Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus infecting Chrome. Need help removing, please.


  • Please log in to reply
28 replies to this topic

#1 SheriNM

SheriNM

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 31 July 2012 - 11:55 AM

I have one of the Google redirect viruses and would like help removing it, please! It doesn't behave consistently and right now seems to only affect my Google Chrome Browser. At the time I got infected, I had both Chrome and Firefox open. So far, Firefox has exhibited no symptoms. I'm afraid to open Internet Explorer for fear of doing something to infect it so I've left it alone. Also, am I correct thinking that it would be bad to back-up my photos to my external shared hard drive until this is resolved?

I am running Windows vista and a very old version of Norton Internet Security (current virus definitions) which I've been meaning to change to McAffee.

The redirecting is very inconsistent. If I Google and right-click to open a link, I have never had it redirect. If I do a regular click on a link on the Google page, it redirects maybe 2/3 of the time, however the odd thing is that if I then use the "back" feature, I am suddenly back at my original search page *but* searching in secure mode. It adds the "https:" when I hit back and subsequent searches don't seem to redirect, though I only played with that aspect for a few minutes.

When the search does redirect, I've seen at least two different sites that it redirects to before redirecting me yet again to an IP address. Once or twice it seemed to go to a named site and stay there without going through another site, however that was when I was first realizing that I was being redirected and I may have missed something.

Many of the redirects seem to go through:

click.get.answers-fast.com

and end up at one of these:

http://8.26.70.252

http://63.209.69.107


There was at least one redirect that did not use click.get.answers-fast.com, but it changed to an IP so quickly that I wasn't able to catch what it was.


I have already done the following:

1. checked host file for additional entries
2. checked DNS and IP address settings to make sure they were both set to obtain address automatically
3. checked that no proxy settings were being used


I would really appreciate help in removing this virus!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 31 July 2012 - 12:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 SheriNM

SheriNM
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 31 July 2012 - 03:19 PM

I have run TDSSkiller and am currently running aswMBR. So far, the latter has been running for a little over two hours. It has twice seemed to stall and not resume changing file names that it is scanning. Once for at least half an hour. Is this normal?


Edited: This finally completed and I am now running the third program and will post the results of all three on completion.

Edited by SheriNM, 31 July 2012 - 04:09 PM.


#4 SheriNM

SheriNM
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 31 July 2012 - 07:14 PM

I have completed the scans as asked and the results are pasted below. The third program, ESET Online Scanner, said that it cleaned the 5 threats.

