Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser links redirected


  • Please log in to reply
11 replies to this topic

#1 CutchisClutch

CutchisClutch

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 17 July 2012 - 07:53 PM

I have the same issue as Wayhome http://www.bleepingcomputer.com/forums/topic460846.html and thebroken http://www.bleepingcomputer.com/forums/topic460898.html

I have downloaded and run TDSSKiller, aswMBR and ESET online scanner and the logs from each are as follows:


17:13:04.0558 3244 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
17:13:05.0328 3244 ============================================================
17:13:05.0328 3244 Current date / time: 2012/07/17 17:13:05.0328
17:13:05.0328 3244 SystemInfo:
17:13:05.0328 3244
17:13:05.0329 3244 OS Version: 6.1.7601 ServicePack: 1.0
17:13:05.0329 3244 Product type: Workstation
17:13:05.0329 3244 ComputerName: USER-PC
17:13:05.0330 3244 UserName: User
17:13:05.0330 3244 Windows directory: C:\Windows
17:13:05.0330 3244 System windows directory: C:\Windows
17:13:05.0330 3244 Running under WOW64
17:13:05.0330 3244 Processor architecture: Intel x64
17:13:05.0330 3244 Number of processors: 2
17:13:05.0330 3244 Page size: 0x1000
17:13:05.0330 3244 Boot type: Normal boot
17:13:05.0330 3244 ============================================================
17:13:10.0121 3244 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:10.0620 3244 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:13:11.0059 3244 Drive \Device\Harddisk2\DR3 - Size: 0x4A85D40600 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:13:11.0067 3244 ============================================================
17:13:11.0067 3244 \Device\Harddisk0\DR0:
17:13:11.0086 3244 MBR partitions:
17:13:11.0086 3244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:13:11.0086 3244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
17:13:11.0086 3244 \Device\Harddisk1\DR1:
17:13:11.0087 3244 MBR partitions:
17:13:11.0087 3244 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
17:13:11.0087 3244 \Device\Harddisk2\DR3:
17:13:11.0088 3244 MBR partitions:
17:13:11.0088 3244 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
17:13:11.0089 3244 ============================================================
17:13:11.0290 3244 C: <-> \Device\Harddisk0\DR0\Partition1
17:13:11.0654 3244 E: <-> \Device\Harddisk0\DR0\Partition0
17:13:11.0686 3244 F: <-> \Device\Harddisk1\DR1\Partition0
17:13:11.0768 3244 G: <-> \Device\Harddisk2\DR3\Partition0
17:13:11.0769 3244 ============================================================
17:13:11.0769 3244 Initialize success
17:13:11.0769 3244 ============================================================
17:13:41.0645 2580 ============================================================
17:13:41.0645 2580 Scan started
17:13:41.0645 2580 Mode: Manual; TDLFS;
17:13:41.0645 2580 ============================================================
17:13:44.0229 2580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:13:44.0247 2580 1394ohci - ok
17:13:44.0317 2580 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
17:13:44.0321 2580 61883 - ok
17:13:44.0524 2580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:13:44.0544 2580 ACPI - ok
17:13:44.0587 2580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:13:44.0590 2580 AcpiPmi - ok
17:13:44.0709 2580 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:13:44.0712 2580 AdobeARMservice - ok
17:13:44.0813 2580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:44.0835 2580 adp94xx - ok
17:13:44.0918 2580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:13:44.0928 2580 adpahci - ok
17:13:45.0115 2580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:13:45.0150 2580 adpu320 - ok
17:13:45.0223 2580 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:13:45.0226 2580 AeLookupSvc - ok
17:13:45.0323 2580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:13:45.0341 2580 AFD - ok
17:13:45.0398 2580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:13:45.0402 2580 agp440 - ok
17:13:45.0458 2580 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:13:45.0463 2580 ALG - ok
17:13:45.0556 2580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:13:45.0559 2580 aliide - ok
17:13:45.0690 2580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:13:45.0809 2580 amdide - ok
17:13:45.0860 2580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:13:45.0865 2580 AmdK8 - ok
17:13:45.0905 2580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:13:45.0909 2580 AmdPPM - ok
17:13:45.0976 2580 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:13:45.0980 2580 amdsata - ok
17:13:46.0050 2580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:46.0060 2580 amdsbs - ok
17:13:46.0095 2580 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:13:46.0098 2580 amdxata - ok
17:13:46.0173 2580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:13:46.0176 2580 AppID - ok
17:13:46.0381 2580 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:13:46.0385 2580 AppIDSvc - ok
17:13:46.0433 2580 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:13:46.0449 2580 Appinfo - ok
17:13:46.0568 2580 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:13:46.0574 2580 Apple Mobile Device - ok
17:13:46.0653 2580 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:13:46.0674 2580 AppMgmt - ok
17:13:46.0739 2580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:13:46.0743 2580 arc - ok
17:13:46.0785 2580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:13:46.0800 2580 arcsas - ok
17:13:46.0859 2580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:46.0862 2580 AsyncMac - ok
17:13:46.0901 2580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:13:46.0903 2580 atapi - ok
17:13:47.0048 2580 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:13:47.0073 2580 AudioEndpointBuilder - ok
17:13:47.0101 2580 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:13:47.0113 2580 AudioSrv - ok
17:13:47.0166 2580 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
17:13:47.0169 2580 Avc - ok
17:13:47.0389 2580 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:13:47.0406 2580 AxInstSV - ok
17:13:47.0522 2580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:13:47.0546 2580 b06bdrv - ok
17:13:47.0609 2580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:13:47.0624 2580 b57nd60a - ok
17:13:47.0687 2580 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:13:47.0707 2580 BDESVC - ok
17:13:47.0737 2580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:13:47.0739 2580 Beep - ok
17:13:47.0863 2580 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:13:47.0887 2580 BFE - ok
17:13:48.0125 2580 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:13:48.0182 2580 BITS - ok
17:13:48.0278 2580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:48.0283 2580 blbdrive - ok
17:13:48.0401 2580 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:13:48.0425 2580 Bonjour Service - ok
17:13:48.0623 2580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:13:48.0629 2580 bowser - ok
17:13:48.0669 2580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:48.0672 2580 BrFiltLo - ok
17:13:48.0710 2580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:48.0712 2580 BrFiltUp - ok
17:13:48.0767 2580 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:13:48.0781 2580 Browser - ok
17:13:48.0849 2580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:13:48.0862 2580 Brserid - ok
17:13:48.0905 2580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:48.0909 2580 BrSerWdm - ok
17:13:48.0961 2580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:48.0963 2580 BrUsbMdm - ok
17:13:48.0991 2580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:48.0994 2580 BrUsbSer - ok
17:13:49.0044 2580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:49.0048 2580 BTHMODEM - ok
17:13:49.0158 2580 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:13:49.0166 2580 bthserv - ok
17:13:49.0256 2580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:13:49.0272 2580 cdfs - ok
17:13:49.0355 2580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:13:49.0367 2580 cdrom - ok
17:13:49.0436 2580 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:13:49.0440 2580 CertPropSvc - ok
17:13:49.0494 2580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:13:49.0498 2580 circlass - ok
17:13:49.0580 2580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:13:49.0601 2580 CLFS - ok
17:13:49.0686 2580 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:49.0693 2580 clr_optimization_v2.0.50727_32 - ok
17:13:49.0901 2580 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:13:49.0918 2580 clr_optimization_v2.0.50727_64 - ok
17:13:50.0002 2580 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:50.0062 2580 clr_optimization_v4.0.30319_32 - ok
17:13:50.0122 2580 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:13:50.0130 2580 clr_optimization_v4.0.30319_64 - ok
17:13:50.0184 2580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:50.0187 2580 CmBatt - ok
