Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"redirect" virus


  • Please log in to reply
7 replies to this topic

#1 pieceofbleeppc

pieceofbleeppc

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 07 June 2012 - 10:53 PM

Okay, so I leave my not-so pc savvy father alone with my computer for one day and come back to this...
Trying to sign into one of my online apps, I get an error message saying that it's unable to connect to server because of security, then I get a pop-up for an ad for dealing with teenage pregnancy. -_- I figure it's a fluke, though it happens again and again, then slows down to a crawl, so I restart the computer...
I tried going to that site again, same problem, so I google to see if anyone else has this issue... and EVERY result I clicked on redirected me to an ad for Halmark or a page that mcafee decided was unsafe.
I figure it's got to be some little adware thing, happens all the time - so I check task manager, you know-just to see, and there's NOTHING out of the ordinary that I can see in processes or services.
At this point, I figure I'll run a scan on my PC with mcafee - why else did I buy it? - and halfway through the scan I receive a message saying it was unable to complete scan, please contact customer support, tried twice - but they don't know anything, like - EVER... So, unable to use my computer, I use mobile google and the best results with the most similar problems all say come here. This is the most frustrating and aggressive virus I've had to deal with - luckily - as my pc still starts, but I can't do anything with it. I also looked in my hosts file - only my local IP is there, and most results said it is the atapi.sys file, but how can I fix that without a second PC to work with? Help Please!!!!

BC AdBot (Login to Remove)

 


#2 pieceofbleeppc

pieceofbleeppc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 07 June 2012 - 11:09 PM

ftr.. I am running windows vista, was running google chrome for browser... but now that I am in IE, the stupid websites are pop-ups instead of just new tabs and redirection. So in the end, it really doesn't matter what browser i use. I'm in safe mode with networking so i can post this, but still.... this "issue" seems intent on making sure I understand the ins and outs of teenage pregnancy and how important it is to send your parents birthday cards, and ooh... I won another ipod. sweet. -_-

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:21 PM

Posted 07 June 2012 - 11:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 pieceofbleeppc

pieceofbleeppc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 08 June 2012 - 04:35 PM

TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:32:51.0936 5068 ============================================================
16:32:51.0936 5068 Current date / time: 2012/06/08 16:32:51.0936
16:32:51.0936 5068 SystemInfo:
16:32:51.0936 5068
16:32:51.0936 5068 OS Version: 6.0.6000 ServicePack: 0.0
16:32:51.0936 5068 Product type: Workstation
16:32:51.0936 5068 ComputerName: RAY-PC
16:32:51.0936 5068 UserName: Ray
16:32:51.0936 5068 Windows directory: C:\Windows
16:32:51.0936 5068 System windows directory: C:\Windows
16:32:51.0936 5068 Processor architecture: Intel x86
16:32:51.0936 5068 Number of processors: 2
16:32:51.0936 5068 Page size: 0x1000
16:32:51.0936 5068 Boot type: Safe boot with network
16:32:51.0936 5068 ============================================================
16:32:54.0276 5068 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:32:54.0289 5068 ============================================================
16:32:54.0289 5068 \Device\Harddisk0\DR0:
16:32:54.0289 5068 MBR partitions:
16:32:54.0289 5068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
16:32:54.0289 5068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x1BD90800
16:32:54.0289 5068 ============================================================
16:32:54.0324 5068 C: <-> \Device\Harddisk0\DR0\Partition1
16:32:54.0346 5068 D: <-> \Device\Harddisk0\DR0\Partition0
16:32:54.0346 5068 ============================================================
16:32:54.0346 5068 Initialize success
16:32:54.0346 5068 ============================================================
16:33:04.0367 2332 ============================================================
16:33:04.0367 2332 Scan started
16:33:04.0367 2332 Mode: Manual; TDLFS;
16:33:04.0367 2332 ============================================================
16:33:06.0258 2332 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
16:33:06.0270 2332 ACPI - ok
16:33:06.0338 2332 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:33:06.0350 2332 AdobeFlashPlayerUpdateSvc - ok
16:33:06.0391 2332 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:33:06.0417 2332 adp94xx - ok
16:33:06.0461 2332 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:33:06.0466 2332 adpahci - ok
16:33:06.0491 2332 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:33:06.0499 2332 adpu160m - ok
16:33:06.0509 2332 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:33:06.0519 2332 adpu320 - ok
16:33:06.0560 2332 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:33:06.0569 2332 AeLookupSvc - ok
16:33:06.0588 2332 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
16:33:06.0602 2332 AFD - ok
16:33:06.0635 2332 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:33:06.0637 2332 agp440 - ok
16:33:06.0646 2332 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:33:06.0655 2332 aic78xx - ok
16:33:06.0667 2332 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
16:33:06.0669 2332 ALG - ok
16:33:06.0697 2332 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
16:33:06.0698 2332 aliide - ok
16:33:06.0705 2332 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:33:06.0706 2332 amdagp - ok
16:33:06.0711 2332 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
16:33:06.0713 2332 amdide - ok
16:33:06.0719 2332 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:33:06.0720 2332 AmdK7 - ok
16:33:06.0734 2332 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:33:06.0736 2332 AmdK8 - ok
16:33:06.0776 2332 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
16:33:06.0777 2332 Appinfo - ok
16:33:06.0784 2332 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:33:06.0786 2332 arc - ok
16:33:06.0806 2332 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:33:06.0808 2332 arcsas - ok
16:33:06.0821 2332 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
16:33:06.0822 2332 AsyncMac - ok
16:33:06.0844 2332 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
16:33:06.0844 2332 atapi - ok
16:33:06.0888 2332 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
16:33:06.0900 2332 AudioEndpointBuilder - ok
16:33:06.0907 2332 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
16:33:06.0910 2332 Audiosrv - ok
16:33:06.0968 2332 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
16:33:06.0969 2332 Beep - ok
16:33:07.0037 2332 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
16:33:07.0076 2332 BITS - ok
16:33:07.0080 2332 blbdrive - ok
16:33:07.0098 2332 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
16:33:07.0100 2332 bowser - ok
16:33:07.0130 2332 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:33:07.0131 2332 BrFiltLo - ok
16:33:07.0135 2332 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:33:07.0136 2332 BrFiltUp - ok
16:33:07.0161 2332 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
16:33:07.0162 2332 Browser - ok
16:33:07.0195 2332 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:33:07.0197 2332 Brserid - ok
16:33:07.0203 2332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:33:07.0205 2332 BrSerWdm - ok
16:33:07.0212 2332 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:33:07.0213 2332 BrUsbMdm - ok
16:33:07.0218 2332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:33:07.0219 2332 BrUsbSer - ok
16:33:07.0235 2332 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:33:07.0237 2332 BTHMODEM - ok
16:33:07.0266 2332 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
16:33:07.0267 2332 cdfs - ok
16:33:07.0283 2332 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
16:33:07.0285 2332 cdrom - ok
16:33:07.0328 2332 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
16:33:07.0330 2332 CertPropSvc - ok
16:33:07.0364 2332 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
16:33:07.0367 2332 cfwids - ok
16:33:07.0395 2332 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:33:07.0396 2332 circlass - ok
16:33:07.0446 2332 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
16:33:07.0454 2332 CLFS - ok
16:33:07.0511 2332 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:33:07.0515 2332 clr_optimization_v2.0.50727_32 - ok
16:33:07.0537 2332 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
16:33:07.0539 2332 cmdide - ok
16:33:07.0580 2332 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
16:33:07.0581 2332 Compbatt - ok
16:33:07.0585 2332 COMSysApp - ok
16:33:07.0606 2332 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:33:07.0608 2332 crcdisk - ok
16:33:07.0614 2332 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:33:07.0616 2332 Crusoe - ok
16:33:07.0660 2332 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
16:33:07.0668 2332 CryptSvc - ok
16:33:07.0725 2332 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
16:33:07.0754 2332 DcomLaunch - ok
