Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect when clicking on Google search results


  • Please log in to reply
22 replies to this topic

#1 acptbleeping

acptbleeping

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 23 July 2012 - 03:58 PM

I am running Windows 7 Pro (32 bit) and recently noticed my google search results are redirecting. I have active VIPRE antivirus with the latest virus defintions.

When clicking on google search results, I am randomly being taken to sites such as newsfudge.com, sortfly.com. This is completly random and doesn't happen with every google search.

Below are some of things I have done so far:

Ran Windows Update and made sure all critcal updates were installed
Ran deep scan with VIPRE - nothing found
Ran Malwarebytes (also ran this in safemode) -nothing found
Ran TDSKiller - nothing found
Used Ccleaner to remove all temp files and to check Registry for invalid entries
Removed IE9 from system (currently running IE8) - Getting same google redirects with IE8
Checked Host file - no invalid entries found
Released IP, flushed DNS, Renewed IP

I am assuming the random google redirects are associated with some kind of new hard to detect rootkit and was hopeing someone with rootkit experience could offer some suggestions on how to find and remove the rootkit.

Any help would be extremly appreciated.

Thank you.

Edited by Orange Blossom, 23 July 2012 - 04:05 PM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Eric Bennett

Eric Bennett

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Granby, MA (United States)
  • Local time:08:53 AM

Posted 23 July 2012 - 07:03 PM

Please download and run ESET Sysinspector. Then, create a snapshot by:

1.)Start up the application.
2.)Once loaded, press CTRL+G.
3.)Save file as (*.zip).
4.)Upload here.
5.)Paste link to file here.

Regards,
Eric Bennett
(ebthepcguy)

Edited by Orange Blossom, 08 August 2012 - 09:36 AM.

Eric Bennett (ebthepcguy) | Helping People One Post At A Time | YouTube Twitter Facebook Email me | Forum Rules Homepage | My Profile


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:53 AM

Posted 24 July 2012 - 01:11 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 acptbleeping

acptbleeping
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 24 July 2012 - 07:15 AM

I did select the TDLFS file system option when I ran TDSKiller prior to my post here. I had also ran the ESET online scanner although that wasn't listed in my initial post. I will run all of these again and post the results today. Thank you.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:53 AM

Posted 24 July 2012 - 07:21 AM

:thumbup2:

#6 acptbleeping

acptbleeping
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 24 July 2012 - 09:00 AM