17:13:50.0222 2580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:13:50.0224 2580 cmdide - ok
17:13:50.0300 2580 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:13:50.0325 2580 CNG - ok
17:13:50.0503 2580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:13:50.0506 2580 Compbatt - ok
17:13:50.0562 2580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:13:50.0566 2580 CompositeBus - ok
17:13:50.0594 2580 COMSysApp - ok
17:13:50.0633 2580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:50.0636 2580 crcdisk - ok
17:13:50.0728 2580 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:13:50.0735 2580 CryptSvc - ok
17:13:50.0828 2580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:13:50.0858 2580 CSC - ok
17:13:50.0972 2580 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:13:51.0008 2580 CscService - ok
17:13:51.0232 2580 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:13:51.0265 2580 DcomLaunch - ok
17:13:51.0345 2580 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:13:51.0358 2580 defragsvc - ok
17:13:51.0467 2580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:13:51.0483 2580 DfsC - ok
17:13:51.0563 2580 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:13:51.0576 2580 Dhcp - ok
17:13:51.0630 2580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:13:51.0633 2580 discache - ok
17:13:51.0687 2580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:13:51.0691 2580 Disk - ok
17:13:51.0889 2580 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:13:51.0911 2580 Dnscache - ok
17:13:51.0978 2580 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:13:51.0995 2580 dot3svc - ok
17:13:52.0064 2580 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:13:52.0077 2580 DPS - ok
17:13:52.0144 2580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:13:52.0146 2580 drmkaud - ok
17:13:52.0305 2580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:13:52.0349 2580 DXGKrnl - ok
17:13:52.0403 2580 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:13:52.0421 2580 EapHost - ok
17:13:52.0764 2580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:13:52.0967 2580 ebdrv - ok
17:13:53.0123 2580 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:13:53.0128 2580 EFS - ok
17:13:53.0252 2580 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:13:53.0276 2580 ehRecvr - ok
17:13:53.0328 2580 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:13:53.0342 2580 ehSched - ok
17:13:53.0617 2580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:13:53.0635 2580 elxstor - ok
17:13:53.0680 2580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:13:53.0683 2580 ErrDev - ok
17:13:53.0806 2580 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:13:53.0825 2580 EventSystem - ok
17:13:53.0873 2580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:13:53.0880 2580 exfat - ok
17:13:53.0940 2580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:13:53.0950 2580 fastfat - ok
17:13:54.0186 2580 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:13:54.0217 2580 Fax - ok
17:13:54.0241 2580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:13:54.0244 2580 fdc - ok
17:13:54.0302 2580 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:13:54.0306 2580 fdPHost - ok
17:13:54.0333 2580 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:13:54.0337 2580 FDResPub - ok
17:13:54.0379 2580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:13:54.0383 2580 FileInfo - ok
17:13:54.0405 2580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:13:54.0408 2580 Filetrace - ok
17:13:54.0440 2580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:13:54.0443 2580 flpydisk - ok
17:13:54.0493 2580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:13:54.0508 2580 FltMgr - ok
17:13:54.0652 2580 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:13:54.0844 2580 FontCache - ok
17:13:54.0956 2580 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:13:54.0961 2580 FontCache3.0.0.0 - ok
17:13:55.0030 2580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:13:55.0033 2580 FsDepends - ok
17:13:55.0081 2580 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:13:55.0084 2580 Fs_Rec - ok
17:13:55.0192 2580 FTSvc (bbab3700a9840be6aae122c1e3611c8f) C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
17:13:55.0194 2580 FTSvc - ok
17:13:55.0451 2580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:13:55.0481 2580 fvevol - ok
17:13:55.0528 2580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:13:55.0532 2580 gagp30kx - ok
17:13:55.0577 2580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:13:55.0581 2580 GEARAspiWDM - ok
17:13:55.0685 2580 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:13:55.0714 2580 gpsvc - ok
17:13:55.0768 2580 guardian2 (d8e84d3d614bc444fab97bc78489f067) C:\Windows\system32\Drivers\oz776x64.sys
17:13:55.0772 2580 guardian2 - ok
17:13:55.0878 2580 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:13:55.0894 2580 gupdate - ok
17:13:56.0046 2580 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:13:56.0049 2580 gupdatem - ok
17:13:56.0087 2580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:13:56.0091 2580 hcw85cir - ok
17:13:56.0169 2580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:13:56.0190 2580 HdAudAddService - ok
17:13:56.0247 2580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:13:56.0261 2580 HDAudBus - ok
17:13:56.0286 2580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:13:56.0289 2580 HidBatt - ok
17:13:56.0334 2580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:13:56.0351 2580 HidBth - ok
17:13:56.0399 2580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:13:56.0402 2580 HidIr - ok
17:13:56.0446 2580 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:13:56.0450 2580 hidserv - ok
17:13:56.0679 2580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:13:56.0683 2580 HidUsb - ok
17:13:56.0735 2580 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:13:56.0751 2580 hkmsvc - ok
17:13:56.0823 2580 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:13:56.0853 2580 HomeGroupListener - ok
17:13:56.0927 2580 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:13:56.0947 2580 HomeGroupProvider - ok
17:13:57.0016 2580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:13:57.0020 2580 HpSAMD - ok
17:13:57.0165 2580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:13:57.0188 2580 HTTP - ok
17:13:57.0364 2580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:13:57.0367 2580 hwpolicy - ok
17:13:57.0449 2580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:13:57.0465 2580 i8042prt - ok
17:13:57.0560 2580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:13:57.0576 2580 iaStorV - ok
17:13:57.0754 2580 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:13:57.0779 2580 idsvc - ok
17:13:58.0581 2580 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:13:58.0801 2580 igfx - ok
17:13:59.0040 2580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:13:59.0044 2580 iirsp - ok
17:13:59.0178 2580 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:13:59.0212 2580 IKEEXT - ok
17:13:59.0263 2580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:13:59.0266 2580 intelide - ok
17:13:59.0317 2580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:13:59.0321 2580 intelppm - ok
17:13:59.0374 2580 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:13:59.0391 2580 IPBusEnum - ok
17:13:59.0578 2580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:13:59.0583 2580 IpFilterDriver - ok
17:13:59.0685 2580 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:13:59.0712 2580 iphlpsvc - ok
17:13:59.0771 2580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:13:59.0776 2580 IPMIDRV - ok
17:13:59.0837 2580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:13:59.0852 2580 IPNAT - ok
17:14:00.0014 2580 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
17:14:00.0053 2580 iPod Service - ok
17:14:00.0210 2580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:14:00.0213 2580 IRENUM - ok
17:14:00.0241 2580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:14:00.0243 2580 isapnp - ok
17:14:00.0316 2580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:14:00.0330 2580 iScsiPrt - ok
17:14:00.0366 2580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:14:00.0369 2580 kbdclass - ok
17:14:00.0420 2580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:14:00.0423 2580 kbdhid - ok
17:14:00.0461 2580 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:00.0465 2580 KeyIso - ok
17:14:00.0500 2580 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:14:00.0517 2580 KSecDD - ok
17:14:00.0557 2580 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:14:00.0571 2580 KSecPkg - ok
17:14:00.0608 2580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:14:00.0610 2580 ksthunk - ok
17:14:00.0670 2580 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:14:00.0836 2580 KtmRm - ok
17:14:01.0003 2580 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:14:01.0041 2580 LanmanServer - ok
17:14:01.0149 2580 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:14:01.0201 2580 LanmanWorkstation - ok