16:33:07.0783 2332 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
16:33:07.0785 2332 DfsC - ok
16:33:07.0898 2332 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
16:33:07.0961 2332 DFSR - ok
16:33:08.0047 2332 Dhcp (17210d8064ec116a3fc6b5e45e577d43) C:\Windows\System32\dhcpcsvc.dll
16:33:08.0062 2332 Dhcp - ok
16:33:08.0117 2332 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
16:33:08.0119 2332 disk - ok
16:33:08.0146 2332 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
16:33:08.0153 2332 Dnscache - ok
16:33:08.0167 2332 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
16:33:08.0173 2332 dot3svc - ok
16:33:08.0200 2332 DPS (8ef243e3baf1ab4f6202edeb8890319b) C:\Windows\system32\dps.dll
16:33:08.0206 2332 DPS - ok
16:33:08.0238 2332 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
16:33:08.0239 2332 drmkaud - ok
16:33:08.0520 2332 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
16:33:08.0542 2332 DXGKrnl - ok
16:33:08.0577 2332 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
16:33:08.0592 2332 e1express - ok
16:33:08.0641 2332 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:33:08.0648 2332 E1G60 - ok
16:33:08.0675 2332 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
16:33:08.0677 2332 EapHost - ok
16:33:08.0706 2332 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
16:33:08.0712 2332 Ecache - ok
16:33:08.0767 2332 ehRecvr (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe
16:33:08.0778 2332 ehRecvr - ok
16:33:08.0810 2332 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:33:08.0816 2332 ehSched - ok
16:33:08.0837 2332 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:33:08.0838 2332 ehstart - ok
16:33:08.0872 2332 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:33:08.0884 2332 elxstor - ok
16:33:08.0928 2332 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
16:33:08.0945 2332 EMDMgmt - ok
16:33:09.0009 2332 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
16:33:09.0021 2332 EventSystem - ok
16:33:09.0050 2332 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
16:33:09.0056 2332 fastfat - ok
16:33:09.0078 2332 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:33:09.0079 2332 fdc - ok
16:33:09.0092 2332 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
16:33:09.0103 2332 fdPHost - ok
16:33:09.0120 2332 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:33:09.0122 2332 FDResPub - ok
16:33:09.0133 2332 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
16:33:09.0135 2332 FileInfo - ok
16:33:09.0170 2332 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
16:33:09.0171 2332 Filetrace - ok
16:33:09.0176 2332 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:33:09.0177 2332 flpydisk - ok
16:33:09.0210 2332 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
16:33:09.0213 2332 FltMgr - ok
16:33:09.0270 2332 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:33:09.0273 2332 FontCache3.0.0.0 - ok
16:33:09.0299 2332 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
16:33:09.0300 2332 Fs_Rec - ok
16:33:09.0321 2332 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:33:09.0323 2332 gagp30kx - ok
16:33:09.0364 2332 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
16:33:09.0380 2332 gpsvc - ok
16:33:09.0510 2332 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:33:09.0525 2332 gupdate - ok
16:33:09.0538 2332 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:33:09.0540 2332 gupdatem - ok
16:33:09.0559 2332 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:33:09.0573 2332 gusvc - ok
16:33:09.0619 2332 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:33:09.0648 2332 HdAudAddService - ok
16:33:09.0672 2332 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:33:09.0674 2332 HDAudBus - ok
16:33:09.0690 2332 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:33:09.0692 2332 HidBth - ok
16:33:09.0702 2332 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:33:09.0704 2332 HidIr - ok
16:33:09.0735 2332 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
16:33:09.0736 2332 hidserv - ok
16:33:09.0746 2332 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
16:33:09.0747 2332 HidUsb - ok
16:33:09.0778 2332 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
16:33:09.0781 2332 hkmsvc - ok
16:33:09.0811 2332 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:33:09.0813 2332 HpCISSs - ok
16:33:09.0846 2332 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
16:33:09.0856 2332 HTTP - ok
16:33:09.0862 2332 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:33:09.0863 2332 i2omp - ok
16:33:09.0922 2332 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
16:33:09.0923 2332 i8042prt - ok
16:33:09.0953 2332 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:33:09.0967 2332 iaStorV - ok
16:33:10.0172 2332 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:33:10.0198 2332 idsvc - ok
16:33:10.0335 2332 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:33:10.0391 2332 igfx - ok
16:33:10.0491 2332 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:33:10.0493 2332 iirsp - ok
16:33:10.0542 2332 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
16:33:10.0561 2332 IKEEXT - ok
16:33:10.0597 2332 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
16:33:10.0598 2332 intelide - ok
16:33:10.0630 2332 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
16:33:10.0631 2332 intelppm - ok
16:33:10.0650 2332 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
16:33:10.0653 2332 IPBusEnum - ok
16:33:10.0687 2332 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:33:10.0689 2332 IpFilterDriver - ok
16:33:10.0693 2332 IpInIp - ok
16:33:10.0729 2332 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:33:10.0731 2332 IPMIDRV - ok
16:33:10.0740 2332 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
16:33:10.0742 2332 IPNAT - ok
16:33:10.0746 2332 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
16:33:10.0748 2332 IRENUM - ok
16:33:10.0755 2332 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:33:10.0757 2332 isapnp - ok
16:33:10.0805 2332 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
16:33:10.0818 2332 iScsiPrt - ok
16:33:10.0824 2332 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:33:10.0832 2332 iteatapi - ok
16:33:10.0851 2332 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:33:10.0853 2332 iteraid - ok
16:33:10.0885 2332 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
16:33:10.0887 2332 kbdclass - ok
16:33:10.0898 2332 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
16:33:10.0899 2332 kbdhid - ok
16:33:10.0926 2332 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
16:33:10.0927 2332 KeyIso - ok
16:33:10.0957 2332 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
16:33:10.0975 2332 KSecDD - ok