Results of TDSSKILLER

08:21:02.0665 5668 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:21:03.0070 5668 ============================================================
08:21:03.0070 5668 Current date / time: 2012/07/24 08:21:03.0070
08:21:03.0070 5668 SystemInfo:
08:21:03.0070 5668
08:21:03.0070 5668 OS Version: 6.1.7601 ServicePack: 1.0
08:21:03.0070 5668 Product type: Workstation
08:21:03.0070 5668 ComputerName: removed
08:21:03.0070 5668 UserName: removed
08:21:03.0070 5668 Windows directory: C:\Windows
08:21:03.0070 5668 System windows directory: C:\Windows
08:21:03.0070 5668 Processor architecture: Intel x86
08:21:03.0070 5668 Number of processors: 2
08:21:03.0070 5668 Page size: 0x1000
08:21:03.0070 5668 Boot type: Normal boot
08:21:03.0070 5668 ============================================================
08:21:04.0068 5668 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:21:04.0099 5668 ============================================================
08:21:04.0099 5668 \Device\Harddisk0\DR0:
08:21:04.0099 5668 MBR partitions:
08:21:04.0099 5668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
08:21:04.0099 5668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
08:21:04.0099 5668 ============================================================
08:21:04.0146 5668 C: <-> \Device\Harddisk0\DR0\Partition1
08:21:04.0146 5668 ============================================================
08:21:04.0146 5668 Initialize success
08:21:04.0146 5668 ============================================================
08:21:18.0663 5832 ============================================================
08:21:18.0663 5832 Scan started
08:21:18.0663 5832 Mode: Manual; TDLFS;
08:21:18.0663 5832 ============================================================
08:21:20.0035 5832 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:21:20.0035 5832 1394ohci - ok
08:21:20.0082 5832 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:21:20.0082 5832 ACPI - ok
08:21:20.0097 5832 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:21:20.0097 5832 AcpiPmi - ok
08:21:20.0144 5832 ADIHdAudAddService (9e5ae3da1956a7825cc5869be3350a96) C:\Windows\system32\drivers\ADIHdAud.sys
08:21:20.0144 5832 ADIHdAudAddService - ok
08:21:20.0222 5832 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:21:20.0238 5832 AdobeFlashPlayerUpdateSvc - ok
08:21:20.0269 5832 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:21:20.0269 5832 adp94xx - ok
08:21:20.0300 5832 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:21:20.0300 5832 adpahci - ok
08:21:20.0316 5832 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:21:20.0316 5832 adpu320 - ok
08:21:20.0347 5832 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
08:21:20.0347 5832 AeLookupSvc - ok
08:21:20.0394 5832 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:21:20.0394 5832 AFD - ok
08:21:20.0425 5832 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:21:20.0425 5832 agp440 - ok
08:21:20.0440 5832 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:21:20.0456 5832 aic78xx - ok
08:21:20.0472 5832 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
08:21:20.0472 5832 ALG - ok
08:21:20.0487 5832 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:21:20.0487 5832 aliide - ok
08:21:20.0518 5832 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:21:20.0518 5832 amdagp - ok
08:21:20.0518 5832 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:21:20.0534 5832 amdide - ok
08:21:20.0534 5832 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:21:20.0534 5832 AmdK8 - ok
08:21:20.0549 5832 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:21:20.0549 5832 AmdPPM - ok
08:21:20.0581 5832 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:21:20.0581 5832 amdsata - ok
08:21:20.0596 5832 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:21:20.0596 5832 amdsbs - ok
08:21:20.0612 5832 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:21:20.0612 5832 amdxata - ok
08:21:20.0643 5832 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:21:20.0643 5832 AppID - ok
08:21:20.0659 5832 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
08:21:20.0659 5832 AppIDSvc - ok
08:21:20.0690 5832 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
08:21:20.0690 5832 Appinfo - ok
08:21:20.0721 5832 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
08:21:20.0721 5832 AppMgmt - ok
08:21:20.0737 5832 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:21:20.0737 5832 arc - ok
08:21:20.0737 5832 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:21:20.0737 5832 arcsas - ok
08:21:20.0752 5832 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:21:20.0752 5832 AsyncMac - ok
08:21:20.0768 5832 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:21:20.0768 5832 atapi - ok
08:21:20.0830 5832 atashost (cc3728b64c161b814c1f642a76f63a35) C:\Windows\system32\atashost.exe
08:21:20.0830 5832 atashost - ok
08:21:20.0877 5832 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:21:20.0877 5832 AudioEndpointBuilder - ok
08:21:20.0877 5832 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:21:20.0877 5832 Audiosrv - ok
08:21:20.0908 5832 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
08:21:20.0908 5832 AxInstSV - ok
08:21:20.0939 5832 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:21:20.0939 5832 b06bdrv - ok
08:21:20.0970 5832 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:21:20.0970 5832 b57nd60x - ok
08:21:21.0002 5832 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
08:21:21.0002 5832 BDESVC - ok
08:21:21.0017 5832 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:21:21.0017 5832 Beep - ok
08:21:21.0079 5832 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
08:21:21.0079 5832 BFE - ok
08:21:21.0126 5832 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
08:21:21.0126 5832 BITS - ok
08:21:21.0142 5832 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:21:21.0142 5832 blbdrive - ok
08:21:21.0173 5832 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
08:21:21.0173 5832 Blfp - ok
08:21:21.0204 5832 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:21:21.0204 5832 bowser - ok
08:21:21.0204 5832 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:21:21.0204 5832 BrFiltLo - ok
08:21:21.0220 5832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:21:21.0220 5832 BrFiltUp - ok
08:21:21.0251 5832 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
08:21:21.0267 5832 BridgeMP - ok
08:21:21.0298 5832 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
08:21:21.0298 5832 Browser - ok
08:21:21.0313 5832 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:21:21.0313 5832 Brserid - ok
08:21:21.0329 5832 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:21:21.0329 5832 BrSerWdm - ok
08:21:21.0344 5832 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:21:21.0344 5832 BrUsbMdm - ok
08:21:21.0360 5832 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:21:21.0360 5832 BrUsbSer - ok
08:21:21.0376 5832 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:21:21.0376 5832 BTHMODEM - ok
08:21:21.0407 5832 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
08:21:21.0407 5832 bthserv - ok
08:21:21.0422 5832 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:21:21.0422 5832 cdfs - ok
08:21:21.0469 5832 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:21:21.0469 5832 cdrom - ok
08:21:21.0500 5832 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:21:21.0500 5832 CertPropSvc - ok
08:21:21.0516 5832 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:21:21.0516 5832 circlass - ok
08:21:21.0547 5832 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:21:21.0547 5832 CLFS - ok
08:21:21.0594 5832 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:21:21.0594 5832 clr_optimization_v2.0.50727_32 - ok
08:21:21.0656 5832 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:21:21.0687 5832 clr_optimization_v4.0.30319_32 - ok
08:21:21.0703 5832 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:21:21.0703 5832 CmBatt - ok
08:21:21.0734 5832 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:21:21.0734 5832 cmdide - ok
08:21:21.0906 5832 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
08:21:21.0906 5832 CNG - ok
08:21:21.0921 5832 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:21:21.0921 5832 Compbatt - ok
08:21:21.0968 5832 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:21:21.0968 5832 CompositeBus - ok
08:21:21.0968 5832 COMSysApp - ok
08:21:21.0984 5832 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:21:21.0984 5832 crcdisk - ok
08:21:22.0030 5832 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
08:21:22.0030 5832 CryptSvc - ok
08:21:22.0062 5832 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:21:22.0062 5832 CSC - ok
08:21:22.0108 5832 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
08:21:22.0108 5832 CscService - ok
08:21:22.0171 5832 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
08:21:22.0171 5832 ctxusbm - ok
08:21:22.0202 5832 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:21:22.0202 5832 DcomLaunch - ok
08:21:22.0233 5832 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