17:14:01.0278 2580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:14:01.0282 2580 lltdio - ok
17:14:01.0484 2580 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:14:01.0508 2580 lltdsvc - ok
17:14:01.0554 2580 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:14:01.0558 2580 lmhosts - ok
17:14:01.0623 2580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:14:01.0638 2580 LSI_FC - ok
17:14:01.0685 2580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:14:01.0701 2580 LSI_SAS - ok
17:14:01.0747 2580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:14:01.0751 2580 LSI_SAS2 - ok
17:14:01.0787 2580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:14:01.0792 2580 LSI_SCSI - ok
17:14:01.0838 2580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:14:01.0854 2580 luafv - ok
17:14:01.0894 2580 lxbm_device - ok
17:14:01.0940 2580 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:14:01.0946 2580 Mcx2Svc - ok
17:14:02.0212 2580 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:14:02.0233 2580 MDM - ok
17:14:02.0287 2580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:14:02.0291 2580 megasas - ok
17:14:02.0353 2580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:14:02.0370 2580 MegaSR - ok
17:14:02.0425 2580 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:14:02.0431 2580 MMCSS - ok
17:14:02.0457 2580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:14:02.0461 2580 Modem - ok
17:14:02.0489 2580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:14:02.0492 2580 monitor - ok
17:14:02.0539 2580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:14:02.0542 2580 mouclass - ok
17:14:02.0583 2580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:14:02.0586 2580 mouhid - ok
17:14:02.0634 2580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:14:02.0651 2580 mountmgr - ok
17:14:02.0858 2580 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:14:02.0868 2580 MpFilter - ok
17:14:02.0932 2580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:14:02.0938 2580 mpio - ok
17:14:02.0982 2580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:14:02.0986 2580 mpsdrv - ok
17:14:03.0112 2580 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:14:03.0138 2580 MpsSvc - ok
17:14:03.0186 2580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:14:03.0200 2580 MRxDAV - ok
17:14:03.0254 2580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:03.0268 2580 mrxsmb - ok
17:14:03.0339 2580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:03.0352 2580 mrxsmb10 - ok
17:14:03.0402 2580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:03.0421 2580 mrxsmb20 - ok
17:14:03.0448 2580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:14:03.0451 2580 msahci - ok
17:14:03.0508 2580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:14:03.0522 2580 msdsm - ok
17:14:03.0707 2580 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:14:03.0723 2580 MSDTC - ok
17:14:03.0803 2580 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
17:14:03.0806 2580 MSDV - ok
17:14:03.0854 2580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:14:03.0857 2580 Msfs - ok
17:14:03.0902 2580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:14:03.0904 2580 mshidkmdf - ok
17:14:03.0959 2580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:14:03.0961 2580 msisadrv - ok
17:14:04.0022 2580 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:14:04.0033 2580 MSiSCSI - ok
17:14:04.0058 2580 msiserver - ok
17:14:04.0202 2580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:14:04.0205 2580 MSKSSRV - ok
17:14:04.0309 2580 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:14:04.0310 2580 MsMpSvc - ok
17:14:04.0361 2580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:04.0363 2580 MSPCLOCK - ok
17:14:04.0390 2580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:14:04.0392 2580 MSPQM - ok
17:14:04.0470 2580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:14:04.0490 2580 MsRPC - ok
17:14:04.0536 2580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:14:04.0539 2580 mssmbios - ok
17:14:04.0709 2580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:14:04.0711 2580 MSTEE - ok
17:14:04.0746 2580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:14:04.0748 2580 MTConfig - ok
17:14:04.0785 2580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:14:04.0788 2580 Mup - ok
17:14:04.0864 2580 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:14:04.0886 2580 napagent - ok
17:14:04.0963 2580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:14:04.0972 2580 NativeWifiP - ok
17:14:05.0143 2580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:14:05.0274 2580 NDIS - ok
17:14:05.0315 2580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:05.0319 2580 NdisCap - ok
17:14:05.0390 2580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:05.0392 2580 NdisTapi - ok
17:14:05.0458 2580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:05.0461 2580 Ndisuio - ok
17:14:05.0515 2580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:05.0528 2580 NdisWan - ok
17:14:05.0571 2580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:14:05.0574 2580 NDProxy - ok
17:14:05.0618 2580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:14:05.0621 2580 NetBIOS - ok
17:14:05.0810 2580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:14:05.0826 2580 NetBT - ok
17:14:05.0875 2580 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:05.0879 2580 Netlogon - ok
17:14:05.0966 2580 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:14:05.0979 2580 Netman - ok
17:14:06.0051 2580 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:14:06.0075 2580 netprofm - ok
17:14:06.0196 2580 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:14:06.0214 2580 NetTcpPortSharing - ok
17:14:07.0049 2580 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:14:07.0217 2580 netw5v64 - ok
17:14:07.0534 2580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:14:07.0538 2580 nfrd960 - ok
17:14:07.0588 2580 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:14:07.0591 2580 NisDrv - ok
17:14:07.0716 2580 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:14:07.0735 2580 NisSrv - ok
17:14:07.0817 2580 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:14:07.0831 2580 NlaSvc - ok
17:14:07.0867 2580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:14:07.0870 2580 Npfs - ok
17:14:07.0914 2580 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:14:07.0919 2580 nsi - ok
17:14:07.0961 2580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:14:07.0964 2580 nsiproxy - ok
17:14:08.0161 2580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:14:08.0349 2580 Ntfs - ok
17:14:08.0481 2580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:14:08.0483 2580 Null - ok
17:14:08.0534 2580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:14:08.0548 2580 nvraid - ok
17:14:08.0598 2580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:14:08.0610 2580 nvstor - ok
17:14:08.0654 2580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:14:08.0670 2580 nv_agp - ok
17:14:08.0848 2580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:14:08.0852 2580 ohci1394 - ok
17:14:08.0960 2580 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:08.0964 2580 ose - ok
17:14:09.0070 2580 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:14:09.0085 2580 p2pimsvc - ok
17:14:09.0153 2580 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:14:09.0168 2580 p2psvc - ok
17:14:09.0218 2580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:14:09.0225 2580 Parport - ok
17:14:09.0394 2580 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:14:09.0398 2580 partmgr - ok
17:14:09.0454 2580 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:14:09.0477 2580 PcaSvc - ok
17:14:09.0539 2580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:14:09.0548 2580 pci - ok
17:14:09.0590 2580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:14:09.0592 2580 pciide - ok
17:14:09.0646 2580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:14:09.0666 2580 pcmcia - ok
17:14:09.0709 2580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:14:09.0712 2580 pcw - ok
17:14:09.0865 2580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:14:09.0911 2580 PEAUTH - ok
17:14:10.0093 2580 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:14:10.0156 2580 PeerDistSvc - ok
17:14:10.0512 2580 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:14:10.0517 2580 PerfHost - ok
17:14:10.0820 2580 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:14:10.0991 2580 pla - ok
17:14:11.0096 2580 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:14:11.0115 2580 PlugPlay - ok
17:14:11.0153 2580 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:14:11.0160 2580 PNRPAutoReg - ok
17:14:11.0220 2580 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:14:11.0243 2580 PNRPsvc - ok
17:14:11.0323 2580 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:14:11.0348 2580 PolicyAgent - ok
17:14:11.0418 2580 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:14:11.0548 2580 Power - ok