16:33:11.0024 2332 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
16:33:11.0034 2332 KtmRm - ok
16:33:11.0060 2332 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
16:33:11.0091 2332 LanmanServer - ok
16:33:11.0131 2332 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
16:33:11.0154 2332 LanmanWorkstation - ok
16:33:11.0231 2332 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
16:33:11.0233 2332 lltdio - ok
16:33:11.0270 2332 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
16:33:11.0282 2332 lltdsvc - ok
16:33:11.0297 2332 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:33:11.0299 2332 lmhosts - ok
16:33:11.0318 2332 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:33:11.0320 2332 LSI_FC - ok
16:33:11.0328 2332 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:33:11.0330 2332 LSI_SAS - ok
16:33:11.0370 2332 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:33:11.0372 2332 LSI_SCSI - ok
16:33:11.0418 2332 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
16:33:11.0425 2332 luafv - ok
16:33:11.0500 2332 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:33:11.0515 2332 McAfee SiteAdvisor Service - ok
16:33:11.0520 2332 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:33:11.0522 2332 McMPFSvc - ok
16:33:11.0527 2332 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:33:11.0529 2332 mcmscsvc - ok
16:33:11.0543 2332 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:33:11.0544 2332 McNaiAnn - ok
16:33:11.0556 2332 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:33:11.0557 2332 McNASvc - ok
16:33:11.0629 2332 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
16:33:11.0640 2332 McODS - ok
16:33:11.0646 2332 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:33:11.0648 2332 McProxy - ok
16:33:11.0691 2332 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:33:11.0698 2332 McShield - ok
16:33:11.0722 2332 Mcx2Svc (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll
16:33:11.0724 2332 Mcx2Svc - ok
16:33:11.0766 2332 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:33:11.0767 2332 megasas - ok
16:33:11.0818 2332 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
16:33:11.0831 2332 mfeapfk - ok
16:33:11.0867 2332 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
16:33:11.0880 2332 mfeavfk - ok
16:33:11.0892 2332 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
16:33:11.0894 2332 mfebopk - ok
16:33:11.0922 2332 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:33:11.0928 2332 mfefire - ok
16:33:11.0949 2332 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
16:33:11.0962 2332 mfefirek - ok
16:33:11.0997 2332 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
16:33:12.0017 2332 mfehidk - ok
16:33:12.0026 2332 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:33:12.0028 2332 mfenlfk - ok
16:33:12.0045 2332 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
16:33:12.0052 2332 mferkdet - ok
16:33:12.0070 2332 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\Windows\system32\drivers\mfetdi2k.sys
16:33:12.0077 2332 mfetdi2k - ok
16:33:12.0108 2332 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
16:33:12.0114 2332 mfevtp - ok
16:33:12.0170 2332 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
16:33:12.0173 2332 MMCSS - ok
16:33:12.0191 2332 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
16:33:12.0193 2332 Modem - ok
16:33:12.0215 2332 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
16:33:12.0217 2332 monitor - ok
16:33:12.0254 2332 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
16:33:12.0256 2332 mouclass - ok
16:33:12.0268 2332 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
16:33:12.0270 2332 mouhid - ok
16:33:12.0284 2332 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
16:33:12.0286 2332 MountMgr - ok
16:33:12.0356 2332 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:33:12.0362 2332 MozillaMaintenance - ok
16:33:12.0384 2332 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:33:12.0386 2332 mpio - ok
16:33:12.0420 2332 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
16:33:12.0422 2332 mpsdrv - ok
16:33:12.0449 2332 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:33:12.0451 2332 Mraid35x - ok
16:33:12.0486 2332 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
16:33:12.0493 2332 MRxDAV - ok
16:33:12.0520 2332 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:33:12.0527 2332 mrxsmb - ok
16:33:12.0550 2332 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:33:12.0563 2332 mrxsmb10 - ok
16:33:12.0573 2332 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:33:12.0575 2332 mrxsmb20 - ok
16:33:12.0609 2332 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
16:33:12.0611 2332 msahci - ok
16:33:12.0643 2332 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:33:12.0646 2332 msdsm - ok
16:33:12.0679 2332 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
16:33:12.0686 2332 MSDTC - ok
16:33:12.0705 2332 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
16:33:12.0707 2332 Msfs - ok
16:33:12.0727 2332 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
16:33:12.0729 2332 msisadrv - ok
16:33:12.0760 2332 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
16:33:12.0766 2332 MSiSCSI - ok
16:33:12.0770 2332 msiserver - ok
16:33:12.0834 2332 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:33:12.0836 2332 MSK80Service - ok
16:33:12.0871 2332 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
16:33:12.0872 2332 MSKSSRV - ok
16:33:12.0885 2332 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
16:33:12.0886 2332 MSPCLOCK - ok
16:33:12.0892 2332 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
16:33:12.0893 2332 MSPQM - ok
16:33:12.0934 2332 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
16:33:12.0939 2332 MsRPC - ok
16:33:12.0975 2332 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
16:33:12.0977 2332 mssmbios - ok
16:33:12.0993 2332 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
16:33:13.0001 2332 MSTEE - ok
16:33:13.0031 2332 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
16:33:13.0032 2332 Mup - ok
16:33:13.0111 2332 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
16:33:13.0124 2332 napagent - ok
16:33:13.0160 2332 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
16:33:13.0166 2332 NativeWifiP - ok
16:33:13.0205 2332 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
16:33:13.0263 2332 NDIS - ok
16:33:13.0271 2332 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
16:33:13.0272 2332 NdisTapi - ok
16:33:13.0299 2332 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
16:33:13.0300 2332 Ndisuio - ok
16:33:13.0317 2332 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
16:33:13.0324 2332 NdisWan - ok