08:21:22.0233 5832 defragsvc - ok
08:21:22.0264 5832 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:21:22.0264 5832 DfsC - ok
08:21:22.0295 5832 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
08:21:22.0311 5832 Dhcp - ok
08:21:22.0311 5832 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:21:22.0311 5832 discache - ok
08:21:22.0342 5832 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:21:22.0342 5832 Disk - ok
08:21:22.0373 5832 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
08:21:22.0373 5832 Dnscache - ok
08:21:22.0420 5832 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
08:21:22.0420 5832 dot3svc - ok
08:21:22.0467 5832 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
08:21:22.0467 5832 Dot4 - ok
08:21:22.0514 5832 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:21:22.0514 5832 Dot4Print - ok
08:21:22.0545 5832 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
08:21:22.0545 5832 dot4usb - ok
08:21:22.0576 5832 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
08:21:22.0576 5832 DPS - ok
08:21:22.0607 5832 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:21:22.0607 5832 drmkaud - ok
08:21:22.0669 5832 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:21:22.0669 5832 DXGKrnl - ok
08:21:22.0685 5832 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
08:21:22.0701 5832 EapHost - ok
08:21:22.0841 5832 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:21:22.0856 5832 ebdrv - ok
08:21:22.0950 5832 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
08:21:22.0950 5832 EFS - ok
08:21:23.0012 5832 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
08:21:23.0028 5832 ehRecvr - ok
08:21:23.0044 5832 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
08:21:23.0044 5832 ehSched - ok
08:21:23.0090 5832 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:21:23.0090 5832 elxstor - ok
08:21:23.0106 5832 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:21:23.0121 5832 ErrDev - ok
08:21:23.0153 5832 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
08:21:23.0153 5832 EventSystem - ok
08:21:23.0184 5832 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:21:23.0184 5832 exfat - ok
08:21:23.0199 5832 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:21:23.0199 5832 fastfat - ok
08:21:23.0262 5832 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
08:21:23.0262 5832 Fax - ok
08:21:23.0277 5832 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:21:23.0277 5832 fdc - ok
08:21:23.0293 5832 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
08:21:23.0293 5832 fdPHost - ok
08:21:23.0309 5832 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
08:21:23.0309 5832 FDResPub - ok
08:21:23.0309 5832 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:21:23.0309 5832 FileInfo - ok
08:21:23.0324 5832 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:21:23.0324 5832 Filetrace - ok
08:21:23.0340 5832 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:21:23.0340 5832 flpydisk - ok
08:21:23.0355 5832 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:21:23.0355 5832 FltMgr - ok
08:21:23.0418 5832 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
08:21:23.0418 5832 FontCache - ok
08:21:23.0496 5832 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:21:23.0496 5832 FontCache3.0.0.0 - ok
08:21:23.0511 5832 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:21:23.0511 5832 FsDepends - ok
08:21:23.0527 5832 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
08:21:23.0542 5832 Fs_Rec - ok
08:21:23.0558 5832 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:21:23.0558 5832 fvevol - ok
08:21:23.0574 5832 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:21:23.0574 5832 gagp30kx - ok
08:21:23.0620 5832 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
08:21:23.0620 5832 gpsvc - ok
08:21:23.0636 5832 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:21:23.0636 5832 hcw85cir - ok
08:21:23.0667 5832 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:21:23.0667 5832 HDAudBus - ok
08:21:23.0683 5832 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:21:23.0683 5832 HidBatt - ok
08:21:23.0698 5832 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:21:23.0698 5832 HidBth - ok
08:21:23.0714 5832 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:21:23.0714 5832 HidIr - ok
08:21:23.0745 5832 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
08:21:23.0745 5832 hidserv - ok
08:21:23.0761 5832 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:21:23.0776 5832 HidUsb - ok
08:21:23.0807 5832 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
08:21:23.0807 5832 hkmsvc - ok
08:21:23.0839 5832 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
08:21:23.0839 5832 HomeGroupListener - ok
08:21:23.0885 5832 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
08:21:23.0885 5832 HomeGroupProvider - ok
08:21:23.0916 5832 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:21:23.0916 5832 HpSAMD - ok
08:21:24.0057 5832 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:21:24.0072 5832 HPSLPSVC - ok
08:21:24.0119 5832 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:21:24.0119 5832 HTTP - ok
08:21:24.0135 5832 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:21:24.0150 5832 hwpolicy - ok
08:21:24.0181 5832 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:21:24.0181 5832 i8042prt - ok
08:21:24.0244 5832 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:21:24.0244 5832 iaStorV - ok
08:21:24.0322 5832 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:21:24.0337 5832 idsvc - ok
08:21:24.0540 5832 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:21:24.0571 5832 igfx - ok
08:21:24.0649 5832 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:21:24.0649 5832 iirsp - ok
08:21:24.0711 5832 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
08:21:24.0711 5832 IKEEXT - ok
08:21:24.0758 5832 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:21:24.0758 5832 intelide - ok
08:21:24.0774 5832 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:21:24.0774 5832 intelppm - ok
08:21:24.0805 5832 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
08:21:24.0805 5832 IPBusEnum - ok
08:21:24.0821 5832 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:21:24.0821 5832 IpFilterDriver - ok
08:21:24.0867 5832 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
08:21:24.0867 5832 iphlpsvc - ok
08:21:24.0899 5832 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:21:24.0899 5832 IPMIDRV - ok
08:21:24.0930 5832 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:21:24.0930 5832 IPNAT - ok
08:21:24.0945 5832 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:21:24.0945 5832 IRENUM - ok
08:21:24.0961 5832 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:21:24.0961 5832 isapnp - ok
08:21:24.0992 5832 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:21:25.0008 5832 iScsiPrt - ok
08:21:25.0023 5832 k57nd60x (62632763d9b2b7f92d2968d40406e7aa) C:\Windows\system32\DRIVERS\k57nd60x.sys
08:21:25.0039 5832 k57nd60x - ok
08:21:25.0054 5832 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:21:25.0054 5832 kbdclass - ok
08:21:25.0101 5832 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
08:21:25.0101 5832 kbdhid - ok
08:21:25.0117 5832 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:21:25.0132 5832 KeyIso - ok
08:21:25.0163 5832 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
08:21:25.0163 5832 KSecDD - ok
08:21:25.0195 5832 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
08:21:25.0195 5832 KSecPkg - ok
08:21:25.0226 5832 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
08:21:25.0226 5832 KtmRm - ok
08:21:25.0257 5832 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
08:21:25.0273 5832 LanmanServer - ok
08:21:25.0288 5832 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
08:21:25.0304 5832 LanmanWorkstation - ok
08:21:25.0319 5832 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:21:25.0319 5832 lltdio - ok
08:21:25.0351 5832 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
08:21:25.0351 5832 lltdsvc - ok
08:21:25.0366 5832 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
08:21:25.0366 5832 lmhosts - ok
08:21:25.0475 5832 LMIGuardianSvc (63daf163d1617dd611bd0ab8e41a43e8) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:21:25.0491 5832 LMIGuardianSvc - ok
08:21:25.0506 5832 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
08:21:25.0506 5832 LMIInfo - ok
08:21:25.0522 5832 LMIMaint (175f50f37eeaa1d4d744bcccbb7cf68c) C:\Program Files\LogMeIn\x86\RaMaint.exe
08:21:25.0522 5832 LMIMaint - ok
08:21:25.0553 5832 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
08:21:25.0553 5832 lmimirr - ok
08:21:25.0584 5832 LMIRfsClientNP - ok
08:21:25.0600 5832 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:21:25.0600 5832 LMIRfsDriver - ok
08:21:25.0631 5832 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:21:25.0631 5832 LogMeIn - ok
08:21:25.0662 5832 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:21:25.0662 5832 LSI_FC - ok
08:21:25.0678 5832 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:21:25.0678 5832 LSI_SAS - ok