17:14:11.0642 2580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:14:11.0656 2580 PptpMiniport - ok
17:14:11.0705 2580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:14:11.0710 2580 Processor - ok
17:14:11.0780 2580 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:14:11.0789 2580 ProfSvc - ok
17:14:11.0827 2580 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:11.0831 2580 ProtectedStorage - ok
17:14:11.0905 2580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:14:11.0919 2580 Psched - ok
17:14:12.0154 2580 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:14:12.0166 2580 PSI_SVC_2 - ok
17:14:12.0363 2580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:14:12.0415 2580 ql2300 - ok
17:14:12.0569 2580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:14:12.0583 2580 ql40xx - ok
17:14:12.0650 2580 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:14:12.0661 2580 QWAVE - ok
17:14:12.0688 2580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:14:12.0693 2580 QWAVEdrv - ok
17:14:12.0819 2580 RadioRage_4jService (622fcf264119f7df127be353f796b319) C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe
17:14:12.0821 2580 RadioRage_4jService - ok
17:14:12.0862 2580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:14:12.0865 2580 RasAcd - ok
17:14:13.0045 2580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:13.0048 2580 RasAgileVpn - ok
17:14:13.0103 2580 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:14:13.0119 2580 RasAuto - ok
17:14:13.0179 2580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:13.0194 2580 Rasl2tp - ok
17:14:13.0260 2580 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:14:13.0289 2580 RasMan - ok
17:14:13.0331 2580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:13.0347 2580 RasPppoe - ok
17:14:13.0388 2580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:14:13.0392 2580 RasSstp - ok
17:14:13.0446 2580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:14:13.0459 2580 rdbss - ok
17:14:13.0490 2580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:13.0493 2580 rdpbus - ok
17:14:13.0659 2580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:13.0661 2580 RDPCDD - ok
17:14:13.0739 2580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:14:13.0751 2580 RDPDR - ok
17:14:13.0787 2580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:14:13.0789 2580 RDPENCDD - ok
17:14:13.0835 2580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:14:13.0838 2580 RDPREFMP - ok
17:14:13.0900 2580 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:14:13.0909 2580 RDPWD - ok
17:14:13.0968 2580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:14:13.0978 2580 rdyboost - ok
17:14:14.0021 2580 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:14:14.0039 2580 RemoteAccess - ok
17:14:14.0227 2580 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:14:14.0240 2580 RemoteRegistry - ok
17:14:14.0274 2580 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:14:14.0294 2580 RpcEptMapper - ok
17:14:14.0332 2580 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:14:14.0336 2580 RpcLocator - ok
17:14:14.0424 2580 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:14:14.0436 2580 RpcSs - ok
17:14:14.0488 2580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:14:14.0491 2580 rspndr - ok
17:14:14.0531 2580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:14:14.0534 2580 s3cap - ok
17:14:14.0575 2580 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:14.0580 2580 SamSs - ok
17:14:14.0622 2580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:14:14.0628 2580 sbp2port - ok
17:14:14.0808 2580 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:14:14.0817 2580 SCardSvr - ok
17:14:14.0859 2580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:14:14.0862 2580 scfilter - ok
17:14:15.0002 2580 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:14:15.0054 2580 Schedule - ok
17:14:15.0115 2580 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:14:15.0118 2580 SCPolicySvc - ok
17:14:15.0170 2580 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:14:15.0192 2580 SDRSVC - ok
17:14:15.0395 2580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:14:15.0395 2580 secdrv - ok
17:14:15.0426 2580 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:14:15.0426 2580 seclogon - ok
17:14:15.0488 2580 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:14:15.0488 2580 SENS - ok
17:14:15.0519 2580 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:14:15.0535 2580 SensrSvc - ok
17:14:15.0582 2580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:14:15.0582 2580 Serenum - ok
17:14:15.0629 2580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:14:15.0629 2580 Serial - ok
17:14:15.0675 2580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:14:15.0675 2580 sermouse - ok
17:14:15.0753 2580 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:14:15.0769 2580 SessionEnv - ok
17:14:15.0948 2580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:14:15.0950 2580 sffdisk - ok
17:14:15.0976 2580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:14:15.0979 2580 sffp_mmc - ok
17:14:16.0010 2580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:14:16.0012 2580 sffp_sd - ok
17:14:16.0058 2580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:14:16.0061 2580 sfloppy - ok
17:14:16.0139 2580 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:14:16.0159 2580 SharedAccess - ok
17:14:16.0239 2580 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:14:16.0261 2580 ShellHWDetection - ok
17:14:16.0295 2580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:14:16.0299 2580 SiSRaid2 - ok
17:14:16.0329 2580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:14:16.0334 2580 SiSRaid4 - ok
17:14:16.0388 2580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:14:16.0392 2580 Smb - ok
17:14:16.0557 2580 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:14:16.0563 2580 SNMPTRAP - ok
17:14:16.0588 2580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:14:16.0591 2580 spldr - ok
17:14:16.0671 2580 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:14:16.0699 2580 Spooler - ok
17:14:17.0234 2580 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:14:17.0328 2580 sppsvc - ok
17:14:17.0488 2580 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:14:17.0495 2580 sppuinotify - ok
17:14:17.0592 2580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:14:17.0624 2580 srv - ok
17:14:17.0691 2580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:14:17.0707 2580 srv2 - ok
17:14:17.0779 2580 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:14:17.0794 2580 SrvHsfHDA - ok
17:14:18.0065 2580 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:14:18.0108 2580 SrvHsfV92 - ok
17:14:18.0313 2580 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:14:18.0336 2580 SrvHsfWinac - ok
17:14:18.0491 2580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:14:18.0507 2580 srvnet - ok
17:14:18.0585 2580 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:14:18.0601 2580 SSDPSRV - ok
17:14:18.0647 2580 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:14:18.0663 2580 SstpSvc - ok
17:14:18.0710 2580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:14:18.0725 2580 stexstor - ok
17:14:18.0819 2580 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:14:18.0850 2580 stisvc - ok
17:14:19.0022 2580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:14:19.0022 2580 storflt - ok
17:14:19.0085 2580 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:14:19.0093 2580 StorSvc - ok
17:14:19.0178 2580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:14:19.0181 2580 storvsc - ok
17:14:19.0249 2580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:14:19.0252 2580 swenum - ok
17:14:19.0400 2580 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:14:19.0426 2580 swprv - ok
17:14:19.0744 2580 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:14:19.0794 2580 SysMain - ok
17:14:19.0945 2580 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:14:20.0006 2580 TabletInputService - ok
17:14:20.0076 2580 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:14:20.0107 2580 TapiSrv - ok
17:14:20.0154 2580 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:14:20.0154 2580 TBS - ok
17:14:20.0388 2580 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:14:20.0451 2580 Tcpip - ok
17:14:20.0785 2580 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:14:20.0826 2580 TCPIP6 - ok
17:14:20.0972 2580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:14:20.0976 2580 tcpipreg - ok
17:14:21.0038 2580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:14:21.0041 2580 TDPIPE - ok
17:14:21.0092 2580 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:14:21.0096 2580 TDTCP - ok
17:14:21.0276 2580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:14:21.0291 2580 tdx - ok
17:14:21.0353 2580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:14:21.0356 2580 TermDD - ok
17:14:21.0483 2580 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:14:21.0512 2580 TermService - ok
