:26:47.0547 4316 WPDBusEnum - ok
17:26:47.0588 4316 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:26:47.0588 4316 WpdUsb - ok
17:26:47.0754 4316 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:26:47.0761 4316 WPFFontCache_v0400 - ok
17:26:47.0794 4316 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:26:47.0795 4316 ws2ifsl - ok
17:26:47.0831 4316 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
17:26:47.0833 4316 wscsvc - ok
17:26:47.0867 4316 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:26:47.0868 4316 WSDPrintDevice - ok
17:26:47.0871 4316 WSearch - ok
17:26:47.0966 4316 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
17:26:47.0984 4316 wuauserv - ok
17:26:48.0091 4316 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:48.0093 4316 WUDFRd - ok
17:26:48.0111 4316 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
17:26:48.0113 4316 wudfsvc - ok
17:26:48.0136 4316 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
17:26:48.0137 4316 XAudio - ok
17:26:48.0158 4316 XAudioService (510652a925b5d6c3892379d263a87f00) C:\Windows\system32\DRIVERS\xaudio64.exe
17:26:48.0161 4316 XAudioService - ok
17:26:48.0283 4316 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:26:48.0287 4316 YahooAUService - ok
17:26:48.0321 4316 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
17:26:48.0324 4316 yukonx64 - ok
17:26:48.0340 4316 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:26:48.0568 4316 \Device\Harddisk0\DR0 - ok
17:26:48.0572 4316 Boot (0x1200) (59592703c454b085ca93d869a096cc8c) \Device\Harddisk0\DR0\Partition0
17:26:48.0573 4316 \Device\Harddisk0\DR0\Partition0 - ok
17:26:48.0577 4316 Boot (0x1200) (53393a6194e550a5f3985202a4796582) \Device\Harddisk0\DR0\Partition1
17:26:48.0578 4316 \Device\Harddisk0\DR0\Partition1 - ok
17:26:48.0580 4316 ============================================================
17:26:48.0580 4316 Scan finished
17:26:48.0580 4316 ============================================================
17:26:48.0590 0504 Detected object count: 0
17:26:48.0590 0504 Actual detected object count: 0

Nothing came up for the GMER Log. (I have a 64-bit system.)