TDSS Killer Log

11:41:16.0738 6920 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:41:18.0741 6920 ============================================================
11:41:18.0741 6920 Current date / time: 2012/07/31 11:41:18.0741
11:41:18.0741 6920 SystemInfo:
11:41:18.0741 6920
11:41:18.0741 6920 OS Version: 6.0.6001 ServicePack: 1.0
11:41:18.0741 6920 Product type: Workstation
11:41:18.0741 6920 ComputerName: SHERI-PC
11:41:18.0742 6920 UserName: Sheri
11:41:18.0744 6920 Windows directory: C:\Windows
11:41:18.0744 6920 System windows directory: C:\Windows
11:41:18.0744 6920 Processor architecture: Intel x86
11:41:18.0744 6920 Number of processors: 2
11:41:18.0744 6920 Page size: 0x1000
11:41:18.0744 6920 Boot type: Normal boot
11:41:18.0744 6920 ============================================================
11:41:24.0293 6920 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:41:24.0322 6920 ============================================================
11:41:24.0322 6920 \Device\Harddisk0\DR0:
11:41:24.0340 6920 MBR partitions:
11:41:24.0340 6920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
11:41:24.0340 6920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x15B77000
11:41:24.0354 6920 ============================================================
11:41:24.0437 6920 C: <-> \Device\Harddisk0\DR0\Partition1
11:41:24.0523 6920 D: <-> \Device\Harddisk0\DR0\Partition0
11:41:24.0523 6920 ============================================================
11:41:24.0523 6920 Initialize success
11:41:24.0523 6920 ============================================================
11:42:47.0217 7644 ============================================================
11:42:47.0217 7644 Scan started
11:42:47.0217 7644 Mode: Manual; TDLFS;
11:42:47.0217 7644 ============================================================
11:42:49.0493 7644 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
11:42:49.0500 7644 ACPI - ok
11:42:49.0564 7644 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:42:49.0625 7644 adp94xx - ok
11:42:49.0680 7644 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:42:49.0742 7644 adpahci - ok
11:42:49.0776 7644 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:42:49.0873 7644 adpu160m - ok
11:42:49.0916 7644 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:42:49.0969 7644 adpu320 - ok
11:42:50.0033 7644 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:42:50.0043 7644 AeLookupSvc - ok
11:42:50.0147 7644 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
11:42:50.0163 7644 AFD - ok
11:42:50.0229 7644 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:42:50.0301 7644 agp440 - ok
11:42:50.0324 7644 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:42:50.0418 7644 aic78xx - ok
11:42:50.0459 7644 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:42:50.0474 7644 ALG - ok
11:42:50.0513 7644 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:42:50.0544 7644 aliide - ok
11:42:50.0571 7644 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:42:50.0623 7644 amdagp - ok
11:42:50.0642 7644 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:42:50.0742 7644 amdide - ok
11:42:50.0771 7644 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:42:50.0787 7644 AmdK7 - ok
11:42:50.0821 7644 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:42:50.0832 7644 AmdK8 - ok
11:42:50.0898 7644 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:42:50.0914 7644 Appinfo - ok
11:42:50.0969 7644 AppMgmt (c56ded3fe618c8bae1aaaf4e801ccb3e) C:\Windows\System32\appmgmts.dll
11:42:50.0973 7644 AppMgmt - ok
11:42:51.0022 7644 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:42:51.0091 7644 arc - ok
11:42:51.0146 7644 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:42:51.0221 7644 arcsas - ok
11:42:51.0269 7644 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:51.0282 7644 AsyncMac - ok
11:42:51.0303 7644 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
11:42:51.0304 7644 atapi - ok
11:42:51.0361 7644 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\system32\atashost.exe
11:42:51.0362 7644 atashost - ok
11:42:51.0448 7644 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:42:51.0462 7644 AudioEndpointBuilder - ok
11:42:51.0470 7644 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:42:51.0473 7644 Audiosrv - ok
11:42:51.0627 7644 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
11:42:51.0638 7644 Automatic LiveUpdate Scheduler - ok
11:42:51.0690 7644 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:42:51.0702 7644 b57nd60x - ok
11:42:51.0735 7644 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:42:51.0744 7644 Beep - ok
11:42:51.0817 7644 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
11:42:51.0836 7644 BFE - ok
11:42:51.0968 7644 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
11:42:51.0984 7644 BITS - ok
11:42:52.0011 7644 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:42:52.0024 7644 blbdrive - ok
11:42:52.0063 7644 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
11:42:52.0075 7644 bowser - ok
11:42:52.0104 7644 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:42:52.0113 7644 BrFiltLo - ok
11:42:52.0137 7644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:42:52.0146 7644 BrFiltUp - ok
11:42:52.0188 7644 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:42:52.0239 7644 Browser - ok
11:42:52.0270 7644 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:42:52.0285 7644 Brserid - ok
11:42:52.0312 7644 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:42:52.0354 7644 BrSerWdm - ok
11:42:52.0392 7644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:42:52.0406 7644 BrUsbMdm - ok
11:42:52.0427 7644 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:42:52.0441 7644 BrUsbSer - ok
11:42:52.0480 7644 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
11:42:52.0495 7644 BthEnum - ok
11:42:52.0561 7644 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:42:52.0575 7644 BTHMODEM - ok
11:42:52.0628 7644 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
11:42:52.0645 7644 BthPan - ok
11:42:52.0715 7644 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
11:42:52.0745 7644 BTHPORT - ok
11:42:52.0789 7644 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
11:42:52.0798 7644 BthServ - ok
11:42:52.0826 7644 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
11:42:52.0868 7644 BTHUSB - ok
11:42:53.0030 7644 ccEvtMgr (678a045968e062b6233511d072b7384f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:42:53.0033 7644 ccEvtMgr - ok
11:42:53.0131 7644 ccProxy (85c9e3559e84ed675de856e5a45880d6) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
11:42:53.0135 7644 ccProxy - ok
11:42:53.0142 7644 ccSetMgr (678a045968e062b6233511d072b7384f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:42:53.0143 7644 ccSetMgr - ok
11:42:53.0178 7644 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:42:53.0187 7644 cdfs - ok
11:42:53.0235 7644 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
11:42:53.0249 7644 cdrom - ok
11:42:53.0282 7644 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:42:53.0293 7644 CertPropSvc - ok
11:42:53.0321 7644 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:42:53.0333 7644 circlass - ok
11:42:53.0388 7644 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
11:42:53.0394 7644 CLFS - ok
11:42:53.0482 7644 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:53.0582 7644 clr_optimization_v2.0.50727_32 - ok
11:42:53.0675 7644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:53.0747 7644 clr_optimization_v4.0.30319_32 - ok
11:42:53.0793 7644 CLTNetCnService (678a045968e062b6233511d072b7384f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:42:53.0795 7644 CLTNetCnService - ok
11:42:53.0839 7644 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:53.0854 7644 CmBatt - ok
11:42:53.0929 7644 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:42:54.0017 7644 cmdide - ok
11:42:54.0083 7644 comHost (3b38f3defd61db294421993f969bc88f) C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
11:42:54.0167 7644 comHost - ok
11:42:54.0194 7644 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:42:54.0280 7644 Compbatt - ok
11:42:54.0285 7644 COMSysApp - ok
11:42:54.0318 7644 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:42:54.0351 7644 crcdisk - ok
11:42:54.0379 7644 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:42:54.0388 7644 Crusoe - ok
11:42:54.0455 7644 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
11:42:54.0458 7644 CryptSvc - ok
11:42:54.0510 7644 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
11:42:54.0529 7644 CSC - ok
11:42:54.0601 7644 CscService (cb1d480676229a09eef1dd4d23c5edf3) C:\Windows\System32\cscsvc.dll
11:42:54.0645 7644 CscService - ok
11:42:54.0711 7644 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
11:42:54.0777 7644 dc3d - ok
11:42:54.0898 7644 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
11:42:54.0969 7644 DcomLaunch - ok
11:42:55.0016 7644 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
11:42:55.0019 7644 DfsC - ok