16:33:13.0347 2332 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
16:33:13.0349 2332 NDProxy - ok
16:33:13.0365 2332 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
16:33:13.0367 2332 NetBIOS - ok
16:33:13.0380 2332 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
16:33:13.0393 2332 netbt - ok
16:33:13.0441 2332 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
16:33:13.0442 2332 Netlogon - ok
16:33:13.0483 2332 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
16:33:13.0536 2332 Netman - ok
16:33:13.0554 2332 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
16:33:13.0567 2332 netprofm - ok
16:33:13.0650 2332 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:33:13.0656 2332 NetTcpPortSharing - ok
16:33:13.0691 2332 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:33:13.0692 2332 nfrd960 - ok
16:33:13.0714 2332 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
16:33:13.0728 2332 NlaSvc - ok
16:33:13.0749 2332 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
16:33:13.0751 2332 Npfs - ok
16:33:13.0764 2332 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
16:33:13.0766 2332 nsi - ok
16:33:13.0805 2332 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
16:33:13.0807 2332 nsiproxy - ok
16:33:13.0862 2332 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
16:33:13.0927 2332 Ntfs - ok
16:33:13.0942 2332 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:33:13.0944 2332 ntrigdigi - ok
16:33:13.0956 2332 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
16:33:13.0957 2332 Null - ok
16:33:13.0999 2332 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
16:33:14.0006 2332 nvraid - ok
16:33:14.0021 2332 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
16:33:14.0023 2332 nvstor - ok
16:33:14.0042 2332 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:33:14.0044 2332 nv_agp - ok
16:33:14.0049 2332 NwlnkFlt - ok
16:33:14.0055 2332 NwlnkFwd - ok
16:33:14.0084 2332 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:33:14.0092 2332 ohci1394 - ok
16:33:14.0144 2332 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:33:14.0159 2332 p2pimsvc - ok
16:33:14.0168 2332 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:33:14.0174 2332 p2psvc - ok
16:33:14.0183 2332 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:33:14.0185 2332 Parport - ok
16:33:14.0198 2332 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
16:33:14.0200 2332 partmgr - ok
16:33:14.0208 2332 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:33:14.0209 2332 Parvdm - ok
16:33:14.0249 2332 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
16:33:14.0252 2332 PcaSvc - ok
16:33:14.0267 2332 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
16:33:14.0273 2332 pci - ok
16:33:14.0299 2332 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
16:33:14.0301 2332 pciide - ok
16:33:14.0317 2332 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:33:14.0331 2332 pcmcia - ok
16:33:14.0383 2332 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:33:14.0435 2332 PEAUTH - ok
16:33:14.0531 2332 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
16:33:14.0607 2332 pla - ok
16:33:14.0649 2332 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
16:33:14.0661 2332 PlugPlay - ok
16:33:14.0696 2332 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:33:14.0702 2332 PNRPAutoReg - ok
16:33:14.0712 2332 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:33:14.0718 2332 PNRPsvc - ok
16:33:14.0759 2332 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
16:33:14.0771 2332 PolicyAgent - ok
16:33:14.0830 2332 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
16:33:14.0832 2332 PptpMiniport - ok
16:33:14.0858 2332 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:33:14.0860 2332 Processor - ok
16:33:14.0888 2332 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
16:33:14.0903 2332 ProfSvc - ok
16:33:14.0924 2332 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
16:33:14.0925 2332 ProtectedStorage - ok
16:33:14.0935 2332 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
16:33:14.0937 2332 PSched - ok
16:33:14.0989 2332 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:33:15.0050 2332 ql2300 - ok
16:33:15.0059 2332 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:33:15.0061 2332 ql40xx - ok
16:33:15.0086 2332 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
16:33:15.0098 2332 QWAVE - ok
16:33:15.0111 2332 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
16:33:15.0113 2332 QWAVEdrv - ok
16:33:15.0120 2332 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
16:33:15.0121 2332 RasAcd - ok
16:33:15.0138 2332 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
16:33:15.0145 2332 RasAuto - ok
16:33:15.0174 2332 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:33:15.0176 2332 Rasl2tp - ok
16:33:15.0204 2332 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
16:33:15.0224 2332 RasMan - ok
16:33:15.0235 2332 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
16:33:15.0236 2332 RasPppoe - ok
16:33:15.0258 2332 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
16:33:15.0270 2332 rdbss - ok
16:33:15.0336 2332 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:33:15.0337 2332 RDPCDD - ok
16:33:15.0388 2332 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:33:15.0400 2332 rdpdr - ok
16:33:15.0408 2332 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
16:33:15.0409 2332 RDPENCDD - ok
16:33:15.0443 2332 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
16:33:15.0452 2332 RDPWD - ok
16:33:15.0477 2332 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
16:33:15.0480 2332 RemoteAccess - ok
16:33:15.0505 2332 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
16:33:15.0512 2332 RemoteRegistry - ok
16:33:15.0541 2332 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:33:15.0543 2332 RpcLocator - ok
16:33:15.0591 2332 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
16:33:15.0597 2332 RpcSs - ok
16:33:15.0623 2332 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
16:33:15.0625 2332 rspndr - ok
16:33:15.0639 2332 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
16:33:15.0640 2332 SamSs - ok
16:33:15.0666 2332 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:33:15.0668 2332 sbp2port - ok
16:33:15.0698 2332 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
16:33:15.0705 2332 SCardSvr - ok
16:33:15.0746 2332 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
16:33:15.0762 2332 Schedule - ok
16:33:15.0791 2332 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
16:33:15.0792 2332 SCPolicySvc - ok
16:33:15.0807 2332 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
16:33:15.0814 2332 SDRSVC - ok
16:33:15.0853 2332 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:33:15.0855 2332 secdrv - ok