17:14:21.0555 2580 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:14:21.0562 2580 Themes - ok
17:14:21.0603 2580 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:14:21.0603 2580 THREADORDER - ok
17:14:21.0790 2580 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
17:14:21.0805 2580 Tpkd - ok
17:14:21.0852 2580 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:14:21.0868 2580 TrkWks - ok
17:14:21.0946 2580 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:14:21.0961 2580 TrustedInstaller - ok
17:14:22.0024 2580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:22.0024 2580 tssecsrv - ok
17:14:22.0086 2580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:14:22.0086 2580 TsUsbFlt - ok
17:14:22.0164 2580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:14:22.0168 2580 tunnel - ok
17:14:22.0220 2580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:14:22.0224 2580 uagp35 - ok
17:14:22.0278 2580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:14:22.0291 2580 udfs - ok
17:14:22.0357 2580 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:14:22.0367 2580 UI0Detect - ok
17:14:22.0531 2580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:14:22.0535 2580 uliagpkx - ok
17:14:22.0600 2580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:14:22.0604 2580 umbus - ok
17:14:22.0637 2580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:14:22.0640 2580 UmPass - ok
17:14:22.0704 2580 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:14:22.0724 2580 UmRdpService - ok
17:14:22.0799 2580 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:14:22.0813 2580 upnphost - ok
17:14:22.0868 2580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:22.0884 2580 usbccgp - ok
17:14:23.0088 2580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:14:23.0102 2580 usbcir - ok
17:14:23.0142 2580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:14:23.0142 2580 usbehci - ok
17:14:23.0204 2580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:14:23.0235 2580 usbhub - ok
17:14:23.0282 2580 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:14:23.0282 2580 usbohci - ok
17:14:23.0329 2580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:14:23.0329 2580 usbprint - ok
17:14:23.0391 2580 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:14:23.0391 2580 usbscan - ok
17:14:23.0583 2580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:23.0587 2580 USBSTOR - ok
17:14:23.0630 2580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:14:23.0633 2580 usbuhci - ok
17:14:23.0675 2580 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:14:23.0681 2580 UxSms - ok
17:14:23.0724 2580 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:23.0728 2580 VaultSvc - ok
17:14:23.0790 2580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:14:23.0803 2580 vdrvroot - ok
17:14:23.0903 2580 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:14:23.0930 2580 vds - ok
17:14:24.0099 2580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:24.0103 2580 vga - ok
17:14:24.0123 2580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:14:24.0126 2580 VgaSave - ok
17:14:24.0179 2580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:14:24.0200 2580 vhdmp - ok
17:14:24.0264 2580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:14:24.0267 2580 viaide - ok
17:14:24.0331 2580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:14:24.0342 2580 vmbus - ok
17:14:24.0398 2580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:14:24.0401 2580 VMBusHID - ok
17:14:24.0433 2580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:14:24.0437 2580 volmgr - ok
17:14:24.0666 2580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:14:24.0685 2580 volmgrx - ok
17:14:24.0778 2580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:14:24.0794 2580 volsnap - ok
17:14:24.0856 2580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:24.0872 2580 vsmraid - ok
17:14:25.0106 2580 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:14:25.0200 2580 VSS - ok
17:14:25.0372 2580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:14:25.0375 2580 vwifibus - ok
17:14:25.0461 2580 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:14:25.0481 2580 W32Time - ok
17:14:25.0529 2580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:14:25.0532 2580 WacomPen - ok
17:14:25.0754 2580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:14:25.0759 2580 WANARP - ok
17:14:25.0784 2580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:14:25.0786 2580 Wanarpv6 - ok
17:14:25.0976 2580 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:14:26.0034 2580 WatAdminSvc - ok
17:14:26.0363 2580 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:14:26.0410 2580 wbengine - ok
17:14:26.0564 2580 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:14:26.0584 2580 WbioSrvc - ok
17:14:26.0668 2580 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:14:26.0688 2580 wcncsvc - ok
17:14:26.0722 2580 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:14:26.0730 2580 WcsPlugInService - ok
17:14:26.0778 2580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:14:26.0781 2580 Wd - ok
17:14:26.0878 2580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:14:26.0904 2580 Wdf01000 - ok
17:14:27.0081 2580 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:14:27.0090 2580 WdiServiceHost - ok
17:14:27.0112 2580 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:14:27.0119 2580 WdiSystemHost - ok
17:14:27.0192 2580 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:14:27.0220 2580 WebClient - ok
17:14:27.0281 2580 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:14:27.0299 2580 Wecsvc - ok
17:14:27.0348 2580 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:14:27.0366 2580 wercplsupport - ok
17:14:27.0419 2580 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:14:27.0437 2580 WerSvc - ok
17:14:27.0648 2580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:27.0651 2580 WfpLwf - ok
17:14:27.0682 2580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:14:27.0684 2580 WIMMount - ok
17:14:27.0727 2580 WinDefend - ok
17:14:27.0751 2580 WinHttpAutoProxySvc - ok
17:14:27.0833 2580 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:14:27.0849 2580 Winmgmt - ok
17:14:28.0145 2580 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:14:28.0207 2580 WinRM - ok
17:14:28.0380 2580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.sys
17:14:28.0383 2580 WinUsb - ok
17:14:28.0520 2580 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:14:28.0660 2580 Wlansvc - ok
17:14:28.0989 2580 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:14:29.0054 2580 wlidsvc - ok
17:14:29.0269 2580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:14:29.0271 2580 WmiAcpi - ok
17:14:29.0355 2580 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:14:29.0371 2580 wmiApSrv - ok
17:14:29.0433 2580 WMPNetworkSvc - ok
17:14:29.0480 2580 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:14:29.0496 2580 WPCSvc - ok
17:14:29.0558 2580 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:14:29.0721 2580 WPDBusEnum - ok
17:14:29.0767 2580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:14:29.0771 2580 ws2ifsl - ok
17:14:29.0810 2580 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:14:29.0827 2580 wscsvc - ok
17:14:29.0850 2580 WSearch - ok
17:14:30.0130 2580 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:14:30.0290 2580 wuauserv - ok
17:14:30.0456 2580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:14:30.0473 2580 WudfPf - ok
17:14:30.0509 2580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:30.0521 2580 WUDFRd - ok
17:14:30.0556 2580 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:14:30.0574 2580 wudfsvc - ok
17:14:30.0634 2580 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:14:30.0652 2580 WwanSvc - ok
17:14:30.0858 2580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:14:31.0251 2580 \Device\Harddisk0\DR0 - ok
17:14:31.0257 2580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:14:32.0071 2580 \Device\Harddisk1\DR1 - ok
17:14:32.0120 2580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3
17:14:32.0279 2580 \Device\Harddisk2\DR3 - ok
17:14:32.0311 2580 Boot (0x1200) (eb8fe3624a9ad8f869bf0aeb283b4c34) \Device\Harddisk0\DR0\Partition0
17:14:32.0314 2580 \Device\Harddisk0\DR0\Partition0 - ok
17:14:32.0336 2580 Boot (0x1200) (00f711ce5b2a8569855dd4ec055af3a9) \Device\Harddisk0\DR0\Partition1
17:14:32.0338 2580 \Device\Harddisk0\DR0\Partition1 - ok
17:14:32.0349 2580 Boot (0x1200) (0e15eec240465d5d25a85be59d852371) \Device\Harddisk1\DR1\Partition0
17:14:32.0352 2580 \Device\Harddisk1\DR1\Partition0 - ok
17:14:32.0362 2580 Boot (0x1200) (5d6ea86c0de304542be9374f6de4fedb) \Device\Harddisk2\DR3\Partition0
17:14:32.0366 2580 \Device\Harddisk2\DR3\Partition0 - ok
17:14:32.0370 2580 ============================================================
17:14:32.0371 2580 Scan finished
17:14:32.0371 2580 ============================================================
17:14:32.0392 0968 Detected object count: 0
17:14:32.0392 0968 Actual detected object count: 0
17:15:02.0809 3736 Deinitialize success