11:42:55.0329 7644 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
11:42:55.0380 7644 DFSR - ok
11:42:55.0571 7644 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
11:42:55.0576 7644 Dhcp - ok
11:42:55.0665 7644 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
11:42:55.0667 7644 disk - ok
11:42:55.0700 7644 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
11:42:55.0739 7644 Dnscache - ok
11:42:55.0791 7644 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
11:42:55.0805 7644 dot3svc - ok
11:42:55.0851 7644 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:42:55.0855 7644 DPS - ok
11:42:55.0885 7644 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:42:55.0892 7644 drmkaud - ok
11:42:56.0001 7644 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
11:42:56.0014 7644 DXGKrnl - ok
11:42:56.0060 7644 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:42:56.0072 7644 E1G60 - ok
11:42:56.0103 7644 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:42:56.0114 7644 EapHost - ok
11:42:56.0171 7644 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
11:42:56.0237 7644 Ecache - ok
11:42:56.0443 7644 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:42:56.0498 7644 eeCtrl - ok
11:42:56.0595 7644 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:42:56.0637 7644 ehRecvr - ok
11:42:56.0665 7644 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:42:56.0721 7644 ehSched - ok
11:42:56.0755 7644 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:42:56.0762 7644 ehstart - ok
11:42:56.0834 7644 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:42:56.0888 7644 elxstor - ok
11:42:57.0019 7644 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
11:42:57.0031 7644 EMDMgmt - ok
11:42:57.0181 7644 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
11:42:57.0183 7644 EpsonBidirectionalService - ok
11:42:57.0244 7644 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:42:57.0291 7644 EraserUtilRebootDrv - ok
11:42:57.0310 7644 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:42:57.0321 7644 ErrDev - ok
11:42:57.0402 7644 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
11:42:57.0409 7644 EventSystem - ok
11:42:57.0566 7644 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:42:57.0580 7644 EvtEng - ok
11:42:57.0640 7644 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
11:42:57.0658 7644 exfat - ok
11:42:57.0706 7644 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
11:42:57.0712 7644 fastfat - ok
11:42:57.0805 7644 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
11:42:57.0906 7644 Fax - ok
11:42:57.0966 7644 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:42:57.0981 7644 fdc - ok
11:42:58.0021 7644 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:42:58.0030 7644 fdPHost - ok
11:42:58.0040 7644 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:42:58.0042 7644 FDResPub - ok
11:42:58.0084 7644 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:42:58.0189 7644 FileInfo - ok
11:42:58.0226 7644 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:42:58.0235 7644 Filetrace - ok
11:42:58.0386 7644 FlipShare Service (869bde240b7fe9c7b25bd80df85641c8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
11:42:58.0395 7644 FlipShare Service - ok
11:42:58.0556 7644 FlipShareServer (9c330b7ddee9492373041e75da01f80c) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
11:42:58.0578 7644 FlipShareServer - ok
11:42:58.0767 7644 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:42:58.0777 7644 flpydisk - ok
11:42:58.0815 7644 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
11:42:58.0894 7644 FltMgr - ok
11:42:58.0999 7644 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:42:59.0078 7644 FontCache3.0.0.0 - ok
11:42:59.0118 7644 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:42:59.0129 7644 Fs_Rec - ok
11:42:59.0170 7644 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
11:42:59.0229 7644 fvevol - ok
11:42:59.0258 7644 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:42:59.0316 7644 gagp30kx - ok
11:42:59.0414 7644 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
11:42:59.0500 7644 GoToAssist - ok
11:42:59.0616 7644 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
11:42:59.0628 7644 gpsvc - ok
11:42:59.0698 7644 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:42:59.0713 7644 HdAudAddService - ok
11:42:59.0748 7644 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:42:59.0750 7644 HDAudBus - ok
11:42:59.0769 7644 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:42:59.0780 7644 HidBth - ok
11:42:59.0802 7644 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:42:59.0812 7644 HidIr - ok
11:42:59.0823 7644 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
11:42:59.0836 7644 hidserv - ok
11:42:59.0863 7644 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
11:42:59.0873 7644 HidUsb - ok
11:42:59.0910 7644 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:42:59.0924 7644 hkmsvc - ok
11:42:59.0951 7644 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:43:00.0039 7644 HpCISSs - ok
11:43:00.0129 7644 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
11:43:00.0155 7644 HTTP - ok
11:43:00.0190 7644 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:43:00.0278 7644 i2omp - ok
11:43:00.0361 7644 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:43:00.0377 7644 i8042prt - ok
11:43:00.0464 7644 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:43:00.0521 7644 iaStorV - ok
11:43:00.0726 7644 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:43:00.0866 7644 idsvc - ok
11:43:01.0059 7644 IDSvix86 (b147ccf3b7a42b64af8ec0520b4b15e3) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20120727.001\IDSvix86.sys
11:43:01.0062 7644 IDSvix86 - ok
11:43:01.0252 7644 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:43:01.0317 7644 iirsp - ok
11:43:01.0416 7644 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
11:43:01.0442 7644 IKEEXT - ok
11:43:01.0463 7644 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:43:01.0505 7644 intelide - ok
11:43:01.0555 7644 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:43:01.0559 7644 intelppm - ok
11:43:01.0613 7644 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:43:01.0622 7644 IPBusEnum - ok
11:43:01.0658 7644 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:43:01.0668 7644 IpFilterDriver - ok
11:43:01.0718 7644 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
11:43:01.0732 7644 iphlpsvc - ok
11:43:01.0740 7644 IpInIp - ok
11:43:01.0783 7644 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:43:01.0793 7644 IPMIDRV - ok
11:43:01.0823 7644 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:43:01.0834 7644 IPNAT - ok
11:43:01.0858 7644 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:43:01.0867 7644 IRENUM - ok
11:43:01.0890 7644 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:43:01.0982 7644 isapnp - ok
11:43:02.0037 7644 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
11:43:02.0042 7644 iScsiPrt - ok
11:43:02.0116 7644 ISPwdSvc (d93aa2efed4e215db1d12472237c1669) C:\Program Files\Norton Internet Security\isPwdSvc.exe
11:43:02.0168 7644 ISPwdSvc - ok
11:43:02.0194 7644 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:43:02.0229 7644 iteatapi - ok
11:43:02.0282 7644 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:43:02.0310 7644 iteraid - ok
11:43:02.0344 7644 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:43:02.0425 7644 kbdclass - ok
11:43:02.0448 7644 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
11:43:02.0456 7644 kbdhid - ok
11:43:02.0500 7644 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:43:02.0502 7644 KeyIso - ok
11:43:02.0643 7644 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
11:43:02.0723 7644 KSecDD - ok
11:43:02.0848 7644 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:43:02.0891 7644 KtmRm - ok
11:43:02.0946 7644 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
11:43:02.0958 7644 LanmanServer - ok
11:43:03.0022 7644 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
11:43:03.0037 7644 LanmanWorkstation - ok
11:43:04.0598 7644 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:43:04.0616 7644 LiveUpdate - ok
11:43:04.0739 7644 LiveUpdate Notice Ex (678a045968e062b6233511d072b7384f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:43:04.0740 7644 LiveUpdate Notice Ex - ok
11:43:04.0862 7644 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
11:43:04.0996 7644 LiveUpdate Notice Service - ok
11:43:05.0219 7644 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:43:05.0229 7644 lltdio - ok
11:43:05.0281 7644 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:43:05.0295 7644 lltdsvc - ok
11:43:05.0325 7644 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:43:05.0333 7644 lmhosts - ok
11:43:05.0370 7644 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:43:05.0448 7644 LSI_FC - ok
11:43:05.0474 7644 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:43:05.0484 7644 LSI_SAS - ok
11:43:05.0535 7644 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:43:05.0629 7644 LSI_SCSI - ok