08:21:25.0693 5832 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:21:25.0693 5832 LSI_SAS2 - ok
08:21:25.0709 5832 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:21:25.0709 5832 LSI_SCSI - ok
08:21:25.0725 5832 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:21:25.0725 5832 luafv - ok
08:21:25.0771 5832 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
08:21:25.0771 5832 Mcx2Svc - ok
08:21:25.0771 5832 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:21:25.0771 5832 megasas - ok
08:21:25.0803 5832 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:21:25.0803 5832 MegaSR - ok
08:21:25.0834 5832 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\Windows\system32\drivers\MfeRKDK.sys
08:21:25.0834 5832 MfeRKDK - ok
08:21:25.0865 5832 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\Windows\system32\drivers\mfetdik.sys
08:21:25.0865 5832 mfetdik - ok
08:21:25.0927 5832 Microsoft SharePoint Workspace Audit Service - ok
08:21:25.0943 5832 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:21:25.0943 5832 MMCSS - ok
08:21:25.0958 5832 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:21:25.0958 5832 Modem - ok
08:21:25.0990 5832 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:21:25.0990 5832 monitor - ok
08:21:26.0005 5832 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:21:26.0005 5832 mouclass - ok
08:21:26.0036 5832 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:21:26.0036 5832 mouhid - ok
08:21:26.0068 5832 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:21:26.0068 5832 mountmgr - ok
08:21:26.0114 5832 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:21:26.0114 5832 mpio - ok
08:21:26.0114 5832 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:21:26.0114 5832 mpsdrv - ok
08:21:26.0177 5832 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
08:21:26.0177 5832 MpsSvc - ok
08:21:26.0208 5832 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:21:26.0208 5832 MRxDAV - ok
08:21:26.0239 5832 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:21:26.0255 5832 mrxsmb - ok
08:21:26.0270 5832 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:21:26.0270 5832 mrxsmb10 - ok
08:21:26.0301 5832 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:21:26.0301 5832 mrxsmb20 - ok
08:21:26.0317 5832 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:21:26.0317 5832 msahci - ok
08:21:26.0348 5832 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:21:26.0348 5832 msdsm - ok
08:21:26.0364 5832 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
08:21:26.0364 5832 MSDTC - ok
08:21:26.0395 5832 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:21:26.0395 5832 Msfs - ok
08:21:26.0411 5832 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:21:26.0411 5832 mshidkmdf - ok
08:21:26.0442 5832 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:21:26.0442 5832 msisadrv - ok
08:21:26.0473 5832 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
08:21:26.0473 5832 MSiSCSI - ok
08:21:26.0473 5832 msiserver - ok
08:21:26.0504 5832 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:21:26.0504 5832 MSKSSRV - ok
08:21:26.0520 5832 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:21:26.0520 5832 MSPCLOCK - ok
08:21:26.0535 5832 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:21:26.0535 5832 MSPQM - ok
08:21:26.0551 5832 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:21:26.0551 5832 MsRPC - ok
08:21:26.0566 5832 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:21:26.0566 5832 mssmbios - ok
08:21:26.0582 5832 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:21:26.0582 5832 MSTEE - ok
08:21:26.0598 5832 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:21:26.0598 5832 MTConfig - ok
08:21:26.0613 5832 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:21:26.0613 5832 Mup - ok
08:21:26.0644 5832 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
08:21:26.0644 5832 napagent - ok
08:21:26.0676 5832 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:21:26.0676 5832 NativeWifiP - ok
08:21:26.0738 5832 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:21:26.0738 5832 NDIS - ok
08:21:26.0769 5832 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:21:26.0769 5832 NdisCap - ok
08:21:26.0785 5832 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:21:26.0785 5832 NdisTapi - ok
08:21:26.0816 5832 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:21:26.0816 5832 Ndisuio - ok
08:21:26.0831 5832 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:21:26.0831 5832 NdisWan - ok
08:21:26.0863 5832 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:21:26.0878 5832 NDProxy - ok
08:21:26.0878 5832 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:21:26.0878 5832 NetBIOS - ok
08:21:26.0941 5832 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:21:26.0941 5832 NetBT - ok
08:21:26.0956 5832 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:21:26.0972 5832 Netlogon - ok
08:21:27.0003 5832 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
08:21:27.0018 5832 Netman - ok
08:21:27.0034 5832 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
08:21:27.0034 5832 netprofm - ok
08:21:27.0112 5832 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:21:27.0112 5832 NetTcpPortSharing - ok
08:21:27.0128 5832 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:21:27.0128 5832 nfrd960 - ok
08:21:27.0174 5832 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
08:21:27.0174 5832 NlaSvc - ok
08:21:27.0190 5832 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:21:27.0190 5832 Npfs - ok
08:21:27.0206 5832 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
08:21:27.0206 5832 nsi - ok
08:21:27.0206 5832 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:21:27.0206 5832 nsiproxy - ok
08:21:27.0299 5832 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:21:27.0299 5832 Ntfs - ok
08:21:27.0315 5832 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:21:27.0315 5832 Null - ok
08:21:27.0346 5832 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:21:27.0346 5832 nvraid - ok
08:21:27.0393 5832 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:21:27.0393 5832 nvstor - ok
08:21:27.0393 5832 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:21:27.0408 5832 nv_agp - ok
08:21:27.0424 5832 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:21:27.0424 5832 ohci1394 - ok
08:21:27.0517 5832 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:21:27.0533 5832 ose - ok
08:21:27.0751 5832 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:21:27.0782 5832 osppsvc - ok
08:21:27.0845 5832 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:21:27.0845 5832 p2pimsvc - ok
08:21:27.0876 5832 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
08:21:27.0891 5832 p2psvc - ok
08:21:27.0954 5832 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS
08:21:27.0954 5832 PAC207 - ok
08:21:27.0985 5832 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:21:27.0985 5832 Parport - ok
08:21:28.0016 5832 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
08:21:28.0016 5832 partmgr - ok
08:21:28.0032 5832 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:21:28.0032 5832 Parvdm - ok
08:21:28.0047 5832 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
08:21:28.0047 5832 PcaSvc - ok
08:21:28.0078 5832 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:21:28.0094 5832 pci - ok
08:21:28.0094 5832 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:21:28.0094 5832 pciide - ok
08:21:28.0125 5832 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:21:28.0125 5832 pcmcia - ok
08:21:28.0141 5832 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:21:28.0141 5832 pcw - ok
08:21:28.0172 5832 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:21:28.0188 5832 PEAUTH - ok
08:21:28.0234 5832 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
08:21:28.0250 5832 PeerDistSvc - ok
08:21:28.0343 5832 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
08:21:28.0359 5832 pla - ok
08:21:28.0453 5832 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
08:21:28.0453 5832 PlugPlay - ok
08:21:28.0484 5832 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
08:21:28.0484 5832 PNRPAutoReg - ok
08:21:28.0499 5832 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:21:28.0515 5832 PNRPsvc - ok
08:21:28.0530 5832 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
08:21:28.0530 5832 PolicyAgent - ok
08:21:28.0577 5832 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
08:21:28.0577 5832 Power - ok
08:21:28.0624 5832 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:21:28.0624 5832 PptpMiniport - ok
08:21:28.0640 5832 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:21:28.0640 5832 Processor - ok
08:21:28.0671 5832 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
08:21:28.0671 5832 ProfSvc - ok
08:21:28.0702 5832 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:21:28.0702 5832 ProtectedStorage - ok
08:21:28.0733 5832 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:21:28.0733 5832 Psched - ok
08:21:28.0764 5832 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