16:33:15.0876 2332 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
16:33:15.0878 2332 seclogon - ok
16:33:15.0903 2332 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
16:33:15.0905 2332 SENS - ok
16:33:15.0920 2332 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:33:15.0921 2332 Serenum - ok
16:33:15.0928 2332 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:33:15.0939 2332 Serial - ok
16:33:15.0982 2332 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
16:33:15.0984 2332 sermouse - ok
16:33:16.0025 2332 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
16:33:16.0033 2332 SessionEnv - ok
16:33:16.0039 2332 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:33:16.0040 2332 sffdisk - ok
16:33:16.0045 2332 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:33:16.0047 2332 sffp_mmc - ok
16:33:16.0053 2332 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:33:16.0054 2332 sffp_sd - ok
16:33:16.0061 2332 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:33:16.0062 2332 sfloppy - ok
16:33:16.0086 2332 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
16:33:16.0099 2332 ShellHWDetection - ok
16:33:16.0111 2332 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:33:16.0113 2332 sisagp - ok
16:33:16.0119 2332 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:33:16.0121 2332 SiSRaid2 - ok
16:33:16.0129 2332 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:33:16.0132 2332 SiSRaid4 - ok
16:33:16.0250 2332 slsvc (7610645679bb5994210d21a347e0c479) C:\Windows\system32\SLsvc.exe
16:33:16.0303 2332 slsvc - ok
16:33:16.0979 2332 SLUINotify (49670f3e42a0178a0ab425ae15d88e7c) C:\Windows\system32\SLUINotify.dll
16:33:16.0996 2332 SLUINotify - ok
16:33:17.0163 2332 Smb (f689ce1735f51f93c1d6f99bb034f6a1) C:\Windows\system32\DRIVERS\smb.sys
16:33:17.0204 2332 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: f689ce1735f51f93c1d6f99bb034f6a1, Fake md5: ac0d90738adb51a6fd12ff00874a2162
16:33:17.0205 2332 Smb ( Virus.Win32.ZAccess.k ) - infected
16:33:17.0205 2332 Smb - detected Virus.Win32.ZAccess.k (0)
16:33:17.0321 2332 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:33:17.0339 2332 SNMPTRAP - ok
16:33:17.0371 2332 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
16:33:17.0372 2332 spldr - ok
16:33:17.0573 2332 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
16:33:17.0623 2332 Spooler - ok
16:33:18.0234 2332 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
16:33:18.0335 2332 srv - ok
16:33:18.0485 2332 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
16:33:18.0544 2332 srv2 - ok
16:33:18.0610 2332 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
16:33:18.0676 2332 srvnet - ok
16:33:18.0828 2332 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
16:33:18.0888 2332 SSDPSRV - ok
16:33:20.0052 2332 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
16:33:20.0161 2332 stisvc - ok
16:33:20.0228 2332 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
16:33:20.0296 2332 swenum - ok
16:33:21.0061 2332 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
16:33:21.0110 2332 swprv - ok
16:33:21.0178 2332 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:33:21.0192 2332 Symc8xx - ok
16:33:21.0285 2332 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:33:21.0312 2332 Sym_hi - ok
16:33:21.0370 2332 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:33:21.0395 2332 Sym_u3 - ok
16:33:22.0292 2332 SysMain (c1fdff9afd8c6c905485981b41dcfb40) C:\Windows\system32\sysmain.dll
16:33:22.0409 2332 SysMain - ok
16:33:22.0517 2332 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:33:22.0586 2332 TabletInputService - ok
16:33:22.0885 2332 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
16:33:22.0958 2332 TapiSrv - ok
16:33:23.0076 2332 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
16:33:23.0141 2332 TBS - ok
16:33:24.0201 2332 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
16:33:24.0360 2332 Tcpip - ok
16:33:24.0373 2332 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
16:33:24.0379 2332 Tcpip6 - ok
16:33:24.0441 2332 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
16:33:24.0458 2332 tcpipreg - ok
16:33:24.0539 2332 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
16:33:24.0541 2332 TDPIPE - ok
16:33:24.0657 2332 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
16:33:24.0715 2332 TDTCP - ok
16:33:24.0835 2332 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
16:33:24.0897 2332 tdx - ok
16:33:25.0018 2332 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
16:33:25.0077 2332 TermDD - ok
16:33:25.0272 2332 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
16:33:25.0538 2332 TermService - ok
16:33:25.0748 2332 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
16:33:25.0751 2332 Themes - ok
16:33:25.0839 2332 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
16:33:25.0840 2332 THREADORDER - ok
16:33:25.0926 2332 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
16:33:25.0948 2332 TrkWks - ok
16:33:26.0077 2332 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
16:33:26.0107 2332 TrustedInstaller - ok
16:33:26.0190 2332 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:33:26.0208 2332 tssecsrv - ok
16:33:26.0301 2332 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
16:33:26.0351 2332 tunmp - ok
16:33:26.0401 2332 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
16:33:26.0402 2332 tunnel - ok
16:33:26.0575 2332 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:33:26.0594 2332 uagp35 - ok
16:33:26.0910 2332 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
16:33:27.0014 2332 udfs - ok
16:33:27.0353 2332 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
16:33:27.0409 2332 UI0Detect - ok
16:33:27.0479 2332 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:33:27.0501 2332 uliagpkx - ok
16:33:27.0897 2332 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:33:27.0958 2332 uliahci - ok
16:33:28.0073 2332 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:33:28.0134 2332 UlSata - ok
16:33:28.0299 2332 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:33:28.0370 2332 ulsata2 - ok
16:33:28.0450 2332 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
16:33:28.0468 2332 umbus - ok
16:33:28.0996 2332 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
16:33:29.0015 2332 upnphost - ok
16:33:29.0073 2332 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
16:33:29.0075 2332 usbccgp - ok
16:33:29.0101 2332 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:33:29.0103 2332 usbcir - ok
16:33:29.0132 2332 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
16:33:29.0134 2332 usbehci - ok
16:33:29.0164 2332 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