11:43:05.0660 7644 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:43:05.0689 7644 luafv - ok
11:43:05.0719 7644 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:43:05.0729 7644 Mcx2Svc - ok
11:43:05.0760 7644 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:43:05.0817 7644 megasas - ok
11:43:05.0926 7644 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:43:05.0967 7644 MegaSR - ok
11:43:06.0024 7644 MHIKEY10 (42c2cbb8700f2b82f53404e1b6a59807) C:\Windows\system32\Drivers\MHIKEY10.sys
11:43:06.0033 7644 MHIKEY10 - ok
11:43:06.0082 7644 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:43:06.0114 7644 MMCSS - ok
11:43:06.0139 7644 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:43:06.0148 7644 Modem - ok
11:43:06.0178 7644 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:43:06.0180 7644 monitor - ok
11:43:06.0191 7644 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:43:06.0233 7644 mouclass - ok
11:43:06.0259 7644 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:43:06.0269 7644 mouhid - ok
11:43:06.0291 7644 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:43:06.0342 7644 MountMgr - ok
11:43:06.0505 7644 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:43:06.0578 7644 MozillaMaintenance - ok
11:43:06.0631 7644 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:43:06.0669 7644 mpio - ok
11:43:06.0701 7644 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:43:06.0713 7644 mpsdrv - ok
11:43:06.0798 7644 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
11:43:06.0818 7644 MpsSvc - ok
11:43:06.0850 7644 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:43:06.0905 7644 Mraid35x - ok
11:43:06.0951 7644 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
11:43:06.0961 7644 MRxDAV - ok
11:43:07.0007 7644 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:43:07.0019 7644 mrxsmb - ok
11:43:07.0079 7644 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:43:07.0093 7644 mrxsmb10 - ok
11:43:07.0121 7644 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:43:07.0131 7644 mrxsmb20 - ok
11:43:07.0144 7644 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:43:07.0148 7644 msahci - ok
11:43:07.0182 7644 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:43:07.0235 7644 msdsm - ok
11:43:07.0273 7644 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:43:07.0317 7644 MSDTC - ok
11:43:07.0345 7644 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:43:07.0355 7644 Msfs - ok
11:43:07.0374 7644 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:43:07.0411 7644 msisadrv - ok
11:43:07.0468 7644 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:43:07.0478 7644 MSiSCSI - ok
11:43:07.0486 7644 msiserver - ok
11:43:07.0525 7644 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:43:07.0532 7644 MSKSSRV - ok
11:43:07.0547 7644 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:43:07.0554 7644 MSPCLOCK - ok
11:43:07.0568 7644 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:43:07.0574 7644 MSPQM - ok
11:43:07.0613 7644 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
11:43:07.0661 7644 MsRPC - ok
11:43:07.0675 7644 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:43:07.0678 7644 mssmbios - ok
11:43:07.0697 7644 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:43:07.0704 7644 MSTEE - ok
11:43:07.0728 7644 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
11:43:07.0730 7644 Mup - ok
11:43:07.0789 7644 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
11:43:07.0797 7644 napagent - ok
11:43:07.0874 7644 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
11:43:07.0891 7644 NativeWifiP - ok
11:43:08.0069 7644 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120730.001\NAVENG.SYS
11:43:08.0071 7644 NAVENG - ok
11:43:08.0285 7644 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120730.001\NAVEX15.SYS
11:43:08.0296 7644 NAVEX15 - ok
11:43:08.0595 7644 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
11:43:08.0607 7644 NDIS - ok
11:43:08.0615 7644 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:43:08.0625 7644 NdisTapi - ok
11:43:08.0637 7644 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:43:08.0645 7644 Ndisuio - ok
11:43:08.0680 7644 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
11:43:08.0690 7644 NdisWan - ok
11:43:08.0707 7644 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:43:08.0716 7644 NDProxy - ok
11:43:08.0730 7644 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:43:08.0741 7644 NetBIOS - ok
11:43:08.0768 7644 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
11:43:08.0788 7644 netbt - ok
11:43:08.0813 7644 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:43:08.0814 7644 Netlogon - ok
11:43:08.0878 7644 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:43:08.0897 7644 Netman - ok
11:43:08.0937 7644 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:43:08.0943 7644 netprofm - ok
11:43:09.0056 7644 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:43:09.0090 7644 NetTcpPortSharing - ok
11:43:09.0396 7644 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
11:43:09.0452 7644 NETw4v32 - ok
11:43:09.0684 7644 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:43:09.0722 7644 nfrd960 - ok
11:43:09.0782 7644 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:43:09.0788 7644 NlaSvc - ok
11:43:10.0026 7644 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
11:43:10.0039 7644 nmservice - ok
11:43:10.0057 7644 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
11:43:10.0071 7644 Npfs - ok
11:43:10.0080 7644 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:43:10.0096 7644 nsi - ok
11:43:10.0108 7644 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:43:10.0120 7644 nsiproxy - ok
11:43:10.0250 7644 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
11:43:10.0299 7644 Ntfs - ok
11:43:10.0345 7644 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:43:10.0354 7644 ntrigdigi - ok
11:43:10.0375 7644 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:43:10.0383 7644 Null - ok
11:43:11.0631 7644 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:43:11.0924 7644 nvlddmkm - ok
11:43:12.0179 7644 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:43:12.0255 7644 nvraid - ok
11:43:12.0278 7644 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:43:12.0310 7644 nvstor - ok
11:43:12.0374 7644 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) C:\Windows\system32\nvvsvc.exe
11:43:12.0379 7644 nvsvc - ok
11:43:12.0410 7644 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:43:12.0448 7644 nv_agp - ok
11:43:12.0452 7644 NwlnkFlt - ok
11:43:12.0457 7644 NwlnkFwd - ok
11:43:12.0750 7644 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:43:12.0839 7644 odserv - ok
11:43:12.0892 7644 OEM04Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM04Vfx.sys
11:43:12.0904 7644 OEM04Vfx - ok
11:43:13.0043 7644 OEM04Vid (40e9bfd9f64dfb32c1eafbaa0576c55d) C:\Windows\system32\DRIVERS\OEM04Vid.sys
11:43:13.0057 7644 OEM04Vid - ok
11:43:13.0109 7644 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
11:43:13.0112 7644 ohci1394 - ok
11:43:13.0157 7644 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:43:13.0279 7644 ose - ok
11:43:13.0379 7644 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:43:13.0400 7644 p2pimsvc - ok
11:43:13.0407 7644 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:43:13.0414 7644 p2psvc - ok
11:43:13.0450 7644 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:43:13.0460 7644 Parport - ok
11:43:13.0477 7644 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
11:43:13.0480 7644 partmgr - ok
11:43:13.0504 7644 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:43:13.0511 7644 Parvdm - ok
11:43:13.0536 7644 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:43:13.0546 7644 PcaSvc - ok
11:43:13.0578 7644 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
11:43:13.0584 7644 pci - ok
11:43:13.0610 7644 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:43:13.0661 7644 pciide - ok
11:43:13.0706 7644 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:43:13.0749 7644 pcmcia - ok
11:43:13.0895 7644 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:43:13.0928 7644 PEAUTH - ok
11:43:14.0179 7644 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:43:14.0259 7644 pla - ok
11:43:14.0464 7644 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
11:43:14.0478 7644 PlugPlay - ok
11:43:14.0559 7644 pnarp (3de33bce4a930edf57bd1f742823bcd8) C:\Windows\system32\DRIVERS\pnarp.sys
11:43:14.0570 7644 pnarp - ok
11:43:14.0655 7644 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:43:14.0660 7644 PNRPAutoReg - ok
11:43:14.0668 7644 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:43:14.0676 7644 PNRPsvc - ok
11:43:14.0709 7644 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
11:43:14.0742 7644 Point32 - ok
11:43:14.0811 7644 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
11:43:14.0826 7644 PolicyAgent - ok
11:43:14.0873 7644 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:43:14.0883 7644 PptpMiniport - ok