08:21:28.0764 5832 PxHelp20 - ok
08:21:28.0842 5832 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:21:28.0842 5832 ql2300 - ok
08:21:28.0920 5832 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:21:28.0920 5832 ql40xx - ok
08:21:28.0951 5832 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
08:21:28.0951 5832 QWAVE - ok
08:21:28.0983 5832 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:21:28.0983 5832 QWAVEdrv - ok
08:21:28.0998 5832 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:21:28.0998 5832 RasAcd - ok
08:21:29.0014 5832 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:21:29.0014 5832 RasAgileVpn - ok
08:21:29.0045 5832 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
08:21:29.0045 5832 RasAuto - ok
08:21:29.0060 5832 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:21:29.0060 5832 Rasl2tp - ok
08:21:29.0107 5832 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
08:21:29.0107 5832 RasMan - ok
08:21:29.0123 5832 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:21:29.0123 5832 RasPppoe - ok
08:21:29.0123 5832 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:21:29.0123 5832 RasSstp - ok
08:21:29.0154 5832 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:21:29.0154 5832 rdbss - ok
08:21:29.0170 5832 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:21:29.0170 5832 rdpbus - ok
08:21:29.0201 5832 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:21:29.0201 5832 RDPCDD - ok
08:21:29.0216 5832 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:21:29.0216 5832 RDPDR - ok
08:21:29.0232 5832 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:21:29.0232 5832 RDPENCDD - ok
08:21:29.0248 5832 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:21:29.0248 5832 RDPREFMP - ok
08:21:29.0279 5832 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
08:21:29.0279 5832 RDPWD - ok
08:21:29.0310 5832 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:21:29.0325 5832 rdyboost - ok
08:21:29.0341 5832 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
08:21:29.0341 5832 RemoteAccess - ok
08:21:29.0357 5832 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
08:21:29.0357 5832 RemoteRegistry - ok
08:21:29.0388 5832 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
08:21:29.0388 5832 RpcEptMapper - ok
08:21:29.0403 5832 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
08:21:29.0403 5832 RpcLocator - ok
08:21:29.0450 5832 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:21:29.0450 5832 RpcSs - ok
08:21:29.0466 5832 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:21:29.0466 5832 rspndr - ok
08:21:29.0497 5832 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:21:29.0497 5832 s3cap - ok
08:21:29.0559 5832 Sage Medical Manager Installer - ok
08:21:29.0590 5832 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:21:29.0590 5832 SamSs - ok
08:21:29.0778 5832 SBAMSvc (77dbda1401ff941962bb133125ee22c7) C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
08:21:29.0793 5832 SBAMSvc - ok
08:21:29.0871 5832 sbapifs (cc5dd5bc0d6168a8bbb30d9388285ce5) C:\Windows\system32\DRIVERS\sbapifs.sys
08:21:29.0871 5832 sbapifs - ok
08:21:29.0933 5832 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:21:29.0933 5832 sbp2port - ok
08:21:29.0965 5832 SBPIMSvc (f2d18d2bd968f949c812472afad8c55a) C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
08:21:29.0965 5832 SBPIMSvc - ok
08:21:30.0011 5832 SBRE (d09961c0d2b452745575c7d0511bf3da) C:\Windows\system32\drivers\SBREdrv.sys
08:21:30.0011 5832 SBRE - ok
08:21:30.0043 5832 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
08:21:30.0043 5832 SbTis - ok
08:21:30.0074 5832 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
08:21:30.0074 5832 SCardSvr - ok
08:21:30.0105 5832 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:21:30.0105 5832 scfilter - ok
08:21:30.0152 5832 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
08:21:30.0167 5832 Schedule - ok
08:21:30.0198 5832 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:21:30.0198 5832 SCPolicySvc - ok
08:21:30.0230 5832 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
08:21:30.0230 5832 SDRSVC - ok
08:21:30.0261 5832 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:21:30.0261 5832 secdrv - ok
08:21:30.0261 5832 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
08:21:30.0276 5832 seclogon - ok
08:21:30.0292 5832 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
08:21:30.0292 5832 SENS - ok
08:21:30.0308 5832 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
08:21:30.0308 5832 SensrSvc - ok
08:21:30.0339 5832 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:21:30.0339 5832 Serenum - ok
08:21:30.0354 5832 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:21:30.0354 5832 Serial - ok
08:21:30.0385 5832 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:21:30.0385 5832 sermouse - ok
08:21:30.0417 5832 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
08:21:30.0417 5832 SessionEnv - ok
08:21:30.0448 5832 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:21:30.0448 5832 sffdisk - ok
08:21:30.0463 5832 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:21:30.0463 5832 sffp_mmc - ok
08:21:30.0463 5832 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:21:30.0463 5832 sffp_sd - ok
08:21:30.0479 5832 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:21:30.0479 5832 sfloppy - ok
08:21:30.0510 5832 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
08:21:30.0526 5832 SharedAccess - ok
08:21:30.0557 5832 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
08:21:30.0572 5832 ShellHWDetection - ok
08:21:30.0588 5832 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:21:30.0588 5832 sisagp - ok
08:21:30.0619 5832 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:21:30.0619 5832 SiSRaid2 - ok
08:21:30.0619 5832 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:21:30.0635 5832 SiSRaid4 - ok
08:21:30.0650 5832 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:21:30.0650 5832 Smb - ok
08:21:30.0682 5832 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
08:21:30.0697 5832 SNMPTRAP - ok
08:21:30.0744 5832 SoC PC-Camera Service (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\pfc027.sys
08:21:30.0744 5832 SoC PC-Camera Service - ok
08:21:30.0760 5832 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:21:30.0760 5832 spldr - ok
08:21:30.0806 5832 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
08:21:30.0806 5832 Spooler - ok
08:21:30.0978 5832 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
08:21:30.0993 5832 sppsvc - ok
08:21:31.0087 5832 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
08:21:31.0087 5832 sppuinotify - ok
08:21:31.0134 5832 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:21:31.0134 5832 srv - ok
08:21:31.0149 5832 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:21:31.0149 5832 srv2 - ok
08:21:31.0180 5832 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:21:31.0180 5832 srvnet - ok
08:21:31.0212 5832 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
08:21:31.0212 5832 SSDPSRV - ok
08:21:31.0227 5832 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
08:21:31.0227 5832 SstpSvc - ok
08:21:31.0243 5832 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:21:31.0243 5832 stexstor - ok
08:21:31.0274 5832 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
08:21:31.0274 5832 StillCam - ok
08:21:31.0321 5832 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
08:21:31.0321 5832 StiSvc - ok
08:21:31.0399 5832 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:21:31.0399 5832 stllssvr - ok
08:21:31.0430 5832 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:21:31.0430 5832 storflt - ok
08:21:31.0445 5832 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
08:21:31.0445 5832 StorSvc - ok
08:21:31.0461 5832 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:21:31.0461 5832 storvsc - ok
08:21:31.0477 5832 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:21:31.0477 5832 swenum - ok
08:21:31.0508 5832 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
08:21:31.0508 5832 swprv - ok
08:21:31.0586 5832 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
08:21:31.0586 5832 SysMain - ok
08:21:31.0617 5832 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
08:21:31.0617 5832 TabletInputService - ok
08:21:31.0664 5832 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
08:21:31.0664 5832 TapiSrv - ok
08:21:31.0679 5832 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
08:21:31.0679 5832 TBS - ok
08:21:31.0773 5832 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
08:21:31.0788 5832 Tcpip - ok
08:21:31.0804 5832 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
08:21:31.0804 5832 TCPIP6 - ok
08:21:31.0851 5832 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:21:31.0851 5832 tcpipreg - ok
08:21:31.0882 5832 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:21:31.0882 5832 TDPIPE - ok
08:21:31.0897 5832 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
08:21:31.0913 5832 TDTCP - ok
08:21:31.0944 5832 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:21:31.0944 5832 tdx - ok