aswMBR Log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-01 17:29:11
-----------------------------
17:29:11.839 OS Version: Windows x64 6.0.6002 Service Pack 2
17:29:11.839 Number of processors: 3 586 0x203
17:29:11.840 ComputerName: JOST-HOME UserName: Patty
17:29:14.079 Initialize success
17:31:01.710 AVAST engine defs: 12060101
17:31:57.091 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:57.093 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
17:31:57.119 Disk 0 MBR read successfully
17:31:57.121 Disk 0 MBR scan
17:31:57.126 Disk 0 Windows VISTA default MBR code
17:31:57.129 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15829 MB offset 63
17:31:57.146 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461107 MB offset 32419170
17:31:57.170 Disk 0 scanning C:\Windows\system32\drivers
17:32:08.007 Service scanning
17:32:33.680 Modules scanning
17:32:33.686 Disk 0 trace - called modules:
17:32:33.697 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:32:33.701 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800574c790]
17:32:33.706 3 CLASSPNP.SYS[fffffa6000dc5c33] -> nt!IofCallDriver -> [0xfffffa8004767520]
17:32:33.711 5 acpi.sys[fffffa6000900fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004753940]
17:32:35.621 AVAST engine scan C:\Windows
17:32:39.137 AVAST engine scan C:\Windows\system32
17:36:52.882 AVAST engine scan C:\Windows\system32\drivers
17:37:13.955 AVAST engine scan C:\Users\Patty
17:49:06.941 AVAST engine scan C:\ProgramData
17:51:31.647 Disk 0 MBR has been saved successfully to "C:\Users\Patty\Desktop\MBR.dat"
17:51:31.656 The log file has been saved successfully to "C:\Users\Patty\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-01 17:29:11
-----------------------------
17:29:11.839 OS Version: Windows x64 6.0.6002 Service Pack 2
17:29:11.839 Number of processors: 3 586 0x203
17:29:11.840 ComputerName: JOST-HOME UserName: Patty
17:29:14.079 Initialize success
17:31:01.710 AVAST engine defs: 12060101
17:31:57.091 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:57.093 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
17:31:57.119 Disk 0 MBR read successfully
17:31:57.121 Disk 0 MBR scan
17:31:57.126 Disk 0 Windows VISTA default MBR code
17:31:57.129 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15829 MB offset 63
17:31:57.146 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461107 MB offset 32419170
17:31:57.170 Disk 0 scanning C:\Windows\system32\drivers
17:32:08.007 Service scanning
17:32:33.680 Modules scanning
17:32:33.686 Disk 0 trace - called modules:
17:32:33.697 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:32:33.701 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800574c790]
17:32:33.706 3 CLASSPNP.SYS[fffffa6000dc5c33] -> nt!IofCallDriver -> [0xfffffa8004767520]
17:32:33.711 5 acpi.sys[fffffa6000900fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004753940]
17:32:35.621 AVAST engine scan C:\Windows
17:32:39.137 AVAST engine scan C:\Windows\system32
17:36:52.882 AVAST engine scan C:\Windows\system32\drivers
17:37:13.955 AVAST engine scan C:\Users\Patty
17:49:06.941 AVAST engine scan C:\ProgramData
17:51:31.647 Disk 0 MBR has been saved successfully to "C:\Users\Patty\Desktop\MBR.dat"
17:51:31.656 The log file has been saved successfully to "C:\Users\Patty\Desktop\aswMBR.txt"
17:53:07.869 Scan finished successfully
17:57:05.122 Disk 0 MBR has been saved successfully to "C:\Users\Patty\Desktop\MBR.dat"
17:57:05.138 The log file has been saved successfully to "C:\Users\Patty\Desktop\aswMBR.txt"


What next?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:00 AM

Posted 01 June 2012 - 08:55 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

Rogue killer

right click on it and select run as administrator

Now,click on HOSTS FIX option on right side

A log should get generated after the fix ,post the log here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 pfloyd1220

pfloyd1220
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 02 June 2012 - 02:32 AM

Ok, I ran through everything you advised. See below.

MBAM ran twice. Both times no threats found.

Rogue Killer:

RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Patty [Admin rights]
Mode: HOSTSFix -- Date: 06/01/2012 22:49:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt


ESET:

C:\ProgramData\7b824d\46.mof Win32/RogueAV.A trojan cleaned by deleting - quarantined

MiniToolBox:

MiniToolBox by Farbar Version: 14-01-2012
Ran by Patty (administrator) on 02-06-2012 at 00:26:36
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jost-Home
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1C-25-E6-78-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1528:2143:862f:b39d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 01, 2012 9:30:25 PM
Lease Expires . . . . . . . . . . : Saturday, June 02, 2012 9:30:24 PM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 218111013
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-C6-3B-C1-00-1C-25-E6-79-1E
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{86CAA085-9CB3-464B-AC7A-7191F10F21BF}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1828:f09:f5ff:fffc(Preferred)
Link-local IPv6 Address . . . . . : fe80::1828:f09:f5ff:fffc%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 10.0.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.166
74.125.224.167
74.125.224.168
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163
74.125.224.164
74.125.224.165



Pinging google.com [74.125.224.226] with 32 bytes of data:

Reply from 74.125.224.226: bytes=32 time=11ms TTL=52

Reply from 74.125.224.226: bytes=32 time=9ms TTL=52



Ping statistics for 74.125.224.226:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 11ms, Average = 10ms

Server: UnKnown
Address: 10.0.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=24ms TTL=49