___________________________________________________________________________________________________________________

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 17:15:36
-----------------------------
17:15:36.920 OS Version: Windows x64 6.1.7601 Service Pack 1
17:15:36.920 Number of processors: 2 586 0xF0B
17:15:36.921 ComputerName: USER-PC UserName: User
17:15:38.700 Initialize success
17:16:28.428 AVAST engine defs: 12071701
17:16:34.895 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:16:34.899 Disk 0 Vendor: WDC_WD1200BEVS-75UST0 01.01A01 Size: 114473MB BusType: 11
17:16:34.912 Disk 0 MBR read successfully
17:16:34.916 Disk 0 MBR scan
17:16:35.185 Disk 0 Windows 7 default MBR code
17:16:35.195 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:16:35.365 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
17:16:35.582 Disk 0 scanning C:\Windows\system32\drivers
17:17:10.292 Service scanning
17:18:30.670 Modules scanning
17:18:30.706 Disk 0 trace - called modules:
17:18:30.786 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:18:30.805 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800294e740]
17:18:31.233 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa80027f8060]
17:18:33.464 AVAST engine scan C:\Windows
17:18:39.635 AVAST engine scan C:\Windows\system32
17:28:32.966 AVAST engine scan C:\Windows\system32\drivers
17:29:12.104 AVAST engine scan C:\Users\User
17:45:26.599 AVAST engine scan C:\ProgramData
17:48:28.320 Scan finished successfully
18:01:47.965 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
18:01:47.971 The log file has been saved successfully to "C:\aswMBR.txt"