08:21:31.0975 5832 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:21:31.0975 5832 TermDD - ok
08:21:32.0022 5832 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
08:21:32.0022 5832 TermService - ok
08:21:32.0038 5832 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
08:21:32.0038 5832 Themes - ok
08:21:32.0053 5832 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:21:32.0053 5832 THREADORDER - ok
08:21:32.0069 5832 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
08:21:32.0085 5832 TrkWks - ok
08:21:32.0116 5832 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
08:21:32.0116 5832 TrustedInstaller - ok
08:21:32.0131 5832 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:21:32.0131 5832 tssecsrv - ok
08:21:32.0162 5832 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:21:32.0162 5832 TsUsbFlt - ok
08:21:32.0194 5832 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:21:32.0209 5832 tunnel - ok
08:21:32.0225 5832 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:21:32.0225 5832 uagp35 - ok
08:21:32.0272 5832 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:21:32.0272 5832 udfs - ok
08:21:32.0287 5832 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
08:21:32.0287 5832 UI0Detect - ok
08:21:32.0303 5832 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:21:32.0303 5832 uliagpkx - ok
08:21:32.0334 5832 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:21:32.0334 5832 umbus - ok
08:21:32.0350 5832 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:21:32.0350 5832 UmPass - ok
08:21:32.0396 5832 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
08:21:32.0396 5832 UmRdpService - ok
08:21:32.0412 5832 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
08:21:32.0427 5832 upnphost - ok
08:21:32.0443 5832 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
08:21:32.0443 5832 usbaudio - ok
08:21:32.0459 5832 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:21:32.0459 5832 usbccgp - ok
08:21:32.0490 5832 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:21:32.0490 5832 usbcir - ok
08:21:32.0505 5832 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:21:32.0505 5832 usbehci - ok
08:21:32.0521 5832 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:21:32.0537 5832 usbhub - ok
08:21:32.0537 5832 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:21:32.0537 5832 usbohci - ok
08:21:32.0568 5832 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:21:32.0568 5832 usbprint - ok
08:21:32.0599 5832 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
08:21:32.0599 5832 usbscan - ok
08:21:32.0615 5832 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:21:32.0615 5832 USBSTOR - ok
08:21:32.0630 5832 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:21:32.0630 5832 usbuhci - ok
08:21:32.0630 5832 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
08:21:32.0630 5832 UxSms - ok
08:21:32.0661 5832 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:21:32.0661 5832 VaultSvc - ok
08:21:32.0692 5832 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:21:32.0708 5832 vdrvroot - ok
08:21:32.0755 5832 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
08:21:32.0755 5832 vds - ok
08:21:32.0770 5832 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:21:32.0770 5832 vga - ok
08:21:32.0786 5832 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:21:32.0786 5832 VgaSave - ok
08:21:32.0802 5832 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:21:32.0802 5832 vhdmp - ok
08:21:32.0817 5832 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:21:32.0817 5832 viaagp - ok
08:21:32.0833 5832 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:21:32.0833 5832 ViaC7 - ok
08:21:32.0848 5832 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:21:32.0848 5832 viaide - ok
08:21:32.0864 5832 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:21:32.0864 5832 vmbus - ok
08:21:32.0880 5832 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:21:32.0880 5832 VMBusHID - ok
08:21:32.0895 5832 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:21:32.0895 5832 volmgr - ok
08:21:32.0911 5832 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:21:32.0911 5832 volmgrx - ok
08:21:32.0957 5832 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:21:32.0957 5832 volsnap - ok
08:21:32.0989 5832 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:21:32.0989 5832 vsmraid - ok
08:21:33.0051 5832 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
08:21:33.0067 5832 VSS - ok
08:21:33.0098 5832 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:21:33.0098 5832 vwifibus - ok
08:21:33.0129 5832 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
08:21:33.0129 5832 W32Time - ok
08:21:33.0145 5832 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:21:33.0145 5832 WacomPen - ok
08:21:33.0191 5832 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:21:33.0191 5832 WANARP - ok
08:21:33.0191 5832 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:21:33.0191 5832 Wanarpv6 - ok
08:21:33.0285 5832 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
08:21:33.0300 5832 WatAdminSvc - ok
08:21:33.0394 5832 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
08:21:33.0394 5832 wbengine - ok
08:21:33.0409 5832 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
08:21:33.0425 5832 WbioSrvc - ok
08:21:33.0456 5832 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
08:21:33.0456 5832 wcncsvc - ok
08:21:33.0472 5832 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
08:21:33.0487 5832 WcsPlugInService - ok
08:21:33.0519 5832 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:21:33.0534 5832 Wd - ok
08:21:33.0550 5832 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:21:33.0565 5832 Wdf01000 - ok
08:21:33.0581 5832 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:21:33.0581 5832 WdiServiceHost - ok
08:21:33.0581 5832 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:21:33.0581 5832 WdiSystemHost - ok
08:21:33.0612 5832 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
08:21:33.0612 5832 WebClient - ok
08:21:33.0643 5832 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
08:21:33.0643 5832 Wecsvc - ok
08:21:33.0659 5832 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
08:21:33.0659 5832 wercplsupport - ok
08:21:33.0690 5832 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
08:21:33.0690 5832 WerSvc - ok
08:21:33.0706 5832 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:21:33.0706 5832 WfpLwf - ok
08:21:33.0721 5832 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:21:33.0721 5832 WIMMount - ok
08:21:33.0799 5832 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:21:33.0799 5832 WinDefend - ok
08:21:33.0815 5832 WinHttpAutoProxySvc - ok
08:21:33.0862 5832 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
08:21:33.0862 5832 Winmgmt - ok
08:21:33.0924 5832 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
08:21:33.0939 5832 WinRM - ok
08:21:34.0002 5832 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
08:21:34.0002 5832 Wlansvc - ok
08:21:34.0049 5832 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:21:34.0049 5832 WmiAcpi - ok
08:21:34.0080 5832 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
08:21:34.0080 5832 wmiApSrv - ok
08:21:34.0189 5832 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:21:34.0204 5832 WMPNetworkSvc - ok
08:21:34.0220 5832 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
08:21:34.0220 5832 WPCSvc - ok
08:21:34.0251 5832 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
08:21:34.0251 5832 WPDBusEnum - ok
08:21:34.0282 5832 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:21:34.0282 5832 ws2ifsl - ok
08:21:34.0298 5832 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
08:21:34.0298 5832 wscsvc - ok
08:21:34.0329 5832 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:21:34.0329 5832 WSDPrintDevice - ok
08:21:34.0329 5832 WSearch - ok
08:21:34.0454 5832 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
08:21:34.0469 5832 wuauserv - ok
08:21:34.0532 5832 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:21:34.0532 5832 WudfPf - ok
08:21:34.0579 5832 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:21:34.0579 5832 WUDFRd - ok
08:21:34.0610 5832 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
08:21:34.0610 5832 wudfsvc - ok
08:21:34.0657 5832 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
08:21:34.0657 5832 WwanSvc - ok
08:21:34.0688 5832 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:21:34.0984 5832 \Device\Harddisk0\DR0 - ok
08:21:34.0984 5832 Boot (0x1200) (b558a43cceeb6f64020a4e71bb88850e) \Device\Harddisk0\DR0\Partition0
08:21:34.0984 5832 \Device\Harddisk0\DR0\Partition0 - ok
08:21:35.0015 5832 Boot (0x1200) (a4c078ca134a7b6d9fb30ae85e0f0100) \Device\Harddisk0\DR0\Partition1
08:21:35.0015 5832 \Device\Harddisk0\DR0\Partition1 - ok
08:21:35.0015 5832 ============================================================
08:21:35.0015 5832 Scan finished
08:21:35.0015 5832 ============================================================
08:21:35.0031 5824 Detected object count: 0
08:21:35.0031 5824 Actual detected object count: 0