11:43:14.0918 7644 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:43:14.0928 7644 Processor - ok
11:43:14.0980 7644 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
11:43:14.0992 7644 ProfSvc - ok
11:43:15.0021 7644 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:43:15.0022 7644 ProtectedStorage - ok
11:43:15.0056 7644 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
11:43:15.0058 7644 PSched - ok
11:43:15.0139 7644 purendis (53efa6066e7ffaa1ad91c7fb40ffd2ec) C:\Windows\system32\DRIVERS\purendis.sys
11:43:15.0208 7644 purendis - ok
11:43:15.0282 7644 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
11:43:15.0285 7644 PxHelp20 - ok
11:43:15.0497 7644 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:43:15.0585 7644 ql2300 - ok
11:43:15.0623 7644 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:43:15.0633 7644 ql40xx - ok
11:43:15.0692 7644 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:43:15.0709 7644 QWAVE - ok
11:43:15.0734 7644 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:43:15.0743 7644 QWAVEdrv - ok
11:43:15.0762 7644 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:43:15.0772 7644 RasAcd - ok
11:43:15.0797 7644 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:43:15.0808 7644 RasAuto - ok
11:43:15.0826 7644 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:15.0836 7644 Rasl2tp - ok
11:43:15.0903 7644 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
11:43:15.0922 7644 RasMan - ok
11:43:15.0931 7644 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:15.0944 7644 RasPppoe - ok
11:43:15.0965 7644 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
11:43:15.0974 7644 RasSstp - ok
11:43:16.0007 7644 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
11:43:16.0028 7644 rdbss - ok
11:43:16.0053 7644 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:16.0055 7644 RDPCDD - ok
11:43:16.0108 7644 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
11:43:16.0138 7644 rdpdr - ok
11:43:16.0155 7644 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:43:16.0157 7644 RDPENCDD - ok
11:43:16.0201 7644 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
11:43:16.0213 7644 RDPWD - ok
11:43:16.0348 7644 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:43:16.0355 7644 RegSrvc - ok
11:43:16.0403 7644 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:43:16.0415 7644 RemoteAccess - ok
11:43:16.0437 7644 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
11:43:16.0451 7644 RemoteRegistry - ok
11:43:16.0479 7644 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
11:43:16.0516 7644 RFCOMM - ok
11:43:16.0568 7644 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
11:43:16.0577 7644 rimmptsk - ok
11:43:16.0620 7644 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
11:43:16.0622 7644 rimsptsk - ok
11:43:16.0645 7644 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:43:16.0655 7644 rismxdp - ok
11:43:16.0686 7644 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:43:16.0699 7644 RpcLocator - ok
11:43:16.0789 7644 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
11:43:16.0794 7644 RpcSs - ok
11:43:16.0821 7644 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:43:16.0831 7644 rspndr - ok
11:43:16.0851 7644 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:43:16.0852 7644 SamSs - ok
11:43:16.0889 7644 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:43:16.0942 7644 sbp2port - ok
11:43:16.0996 7644 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
11:43:17.0034 7644 SCardSvr - ok
11:43:17.0142 7644 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
11:43:17.0156 7644 Schedule - ok
11:43:17.0189 7644 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:43:17.0191 7644 SCPolicySvc - ok
11:43:17.0231 7644 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
11:43:17.0240 7644 sdbus - ok
11:43:17.0257 7644 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:43:17.0268 7644 SDRSVC - ok
11:43:17.0276 7644 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:43:17.0285 7644 secdrv - ok
11:43:17.0303 7644 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:43:17.0331 7644 seclogon - ok
11:43:17.0362 7644 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:43:17.0365 7644 SENS - ok
11:43:17.0385 7644 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:43:17.0394 7644 Serenum - ok
11:43:17.0433 7644 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:43:17.0444 7644 Serial - ok
11:43:17.0460 7644 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:43:17.0475 7644 sermouse - ok
11:43:17.0515 7644 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:43:17.0526 7644 SessionEnv - ok
11:43:17.0548 7644 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:43:17.0556 7644 sffdisk - ok
11:43:17.0587 7644 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:43:17.0595 7644 sffp_mmc - ok
11:43:17.0623 7644 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:43:17.0631 7644 sffp_sd - ok
11:43:17.0646 7644 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:43:17.0656 7644 sfloppy - ok
11:43:17.0716 7644 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:43:17.0733 7644 SharedAccess - ok
11:43:17.0778 7644 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
11:43:17.0786 7644 ShellHWDetection - ok
11:43:17.0812 7644 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:43:17.0842 7644 sisagp - ok
11:43:17.0872 7644 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:43:17.0909 7644 SiSRaid2 - ok
11:43:17.0942 7644 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:43:18.0030 7644 SiSRaid4 - ok
11:43:18.0381 7644 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
11:43:18.0438 7644 slsvc - ok
11:43:18.0628 7644 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
11:43:18.0639 7644 SLUINotify - ok
11:43:18.0709 7644 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
11:43:18.0723 7644 Smb - ok
11:43:18.0746 7644 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:43:18.0761 7644 SNMPTRAP - ok
11:43:18.0953 7644 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:43:19.0001 7644 SPBBCDrv - ok
11:43:19.0038 7644 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:43:19.0070 7644 spldr - ok
11:43:19.0122 7644 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
11:43:19.0127 7644 Spooler - ok
11:43:19.0197 7644 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
11:43:19.0220 7644 SRTSP - ok
11:43:19.0291 7644 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
11:43:19.0357 7644 SRTSPL - ok
11:43:19.0369 7644 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
11:43:19.0379 7644 SRTSPX - ok
11:43:19.0460 7644 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
11:43:19.0475 7644 srv - ok
11:43:19.0513 7644 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
11:43:19.0524 7644 srv2 - ok
11:43:19.0550 7644 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
11:43:19.0561 7644 srvnet - ok
11:43:19.0597 7644 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:43:19.0611 7644 SSDPSRV - ok
11:43:19.0663 7644 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:43:19.0668 7644 SstpSvc - ok
11:43:19.0753 7644 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
11:43:19.0772 7644 stisvc - ok
11:43:19.0805 7644 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:43:19.0833 7644 swenum - ok
11:43:19.0905 7644 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
11:43:19.0923 7644 swprv - ok
11:43:20.0230 7644 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
11:43:20.0260 7644 Symantec Core LC - ok
11:43:20.0297 7644 SymAppCore (af0250f494f97e75ea050e8c16adf5e9) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
11:43:20.0300 7644 SymAppCore - ok
11:43:20.0551 7644 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:43:20.0624 7644 Symc8xx - ok
11:43:20.0669 7644 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
11:43:20.0722 7644 SYMDNS - ok
11:43:20.0773 7644 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
11:43:20.0815 7644 SymEvent - ok
11:43:20.0893 7644 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
11:43:20.0936 7644 SYMFW - ok
11:43:20.0993 7644 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
11:43:21.0004 7644 SYMIDS - ok
11:43:21.0028 7644 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
11:43:21.0071 7644 SYMNDISV - ok
11:43:21.0104 7644 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
11:43:21.0146 7644 SYMREDRV - ok
11:43:21.0199 7644 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
11:43:21.0203 7644 SYMTDI - ok
11:43:21.0227 7644 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:43:21.0299 7644 Sym_hi - ok
11:43:21.0319 7644 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:43:21.0355 7644 Sym_u3 - ok
11:43:21.0418 7644 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
11:43:21.0436 7644 SynTP - ok
11:43:21.0533 7644 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
11:43:21.0563 7644 SysMain - ok
11:43:21.0584 7644 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:43:21.0595 7644 TabletInputService - ok