Reply from 72.30.38.140: bytes=32 time=61ms TTL=49



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 61ms, Average = 42ms

Server: UnKnown
Address: 10.0.0.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 1c 25 e6 78 cf ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{86CAA085-9CB3-464B-AC7A-7191F10F21BF}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.3 20
10.0.0.0 255.255.255.0 On-link 10.0.0.3 276
10.0.0.3 255.255.255.255 On-link 10.0.0.3 276
10.0.0.255 255.255.255.255 On-link 10.0.0.3 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:5ef5:79fd:1828:f09:f5ff:fffc/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
10 276 fe80::1528:2143:862f:b39d/128
On-link
11 266 fe80::1828:f09:f5ff:fffc/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/02/2012 00:25:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/01/2012 10:53:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/01/2012 09:31:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2012 09:28:52 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/01/2012 01:52:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2012 00:34:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2012 00:33:32 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/01/2012 03:03:12 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2680317)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/01/2012 03:03:12 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (06/01/2012 03:03:12 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.


System errors:
=============
Error: (06/01/2012 09:31:31 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/01/2012 09:30:31 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer Epson Stylus Photo R200 (M) with shared resource name Epson Stylus Photo R200 (M). Error 2114. The printer cannot be used by others on the network.

Error: (06/01/2012 09:30:31 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer HP Photosmart C4700 series with shared resource name HP Photosmart C4700 series. Error 2114. The printer cannot be used by others on the network.

Error: (06/01/2012 09:30:31 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer HP Photosmart C4700 series (Copy 1) with shared resource name HP Photosmart C4700 series (Copy 1). Error 2114. The printer cannot be used by others on the network.

Error: (06/01/2012 09:30:31 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer HP91F759 (HP Photosmart C4700 series) with shared resource name HP91F759 (HP Photosmart C4700 series). Error 2114. The printer cannot be used by others on the network.

Error: (06/01/2012 01:53:07 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/01/2012 00:35:23 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

Error: (06/01/2012 00:34:24 PM) (Source: Service Control Manager) (User: )
Description: Avgldx64
Avgmfx64
spldr
Wanarpv6

Error: (06/01/2012 00:34:24 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (06/01/2012 00:33:45 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.1)
Apple Mobile Device Support (Version: 3.4.1.2)
ATI Catalyst Install Manager (Version: 3.0.664.0)
AVG 2011 (Version: 10.0.1424)
AVG 2011 (Version: 10.0.2425)
Bonjour (Version: 3.0.0.2)
ccc-utility64 (Version: 2008.0309.2141.36947)
CCleaner (Version: 3.11)
Google Chrome (Version: 19.0.1084.52)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
iTunes (Version: 10.4.1.10)
LWS VideoEffects (Version: 13.25.1005.0)
Marvell Miniport Driver (Version: 10.51.4.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Network64 (Version: 130.0.572.000)
Shop for HP Supplies (Version: 13.0)
Soft Data Fax Modem with SmartCP

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 3838.27 MB
Available physical RAM: 2116.43 MB
Total Pagefile: 7905.06 MB
Available Pagefile: 6116.06 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.63 MB

========================= Partitions: =====================================

1 Drive c: (Partition_1) (Fixed) (Total:450.3 GB) (Free:330.05 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:15.46 GB) (Free:7.97 GB) NTFS

========================= Users: ========================================

User accounts for \\JOST-HOME

Administrator Guest Patty


**** End of log ****


I have looked around a little on the internet and seems the pop up is gone.
Please continue to advise.
Thanks.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:00 AM

Posted 02 June 2012 - 04:43 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-us/windows-vista/Turn-System-Restore-on-or-off

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#8 pfloyd1220

pfloyd1220
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 02 June 2012 - 10:29 AM

I want to thank you once again. Also, if I could have some more of your time, I am curious how you read all the logs, meaning minus the one that removed a threat, did the other logs inform you that something was wrong or no? Where the steps used a systematic approach to locate and isolate the problem or based on the first set of logs did you decide the second course of action? I am curious to know how to begin to understand these problems. If you have the time to discuss I would appreciate it. Thank you again for all your help.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:00 AM

Posted 02 June 2012 - 10:38 AM

pfloyd1220

First step of logs was to make sure you were clean from rootkits.I already know that your hosts file was hijacked so it was easy for me to suggest you the next step :thumbup2:

Edited by narenxp, 02 June 2012 - 11:52 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users