****************************************************************************************************

Results of ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 08:24:38
-----------------------------
08:24:38.691 OS Version: Windows 6.1.7601 Service Pack 1
08:24:38.691 Number of processors: 2 586 0x170A
08:24:38.691 ComputerName: removed UserName: removed
08:24:53.007 Initialize success
08:25:29.149 AVAST engine defs: 12072400
08:25:40.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:25:40.389 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
08:25:40.428 Disk 0 MBR read successfully
08:25:40.428 Disk 0 MBR scan
08:25:40.428 Disk 0 Windows VISTA default MBR code
08:25:40.444 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:25:40.444 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
08:25:40.459 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
08:25:40.475 Disk 0 scanning sectors +625140400
08:25:40.553 Disk 0 scanning C:\Windows\system32\drivers
08:25:49.477 Service scanning
08:26:05.990 Modules scanning
08:26:09.718 Disk 0 trace - called modules:
08:26:09.749 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
08:26:09.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d612e0]
08:26:09.765 3 CLASSPNP.SYS[8b1b559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f29030]
08:26:10.810 AVAST engine scan C:\
08:37:30.013 File: C:\Users\removed\AppData\Local\Audacity\uoguddyw.dll **INFECTED** Win32:Downloader-PON [Trj]
09:01:19.517 Scan finished successfully
09:10:19.043 Disk 0 MBR has been saved successfully to "C:\Users\removed\Desktop\MBR.dat"
09:10:19.043 The log file has been saved successfully to "C:\Users\removed\Desktop\aswMBR.txt"