11:43:21.0634 7644 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
11:43:21.0654 7644 TapiSrv - ok
11:43:21.0683 7644 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:43:21.0698 7644 TBS - ok
11:43:21.0873 7644 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
11:43:21.0911 7644 Tcpip - ok
11:43:21.0925 7644 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
11:43:21.0932 7644 Tcpip6 - ok
11:43:21.0969 7644 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
11:43:21.0978 7644 tcpipreg - ok
11:43:22.0024 7644 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
11:43:22.0082 7644 TcUsb - ok
11:43:22.0121 7644 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:43:22.0129 7644 TDPIPE - ok
11:43:22.0146 7644 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:43:22.0156 7644 TDTCP - ok
11:43:22.0188 7644 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
11:43:22.0214 7644 tdx - ok
11:43:22.0241 7644 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
11:43:22.0244 7644 TermDD - ok
11:43:22.0322 7644 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
11:43:22.0340 7644 TermService - ok
11:43:22.0399 7644 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
11:43:22.0402 7644 Themes - ok
11:43:22.0431 7644 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:43:22.0433 7644 THREADORDER - ok
11:43:22.0451 7644 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:43:22.0464 7644 TrkWks - ok
11:43:22.0526 7644 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
11:43:22.0528 7644 TrustedInstaller - ok
11:43:22.0562 7644 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:43:22.0573 7644 tssecsrv - ok
11:43:22.0597 7644 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:43:22.0613 7644 tunmp - ok
11:43:22.0656 7644 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
11:43:22.0667 7644 tunnel - ok
11:43:22.0692 7644 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:43:22.0724 7644 uagp35 - ok
11:43:22.0780 7644 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
11:43:22.0796 7644 udfs - ok
11:43:22.0860 7644 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:43:22.0902 7644 UI0Detect - ok
11:43:22.0913 7644 ukmt - ok
11:43:22.0943 7644 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:43:22.0980 7644 uliagpkx - ok
11:43:23.0145 7644 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:43:23.0250 7644 uliahci - ok
11:43:23.0341 7644 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:43:23.0381 7644 UlSata - ok
11:43:23.0436 7644 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:43:23.0497 7644 ulsata2 - ok
11:43:23.0523 7644 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:43:23.0542 7644 umbus - ok
11:43:23.0597 7644 UmRdpService (909795b5b15047d9331f3d6b276b3993) C:\Windows\System32\umrdp.dll
11:43:23.0613 7644 UmRdpService - ok
11:43:23.0656 7644 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:43:23.0684 7644 upnphost - ok
11:43:23.0730 7644 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:43:23.0740 7644 usbccgp - ok
11:43:23.0773 7644 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:43:23.0783 7644 usbcir - ok
11:43:23.0809 7644 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
11:43:23.0818 7644 usbehci - ok
11:43:23.0853 7644 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
11:43:23.0858 7644 usbhub - ok
11:43:23.0885 7644 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:43:23.0894 7644 usbohci - ok
11:43:23.0915 7644 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
11:43:23.0923 7644 usbprint - ok
11:43:23.0982 7644 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:43:23.0995 7644 USBSTOR - ok
11:43:24.0050 7644 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:43:24.0059 7644 usbuhci - ok
11:43:24.0223 7644 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:43:24.0296 7644 usbvideo - ok
11:43:24.0329 7644 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
11:43:24.0374 7644 UxSms - ok
11:43:24.0455 7644 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
11:43:24.0530 7644 vds - ok
11:43:24.0566 7644 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:43:24.0584 7644 vga - ok
11:43:24.0595 7644 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:43:24.0605 7644 VgaSave - ok
11:43:24.0628 7644 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:43:24.0698 7644 viaagp - ok
11:43:24.0720 7644 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:43:24.0730 7644 ViaC7 - ok
11:43:24.0743 7644 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:43:24.0753 7644 viaide - ok
11:43:24.0794 7644 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:43:24.0842 7644 volmgr - ok
11:43:24.0896 7644 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
11:43:24.0931 7644 volmgrx - ok
11:43:24.0981 7644 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
11:43:25.0026 7644 volsnap - ok
11:43:25.0137 7644 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:43:25.0225 7644 vsmraid - ok
11:43:25.0537 7644 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
11:43:25.0586 7644 VSS - ok
11:43:25.0806 7644 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
11:43:25.0815 7644 W32Time - ok
11:43:25.0947 7644 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:43:25.0961 7644 WacomPen - ok
11:43:26.0002 7644 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:43:26.0013 7644 Wanarp - ok
11:43:26.0017 7644 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:43:26.0018 7644 Wanarpv6 - ok
11:43:26.0444 7644 wbengine (f0e594dd07b2163df9f5d5b6b471ddfa) C:\Windows\system32\wbengine.exe
11:43:26.0511 7644 wbengine - ok
11:43:26.0576 7644 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
11:43:26.0586 7644 wcncsvc - ok
11:43:26.0645 7644 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:43:26.0656 7644 WcsPlugInService - ok
11:43:26.0834 7644 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:43:26.0881 7644 Wd - ok
11:43:26.0950 7644 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:43:26.0957 7644 WDC_SAM - ok
11:43:27.0212 7644 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:43:27.0282 7644 Wdf01000 - ok
11:43:27.0315 7644 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:43:27.0319 7644 WdiServiceHost - ok
11:43:27.0323 7644 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:43:27.0327 7644 WdiSystemHost - ok
11:43:27.0415 7644 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
11:43:27.0430 7644 WebClient - ok
11:43:27.0480 7644 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:43:27.0539 7644 Wecsvc - ok
11:43:27.0567 7644 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:43:27.0581 7644 wercplsupport - ok
11:43:27.0630 7644 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
11:43:27.0656 7644 WerSvc - ok
11:43:27.0786 7644 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:43:27.0857 7644 WinDefend - ok
11:43:27.0866 7644 WinHttpAutoProxySvc - ok
11:43:27.0952 7644 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
11:43:27.0967 7644 Winmgmt - ok
11:43:28.0181 7644 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:43:28.0215 7644 WinRM - ok
11:43:28.0313 7644 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
11:43:28.0332 7644 Wlansvc - ok
11:43:28.0400 7644 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:43:28.0402 7644 WmiAcpi - ok
11:43:28.0441 7644 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
11:43:28.0508 7644 wmiApSrv - ok
11:43:28.0696 7644 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:43:28.0712 7644 WMPNetworkSvc - ok
11:43:28.0752 7644 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
11:43:28.0765 7644 WPCSvc - ok
11:43:28.0781 7644 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
11:43:28.0792 7644 WPDBusEnum - ok
11:43:28.0979 7644 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:43:29.0066 7644 WPFFontCache_v0400 - ok
11:43:29.0143 7644 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:43:29.0156 7644 ws2ifsl - ok
11:43:29.0189 7644 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
11:43:29.0202 7644 wscsvc - ok
11:43:29.0207 7644 WSearch - ok
11:43:29.0516 7644 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:43:29.0570 7644 wuauserv - ok
11:43:29.0765 7644 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:43:29.0776 7644 WUDFRd - ok
11:43:29.0811 7644 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:43:29.0822 7644 wudfsvc - ok
11:43:29.0855 7644 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:43:30.0339 7644 \Device\Harddisk0\DR0 - ok
11:43:30.0363 7644 Boot (0x1200) (c2372a6e121635169bb7ffae4b4568e1) \Device\Harddisk0\DR0\Partition0
11:43:30.0365 7644 \Device\Harddisk0\DR0\Partition0 - ok
11:43:30.0373 7644 Boot (0x1200) (a0ea00f62905ceb7323a35d4518ceb84) \Device\Harddisk0\DR0\Partition1
11:43:30.0375 7644 \Device\Harddisk0\DR0\Partition1 - ok
11:43:30.0376 7644 ============================================================
11:43:30.0376 7644 Scan finished
11:43:30.0376 7644 ============================================================
11:43:30.0390 11528 Detected object count: 0
11:43:30.0390 11528 Actual detected object count: 0