____________________________________________________________________________________________________________________________


C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jPlugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Users\User\AppData\Local\Temp\ICReinstall\cnet2_hamsterfreevideoconverter_shareware_others_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\User\AppData\LocalLow\RadioRage_4jEI\Installr\Cache\2AC8B0B9.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\User\Downloads\cnet2_hamsterfreevideoconverter_shareware_others_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\User\Downloads\instacodecs.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\User\Downloads\openofficesuite-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined
F:\334532s\Documents and Settings\skerr\My Documents\SEK\Applications\MorpheusPhotoMorpher-310.exe multiple threats cleaned by deleting - quarantined
F:\334532s\Documents and Settings\skerr\My Documents\SEK\Applications\Morpheus\MorpheusPhotoMorpher-310.exe multiple threats cleaned by deleting - quarantined
F:\SEK\Applications\MorpheusPhotoMorpher-310.exe multiple threats cleaned by deleting - quarantined
F:\SEK\Applications\Driverguide\setup_18701.exe Win32/Toolbar.Zugo application deleted - quarantined
F:\SEK\Applications\Driverguide\setup_87753.exe Win32/Toolbar.Zugo application deleted - quarantined
F:\SEK\Applications\Morpheus\MorpheusPhotoMorpher-310.exe multiple threats cleaned by deleting - quarantined



Thank you for your help.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 PM

Posted 17 July 2012 - 08:28 PM

Welcome aboard Posted Image

Which browser is affected?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 CutchisClutch

CutchisClutch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 17 July 2012 - 09:30 PM

Both Google Chrome and IE9 are affected.


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 32
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````


*************************************************

Farbar Service Scanner Version: 08-07-2012
Ran by User (administrator) on 17-07-2012 at 22:19:20
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

*****************************************************



MiniToolBox by Farbar Version: 15-07-2012
Ran by User (administrator) on 17-07-2012 at 22:20:58
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost


**********************************************************************************

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

7/17/2012 10:24:24 PM
mbam-log-2012-07-17 (22-29-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212246
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe (PUP.MyWebSearch) -> 2852 -> No action taken.

Memory Modules Detected: 1
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 11
HKLM\SYSTEM\CurrentControlSet\Services\RadioRage_4jService (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{48909954-14fb-4971-a7b3-47e7af10b38a} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{5848763c-2668-44ca-adbe-2999a6ee2858} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RadioRage_4j Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9} (PUP.MyWebSearch) -> Data: -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (PUP.MyWebSearch) -> No action taken.

(end)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 PM

Posted 17 July 2012 - 09:41 PM

MiniToolbox log is incomplete.
Redo.

MBAM log says "No action taken".
Re-run, fix all issues and post new log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 CutchisClutch

CutchisClutch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 17 July 2012 - 10:00 PM

Reran MiniToolbox, log is exactly the same but this time I scrolled down and found that there were many blank lines in the middle of the log. Sorry I did not notice that before.


MiniToolBox by Farbar Version: 15-07-2012
Ran by User (administrator) on 17-07-2012 at 22:48:04
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

*********************************************
[THERE WERE MANY BLANK LINES HERE]
*********************************************

93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : User-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-1C-23-37-8F-CA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a13b:4904:3d26:bd0f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 17, 2012 10:35:04 PM
Lease Expires . . . . . . . . . . : Wednesday, July 18, 2012 10:35:04 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 268442659
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A1-93-FB-00-1C-23-37-8F-CA
DNS Servers . . . . . . . . . . . : 192.168.1.1
71.252.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1C-BF-36-77-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28d9:3a0a:52b4:7d6a(Preferred)
Link-local IPv6 Address . . . . . : fe80::28d9:3a0a:52b4:7d6a%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:802::1000
74.125.228.67
74.125.228.66
74.125.228.72
74.125.228.73
74.125.228.64
74.125.228.70
74.125.228.71
74.125.228.65
74.125.228.68
74.125.228.69
74.125.228.78


Pinging google.com [74.125.228.66] with 32 bytes of data:
Reply from 74.125.228.66: bytes=32 time=15ms TTL=54
Reply from 74.125.228.66: bytes=32 time=16ms TTL=54

Ping statistics for 74.125.228.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=63ms TTL=55
Reply from 209.191.122.70: bytes=32 time=59ms TTL=55

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 63ms, Average = 61ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
11...00 1c 23 37 8f ca ......Broadcom NetXtreme 57xx Gigabit Controller
10...00 1c bf 36 77 29 ......Intel® PRO/Wireless 3945ABG Network Connection
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:28d9:3a0a:52b4:7d6a/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::28d9:3a0a:52b4:7d6a/128
On-link
11 276 fe80::a13b:4904:3d26:bd0f/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/17/2012 09:55:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16427

Error: (07/17/2012 09:55:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16427

Error: (07/17/2012 09:55:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2012 09:55:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15429

Error: (07/17/2012 09:55:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15429

Error: (07/17/2012 09:55:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2012 09:55:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14430

Error: (07/17/2012 09:55:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14430

Error: (07/17/2012 09:55:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2012 09:55:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13416


System errors:
=============
Error: (07/17/2012 00:17:02 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (07/17/2012 11:16:51 AM) (Source: BugCheck) (User: )
Description: 0x0000000a (0xfffffa80221ae010, 0x0000000000000002, 0x0000000000000001, 0xfffff80002b413a6)C:\Windows\MEMORY.DMP071712-22479-01

Error: (07/17/2012 11:16:50 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:14:26 AM on ?7/?17/?2012 was unexpected.

Error: (07/17/2012 10:50:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %25

Error Code: 0x8050800c

Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Signature version: 1.129.1744.0;1.129.1744.0

Engine version: %600

Error: (07/17/2012 10:50:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x8050a004

Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Signature version: 1.129.1744.0;1.129.1744.0

Engine version: %600

Error: (07/17/2012 10:50:31 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (07/17/2012 10:50:09 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 engine has been terminated due to an unexpected error.