**************************************************************************************************

Results of ESET ONLINE SCANNER

C:\Users\removed\AppData\Local\Audacity\uoguddyw.dll Win32/Agent.TWP trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\removed\AppData\Local\temp\NOD8FA8.tmp Win32/Agent.TWP trojan cleaned by deleting (after the next restart) - quarantined



As mentioned earlier, the modem driver is not on this disk, but you should have a separate disk containing the modem driver and helper files.



The order you need to install is correct as listed in your message. On the D2400 you may start with the chipset driver as there are no system or configuration utilities that need to be loaded.



Depending on how new your D2400 is, you will have a Windows installation disk that contains service pack 1a or service pack 2. If you have the 1a version, you really should get the sp-2 or sp-3 update so that you can apply it when you've finished the driver installation. If you already have sp-2 you can stick with that if you like, but you will have around 80 updates to the operating system waiting on you when you first connect to the internet. Don't forget to install your anti-virus software before connecting, and I recommend that you update that before anything else. Windows SP-2 has the firewall on by default, but SP-1a does not, so if you're sticking with SP-1a don't forget to turn it on.



The other disks you mention contain the application software that Dell shipped with the computer. Some of them enable you to record to a writable CD in the CD drive, and I notice one allows you to play DVDs if the optical drive in the machine is a DVD/CD drive. These may be installed in any order you choose.

Edited by Orange Blossom, 08 August 2012 - 09:20 AM.
Removed personal information. ~ OB


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:53 AM

Posted 24 July 2012 - 09:30 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#8 acptbleeping

acptbleeping
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 24 July 2012 - 11:04 AM

Malware Bytes Log


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
removed :: removed

7/24/2012 11:43:10 AM
mbam-log-2012-07-24 (11-43-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 243410
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


****************************************************

MINI TOOL BOX Results

MiniToolBox by Farbar Version: 23-07-2012
Ran by removed on 24-07-2012 at 11:49:50
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add route prefix=192.6.127.0/24 interface="iftype0_0" nexthop=192.168.0.254 metric=1 publish=Yes


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : removed
Primary Dns Suffix . . . . . . . : removed.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : removed.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : removed.local
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : removed
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8cff:9654:2c44:dedb%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.113(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 24, 2012 11:36:32 AM
Lease Expires . . . . . . . . . . : Monday, July 30, 2012 11:36:33 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.254
DHCPv6 IAID . . . . . . . . . . . : 234890596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-85-0E-D6-removed
DNS Servers . . . . . . . . . . . : 192.168.0.254
Primary WINS Server . . . . . . . : 192.168.0.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.removed.local:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : removed.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

****************************************************


FSS Results

Farbar Service Scanner Version: 22-07-2012
Ran by removed on 24-07-2012 at 11:54:55
Running from "C:\Users\removed.removed\Desktop\Bleeping Computer Step 2"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

*********************************************************

ADWCleaner Results

# AdwCleaner v1.703 - Logfile created 07/24/2012 at 11:56:39
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : removed - removed
# Running from : C:\Users\removed.removed\Desktop\Bleeping Computer Step 2\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[S1].txt - [801 octets] - [24/07/2012 11:56:39]

########## EOF - C:\AdwCleaner[S1].txt - [928 octets] ##########

Edited by Orange Blossom, 08 August 2012 - 09:28 AM.
Removed personal information. ~ OB


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:53 AM

Posted 24 July 2012 - 08:26 PM

Minitoolbox log is incomplete

Which browser has redirects?

#10 acptbleeping

acptbleeping
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 24 July 2012 - 08:41 PM

Internet Explorer is what I use most (95% of the time)

What is missing from the mini tool box results? I posted the txt file log that the program after it that program completed.

I can run it again if you would like. Please let me know. Thanks.

Edited by Orange Blossom, 08 August 2012 - 09:36 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:53 AM

Posted 25 July 2012 - 08:08 AM

Please run minitoolbox again and post the log

Restart the PC and let me know if you still have redirects

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

Edited by narenxp, 25 July 2012 - 08:10 AM.


#12 Eric Bennett

Eric Bennett

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Granby, MA (United States)
  • Local time:08:53 AM

Posted 25 July 2012 - 08:09 AM

Personally, if I were you I'd dump IE for Google Chrome, Mozilla Firefox, or anything for that matter. Internet Explorer is garbage (Low security, slow, complicated, etc.) Also, could you please paste a copy of "C:\Windows\System32\Drivers\etc\hosts"? I need to know if there is a malicious entry in there. The file should appear like this, if it doesn't, there's obviously something wrong:


# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost


Regards,
Eric Bennett
(ebthepcguy)

Edited by Eric Bennett, 25 July 2012 - 08:09 AM.

Eric Bennett (ebthepcguy) | Helping People One Post At A Time | YouTube Twitter Facebook Email me | Forum Rules Homepage | My Profile


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:53 AM

Posted 25 July 2012 - 08:12 AM

Eric Bennett

Hosts file is clean.This is not a case of hosts hijack.Did you think we would ignore the hosts file? :thumbup2:

Edited by narenxp, 25 July 2012 - 08:19 AM.


#14 acptbleeping

acptbleeping
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 25 July 2012 - 08:26 AM

The host file is fine. This is one of the first things I had already checked prior to my post here. There are no malicious entries in the host file, but thank you for your response to my post.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:53 AM

Posted 25 July 2012 - 08:27 AM

Please follow my previous instructions




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users