Second Log File

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 11:54:19
-----------------------------
11:54:19.563 OS Version: Windows 6.0.6001 Service Pack 1
11:54:19.563 Number of processors: 2 586 0xF0A
11:54:19.565 ComputerName: SHERI-PC UserName: Sheri
11:54:35.539 Initialize success
11:55:33.142 AVAST engine defs: 12073101
11:55:52.627 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
11:55:52.630 Disk 0 Vendor: Hitachi_HTS722020K9A300 DC4OC54P Size: 190782MB BusType: 3
11:55:52.650 Disk 0 MBR read successfully
11:55:52.655 Disk 0 MBR scan
11:55:52.676 Disk 0 Windows VISTA default MBR code
11:55:52.680 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
11:55:52.701 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
11:55:52.723 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 177902 MB offset 21133312
11:55:52.742 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 385476608
11:55:52.773 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 385478656
11:55:52.787 Disk 0 scanning sectors +390719488
11:55:52.841 Disk 0 scanning C:\Windows\system32\drivers
11:56:07.952 Service scanning
11:56:44.495 Modules scanning
11:56:52.673 Disk 0 trace - called modules:
11:56:52.705 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
11:56:52.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b01ac8]
11:56:52.728 3 CLASSPNP.SYS[8b5cc745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x849158a8]
11:56:54.507 AVAST engine scan C:\Windows
11:56:58.681 AVAST engine scan C:\Windows\system32
12:07:12.860 AVAST engine scan C:\Windows\system32\drivers
12:07:34.219 AVAST engine scan C:\Users\Sheri
14:41:39.260 AVAST engine scan C:\ProgramData
14:49:35.795 Scan finished successfully
14:53:01.746 Disk 0 MBR has been saved successfully to "C:\MyDocuments\Virus Stuff\MBR.dat"
14:53:01.761 The log file has been saved successfully to "C:\MyDocuments\Virus Stuff\aswMBR.txt"


Threat list:

C:\$Recycle.Bin\S-1-5-21-2002516416-885757670-2418730831-1000\$R6WJ9FH\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined
C:\Users\Sheri\AppData\Local\Google\Chrome\User Data\Default\Default\aaddgfdfgcgbggdjdedfdddcdedfggdg\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Sheri\AppData\Local\Mozilla\Microsoft Games\uzxfrgx.dll a variant of Win32/Kryptik.AIGG trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Sheri\AppData\Local\Temp\0.2453672987815152 a variant of Win32/Kryptik.AIGG trojan cleaned by deleting - quarantined
C:\Users\Sheri\AppData\Local\Temp\NOD9D51.tmp a variant of Win32/Kryptik.AIGG trojan cleaned by deleting (after the next restart) - quarantined

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 31 July 2012 - 07:15 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#6 SheriNM

SheriNM
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 01 August 2012 - 01:10 PM

Sorry for the delay, my family had a hospital Emergency Room situation last night.

1) You didn't ask for this log, but this was what MBAM found. It successfully deleted these and the next run had a clean log.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Sheri :: SHERI-PC [administrator]

Protection: Enabled

7/31/2012 7:53:57 PM
mbam-log-2012-07-31 (19-53-57).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 453733
Time elapsed: 2 hour(s), 43 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Games (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\Sheri\AppData\Local\Mozilla\Microsoft Games\uzxfrgx.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\MyDocuments\Qualcomm\Attach\GAZ.exe (PUP.Joke.Flash) -> Quarantined and deleted successfully.
C:\MyDocuments\Qualcomm\Eudora Mail\Attach\GAZ.exe (PUP.Joke.Flash) -> Quarantined and deleted successfully.
C:\testing\Qualcomm\Attach\GAZ.exe (PUP.Joke.Flash) -> Quarantined and deleted successfully.
C:\testing\Qualcomm\Eudora Mail\Attach\GAZ.exe (PUP.Joke.Flash) -> Quarantined and deleted successfully.
C:\testing\Qualcomm\OLD Attach\GAZ.exe (PUP.Joke.Flash) -> Quarantined and deleted successfully.

(end)

2)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Sheri (administrator) on 01-08-2012 at 11:50:28
Microsoft® Windows Vista™ Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Fast Ethernet = Local Area Connection (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sheri-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-8D-4B-F3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
Physical Address. . . . . . . . . : 00-15-C5-74-AB-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd25:5b4d:8ccc:154a%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 31, 2012 10:47:32 PM
Lease Expires . . . . . . . . . . : Thursday, August 02, 2012 10:47:31 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0BCA0732-B524-4FD2-A6B5-F8A3B9C7FF5B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C43BFC47-16E0-4497-99B0-3DC8C5BD7031}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:400f:800::1009
74.125.225.193
74.125.225.196
74.125.225.206
74.125.225.195
74.125.225.192
74.125.225.198
74.125.225.200
74.125.225.201
74.125.225.197
74.125.225.194
74.125.225.199



Pinging google.com [74.125.225.193] with 32 bytes of data:

Reply from 74.125.225.193: bytes=32 time=42ms TTL=54

Reply from 74.125.225.193: bytes=32 time=42ms TTL=54



Ping statistics for 74.125.225.193:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 42ms, Average = 42ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=52ms TTL=50

Reply from 209.191.122.70: bytes=32 time=51ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 52ms, Average = 51ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=5ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 5ms, Average = 3ms

===========================================================================
Interface List
13 ...00 13 e8 8d 4b f3 ...... Intel® Wireless WiFi Link 4965AGN
10 ...00 15 c5 74 ab 51 ...... Broadcom NetLink ™ Fast Ethernet
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{0BCA0732-B524-4FD2-A6B5-F8A3B9C7FF5B}
17 ...00 00 00 00 00 00 00 e0 isatap.{C43BFC47-16E0-4497-99B0-3DC8C5BD7031}
15 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.21 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.21 276
192.168.1.21 255.255.255.255 On-link 192.168.1.21 276
192.168.1.255 255.255.255.255 On-link 192.168.1.21 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.21 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.21 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::dd25:5b4d:8ccc:154a/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2012 10:48:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2012 08:02:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The required attribute version is missing from element assemblyIdentity.

Error: (07/31/2012 08:02:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The required attribute version is missing from element assemblyIdentity.

Error: (07/31/2012 07:37:26 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 12.0.6550.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1048
Start Time: 01cd64361b482694
Termination Time: 347

Error: (07/29/2012 07:49:57 PM) (Source: Automatic LiveUpdate Scheduler) (User: NT AUTHORITY)NT AUTHORITY
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Error: (07/28/2012 09:30:54 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 14.0.1.4577 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2af8
Start Time: 01cd6b680f3e14b0
Termination Time: 529

Error: (07/28/2012 04:10:24 PM) (Source: Automatic LiveUpdate Scheduler) (User: NT AUTHORITY)NT AUTHORITY
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Error: (07/27/2012 03:23:24 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SHERI\PICTURES\LIGHTROOM\BACKUPS\2012-07-27 1522\LIGHTROOM 3 CATALOG.LRCAT-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2012 09:53:15 AM) (Source: Application Error) (User: )
Description: Faulting application AUPDATE.EXE, version 3.2.0.68, time stamp 0x46e89173, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x0006a6c5,
process id 0x1a14, application start time 0xAUPDATE.EXE0.