Failure Type: %%830

Exception code: 0xc0000005

Resource: file:C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Python Libraries\Lib\lib2to3\tests\test_refactor.py

Error: (07/17/2012 06:02:13 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/17/2012 06:02:13 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/17/2012 06:02:12 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (07/17/2012 09:55:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16427

Error: (07/17/2012 09:55:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16427

Error: (07/17/2012 09:55:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2012 09:55:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15429

Error: (07/17/2012 09:55:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15429

Error: (07/17/2012 09:55:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2012 09:55:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14430

Error: (07/17/2012 09:55:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14430

Error: (07/17/2012 09:55:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2012 09:55:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13416


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Amazon Kindle
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Auto-Tune EFX RTAS (Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
Boris Graffiti for Corel (Version: 5.30.600)
CCleaner (Version: 3.08)
Common (Version: 14.1.0.126)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Contents (Version: 14.1.0.126)
Corel PaintShop Pro X4 (Version: 14.0.0.332)
Corel PaintShop Pro X4 (Version: 14.2.0.1)
Corel PaintShop Pro X4 Ultimate Bonus Pack
Corel PaintShop Pro X4 Ultimate Bonus Pack (Version: 1.00.0000)
Corel VideoStudio Pro X4 Ultimate (Version: 14.2.0.23)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.2.0)
D3DX10 (Version: 15.4.2368.0902)
DeviceIO (Version: 14.1.0.126)
DivX Setup (Version: 2.5.0.15)
DVD Decrypter (Remove Only)
ESET Online Scanner v3
Fantapper Player (Version: 2.0.3)
Fantapper Updater (Version: 2.0.1)
Genie Backup Assistant (Version: 8.0.364.534)
Google Chrome (Version: 20.0.1132.57)
Google Earth (Version: 6.0.2.2074)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
Hamster Free Video Converter (Version: 2.0.1.26)
ICA (Version: 14.0.0.332)
ICA (Version: 14.1.0.126)
ImgBurn (Version: 2.5.5.0)
InstaCodecs (Version: 1.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Interlok driver setup x64 (Version: 5.8.13)
IPM_PSP_COM (Version: 14.0.0.332)
IPM_VS_Pro (Version: 13.0)
ISCOM (Version: 14.1.0.126)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 26 (64-bit) (Version: 6.0.260)
Java™ 6 Update 32 (Version: 6.0.320)
Lexmark 4200 Series
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MySQL Connector/ODBC 3.51 (Version: 3.51.12)
OpenOffice.org 3.1 (Version: 3.1.9399)
Playfin (Version: 1.0)
proDAD Mercalli 2.0 (Version: 2.0.92)
PSPPContent (Version: 14.0.0.332)
PSPPHelp (Version: 14.0.0.332)
PSPPro64 (Version: 14.0.0.332)
PureHD (Version: 14.1.0.126)
QuickTime (Version: 7.71.80.42)
RadioRage
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Setup (Version: 14.0.0.332)
Setup (Version: 14.1.0.126)
Share (Version: 14.1.0.126)
Share64 (Version: 14.1.0.126)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
TSSS v5 (Version: 5.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VIO (Version: 14.1.0.126)
VSClassic (Version: 14.1.0.126)
VSUltimate (Version: 14.1.0.126)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
YouTube Downloader 3.1

========================= Devices: ================================

Name: Color A8 Scanner
Description: Color A8 Scanner
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Product
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2037.97 MB
Available physical RAM: 1126.86 MB
Total Pagefile: 4075.95 MB
Available Pagefile: 2656.87 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:3.42 GB) NTFS
3 Drive e: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
4 Drive f: (LaCie) (Fixed) (Total:298.09 GB) (Free:2.07 GB) NTFS
5 Drive g: (Hitachi) (Fixed) (Total:298.09 GB) (Free:227.45 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator Guest User


**** End of log ****

****************************************************************************


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

7/17/2012 10:49:02 PM
mbam-log-2012-07-17 (22-49-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211399
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe (PUP.MyWebSearch) -> 812 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 11
HKLM\SYSTEM\CurrentControlSet\Services\RadioRage_4jService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{48909954-14fb-4971-a7b3-47e7af10b38a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5848763c-2668-44ca-adbe-2999a6ee2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RadioRage_4j Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 PM

Posted 17 July 2012 - 10:18 PM

Ahhh, we have hijacked "hosts" file.

Restart computer in Safe Mode.
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.
Delete hosts file.
NOTE. If you can't delete "hosts" file (access denied) take ownership of "ETC" folder first and then try again: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/

Restart in normal mode.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

Re-run MiniToolbox.

Checkmark following boxes:
  • List content of Hosts
Click Go and post the result.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 CutchisClutch

CutchisClutch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 17 July 2012 - 10:50 PM

There were two hosts files in ETC, a txt file and a system file and I deleted them both.

Here is the log of MiniToolBox, I'm pretty sure this is all of it.


MiniToolBox by Farbar Version: 15-07-2012
Ran by User (administrator) on 17-07-2012 at 23:49:13
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 PM

Posted 17 July 2012 - 10:52 PM

How is redirection now?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 CutchisClutch

CutchisClutch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 17 July 2012 - 10:57 PM

I went to http://www.smartestcomputing.us.com and navigated through several pages without incident and the creepy little ads in the bottom right hand of the screen have not reappeared. I've also opened IE9 and gone through several searches and one news site that I always have issues with and so far, so good.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 PM

Posted 17 July 2012 - 11:00 PM

Cool :)

Couple more checks....

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 CutchisClutch

CutchisClutch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 18 July 2012 - 01:21 PM

TFC did not ask me to restart the computer and ESET Online scanner did not detect any threats and no log was generated.

I'm hoping that I am clean for now.

When I downloaded Malwarebytes anti malware software I enabled the trial version. Do you have any recommendations on this software?

Also, I assume that it is safe to have all of my computer-specific details posted here on the internet for anyone to see. Anything else that I should do, other than restarting my security software? Update Adobe Reader or Java?

Thanks for you help with this. My donation will be forthcoming and it is worth every penny.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 PM

Posted 18 July 2012 - 04:57 PM

MBAM is an excellent program and I strongly suggest you keep it.

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/04/27/download-the-latest-adobe-flash-for-firefox-and-ie-without-any-extras/

============================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users