16:33:29.0173 2332 usbhub - ok
16:33:29.0192 2332 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:33:29.0193 2332 usbohci - ok
16:33:29.0224 2332 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
16:33:29.0225 2332 usbprint - ok
16:33:29.0255 2332 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:33:29.0257 2332 USBSTOR - ok
16:33:29.0317 2332 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
16:33:29.0318 2332 usbuhci - ok
16:33:29.0348 2332 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
16:33:29.0351 2332 UxSms - ok
16:33:29.0409 2332 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
16:33:29.0452 2332 vds - ok
16:33:29.0494 2332 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:33:29.0496 2332 vga - ok
16:33:29.0534 2332 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
16:33:29.0536 2332 VgaSave - ok
16:33:29.0552 2332 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:33:29.0554 2332 viaagp - ok
16:33:29.0568 2332 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:33:29.0570 2332 ViaC7 - ok
16:33:29.0594 2332 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
16:33:29.0596 2332 viaide - ok
16:33:29.0617 2332 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
16:33:29.0619 2332 volmgr - ok
16:33:29.0648 2332 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
16:33:29.0661 2332 volmgrx - ok
16:33:29.0675 2332 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
16:33:29.0689 2332 volsnap - ok
16:33:29.0706 2332 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:33:29.0713 2332 vsmraid - ok
16:33:29.0767 2332 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
16:33:29.0796 2332 VSS - ok
16:33:29.0833 2332 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
16:33:29.0846 2332 VSTHWBS2 - ok
16:33:29.0900 2332 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:33:29.0936 2332 VST_DPV - ok
16:33:29.0968 2332 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
16:33:29.0982 2332 W32Time - ok
16:33:30.0013 2332 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:33:30.0014 2332 WacomPen - ok
16:33:30.0030 2332 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:30.0032 2332 Wanarp - ok
16:33:30.0036 2332 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:30.0037 2332 Wanarpv6 - ok
16:33:30.0055 2332 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
16:33:30.0062 2332 wcncsvc - ok
16:33:30.0101 2332 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:33:30.0124 2332 WcsPlugInService - ok
16:33:30.0182 2332 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:33:30.0183 2332 Wd - ok
16:33:30.0239 2332 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
16:33:30.0264 2332 Wdf01000 - ok
16:33:30.0385 2332 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
16:33:30.0402 2332 WdiServiceHost - ok
16:33:30.0405 2332 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
16:33:30.0408 2332 WdiSystemHost - ok
16:33:30.0464 2332 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
16:33:30.0528 2332 WebClient - ok
16:33:30.0639 2332 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
16:33:30.0664 2332 Wecsvc - ok
16:33:30.0712 2332 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
16:33:30.0715 2332 wercplsupport - ok
16:33:30.0728 2332 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
16:33:30.0743 2332 WerSvc - ok
16:33:30.0804 2332 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:33:30.0833 2332 winachsf - ok
16:33:30.0840 2332 WinHttpAutoProxySvc - ok
16:33:30.0900 2332 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
16:33:30.0913 2332 Winmgmt - ok
16:33:30.0960 2332 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
16:33:30.0984 2332 WinRM - ok
16:33:31.0032 2332 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
16:33:31.0049 2332 Wlansvc - ok
16:33:31.0080 2332 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
16:33:31.0081 2332 WmiAcpi - ok
16:33:31.0147 2332 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
16:33:31.0159 2332 wmiApSrv - ok
16:33:31.0252 2332 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:33:31.0296 2332 WMPNetworkSvc - ok
16:33:31.0333 2332 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
16:33:31.0338 2332 WPCSvc - ok
16:33:31.0367 2332 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
16:33:31.0371 2332 WPDBusEnum - ok
16:33:31.0424 2332 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
16:33:31.0426 2332 WpdUsb - ok
16:33:31.0455 2332 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
16:33:31.0457 2332 ws2ifsl - ok
16:33:31.0462 2332 WSearch - ok
16:33:31.0597 2332 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:33:31.0676 2332 wuauserv - ok
16:33:31.0774 2332 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:33:31.0781 2332 WUDFRd - ok
16:33:31.0809 2332 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
16:33:31.0812 2332 wudfsvc - ok
16:33:31.0849 2332 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:33:32.0127 2332 \Device\Harddisk0\DR0 - ok
16:33:32.0155 2332 Boot (0x1200) (4bb061589f5e0a6168a465bf856f0d00) \Device\Harddisk0\DR0\Partition0
16:33:32.0157 2332 \Device\Harddisk0\DR0\Partition0 - ok
16:33:32.0179 2332 Boot (0x1200) (22e1d496d5a59a37ccb35d25ba87a405) \Device\Harddisk0\DR0\Partition1
16:33:32.0181 2332 \Device\Harddisk0\DR0\Partition1 - ok
16:33:32.0189 2332 ============================================================
16:33:32.0189 2332 Scan finished
16:33:32.0189 2332 ============================================================
16:33:32.0201 7120 Detected object count: 1
16:33:32.0201 7120 Actual detected object count: 1
16:34:17.0138 7120 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
16:34:17.0164 7120 C:\Windows\$NtUninstallKB31536$\1026377245\@ - copied to quarantine
16:34:17.0173 7120 C:\Windows\$NtUninstallKB31536$\1026377245\Desktop.ini - copied to quarantine
16:34:17.0185 7120 C:\Windows\$NtUninstallKB31536$\1026377245\L\00000004.@ - copied to quarantine
16:34:17.0186 7120 C:\Windows\$NtUninstallKB31536$\1026377245\L\201d3dde - copied to quarantine
16:34:17.0210 7120 C:\Windows\$NtUninstallKB31536$\1026377245\L\qnbwvoto - copied to quarantine
16:34:17.0228 7120 C:\Windows\$NtUninstallKB31536$\1026377245\U\00000004.@ - copied to quarantine
16:34:17.0252 7120 C:\Windows\$NtUninstallKB31536$\1026377245\U\00000008.@ - copied to quarantine
16:34:17.0275 7120 C:\Windows\$NtUninstallKB31536$\1026377245\U\000000cb.@ - copied to quarantine
16:34:17.0282 7120 C:\Windows\$NtUninstallKB31536$\1026377245\U\80000000.@ - copied to quarantine
16:34:17.0307 7120 C:\Windows\$NtUninstallKB31536$\1026377245\U\80000032.@ - copied to quarantine
16:34:17.0908 7120 Backup copy found, using it..
16:34:17.0933 7120 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot

#5 pieceofbleeppc

pieceofbleeppc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 08 June 2012 - 04:48 PM

Now that I've done that, I was able to re-open IE without any annoying pop-ups... installing avast now.

#6 pieceofbleeppc

pieceofbleeppc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 08 June 2012 - 05:17 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 16:41:35
-----------------------------
16:41:35.611 OS Version: Windows 6.0.6000
16:41:35.611 Number of processors: 2 586 0xF02
16:41:35.611 ComputerName: RAY-PC UserName: Ray
16:43:27.182 Initialize success
16:46:14.257 AVAST engine defs: 12060801
16:46:21.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:46:21.090 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
16:46:21.168 Disk 0 MBR read successfully
16:46:21.184 Disk 0 MBR scan
16:46:21.543 Disk 0 Windows VISTA default MBR code
16:46:21.574 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:46:21.605 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
16:46:21.636 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228129 MB offset 21069824
16:46:21.683 Disk 0 scanning sectors +488278016
16:46:22.026 Disk 0 scanning C:\Windows\system32\drivers
16:47:08.405 Service scanning
16:47:38.061 Modules scanning
16:48:06.972 Disk 0 trace - called modules:
16:48:07.004 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys
16:48:07.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84799538]
16:48:07.004 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x837518b8]
16:48:15.584 AVAST engine scan C:\Windows
16:48:30.653 AVAST engine scan C:\Windows\system32
16:52:58.053 AVAST engine scan C:\Windows\system32\drivers
16:53:19.830 AVAST engine scan C:\Users\Ray
17:01:40.278 AVAST engine scan C:\ProgramData
17:04:12.035 Scan finished successfully
17:17:08.572 Disk 0 MBR has been saved successfully to "C:\Users\Ray\Documents\MBR.dat"
17:17:08.619 The log file has been saved successfully to "C:\Users\Ray\Documents\aswMBR.txt"

#7 pieceofbleeppc

pieceofbleeppc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 08 June 2012 - 06:50 PM

C:\$Recycle.Bin\S-1-5-21-632150261-3448639573-1419184272-1000\$ROWGWQR.exe a variant of Win32/Kryptik.AGOZ trojan cleaned by deleting - quarantined\


done

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:21 PM

Posted 08 June 2012 - 07:47 PM

Restart the PC ,run TDSSkiller and post the new log


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users