Error: (07/26/2012 01:50:33 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 14.0.1.4577 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 320c
Start Time: 01cd6a05c9a16230
Termination Time: 217


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/09/2011 04:24:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 492239 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Photoshop Lightroom 3.6 (Version: 3.6.1)
Adobe Reader X (Version: 10.0.0)
AOL Instant Messenger
AppCore (Version: 1.2)
Apple Software Update (Version: 1.1.0.3)
AV (Version: 1.3.0.1)
Beyond Compare Version 3.3.4
Bonus (Version: 1.1.0.38)
Broadcom Gigabit Integrated Controller (Version: 10.15.14)
CC_ccProxyExt (Version: 106.3.0.10)
ccCommon (Version: 106.3.2.6)
ccPxyCore (Version: 106.3.0.10)
CIB (Version: 1.1.0.38)
Cisco Network Magic (Version: 5.5.09195.0)
Coupon Printer for Windows (Version: 5.0.0.1)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 10.1.2.0)
EPSON Artisan 800 Series Printer Uninstall
Epson Event Manager (Version: 2.30.01)
Epson Print CD (Version: 2.00.00)
EPSON Scan
EpsonNet Print (Version: 2.4i)
ESET Online Scanner v3
Firehand Ember Millennium
FlipShare (Version: 5.10.25.0)
Flock (2.6.2) (Version: 2.6.2 (en-US))
Google Chrome (Version: 20.0.1132.57)
Google Talk (remove only)
GoToAssist Corporate (Version: 9.1.0.615)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
Ipswitch WS_FTP LE
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Laptop Integrated Webcam Driver (1.03.01.1011)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Maxtor Quick Start (Version: 1.01.0011)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
mMHouse (Version: 9.24.0000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mozilla Thunderbird 13.0.1 (x86 en-US) (Version: 13.0.1)
mPfMgr (Version: 9.24.0000)
MSRedist (Version: 10.4.0.13)
mWMI (Version: 9.24.0000)
Network Magic (Version: 5.5.9195.0)
Norton Add-on Pack (Symantec Corporation) (Version: 1.1.0.38)
Norton AntiSpam (Version: 2007.1.1.19)
Norton AntiSpam (Version: 2007.1.1.30)
Norton AntiVirus (Version: 14.4.0.12)
Norton Confidential Browser Component (Version: 1.7.0.15)
Norton Confidential Web Protection Component (Version: 1.7.0.15)
Norton Internet Security (Symantec Corporation) (Version: 10.4.0.13)
Norton Internet Security (Version: 10.4.0.13)
Norton Internet Security (Version: 10.4.0.2)
Norton Internet Security Bonus Pack (Version: 10.0.0)
Norton Protection Center (Version: 2007.3.0.7)
NVIDIA Drivers (Version: 1.3)
Pale Moon (3.6.16) (Version: 3.6.16 (en-US))
Pure Networks Platform (Version: 11.2.09195.1)
QuickTime (Version: 7.1.6.200)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06 (Version: 3.54.06)
SPBBC 32bit (Version: 3.3.2.3)
SuperPoke! Pets Lite (Version: 1.02)
SuperPoke! Pets Lite (Version: v1.02)
Symantec Real Time Storage Protection Component (Version: 10.2.2.6)
SymNet (Version: 7.2.5.8)
TouchChip USB Driver 2.6 (Version: 2.6.0.0097)
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Viewpoint Media Player
WeatherBug (Version: 7.0.0.7)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3581.12 MB
Available physical RAM: 1681.75 MB
Total Pagefile: 8837.13 MB
Available Pagefile: 7410.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.66 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:173.73 GB) (Free:45.33 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.36 GB) NTFS

========================= Users: ========================================

User accounts for \\SHERI-PC

Administrator Guest Sheri


**** End of log ****



3)

Farbar Service Scanner Version: 26-07-2012
Ran by Sheri (administrator) on 01-08-2012 at 11:52:11
Running from "C:\Users\Sheri\Downloads"
Microsoft® Windows Vista™ Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 20:22] - [2008-01-20 20:22] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-16 08:18] - [2011-04-21 07:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-01-25 13:45] - [2010-06-16 09:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-13 09:46] - [2011-03-02 08:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 20:22] - [2008-01-20 20:22] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-20 20:22] - [2008-01-20 20:22] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 20:21] - [2008-01-20 20:21] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 20:21] - [2008-01-20 20:21] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 20:23] - [2008-01-20 20:23] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 20:23] - [2008-01-20 20:23] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2011-01-25 14:04] - [2008-04-17 23:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 20:22] - [2008-01-20 20:22] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 20:22] - [2008-01-20 20:22] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-01-25 13:52] - [2009-03-02 22:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****



4)

# AdwCleaner v1.703 - Logfile created 08/01/2012 at 11:57:00
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 1 (32 bits)
# User : Sheri - SHERI-PC
# Running from : C:\Users\Sheri\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Sheri\AppData\Local\Temp\AskSearch
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1925 octets] - [01/08/2012 11:57:00]

########## EOF - C:\AdwCleaner[S1].txt - [2053 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 01 August 2012 - 01:11 PM

Any current issues

#8 SheriNM

SheriNM
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 02 August 2012 - 11:34 PM

I hadn't even tried Googling or doing anything on my computer until I ran all those things and waited for you to give me the OK to try again.

It looks like my redirect problem has been resolved, thank you very much!!

Are any of the programs you had me download programs that I should run periodically to check for threats?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 02 August 2012 - 11:47 PM

Malwarebytes and norton scan should be enough

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#10 SheriNM

SheriNM
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 10 August 2012 - 04:09 PM

TFC starts to run on my computer but then hangs. It says "not responding" and bringing up the Task Manager also says that it's not responding. It went through the Common and User areas and deleted files but when it got to mine it just hung. The first time I let it sit for 5 hours and it never came back. I rebooted and tried again from a clean start-up, and the same thing happened. I'm not experiencing any other problems, though.

Should I just go ahead and do the restore point anyway?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 10 August 2012 - 04:17 PM

It should work in safemode with networking

#12 SheriNM

SheriNM
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 14 August 2012 - 09:28 PM

Due to family health emergencies and such I didn't get this done -- running that in safemode. And when my Norton AntiVirus ran last night it found

Trojan.Tracur

and could not remove it. I just ran MalwareBytes and it did not find anything.

I feel strongly that this is related to this original virus. I have been very, very careful over the years and this is the first time I've had my computer infected.

So... as I said in the first post, I have an ancient version of Norton. It's probably Norton Internet Security 2006 or 2007. Should I replace it before I do anything else? I plan to install McAffee. In general I know it's a bad thing to do when my computer is infected, but on the other hand the old version I have may be hurting me.

Do I need to start a new post since I have a new virus name? Or where do I go from here. I obviously don't want to set a new system restore point while I'm still infected or infected again.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 14 August 2012 - 09:42 PM

Trojan.Tracur


Can you post the location of the file

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#14 SheriNM

SheriNM
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 15 August 2012 - 12:41 AM

There is not threats list to post because there are no threats found. However, it does still show the 5 items in quarantine from the first time I ran this back when you told me to and I posted above (July 31st, I believe.) Could Norton have seen that in quarantine? I think this unlikely since I am nearly positive Norton has run once or twice in between these dates, although I can't be positive because it only shows the last complete run date.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 15 August 2012 - 02:41 AM

Remove it from quarantine and let me know if it still detects it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users